From b788e84f67a377a9303df02cbe45944296a7f6bb Mon Sep 17 00:00:00 2001 From: Heikki Vatiainen Date: Sun, 27 Apr 2025 22:54:18 +0300 Subject: [PATCH 1/4] GH-521 Increase allowed timeout in 62_threads-ctx_new-deadlock.t. Test 62_threads-ctx_new-deadlock.t times out on slow systems such as GitHub Actions ubuntu-latest (24.04) runner with QEMU and Docker to run Ubuntu 24.04 on ARMv64/v8. Each test seems to take several seconds and the current default timeout of 20 seconds is not long enought to allow the test to finish. Increasing it to 30 seconds seems to make the problem go away. --- t/local/62_threads-ctx_new-deadlock.t | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/t/local/62_threads-ctx_new-deadlock.t b/t/local/62_threads-ctx_new-deadlock.t index fac8808f..44785900 100644 --- a/t/local/62_threads-ctx_new-deadlock.t +++ b/t/local/62_threads-ctx_new-deadlock.t @@ -33,7 +33,7 @@ eval { Net::SSLeay::OPENSSL_INIT_NO_ATEXIT(); return 1; } ? my $start_time = time; #exit the whole program if it runs too long -threads->new( sub { sleep 20; warn "FATAL: TIMEOUT!"; exit } )->detach; +threads->new( sub { sleep 30; warn "FATAL: TIMEOUT!"; exit } )->detach; #print STDERR "Gonna start multi-threading part\n"; threads->new(\&do_check) for (1..100); From 33817997113fec992aa4784976d2d99cd9272379 Mon Sep 17 00:00:00 2001 From: Heikki Vatiainen Date: Sun, 27 Apr 2025 23:42:49 +0300 Subject: [PATCH 2/4] GH-521 EVP_add_digest is removed in LibreSSL 3.9.0. EVP_add_digest is no longer available in LibreSSL 3.9.0 and later. Thanks to Derrik Pates for report and patch. --- SSLeay.xs | 4 ++++ lib/Net/SSLeay.pod | 2 ++ 2 files changed, 6 insertions(+) diff --git a/SSLeay.xs b/SSLeay.xs index e345ebd0..c1e33e68 100644 --- a/SSLeay.xs +++ b/SSLeay.xs @@ -7493,8 +7493,12 @@ SSL_CTX_set_tlsext_ticket_getkey_cb(ctx,callback=&PL_sv_undef,data=&PL_sv_undef) #endif +#if !defined(LIBRESSL_VERSION_NUMBER) || (LIBRESSL_VERSION_NUMBER < 0x3090000fL) /* LibreSSL < 3.9.0 */ + int EVP_add_digest(const EVP_MD *digest) +#endif + #ifndef OPENSSL_NO_SHA const EVP_MD *EVP_sha1() diff --git a/lib/Net/SSLeay.pod b/lib/Net/SSLeay.pod index f8de9923..8052a16e 100644 --- a/lib/Net/SSLeay.pod +++ b/lib/Net/SSLeay.pod @@ -9019,6 +9019,8 @@ B not available in Net-SSLeay-1.42 and before; requires at least # # returns: value corresponding to openssl's EVP_MD structure +B no longer available in LibreSSL 3.9.0 and later + =item * EVP_add_digest my $rv = Net::SSLeay::EVP_add_digest($digest); From 4c7b56965d6b71b59b08c187a45a17a6f9f44db4 Mon Sep 17 00:00:00 2001 From: Heikki Vatiainen Date: Mon, 28 Apr 2025 00:45:18 +0300 Subject: [PATCH 3/4] GH-521 Update comment in 32_x509_get_cert_info.t Add suggested comment from pull request GH-487 that links to the OpenSSL change that caused the recent change in 32_x509_get_cert_info.t. --- t/local/32_x509_get_cert_info.t | 1 + 1 file changed, 1 insertion(+) diff --git a/t/local/32_x509_get_cert_info.t b/t/local/32_x509_get_cert_info.t index 08316bf9..ca440d92 100644 --- a/t/local/32_x509_get_cert_info.t +++ b/t/local/32_x509_get_cert_info.t @@ -189,6 +189,7 @@ for my $f (keys (%$dump)) { $ext_data =~ s{(othername:) [^, ]+}{$1}g; } # Starting with 3.4.0 the double colon in emailAddress has been removed. + # See https://github.com/openssl/openssl/commit/de8861a7e3100 if (Net::SSLeay::SSLeay >= 0x30400000) { $ext_data =~ s{emailAddress::}{emailAddress:}; } From 5905f9a3595fab14383b953b1f6247520112278d Mon Sep 17 00:00:00 2001 From: Heikki Vatiainen Date: Mon, 28 Apr 2025 00:55:01 +0300 Subject: [PATCH 4/4] GH-521 Update Changes. All GitHub Actions tests should now pass. --- Changes | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Changes b/Changes index 07804341..05a2a239 100644 --- a/Changes +++ b/Changes @@ -10,6 +10,10 @@ Revision history for Perl extension Net::SSLeay. - Adjust test 32_x509_get_cert_info.t to match formatting changes in OpenSSL 3.4.0 and 3.4.1. Thanks to Sebastian Andrzej Siewior for the patches. + - OpenSSL 3.9.0 and later remove EVP_add_digest(). Thanks to + Derrik Pates for the report and patch. + - Increase timeout in 62_threads-ctx_new-deadlock.t to allow + the test to pass on very slow platforms. 1.94 2024-01-08 - New stable release incorporating all changes from developer releases 1.93_01