All the Perl that's Practical to Extract and Report

Crypt::SSLeay is broken and this is the fix (version 0.51)

grinder on 2006-12-14T12:22:03

I just a spent considerable amount of time to get Crypt::SSLeay installed. Far too much time. At first I blamed myself, my host, my OpenSSL installation, perl, everything.

Finally I searched the web and found the following message:

http://mail-archives.apache.org/mod_mbox/httpd-test-dev/200301.mbox/%3c5.2.0.9.2.20030130000312.028ea1b8@pop3.rowe-clan.net%3e

Turns out that there's a bug in the code, and a one-liner patch to SSLeay.xs fixes it. There's even an RT ticket on the matter. Grrr!

So, if you see the following warning in your build:

SSLeay.xs:252: warning: passing arg 2 of `SSL_set_info_callback' from incompatible pointer type

... and the test dumps core, then patch the source as follows:

--- SSLeay.xs.orig      2002-08-01 17:43:22.000000000 -0400
+++ SSLeay.xs   2003-01-29 21:41:17.000000000 -0500
@@ -109,6 +109,7 @@
                SSLeay_add_all_algorithms();
                SSL_load_error_strings();
                ERR_load_crypto_strings();
+               SSL_library_init();
               bNotFirstTime = 1;
         }
         RAND_seed(buf,sizeof buf);

And now it works, yay!

Please go all the way

tsee on 2006-12-14T14:43:27

Hi,

if you've already spent too much time tracking this down, then please go all the way and bug the author so he uploads a fixed release to CPAN. I do this all the time and I wholeheartedly think this is an important service to the community. I would guess Florian Ragwitz / rafl would be reasonably responsive. After all, he maintains much of the debian perl stuff if I am not mistaken.

If he doesn't respond, you can always ask modules@perl.org to make you co-maintainer so you can upload a quick fix. (Provided the module's licensed under a free license.)

Thanks!

Steffen

ENOTENOUGHTUITS

grinder on 2006-12-14T17:22:23

Steffen,

It's already filed as a bug on RT. The patch was proposed three years ago. I posted this entry mainly for web searches as much as anything else. RT isn't crawled, so the usual search engines don't know abou it.

This is a crucial module for anyone doing https work. If I were to take it over, I would be doing everyone a disservice, since I know I could not devote the required tuits. I do other stuff. But if someone reading wants to volunteer for a good cause, module-authors is the place to go. See you there :)

Re:ENOTENOUGHTUITS

tsee on 2006-12-14T19:50:01

I'll stop bugging you to do anything. But let me explain myself first:

Your logic has a bit of a flaw. Just because you do not have the time to adopt the module and make it one of your own, it may well be that you have the half-hour to apply the patch and make a .tar.gz. That would make the module *slightly* better without you becoming its new full-time maintainer.

That being said, I know and understand ENOTENOUGHTUITS, so I'll stop labouring the point.

Re:ENOTENOUGHTUITS

grinder on 2006-12-15T07:55:25

Nah, you have a point. I'll see if I can talk Joshua Chamas into making me co-maintainer. At least with that one line fix, the module would already be better than it is now.