Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 25 Nov 2013 13:52:44 GMT
From:      Ari Suutari <ari@stonepile.fi>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/184283: dns/ddclient fails with ssl=yes after upgrading p5-IO-Socket-SSL to 1.950
Message-ID:  <201311251352.rAPDqi6B042778@oldred.freebsd.org>
Resent-Message-ID: <201311251400.rAPE02cc031435@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         184283
>Category:       ports
>Synopsis:       dns/ddclient fails with ssl=yes after upgrading p5-IO-Socket-SSL to 1.950
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Nov 25 14:00:01 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     Ari Suutari
>Release:        9.2-RELEASE
>Organization:
>Environment:
FreeBSD osku.stonepile.fi 9.2-RELEASE FreeBSD 9.2-RELEASE #0 r255898: Fri Sep 27 03:52:52 UTC 2013     root@bake.isc.freebsd.org:/usr/obj/usr/src/sys/GENERIC  i386

>Description:
ddclient doesn't work when ssl=yes in config file. This seems to be because
p5-IO-Socket-SSL requires ca certificates after version 1.950.
(see http://cpansearch.perl.org/src/SULLR/IO-Socket-SSL-1.953/Changes).


>How-To-Repeat:
Just use ssl=yes in ddclient.conf
>Fix:
Installing ca_root_nss and adding SSL_ca_file to ddclient code fixes this.
(see attached patch for Makefile & ddclient).


Patch attached with submission follows:

--- Makefile.orig	2013-11-25 15:29:43.000000000 +0200
+++ Makefile	2013-11-25 15:34:35.000000000 +0200
@@ -25,7 +25,8 @@
 .include <bsd.port.options.mk>
 
 .if ${PORT_OPTIONS:MSSL}
-RUN_DEPENDS+=	p5-IO-Socket-SSL>=0:${PORTSDIR}/security/p5-IO-Socket-SSL
+RUN_DEPENDS+=	p5-IO-Socket-SSL>=0:${PORTSDIR}/security/p5-IO-Socket-SSL \
+		${LOCALBASE}/share/certs/ca-root-nss.crt:${PORTSDIR}/security/ca_root_nss
 .endif
 
 SUB_FILES=	pkg-message ddclient_force
--- ddclient.orig	2013-11-25 15:25:24.000000000 +0200
+++ ddclient	2013-11-25 15:25:24.000000000 +0200
@@ -1860,6 +1860,7 @@
 	    $sd = IO::Socket::SSL->new(
             PeerAddr => $peer,
             PeerPort => $port,
+            SSL_ca_file => '/usr/local/share/certs/ca-root-nss.crt',
             Proto => 'tcp',
             MultiHomed => 1,
             Timeout => opt('timeout'),


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201311251352.rAPDqi6B042778>