Date: Mon, 25 Nov 2013 13:52:44 GMT From: Ari Suutari <ari@stonepile.fi> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/184283: dns/ddclient fails with ssl=yes after upgrading p5-IO-Socket-SSL to 1.950 Message-ID: <201311251352.rAPDqi6B042778@oldred.freebsd.org> Resent-Message-ID: <201311251400.rAPE02cc031435@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 184283 >Category: ports >Synopsis: dns/ddclient fails with ssl=yes after upgrading p5-IO-Socket-SSL to 1.950 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Nov 25 14:00:01 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Ari Suutari >Release: 9.2-RELEASE >Organization: >Environment: FreeBSD osku.stonepile.fi 9.2-RELEASE FreeBSD 9.2-RELEASE #0 r255898: Fri Sep 27 03:52:52 UTC 2013 root@bake.isc.freebsd.org:/usr/obj/usr/src/sys/GENERIC i386 >Description: ddclient doesn't work when ssl=yes in config file. This seems to be because p5-IO-Socket-SSL requires ca certificates after version 1.950. (see http://cpansearch.perl.org/src/SULLR/IO-Socket-SSL-1.953/Changes). >How-To-Repeat: Just use ssl=yes in ddclient.conf >Fix: Installing ca_root_nss and adding SSL_ca_file to ddclient code fixes this. (see attached patch for Makefile & ddclient). Patch attached with submission follows: --- Makefile.orig 2013-11-25 15:29:43.000000000 +0200 +++ Makefile 2013-11-25 15:34:35.000000000 +0200 @@ -25,7 +25,8 @@ .include <bsd.port.options.mk> .if ${PORT_OPTIONS:MSSL} -RUN_DEPENDS+= p5-IO-Socket-SSL>=0:${PORTSDIR}/security/p5-IO-Socket-SSL +RUN_DEPENDS+= p5-IO-Socket-SSL>=0:${PORTSDIR}/security/p5-IO-Socket-SSL \ + ${LOCALBASE}/share/certs/ca-root-nss.crt:${PORTSDIR}/security/ca_root_nss .endif SUB_FILES= pkg-message ddclient_force --- ddclient.orig 2013-11-25 15:25:24.000000000 +0200 +++ ddclient 2013-11-25 15:25:24.000000000 +0200 @@ -1860,6 +1860,7 @@ $sd = IO::Socket::SSL->new( PeerAddr => $peer, PeerPort => $port, + SSL_ca_file => '/usr/local/share/certs/ca-root-nss.crt', Proto => 'tcp', MultiHomed => 1, Timeout => opt('timeout'), >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201311251352.rAPDqi6B042778>