Skip to content

Commit

Permalink
GH-329 Update documentation about the recent OPENSSL_Applink changes.
Browse files Browse the repository at this point in the history
Closes #411.
  • Loading branch information
h-vn committed Dec 23, 2022
1 parent bf3d907 commit d41018f
Show file tree
Hide file tree
Showing 3 changed files with 40 additions and 3 deletions.
8 changes: 8 additions & 0 deletions Changes
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,14 @@ Revision history for Perl extension Net::SSLeay.
- LibreSSL on OpenBSD 6.9
- LibreSSL on OpenBSD 7.1
- Cygwin on x86_64
- Update CTX_use_PKCS12_file() and CTX_use_PKCS12_file() to
use BIO functions for avoiding "no OPENSSL_Applink" runtime
errors. Thanks to Felipe Gasper.
- Add to README.Win32 more information about OPENSSL_Applink
and how it may be needed with FILE pointers and POSIX/Unix
fds. Recommended method is to avoid them and use OpenSSL BIO
functions instead. Update SSLeay.pod with alternatives to
Net::SSLeay::SESSION_print_fp().
- Refactor variable declarations in RSA_generate_key to allow SSLeay.xs to
compile under -Werror=declaration-after-statement. Fixes GH-407. Thanks to
dharanlinux for the report.
Expand Down
14 changes: 13 additions & 1 deletion README.Win32
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,22 @@ Building on Win 32 platforms
10.7.2007. Complete rewrite to agree with latest version 1.31. References to
ancient versions and untested procedures removed --mikem
22.4.2010 Updated info for 64 bit versions --mikem
23.12.2022 Update OPENSSL_Applink for 1.93_02 and later --hvn

Notes:

1. With some combinations of Windows, perl, compiler and compiler options, you
1. "no OPENSSL_Applink" runtime error
Changes in Net::SSLeay 1.93_02 fix this error with
Net::SSLeay::P_PKCS12_load_file and Net::SSLeay::CTX_use_PKCS12_file
functions. The error is caused when a file pointer or descriptor (FILE
*, POSIX/unix fd) is passed between boundaries, as described
below. Recommended fix is to use OpenSSL BIO API. Net::SSLeay still
exposes SSL_SESSION_print_fp() which expects a FILE * as its first
argument. See Net::SSLeay manual for more information about
Net::SSLeay::SESSION_print_fp() and a possible workaround.

Information for Net::SSLeay 1.93_01 and earlier follows:
With some combinations of Windows, perl, compiler and compiler options, you
may see a runtime error "no OPENSSL_Applink", when calling
Net::SSLeay::P_PKCS12_load_file. This appears to be due to incompatible
compile options between the openssl libraries and Net::SSLeay. In particular
Expand Down
21 changes: 19 additions & 2 deletions lib/Net/SSLeay.pod
Original file line number Diff line number Diff line change
Expand Up @@ -1972,8 +1972,9 @@ Examples:
#BEWARE: THIS IS WRONG - MEMORY LEAKS! (you cannot free @cachain items)
my ($privkey, $cert) = Net::SSLeay::P_PKCS12_load_file($filename, 1, $password);

B<NOTE> With some combinations of Windows, perl, compiler and compiler options, you
may see a runtime error "no OPENSSL_Applink", when calling
B<NOTE> Net::SSLeay 1.92_01 and earlier: With some combinations of
Windows, perl, compiler and compiler options, you may see a runtime
error "no OPENSSL_Applink", when calling
Net::SSLeay::P_PKCS12_load_file. See README.Win32 for more details.

=back
Expand Down Expand Up @@ -2226,6 +2227,11 @@ You have to use necessary BIO functions like this:

Prints session details (e.g. protocol version, cipher, session-id ...) to file handle.

B<NOTE> With some combinations of Windows, perl, compiler and compiler
options, you may see a runtime error "no OPENSSL_Applink", when
calling Net::SSLeay::SESSION_print_fp. See README.Win32 for more
details.

my $rv = Net::SSLeay::SESSION_print_fp($fp, $ses);
# $fp - perl file handle
# $ses - value corresponding to openssl's SSL_SESSION structure
Expand All @@ -2239,6 +2245,12 @@ Example:
open my $fh, ">", "output.txt";
Net::SSLeay::SESSION_print_fp($fh,$ses);

Similar functionality without Net::SSLeay::SESSION_print_fp

my $ses = Net::SSLeay::get_session($ssl);
my $bio = Net::SSLeay::BIO_new_file('output.txt', 'w');
Net::SSLeay::SESSION_print($bio, $ses);

=item * SESSION_set_time

Replaces the creation time of the session s with the chosen value $t (seconds since 1.1.1970).
Expand Down Expand Up @@ -3391,6 +3403,11 @@ Adds the certificate and private key from PKCS12 file $p12filename to $ctx.
#
# returns: 1 on success, 0 on failure

B<NOTE> Net::SSLeay 1.92_01 and earlier: With some combinations of
Windows, perl, compiler and compiler options, you may see a runtime
error "no OPENSSL_Applink", when calling
Net::SSLeay::CTX_use_PKCS12_file. See README.Win32 for more details.

=item * CTX_use_PrivateKey

Adds the private key $pkey to $ctx.
Expand Down

0 comments on commit d41018f

Please sign in to comment.