From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: X-Spam-Status: No, score=-4.0 required=3.0 tests=ALL_TRUSTED,BAYES_00 shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from localhost (dcvr.yhbt.net [127.0.0.1]) by dcvr.yhbt.net (Postfix) with ESMTP id 5B7541F461 for ; Mon, 24 Jun 2019 02:58:07 +0000 (UTC) From: Eric Wong To: meta@public-inbox.org Subject: [PATCH 40/57] ds|nntp: use CORE::close on socket Date: Mon, 24 Jun 2019 02:52:41 +0000 Message-Id: <20190624025258.25592-41-e@80x24.org> In-Reply-To: <20190624025258.25592-1-e@80x24.org> References: <20190624025258.25592-1-e@80x24.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit List-Id: IO::Socket::SSL will try to re-bless back to the original class on TLS negotiation failure. Unfortunately, the original class is 'GLOB', and re-blessing to 'GLOB' takes away all the IO::Handle methods, because Filehandle/IO are a special case in Perl5. Anyways, since we already use syswrite() and sysread() as functions on our socket, we might as well use CORE::close(), as well (and it plays nicely with tied classes). --- lib/PublicInbox/DS.pm | 4 ++-- lib/PublicInbox/NNTP.pm | 2 +- t/nntpd-tls.t | 17 +++++++++++++++++ 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/lib/PublicInbox/DS.pm b/lib/PublicInbox/DS.pm index 044b991c..2c886b4e 100644 --- a/lib/PublicInbox/DS.pm +++ b/lib/PublicInbox/DS.pm @@ -293,8 +293,8 @@ sub PostEventLoop { while (my $sock = shift @ToClose) { my $fd = fileno($sock); - # close the socket. (not a PublicInbox::DS close) - $sock->close; + # close the socket. (not a PublicInbox::DS close) + CORE::close($sock); # and now we can finally remove the fd from the map. see # comment above in ->close. diff --git a/lib/PublicInbox/NNTP.pm b/lib/PublicInbox/NNTP.pm index 659e44d5..8840adbb 100644 --- a/lib/PublicInbox/NNTP.pm +++ b/lib/PublicInbox/NNTP.pm @@ -101,7 +101,7 @@ sub new ($$$) { my $ev = EPOLLOUT | EPOLLONESHOT; my $wbuf = []; if (ref($sock) eq 'IO::Socket::SSL' && !$sock->accept_SSL) { - $ev = PublicInbox::TLS::epollbit() or return $sock->close; + $ev = PublicInbox::TLS::epollbit() or return CORE::close($sock); $ev |= EPOLLONESHOT; $wbuf->[0] = \&PublicInbox::DS::accept_tls_step; } diff --git a/t/nntpd-tls.t b/t/nntpd-tls.t index 53890ff2..4727ee5b 100644 --- a/t/nntpd-tls.t +++ b/t/nntpd-tls.t @@ -135,6 +135,23 @@ for my $args ( is($n, Net::Cmd::CMD_ERROR(), 'error attempting STARTTLS again'); is($c->code, 502, '502 according to RFC 4642 sec#2.2.1'); + # STARTTLS with bad hostname + $o{SSL_hostname} = $o{SSL_verifycn_name} = 'server.invalid'; + $c = Net::NNTP->new($starttls_addr, %o); + $list = $c->list; + is_deeply($list, $expect, 'plain LIST works again'); + ok(!$c->starttls, 'STARTTLS fails with bad hostname'); + $c = Net::NNTP->new($starttls_addr, %o); + $list = $c->list; + is_deeply($list, $expect, 'not broken after bad negotiation'); + + # NNTPS with bad hostname + $c = Net::NNTP->new($nntps_addr, %o, SSL => 1); + is($c, undef, 'NNTPS fails with bad hostname'); + $o{SSL_hostname} = $o{SSL_verifycn_name} = 'server.local'; + $c = Net::NNTP->new($nntps_addr, %o, SSL => 1); + ok($c, 'NNTPS succeeds again with valid hostname'); + $c = undef; kill('TERM', $pid); is($pid, waitpid($pid, 0), 'nntpd exited successfully'); -- EW