From nobody@FreeBSD.org  Mon Nov 25 13:52:45 2013
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by hub.freebsd.org (Postfix) with ESMTPS id 1F6577D4
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 25 Nov 2013 13:52:45 +0000 (UTC)
Received: from oldred.freebsd.org (oldred.freebsd.org [8.8.178.121])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.freebsd.org (Postfix) with ESMTPS id 0FB612ABE
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 25 Nov 2013 13:52:45 +0000 (UTC)
Received: from oldred.freebsd.org ([127.0.1.6])
	by oldred.freebsd.org (8.14.5/8.14.7) with ESMTP id rAPDqij8042781
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 25 Nov 2013 13:52:44 GMT
	(envelope-from nobody@oldred.freebsd.org)
Received: (from nobody@localhost)
	by oldred.freebsd.org (8.14.5/8.14.5/Submit) id rAPDqi6B042778;
	Mon, 25 Nov 2013 13:52:44 GMT
	(envelope-from nobody)
Message-Id: <201311251352.rAPDqi6B042778@oldred.freebsd.org>
Date: Mon, 25 Nov 2013 13:52:44 GMT
From: Ari Suutari <ari@stonepile.fi>
To: freebsd-gnats-submit@FreeBSD.org
Subject: dns/ddclient fails with ssl=yes after upgrading p5-IO-Socket-SSL to 1.950
X-Send-Pr-Version: www-3.1
X-GNATS-Notify: simon.krenz@ghostbsd.org

>Number:         184283
>Category:       ports
>Synopsis:       dns/ddclient fails with ssl=yes after upgrading p5-IO-Socket-SSL to 1.950
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Nov 25 14:00:01 UTC 2013
>Closed-Date:    Sun Jan 19 17:33:54 UTC 2014
>Last-Modified:  Sun Jan 19 17:33:54 UTC 2014
>Originator:     Ari Suutari
>Release:        9.2-RELEASE
>Organization:
>Environment:
FreeBSD osku.stonepile.fi 9.2-RELEASE FreeBSD 9.2-RELEASE #0 r255898: Fri Sep 27 03:52:52 UTC 2013     root@bake.isc.freebsd.org:/usr/obj/usr/src/sys/GENERIC  i386

>Description:
ddclient doesn't work when ssl=yes in config file. This seems to be because
p5-IO-Socket-SSL requires ca certificates after version 1.950.
(see http://cpansearch.perl.org/src/SULLR/IO-Socket-SSL-1.953/Changes).


>How-To-Repeat:
Just use ssl=yes in ddclient.conf
>Fix:
Installing ca_root_nss and adding SSL_ca_file to ddclient code fixes this.
(see attached patch for Makefile & ddclient).


Patch attached with submission follows:

--- Makefile.orig	2013-11-25 15:29:43.000000000 +0200
+++ Makefile	2013-11-25 15:34:35.000000000 +0200
@@ -25,7 +25,8 @@
 .include <bsd.port.options.mk>
 
 .if ${PORT_OPTIONS:MSSL}
-RUN_DEPENDS+=	p5-IO-Socket-SSL>=0:${PORTSDIR}/security/p5-IO-Socket-SSL
+RUN_DEPENDS+=	p5-IO-Socket-SSL>=0:${PORTSDIR}/security/p5-IO-Socket-SSL \
+		${LOCALBASE}/share/certs/ca-root-nss.crt:${PORTSDIR}/security/ca_root_nss
 .endif
 
 SUB_FILES=	pkg-message ddclient_force
--- ddclient.orig	2013-11-25 15:25:24.000000000 +0200
+++ ddclient	2013-11-25 15:25:24.000000000 +0200
@@ -1860,6 +1860,7 @@
 	    $sd = IO::Socket::SSL->new(
             PeerAddr => $peer,
             PeerPort => $port,
+            SSL_ca_file => '/usr/local/share/certs/ca-root-nss.crt',
             Proto => 'tcp',
             MultiHomed => 1,
             Timeout => opt('timeout'),


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: edwin 
State-Changed-When: Mon Nov 25 14:00:09 UTC 2013 
State-Changed-Why:  
Awaiting maintainers feedback (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=184283 

From: Edwin Groothuis <edwin@FreeBSD.org>
To: simon.krenz@ghostbsd.org
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/184283: dns/ddclient fails with ssl=yes after upgrading p5-IO-Socket-SSL to 1.950
Date: Mon, 25 Nov 2013 14:00:09 UT

 Maintainer of dns/ddclient,
 
 Please note that PR ports/184283 has just been submitted.
 
 If it contains a patch for an upgrade, an enhancement or a bug fix
 you agree on, reply to this email stating that you approve the patch
 and a committer will take care of it.
 
 The full text of the PR can be found at:
     http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/184283
 
 -- 
 Edwin Groothuis via the GNATS Auto Assign Tool
 edwin@FreeBSD.org
State-Changed-From-To: feedback->open 
State-Changed-By: jadawin 
State-Changed-When: Tue Dec 10 08:43:14 UTC 2013 
State-Changed-Why:  
Maintainer timed out. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=184283 

From: Matthew Luckie <mjl@luckie.org.nz>
To: bug-followup@FreeBSD.org
Cc: Ari Suutari <ari@stonepile.fi>
Subject: Re: ports/184283: dns/ddclient fails with ssl=yes after upgrading
 p5-IO-Socket-SSL to 1.950
Date: Sun, 19 Jan 2014 08:31:53 -0800

 --J2SCkAp4GZ/dPZZf
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 
 I believe this was fixed in revision 340227 and this PR can be closed.
 --J2SCkAp4GZ/dPZZf
 Content-Type: application/pgp-signature
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (FreeBSD)
 
 iEYEARECAAYFAlLb/fkACgkQKyuDKSEQAGCtoQCfejTCMQg0i4NN9eqIuqYzfF/8
 OXAAn0cYmrFBq7JgO1q1J1iMcjYkx6GI
 =pMGR
 -----END PGP SIGNATURE-----
 
 --J2SCkAp4GZ/dPZZf--
State-Changed-From-To: open->closed 
State-Changed-By: linimon 
State-Changed-When: Sun Jan 19 17:33:42 UTC 2014 
State-Changed-Why:  
apparently fixed. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=184283 
>Unformatted:
