View previous topic :: View next topic |
Author |
Message |
RayOfLight Tux's lil' helper
Joined: 27 Aug 2013 Posts: 108 Location: Catalunya
|
Posted: Fri Feb 20, 2015 10:09 pm Post subject: [SOLVED] Unable to update IP in DDNS with ddclient |
|
|
EDIT: Solved the problem by globally disabling bindist USE flag (I don't remember why I added it, sorry.
Hello, I've been trying to update my current IP to my DDNS service provider but ddclient keeps failing with:
Code: | WARNING: cannot connect to ipv4.nsupdate.info:443 socket: IO::Socket::IP configuration failed SSL connect attempt failed with unknown error error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
FAILED: updating mydomain.nsupdate.info: Could not connect to ipv4.nsupdate.info. |
If I try to connect to their server with curl forcing SSLv3 I get (using TLSv1.x works): (I guess this is related to the POODLE vulnerability)
Code: |
curl --sslv3 https://ipv4.nsupdate.info/ -vv
* Hostname was NOT found in DNS cache
* Trying 85.10.192.104...
* Connected to ipv4.nsupdate.info (85.10.192.104) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS alert, Server hello (2):
* error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
* Closing connection 0
curl: (35) error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure |
Watching ddclient source code in /usr/bin/ddclient, I get that it uses perl and specifically IO-Socket-SSL for its secure connection.
I've upgraded openssl, curl, ddclient and IO-Socket-SSL to the latest unstable amd64 version and it still doesn't work, I'm updating my IP with plain clear HTTP
I'm posting this here because using a different machine (Arch linux), which installs:
Code: | net-tools-1.60.20130531git-1 perl-digest-sha1-2.13-5 perl-io-socket-ssl-2.010-1 perl-net-ssleay-1.68-1 perl-uri-1.65-1 ddclient-3.8.2-3 |
makes the ddclient update work (with the same config), so I guess that Gentoo perl packages are really old and are the culprit of the problem (perl IO-Socket-SSL is now onto 2.012 already, gentoo is on 1.967 stable and 1.998 unstable)
I'm unable to find a Gentoo overlay with a more recent version. And I thought Gentoo was bleeding edge, damn :/
My gentoo IO-Socket-SSL possibilities:
Code: | * dev-perl/IO-Socket-SSL [gentoo]
Herd: perl (perl@gentoo.org)
Maintainer: None specified
Upstream: Remote-ID: IO-Socket-SSL ID: cpan
Remote-ID: IO::Socket::SSL ID: cpan-module
Remote-ID: IO::Socket::SSL::SSL_Context ID: cpan-module
Remote-ID: IO::Socket::SSL::SSL_HANDLE ID: cpan-module
Remote-ID: IO::Socket::SSL::Session_Cache ID: cpan-module
Homepage: http://search.cpan.org/dist/IO-Socket-SSL/
Location: /usr/portage/dev-perl/IO-Socket-SSL
Keywords: 1.953.0:0: arm64 m68k s390 sh
Keywords: 1.967.0:0: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Keywords: 1.998.0:0: ~alpha ~amd64 ~amd64-fbsd ~amd64-linux ~arm ~arm-linux ~arm64 ~hppa ~ia64 ~ia64-linux ~m68k ~m68k-mint ~mips ~ppc
~ppc-aix ~ppc-macos ~ppc64 ~s390 ~sh ~sparc ~sparc-solaris ~sparc64-solaris ~x64-freebsd ~x64-macos ~x64-solaris ~x86
~x86-fbsd ~x86-freebsd ~x86-interix ~x86-linux ~x86-macos ~x86-solaris
License: || ( Artistic GPL-1+ ) |
I've read on the wiki that we have no mantainer for perl, but can anybody shine some light onto this problem?
Last edited by RayOfLight on Mon Feb 23, 2015 1:37 am; edited 3 times in total |
|
Back to top |
|
|
Ant P. Watchman
Joined: 18 Apr 2009 Posts: 6920
|
Posted: Sat Feb 21, 2015 6:48 pm Post subject: |
|
|
There is a possible workaround: install g-cpan and use that to get an up to date IO-Socket-SSL ebuild. |
|
Back to top |
|
|
RayOfLight Tux's lil' helper
Joined: 27 Aug 2013 Posts: 108 Location: Catalunya
|
Posted: Sun Feb 22, 2015 3:03 pm Post subject: g-cpan, how does it work? |
|
|
Thank you, thats a great idea, I've emerged g-cpan but I'm struggling with it and its lack of documentation, so I still haven't been able to update a simple perl module
As far as I've gone, I've created a /usr/local/portage local overlay with its manifest and repo_name following this message:
http://gentoo.2317880.n4.nabble.com/how-to-use-g-cpan-td243126.html
if I list g-cpan overlays:
Code: | # g-cpan -l
Possible precedence issue with control flow operator at /usr/lib64/perl5/vendor_perl/5.20.1/Shell/EnvImporter/Result.pm line 88.
Use of uninitialized value $_[1] in read at /usr/lib64/perl5/5.20.1/x86_64-linux-thread-multi/IO/Handle.pm line 463.
Use of uninitialized value $_[1] in read at /usr/lib64/perl5/5.20.1/x86_64-linux-thread-multi/IO/Handle.pm line 463.
Use of uninitialized value $_[1] in read at /usr/lib64/perl5/5.20.1/x86_64-linux-thread-multi/IO/Handle.pm line 463.
Use of uninitialized value $_[1] in read at /usr/lib64/perl5/5.20.1/x86_64-linux-thread-multi/IO/Handle.pm line 463.
Use of uninitialized value $_[1] in read at /usr/lib64/perl5/5.20.1/x86_64-linux-thread-multi/IO/Handle.pm line 463.
Use of uninitialized value $_[1] in read at /usr/lib64/perl5/5.20.1/x86_64-linux-thread-multi/IO/Handle.pm line 463.
Use of uninitialized value $_[1] in read at /usr/lib64/perl5/5.20.1/x86_64-linux-thread-multi/IO/Handle.pm line 463.
Use of uninitialized value $_[1] in read at /usr/lib64/perl5/5.20.1/x86_64-linux-thread-multi/IO/Handle.pm line 463.
Use of uninitialized value $_[1] in read at /usr/lib64/perl5/5.20.1/x86_64-linux-thread-multi/IO/Handle.pm line 463.
Use of uninitialized value $_[1] in read at /usr/lib64/perl5/5.20.1/x86_64-linux-thread-multi/IO/Handle.pm line 463.
Use of uninitialized value $_[1] in read at /usr/lib64/perl5/5.20.1/x86_64-linux-thread-multi/IO/Handle.pm line 463.
Use of uninitialized value $_[1] in read at /usr/lib64/perl5/5.20.1/x86_64-linux-thread-multi/IO/Handle.pm line 463.
* OVERLAY: /usr/local/portage/perl-gcpan |
the overlay folder is portage owned and when I ask for IO-Socket-SSL:
Code: | g-cpan -gv IO-Socket-SSL
Possible precedence issue with control flow operator at /usr/lib64/perl5/vendor_perl/5.20.1/Shell/EnvImporter/Result.pm line 88.
Use of uninitialized value $_[1] in read at /usr/lib64/perl5/5.20.1/x86_64-linux-thread-multi/IO/Handle.pm line 463.
Use of uninitialized value $_[1] in read at /usr/lib64/perl5/5.20.1/x86_64-linux-thread-multi/IO/Handle.pm line 463.
Use of uninitialized value $_[1] in read at /usr/lib64/perl5/5.20.1/x86_64-linux-thread-multi/IO/Handle.pm line 463.
Use of uninitialized value $_[1] in read at /usr/lib64/perl5/5.20.1/x86_64-linux-thread-multi/IO/Handle.pm line 463.
Use of uninitialized value $_[1] in read at /usr/lib64/perl5/5.20.1/x86_64-linux-thread-multi/IO/Handle.pm line 463.
Use of uninitialized value $_[1] in read at /usr/lib64/perl5/5.20.1/x86_64-linux-thread-multi/IO/Handle.pm line 463.
Use of uninitialized value $_[1] in read at /usr/lib64/perl5/5.20.1/x86_64-linux-thread-multi/IO/Handle.pm line 463.
Use of uninitialized value $_[1] in read at /usr/lib64/perl5/5.20.1/x86_64-linux-thread-multi/IO/Handle.pm line 463.
Use of uninitialized value $_[1] in read at /usr/lib64/perl5/5.20.1/x86_64-linux-thread-multi/IO/Handle.pm line 463.
Use of uninitialized value $_[1] in read at /usr/lib64/perl5/5.20.1/x86_64-linux-thread-multi/IO/Handle.pm line 463.
Use of uninitialized value $_[1] in read at /usr/lib64/perl5/5.20.1/x86_64-linux-thread-multi/IO/Handle.pm line 463.
Use of uninitialized value $_[1] in read at /usr/lib64/perl5/5.20.1/x86_64-linux-thread-multi/IO/Handle.pm line 463.
* Getting CPAN Info for IO::Socket::SSL
-CPAN: Storable loaded ok (v2.49)
Reading '/var/tmp/g-cpan/.cpan/Metadata'
Database was generated on Sun, 22 Feb 2015 14:29:02 GMT
* Scanning /usr/local/portage for IO-Socket-SSL
* Scanning /usr/portage for IO-Socket-SSL
Use of uninitialized value $_[1] in read at /usr/lib64/perl5/5.20.1/x86_64-linux-thread-multi/IO/Handle.pm line 463.
Use of uninitialized value $_[1] in read at /usr/lib64/perl5/5.20.1/x86_64-linux-thread-multi/IO/Handle.pm line 463.
Use of uninitialized value $_[1] in read at /usr/lib64/perl5/5.20.1/x86_64-linux-thread-multi/IO/Handle.pm line 463.
Use of uninitialized value $_[1] in read at /usr/lib64/perl5/5.20.1/x86_64-linux-thread-multi/IO/Handle.pm line 463.
Use of uninitialized value $_[1] in read at /usr/lib64/perl5/5.20.1/x86_64-linux-thread-multi/IO/Handle.pm line 463.
Use of uninitialized value $_[1] in read at /usr/lib64/perl5/5.20.1/x86_64-linux-thread-multi/IO/Handle.pm line 463.
Use of uninitialized value $_[1] in read at /usr/lib64/perl5/5.20.1/x86_64-linux-thread-multi/IO/Handle.pm line 463.
Use of uninitialized value $_[1] in read at /usr/lib64/perl5/5.20.1/x86_64-linux-thread-multi/IO/Handle.pm line 463.
Use of uninitialized value $_[1] in read at /usr/lib64/perl5/5.20.1/x86_64-linux-thread-multi/IO/Handle.pm line 463.
Use of uninitialized value $_[1] in read at /usr/lib64/perl5/5.20.1/x86_64-linux-thread-multi/IO/Handle.pm line 463.
Use of uninitialized value $_[1] in read at /usr/lib64/perl5/5.20.1/x86_64-linux-thread-multi/IO/Handle.pm line 463.
Use of uninitialized value $_[1] in read at /usr/lib64/perl5/5.20.1/x86_64-linux-thread-multi/IO/Handle.pm line 463.
* Found ebuild for CPAN name IO-Socket-SSL
* Ebuild already exists for IO-Socket-SSL (dev-perl/IO-Socket-SSL)
* Cleaning temporary space |
And I don't know what else can I do as it keeps telling me ebuilds already exist and doesn't create any file at all in my local overlay
Is there any way I can force it to create and store a more recent ebuild on my overlay? Destroying my dev-perl ebuilds (until later emerge --sync) doesn't look like a good idea.
I don't know if its me or gentoo g-cpan docs http://wiki.gentoo.org/wiki/Project:Perl/g-cpan are seriously helpless? Any hint for me? |
|
Back to top |
|
|
Ant P. Watchman
Joined: 18 Apr 2009 Posts: 6920
|
Posted: Sun Feb 22, 2015 6:44 pm Post subject: |
|
|
I don't remember g-cpan being *that* broken. Wouldn't be surprised if it's abandonware at this point though...
Maybe this'll work better:
Code: | mkdir -p /usr/local/portage/dev-perl/IO-Socket-SSL
cp /usr/portage/dev-perl/IO-Socket-SSL/IO-Socket-SSL-1.998.0.ebuild \
/usr/local/portage/dev-perl/IO-Socket-SSL/IO-Socket-SSL-2.012.ebuild
emerge -1av =IO-Socket-SSL-2.012 |
|
|
Back to top |
|
|
RayOfLight Tux's lil' helper
Joined: 27 Aug 2013 Posts: 108 Location: Catalunya
|
Posted: Mon Feb 23, 2015 1:35 am Post subject: |
|
|
Thats a cool idea, just for completeness, don't forget to run
Code: | ebuild IO-Socket-SSL-2.012.ebuild digest |
and modify basic things like:
Code: | # $Header: /var/cvsroot/gentoo-x86/dev-perl/IO-Socket-SSL/IO-Socket-SSL-2.012.0.ebuild,v 1.1 2014/09/22 21:08:07 monsieurp Exp $
MODULE_VERSION=2.012
KEYWORDS="amd64" |
I also overlayed Net-SSLeay to the latest version:
Code: | # $Header: /var/cvsroot/gentoo-x86/dev-perl/Net-SSLeay/Net-SSLeay-1.680.0.ebuild,v 1.7 2015/01/24 11:28:46 zlogene Exp $
MODULE_VERSION=1.68 |
But it still doesn't work, so I started coding a little perl script (my first perl experience, lol) and it did show the same error so I tried running the script on the arch linux box and my gentoo laptop (the problem is on the server) and it worked on those two!
So I reverted the perl modules to the stable gentoo ones and focused on different things.
So trying to guess the differences between those two gentoos I've checked the USE flags for many packages and OpenSSL has one difference, my server has +bindist and it tells me: + + bindist : Disable EC/RC5 algorithms (as they seem to be patented) -- note: changes the ABI
So after disabling bindist (I think I enabled them some time ago to be able to successfully update the system) EVERYTHING started working perfectly!
Note: Bindist has to be disabled on both openssl and openssh.
ddclient with bindist (before):
Code: | WARNING: cannot connect to ipv4.nsupdate.info:443 socket: IO::Socket::IP configuration failed SSL connect attempt failed because of handshake problems error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure |
ddclient without bindist (after):
Code: | CONNECTED: using SSL |
Thank you Ant P. for your continued help |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|