| 
									
										
										
										
											2014-07-25 09:50:24 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Fri Jul 25 09:32:05 UTC 2014 - coolo@suse.com | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - updated to 1.997, huge Changes  | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-23 06:22:46 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Sat Mar 22 19:05:20 UTC 2014 - coolo@suse.com | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - updated to 1.970 | 
					
						
							|  |  |  |  - fix rt#93987 by making sure sub default_ca does use a local $_ and not a | 
					
						
							|  |  |  |    version of an outer scope which might be read-only.  Thanks to gshank | 
					
						
							|  |  |  |  1.969 2014/03/13 | 
					
						
							|  |  |  |  - fix set_defaults to match documentation regarding short names | 
					
						
							|  |  |  |  - new function set_args_filter_hack to make it possible to override bad SSL | 
					
						
							|  |  |  |    settings from other code at the last moment. | 
					
						
							|  |  |  |  - determine default_ca on module load (and not on first use in each thread) | 
					
						
							|  |  |  |  - don't try default hostname verification if verify_mode 0 | 
					
						
							|  |  |  |  - fix hostname verification when reusing context | 
					
						
							|  |  |  |  1.968 2014/03/13 | 
					
						
							|  |  |  |  - BEHAVIOR CHANGE: removed implicit defaults of certs/server-{cert,key}.pem | 
					
						
							|  |  |  |    for SSL_{cert,key}_file and ca/,certs/my-ca.pem for SSL_ca_file. | 
					
						
							|  |  |  |    These defaults were depreceated since 1.951 (2013/7/3). | 
					
						
							|  |  |  |  - Usable CA verification path on Windows etc: | 
					
						
							|  |  |  |    Do not use Net::SSLeay::CTX_set_default_verify_paths any longer to set | 
					
						
							|  |  |  |    system/build dependended default verification path, because there was no | 
					
						
							|  |  |  |    way to retrieve these default values and check if they contained usable | 
					
						
							|  |  |  |    CA. Instead re-implement the same algorithm and export the results with | 
					
						
							|  |  |  |    public function default_ca() and make it possible to overwrite it. | 
					
						
							|  |  |  |    Also check for usable verification path during build. | 
					
						
							|  |  |  |    If no usable path are detected require Mozilla::CA at build and try to | 
					
						
							|  |  |  |    use it at runtime. | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
											  
											
												- updated to 1.967
 - verify the hostname inside a certificate by default with a superset of
   common verification schemes instead of not verifying identity at all.
   For now it will only complain if name verification failed, in the future
   it will fail certificate verification, forcing you to set the expected
   SSL_verifycn_name if you want to accept the certificate.
 - new option SSL_fingerprint and new methods get_fingerprint and
   get_fingerprint_bin. Together they can be used to selectively accept
   specific certificates which would otherwise fail verification, like
   self-signed, outdated or from unknown CAs.
   This makes another reason to disable verification obsolete.
 - Utils:
   - default RSA key length 2048
   - digest algorithm to sign certificate in CERT_create can be given,
     defaults to SHA-256
   - CERT_create can now issue non-CA selfsigned certificate
   - CERT_create add some more useful constraints to certificate
 - spelling fixes, thanks to ville[dot]skytta[at]iki[dot]fi
 1.966 2014/01/21
 - fixed bug introduced in 1.964 - disabling TLSv1_2 worked no longer with
   specifying !TLSv12, only !TLSv1_2 worked
 - fixed leak of session objects in SessionCache, if another session 
   replaced an existing session (introduced in 1.965)
 1.965 2014/01/16
 - new key SSL_session_key to influence how sessions are inserted and looked
   up in the clients session cache. This makes it possible to share sessions
   over different ip:host (like required with some FTPS servers)
 - t/core.t - handle case, were default loopback source is not 127.0.0.1, like
   in FreeBSD jails
 1.964 2014/01/15
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-IO-Socket-SSL?expand=0&rev=69
											
										 
											2014-02-09 14:36:31 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Sun Feb  9 13:30:59 UTC 2014 - coolo@suse.com | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - updated to 1.967 | 
					
						
							|  |  |  |  - verify the hostname inside a certificate by default with a superset of | 
					
						
							|  |  |  |    common verification schemes instead of not verifying identity at all. | 
					
						
							|  |  |  |    For now it will only complain if name verification failed, in the future | 
					
						
							|  |  |  |    it will fail certificate verification, forcing you to set the expected | 
					
						
							|  |  |  |    SSL_verifycn_name if you want to accept the certificate. | 
					
						
							|  |  |  |  - new option SSL_fingerprint and new methods get_fingerprint and | 
					
						
							|  |  |  |    get_fingerprint_bin. Together they can be used to selectively accept | 
					
						
							|  |  |  |    specific certificates which would otherwise fail verification, like | 
					
						
							|  |  |  |    self-signed, outdated or from unknown CAs. | 
					
						
							|  |  |  |    This makes another reason to disable verification obsolete. | 
					
						
							|  |  |  |  - Utils: | 
					
						
							|  |  |  |    - default RSA key length 2048 | 
					
						
							|  |  |  |    - digest algorithm to sign certificate in CERT_create can be given, | 
					
						
							|  |  |  |      defaults to SHA-256 | 
					
						
							|  |  |  |    - CERT_create can now issue non-CA selfsigned certificate | 
					
						
							|  |  |  |    - CERT_create add some more useful constraints to certificate | 
					
						
							|  |  |  |  - spelling fixes, thanks to ville[dot]skytta[at]iki[dot]fi | 
					
						
							|  |  |  |  1.966 2014/01/21 | 
					
						
							|  |  |  |  - fixed bug introduced in 1.964 - disabling TLSv1_2 worked no longer with | 
					
						
							|  |  |  |    specifying !TLSv12, only !TLSv1_2 worked | 
					
						
							|  |  |  |  - fixed leak of session objects in SessionCache, if another session  | 
					
						
							|  |  |  |    replaced an existing session (introduced in 1.965) | 
					
						
							|  |  |  |  1.965 2014/01/16 | 
					
						
							|  |  |  |  - new key SSL_session_key to influence how sessions are inserted and looked | 
					
						
							|  |  |  |    up in the clients session cache. This makes it possible to share sessions | 
					
						
							|  |  |  |    over different ip:host (like required with some FTPS servers) | 
					
						
							|  |  |  |  - t/core.t - handle case, were default loopback source is not 127.0.0.1, like | 
					
						
							|  |  |  |    in FreeBSD jails | 
					
						
							|  |  |  |  1.964 2014/01/15 | 
					
						
							|  |  |  |  - Disabling TLSv1_1 did not work, because the constant was wrong. Now it gets | 
					
						
							|  |  |  |    the constants from calling Net::SSLeay::SSL_OP_NO_TLSv1_1 etc | 
					
						
							|  |  |  |  - The new syntax for the protocols is TLSv1_1 instead of TLSv11. | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-11-29 11:17:04 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Fri Nov 29 11:05:49 UTC 2013 - coolo@suse.com | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - updated to 1.962 | 
					
						
							|  |  |  |  - work around problems with older F5 BIG-IP by offering fewer ciphers on the | 
					
						
							|  |  |  |    client side by default, so that the client hello stays below 255 byte | 
					
						
							|  |  |  |  - IO::Socket::SSL::Utils::CERT_create can now create CA-certificates which | 
					
						
							|  |  |  |    are not self-signed (by giving issuer_*) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-11-26 08:14:16 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Tue Nov 26 07:34:03 UTC 2013 - coolo@suse.com | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - updated to 1.960 | 
					
						
							|  |  |  |  only documentation enhancements: | 
					
						
							|  |  |  |  - clarify with text and example code, that within event loops not only | 
					
						
							|  |  |  |    select/poll should be used, but also pending has to be called. | 
					
						
							|  |  |  |  - better introduction into SSL, at least mention anonymous authentication as | 
					
						
							|  |  |  |    something you don't want and should take care with the right cipher | 
					
						
							|  |  |  |  - make it more clear, that user better does not change the cipher list, unless | 
					
						
							|  |  |  |    he really know what he is doing | 
					
						
							|  |  |  |  1.959 2013/11/12 | 
					
						
							|  |  |  |  - bugfix test core.t windows only | 
					
						
							|  |  |  |  1.958 2013/11/11 | 
					
						
							|  |  |  |  - cleanup: remove workaround for old IO::Socket::INET6 but instead require at | 
					
						
							|  |  |  |    least version 2.55 which is now 5 years old | 
					
						
							|  |  |  |  - fix t/session.t #RT90240, thanks to  paul[AT]city-fan[DOT]org | 
					
						
							|  |  |  |  1.957 2013/11/11 | 
					
						
							|  |  |  |  - fixed t/core.t: test uses cipher_list of HIGH, which includes anonymous | 
					
						
							|  |  |  |    authorization. With the DH param given by default since 1.956 old versions of | 
					
						
							|  |  |  |    openssl (like 0.9.8k) used cipher ADH-AES256-SHA (e.g. anonymous | 
					
						
							|  |  |  |    authorization) instead of AES256-SHA and thus the check for the peer | 
					
						
							|  |  |  |    certificate failed (because ADH does not exchanges certificates). | 
					
						
							|  |  |  |    Fixed by explicitly specifying HIGH:!aNULL as cipher | 
					
						
							|  |  |  |    RT#90221, thanks to  paul[AT]city-fan[DOT]org | 
					
						
							|  |  |  |  - cleaned up tests:  | 
					
						
							|  |  |  |    - remove ssl_settings.req and 02settings.t, because all tests now create a | 
					
						
							|  |  |  |      simple socket at 127.0.0.1 and thus global settings are no longer needed. | 
					
						
							|  |  |  |    - some tests did not have use strict(!), fixed it. | 
					
						
							|  |  |  |    - removed special handling for older Net::SSLeay versions, which are less than | 
					
						
							|  |  |  |      our minimum requirement | 
					
						
							|  |  |  |    - some syntax enhancements, removed some SSL_version and SSL_cipher_list | 
					
						
							|  |  |  |      options where they were not really needed | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-10-04 11:45:41 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Fri Oct  4 09:11:21 UTC 2013 - coolo@suse.com | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - updated to 1.954 | 
					
						
							|  |  |  |  - accept older versions of ExtUtils::MakeMaker and add meta information | 
					
						
							|  |  |  |    like link to repository only for newer versions. | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-07-27 12:19:06 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Sat Jul 27 11:58:48 UTC 2013 - coolo@suse.com | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - updated to 1.953 | 
					
						
							|  |  |  |  - fixes to IO::Socket::SSL::Utils, thanks to rurban[AT]x-ray[DOT]at, | 
					
						
							|  |  |  |    RT#87052 | 
					
						
							|  |  |  |  - fix t/acceptSSL-timeout.t on Win32, RT#86862 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
											  
											
												Accepting request 182138 from home:lnussel:branches:devel:languages:perl
- new version 0.951
  * better document builtin defaults for key,cert,CA and how they are depreceated
  * use Net::SSLeay::SSL_CTX_set_default_verify_paths to use
    openssl's builtin defaults for CA unless CA path/file was given
  * MAJOR BEHAVIOR CHANGE:
    ssl_verify_mode now defaults to verify_peer for client. Until
    now it used verify_none, but loudly complained since 1.79 about
    it. It will not complain any longer, but the connection might
    probably fail. Please don't simply disable ssl verification, but
    instead set SSL_ca_file etc so that verification succeeds!
  * MAJOR BEHAVIOR CHANGE:
    it will now complain if the builtin defaults of certs/my-ca.pem
    or ca/ for CA and certs/{server,client}-{key,cert}.pem for cert
    and key are used, e.g. no certificates are specified explicitly.
    In the future these insecure (relative path!) defaults will be
    removed and the CA replaced with the system defaults.
  * Makefile.PL reported wrong version of openssl, if Net::SSLeay was not
    installed instead of reporting missing dependency to Net::SSLeay.
  * need at least OpenSSL version 0.9.8 now, since last 0.9.7 was released 6
    years ago. Remove code to work around older releases.
  * changed AUTHOR in Makefile.PL from array back to string, because the
    array feature is not available in MakeMaker shipped with 5.8.9 (RT#85739)
  * Intercept: use sha1-fingerprint of original cert for id into cache unless 
    otherwise given
  * Fix pod error in IO::Socket::SSL::Utils RT#85733
  * added IO::Socket::SSL::Utils for easier manipulation of certificates and keys
  * moved SSL interception into IO::Socket::SSL::Intercept and simplified it 
    using IO::Socket::SSL::Utils
  * enhance meta information in Makefile.PL
  * RT#85290, support more digest, especially SHA-2.
OBS-URL: https://build.opensuse.org/request/show/182138
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-IO-Socket-SSL?expand=0&rev=59
											
										 
											2013-07-25 09:25:21 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Wed Jul  3 08:20:14 UTC 2013 - lnussel@suse.de | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - new version 0.951 | 
					
						
							|  |  |  |   * better document builtin defaults for key,cert,CA and how they are depreceated | 
					
						
							|  |  |  |   * use Net::SSLeay::SSL_CTX_set_default_verify_paths to use | 
					
						
							|  |  |  |     openssl's builtin defaults for CA unless CA path/file was given | 
					
						
							|  |  |  |   * MAJOR BEHAVIOR CHANGE: | 
					
						
							|  |  |  |     ssl_verify_mode now defaults to verify_peer for client. Until | 
					
						
							|  |  |  |     now it used verify_none, but loudly complained since 1.79 about | 
					
						
							|  |  |  |     it. It will not complain any longer, but the connection might | 
					
						
							|  |  |  |     probably fail. Please don't simply disable ssl verification, but | 
					
						
							|  |  |  |     instead set SSL_ca_file etc so that verification succeeds! | 
					
						
							|  |  |  |   * MAJOR BEHAVIOR CHANGE: | 
					
						
							|  |  |  |     it will now complain if the builtin defaults of certs/my-ca.pem | 
					
						
							|  |  |  |     or ca/ for CA and certs/{server,client}-{key,cert}.pem for cert | 
					
						
							|  |  |  |     and key are used, e.g. no certificates are specified explicitly. | 
					
						
							|  |  |  |     In the future these insecure (relative path!) defaults will be | 
					
						
							|  |  |  |     removed and the CA replaced with the system defaults. | 
					
						
							|  |  |  |   * Makefile.PL reported wrong version of openssl, if Net::SSLeay was not | 
					
						
							|  |  |  |     installed instead of reporting missing dependency to Net::SSLeay. | 
					
						
							|  |  |  |   * need at least OpenSSL version 0.9.8 now, since last 0.9.7 was released 6 | 
					
						
							|  |  |  |     years ago. Remove code to work around older releases. | 
					
						
							|  |  |  |   * changed AUTHOR in Makefile.PL from array back to string, because the | 
					
						
							|  |  |  |     array feature is not available in MakeMaker shipped with 5.8.9 (RT#85739) | 
					
						
							|  |  |  |   * Intercept: use sha1-fingerprint of original cert for id into cache unless  | 
					
						
							|  |  |  |     otherwise given | 
					
						
							|  |  |  |   * Fix pod error in IO::Socket::SSL::Utils RT#85733 | 
					
						
							|  |  |  |   * added IO::Socket::SSL::Utils for easier manipulation of certificates and keys | 
					
						
							|  |  |  |   * moved SSL interception into IO::Socket::SSL::Intercept and simplified it  | 
					
						
							|  |  |  |     using IO::Socket::SSL::Utils | 
					
						
							|  |  |  |   * enhance meta information in Makefile.PL | 
					
						
							|  |  |  |   * RT#85290, support more digest, especially SHA-2. | 
					
						
							|  |  |  |     Thanks to ujvari[AT]microsec[DOT]hu | 
					
						
							|  |  |  |   * added support for easy SSL interception (man in the middle) based | 
					
						
							|  |  |  |     on ideas found in mojo*mitm proxy (which was written by Karel Miko) | 
					
						
							|  |  |  |   * make 1.46 the minimal required version for Net::SSLeay, because it  | 
					
						
							|  |  |  |     introduced lots of useful functions. | 
					
						
							|  |  |  |   * if IO::Socket::IP is used it should be at least version 0.20, o | 
					
						
							|  |  |  |   * Spelling corrections, thanks to dsteinbrunner | 
					
						
							|  |  |  | - remove the dependency on IO::Socket::INET6 as it breaks the test suite | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
											  
											
												- update to 1.88
  + consider a value of '' the same as undef for SSL_ca_(path|file)
  + complain if given SSL_(key|cert|ca)_(file|path) do not exist or
    if they are not readable
  + disabled client side SNI for openssl version < 1.0.0 
  + added functions can_client_sni, can_server_sni, can_npn to check 
    avaibility of SNI and NPN features. Added more documentation for 
    SNI and NPN
  + Server Name Indication (SNI) support on the server side 
  + sub error sets $SSL_ERROR etc only if there really is an error,
    otherwise it will keep the latest error. This causes
    IO::Socket::SSL->new.. to report the correct problem, even if
    the problem is deeper in the code (like in connect)
  + deprecated set_ctx_defaults, new name ist set_defaults
  + changed handling of default path for SSL_(ca|cert|key)* keys: either
    if one of these keys is user defined don't add defaults for the
    others, e.g.  don't mix user settings and defaults
  + cleaner handling of module defaults vs. global settings vs. socket
    specific settings 
  + prepare transition to a more secure default for SSL_verify_mode.
  The use of the current default SSL_VERIFY_NONE will cause a big warning
  for clients, unless SSL_verify_mode was explicitly set inside the
  application to this insecure value.
  In the near future the default will be SSL_VERIFY_PEER, and thus
  causing verification failures in unchanged applications.
  + use getnameinfo instead of unpack_sockaddr_in6 to get PeerAddr and
    PeerPort from sockaddr in _update_peer, because this provides scope
  + work around systems which don't defined AF_INET6
  + update_peer for IPv6 also
  + no longer depend on Socket.pm 1.95 for inet_pton, but use
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-IO-Socket-SSL?expand=0&rev=58
											
										 
											2013-05-11 23:06:34 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Sat May 11 22:51:07 UTC 2013 - lars@linux-schulserver.de | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.88 | 
					
						
							|  |  |  |   + consider a value of '' the same as undef for SSL_ca_(path|file) | 
					
						
							|  |  |  |   + complain if given SSL_(key|cert|ca)_(file|path) do not exist or | 
					
						
							|  |  |  |     if they are not readable | 
					
						
							|  |  |  |   + disabled client side SNI for openssl version < 1.0.0  | 
					
						
							|  |  |  |   + added functions can_client_sni, can_server_sni, can_npn to check  | 
					
						
							|  |  |  |     avaibility of SNI and NPN features. Added more documentation for  | 
					
						
							|  |  |  |     SNI and NPN | 
					
						
							|  |  |  |   + Server Name Indication (SNI) support on the server side  | 
					
						
							|  |  |  |   + sub error sets $SSL_ERROR etc only if there really is an error, | 
					
						
							|  |  |  |     otherwise it will keep the latest error. This causes | 
					
						
							|  |  |  |     IO::Socket::SSL->new.. to report the correct problem, even if | 
					
						
							|  |  |  |     the problem is deeper in the code (like in connect) | 
					
						
							|  |  |  |   + deprecated set_ctx_defaults, new name ist set_defaults | 
					
						
							|  |  |  |   + changed handling of default path for SSL_(ca|cert|key)* keys: either | 
					
						
							|  |  |  |     if one of these keys is user defined don't add defaults for the | 
					
						
							|  |  |  |     others, e.g.  don't mix user settings and defaults | 
					
						
							|  |  |  |   + cleaner handling of module defaults vs. global settings vs. socket | 
					
						
							|  |  |  |     specific settings  | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   + prepare transition to a more secure default for SSL_verify_mode. | 
					
						
							|  |  |  |   The use of the current default SSL_VERIFY_NONE will cause a big warning | 
					
						
							|  |  |  |   for clients, unless SSL_verify_mode was explicitly set inside the | 
					
						
							|  |  |  |   application to this insecure value. | 
					
						
							|  |  |  |   In the near future the default will be SSL_VERIFY_PEER, and thus | 
					
						
							|  |  |  |   causing verification failures in unchanged applications. | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   + use getnameinfo instead of unpack_sockaddr_in6 to get PeerAddr and | 
					
						
							|  |  |  |     PeerPort from sockaddr in _update_peer, because this provides scope | 
					
						
							|  |  |  |   + work around systems which don't defined AF_INET6 | 
					
						
							|  |  |  |   + update_peer for IPv6 also | 
					
						
							|  |  |  |   + no longer depend on Socket.pm 1.95 for inet_pton, but use  | 
					
						
							|  |  |  |     Socket6.pm if no current Socket.pm is available | 
					
						
							|  |  |  |   + made it possible to explicitly disable TLSv11 and TLSv12 in  | 
					
						
							|  |  |  |     SSL_version | 
					
						
							|  |  |  |   + fixed documentation errors | 
					
						
							|  |  |  |   + add support to IO::Socket::IP which support inet6 and inet4  | 
					
						
							|  |  |  |   + make it possible to disable protols using SSL_version, make  | 
					
						
							|  |  |  |     SSL_version default to 'SSLv23:!SSLv2' | 
					
						
							|  |  |  |   + remove SSLv2 from default cipher list  | 
					
						
							|  |  |  |   + if no explicit cipher list is given it will now default to ALL:!LOW  | 
					
						
							|  |  |  |     instead of the openssl default, which usually includes weak ciphers | 
					
						
							|  |  |  |   + new config key SSL_honor_cipher_order and documented how to use it | 
					
						
							|  |  |  |   + make it thread safer | 
					
						
							|  |  |  |   + added NPN (Next Protocol Negotiation) support  | 
					
						
							|  |  |  |   + call CTX_set_session_id_context so that servers session caching  | 
					
						
							|  |  |  |     works with client certificates too | 
					
						
							|  |  |  |   + don't make blocking readline if socket was set nonblocking, but  | 
					
						
							|  |  |  |     return as soon no more data are available | 
					
						
							|  |  |  |   + if SSLv2 is not supported by Net::SSLeay set SSL_ERROR with useful | 
					
						
							|  |  |  |     message when attempting to use it  | 
					
						
							|  |  |  |   + add automatic or explicit (via SSL_hostname) SNI support, needed | 
					
						
							|  |  |  |     for multiple SSL hostnames with same IP. Currently only supported | 
					
						
							|  |  |  |     for the client | 
					
						
							|  |  |  | - enable tests | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-02-22 08:29:05 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Wed Feb 22 02:35:27 UTC 2012 - vcizek@suse.com | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.55 | 
					
						
							|  |  |  | - work around IO::Sockets work around for systems returning EISCONN etc | 
					
						
							|  |  |  |   on connect retry for non-blocking sockets by clearing $! if SUPER::connect | 
					
						
							|  |  |  |   returned true. | 
					
						
							|  |  |  |   https://rt.cpan.org/Ticket/Display.html?id=75101 | 
					
						
							|  |  |  |   Thanks for Manoj Kumar for reporting. | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-01-13 12:39:39 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Fri Jan 13 02:36:10 UTC 2012 - vcizek@suse.com | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.54 | 
					
						
							|  |  |  | - return 0 instead of undef in SSL_verify_callback to fix unitialized | 
					
						
							|  |  |  |   warnings.  Thanks to d[DOT]thomas[AT]its[DOT]uq[DOT]edu[DOT]au for  | 
					
						
							|  |  |  |   reporting the bug and MIKEM for the fix. | 
					
						
							|  |  |  |   https://rt.cpan.org/Ticket/Display.html?id=73629 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-12-11 23:28:49 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Sun Dec 11 23:27:04 UTC 2011 - pascal.bleser@opensuse.org | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.53: | 
					
						
							|  |  |  |   * kill child in t/memleak_bad_hanshake.t if test fails RT#73146 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-10-31 08:37:11 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							| 
									
										
										
										
											2011-12-08 11:15:34 +00:00
										 |  |  | Thu Dec  8 02:34:14 UTC 2011 - vcizek@suse.com | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.52 | 
					
						
							|  |  |  |   - fix syntax error in t/memleak_bad_handshake.t | 
					
						
							|  |  |  |   - disable t/memleak_bad_handshake.t on AIX, because it might hang | 
					
						
							|  |  |  |     https://rt.cpan.org/Ticket/Display.html?id=72170 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ------------------------------------------------------------------- | 
					
						
							| 
									
										
										
										
											2011-10-31 08:37:11 +00:00
										 |  |  | Mon Oct 31 02:33:54 UTC 2011 - vcizek@suse.com | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.49 | 
					
						
							|  |  |  | - another regression for readline fix, this time it failed to return lines | 
					
						
							|  |  |  |   at eof which don't end with newline. Extended t/readline.t to catch this | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-10-27 11:09:21 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Thu Oct 27 01:34:16 UTC 2011 - vcizek@suse.com | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.48 | 
					
						
							|  |  |  | - bugfix for readline fix in 1.45. If the pending data where false | 
					
						
							|  |  |  |   (like '0') it failed to read rest of line. | 
					
						
							|  |  |  |   Thanks to Victor Popov for reporting | 
					
						
							|  |  |  |   https://rt.cpan.org/Ticket/Display.html?id=71953 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-10-24 09:41:50 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Mon Oct 24 01:37:27 UTC 2011 - vcizek@suse.com | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.47 | 
					
						
							|  |  |  |   fix for 1.46 - check for mswin32 needs to be /i. Thanks to | 
					
						
							|  |  |  |   Alexandr Ciornii for reporting | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-10-17 14:44:21 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							| 
									
										
										
										
											2011-10-19 11:39:44 +00:00
										 |  |  | Wed Oct 19 01:37:24 UTC 2011 - vcizek@suse.com | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.46 | 
					
						
							|  |  |  |   - added test for signals | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ------------------------------------------------------------------- | 
					
						
							| 
									
										
										
										
											2011-10-17 14:44:21 +00:00
										 |  |  | Mon Oct 17 01:35:42 UTC 2011 - vcizek@suse.com | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.45 | 
					
						
							|  |  |  | - fix readline to continue when getting interrupt waiting for more | 
					
						
							|  |  |  |   data. Thanks to kgc[AT]corp[DOT]sonic[DOT]net for reporting problem | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-05-27 20:11:45 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Fri May 27 20:07:41 UTC 2011 - pascal.bleser@opensuse.org | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.44: | 
					
						
							|  |  |  |   * fix invalid call to inet_pton in verify_hostname_of_cert when identity | 
					
						
							|  |  |  |     should be verified as ipv6 address, because it contains colon | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-05-11 11:15:04 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Wed May 11 10:45:47 UTC 2011 - pascal.bleser@opensuse.org | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.43: no user-visible changes: fixes in testsuite | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-05-10 19:38:21 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Tue May 10 19:18:51 UTC 2011 - pascal.bleser@opensuse.org | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.42: | 
					
						
							|  |  |  |   * add SSL_create_ctx_callback to have a way to adjust context on creation | 
					
						
							|  |  |  |     RT#67799 | 
					
						
							|  |  |  |   * describe problem of fake memory leak because of big session cache and how | 
					
						
							|  |  |  |     to fix it, see RT#68073 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - changes from 1.41: | 
					
						
							|  |  |  |   * fix issue in stop_SSL where it did not issue a shutdown of the SSL | 
					
						
							|  |  |  |     connection if it first received the shutdown from the other side | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-05-04 11:11:22 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Wed May  4 10:55:36 UTC 2011 - coolo@opensuse.org | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - updated to 1.40 | 
					
						
							|  |  |  |  - integrated patch from GAAS to get IDN support from URI. | 
					
						
							|  |  |  |    https://rt.cpan.org/Ticket/Display.html?id=67676 | 
					
						
							|  |  |  |  - fix in exampel/async_https_server. | 
					
						
							|  |  |  |    Thanks to DetlefPilzecker[AT]web[DOT]de for reporting | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-03-04 16:40:07 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Fri Mar  4 16:34:20 UTC 2011 - vcizek@novell.com | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.39 | 
					
						
							|  |  |  |   - fixed documentation of http verification: wildcards in cn is allowed | 
					
						
							|  |  |  |   - close should undef _SSL_fileno, because the fileno is no longer  | 
					
						
							|  |  |  |   valid (SSL connection and socket are closed) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-01-19 16:36:06 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Wed Jan 19 15:49:23 UTC 2011 - vcizek@novell.com | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.38 | 
					
						
							|  |  |  | - fixed wildcards_in_cn setting for http (wrongly set in 1.34 to 1 | 
					
						
							|  |  |  |   instead of anywhere). Thanks to dagolden[AT]cpan[DOT]org for | 
					
						
							|  |  |  |   reporting | 
					
						
							|  |  |  |   https://rt.cpan.org/Ticket/Display.html?id=64864 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-12-16 12:53:20 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Thu Dec 16 13:34:57 CET 2010 - anicka@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.37 | 
					
						
							|  |  |  |  * don't complain about invalid certificate locations if user | 
					
						
							|  |  |  |    explicitly set SSL_ca_path and SSL_ca_file to undef. Assume that | 
					
						
							|  |  |  |    user knows what he is doing and will work around the problems | 
					
						
							|  |  |  |    by itself. | 
					
						
							|  |  |  |  * update documentation for SSL_verify_callback based on  | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-12-07 14:04:25 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Tue Dec  7 15:02:25 CET 2010 - anicka@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.35 (fixes bnc#657907) | 
					
						
							|  |  |  |  * if verify_mode is not VERIFY_NONE and the ca_file/ca_path cannot | 
					
						
							|  |  |  |    be verified as valid it will no longer fall back to VERIFY_NONE | 
					
						
							|  |  |  |    but throw an error. | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-11-24 21:06:13 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							| 
									
										
										
										
											2010-12-01 13:47:26 +00:00
										 |  |  | Wed Dec  1 13:33:05 UTC 2010 - coolo@novell.com | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - switch to perl_requires macro | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ------------------------------------------------------------------- | 
					
						
							| 
									
										
										
										
											2010-11-24 21:12:52 +00:00
										 |  |  | Wed Nov 24 21:12:12 UTC 2010 - chris@computersalat.de | 
					
						
							| 
									
										
										
										
											2010-11-24 21:06:13 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  | - recreated by cpanspec 1.78 | 
					
						
							|  |  |  |   o fix deps | 
					
						
							|  |  |  | - noarch pkg | 
					
						
							|  |  |  | - removed Obsoletes/Provides p_iossl | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-03-26 10:54:20 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							| 
									
										
										
										
											2010-11-01 12:59:15 +00:00
										 |  |  | Mon Nov  1 13:09:07 CET 2010 - anicka@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.34 | 
					
						
							|  |  |  |  * schema http for certificate verification changed to  | 
					
						
							|  |  |  |    wildcards_in_cn=1, because according to rfc2818 this is valid | 
					
						
							|  |  |  |    and also seen in the wild | 
					
						
							|  |  |  |  * if upgrading socket from inet to ssl fails due to handshake | 
					
						
							|  |  |  |    problems the socket gets downgraded, but is still open. | 
					
						
							|  |  |  |  * depreceate kill_socket, just use close() | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Thu Mar 25 17:42:20 CET 2010 - anicka@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.33 | 
					
						
							|  |  |  |  * attempt to make t/memleak_bad_handshake.t more stable, it fails  | 
					
						
							|  |  |  |    for unknown reason on various systems | 
					
						
							|  |  |  |  * fix hostname checking: an IP should only be checked against  | 
					
						
							|  |  |  |    subjectAltName GEN_IPADD, never against GEN_DNS or CN. | 
					
						
							|  |  |  |   | 
					
						
							|  |  |  | ------------------------------------------------------------------- | 
					
						
							| 
									
										
										
										
											2010-03-26 10:54:20 +00:00
										 |  |  | Tue Feb 23 16:22:22 CET 2010 - anicka@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.32 | 
					
						
							|  |  |  |  * Makefile.PL: die if Scalar::Util has no dualvar support instead of | 
					
						
							|  |  |  |    only complaining. | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-01-14 17:13:04 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Wed Jan 13 16:34:59 CET 2010 - anicka@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.31 | 
					
						
							|  |  |  |  * add and export constants for SSL_VERIFY_*  | 
					
						
							|  |  |  |  * set SSL_use_cert if cert is given and not SSL_server | 
					
						
							|  |  |  |  * support alternative CRL file with SSL_crl_file thanks to patch of | 
					
						
							|  |  |  |    w[DOT]phillip[DOT]moore[AT]gmail[DOT]com | 
					
						
							|  |  |  |  * make t/memleak_bad_handshake.t more stable (increase listen queue, | 
					
						
							|  |  |  |    ignore errors on connect, don't run on windows..) | 
					
						
							|  |  |  |  * t/memleak_bad_handshake.t don't write errors with ps to stderr, | 
					
						
							|  |  |  |   -o vsize argument is not supported on all platforms, just skip | 
					
						
							|  |  |  |    test then | 
					
						
							|  |  |  |  * make sure that idn_to_ascii gets no \0 bytes from identity, because | 
					
						
							|  |  |  |    it simply cuts the string their (using C semantics). Not really a | 
					
						
							|  |  |  |    security problem because IDN like identity is provided by user in | 
					
						
							|  |  |  |    hostname, not by certificate. | 
					
						
							|  |  |  |  * fix test t/memleak_bad_handshake.t | 
					
						
							|  |  |  |  * fixed thanks for version 1.28 | 
					
						
							|  |  |  |  * fix memleak when SSL handshake failed. | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-01-10 18:13:15 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Sun Jan 10 15:43:32 CET 2010 - jengelh@medozas.de | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - enable parallel build | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-08-27 22:36:48 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Mon Aug  3 16:01:26 CEST 2009 - anicka@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.27 | 
					
						
							|  |  |  |  * changed possible local/utf-8 depended \w in some regex against more | 
					
						
							|  |  |  |    explicit [a-zA-Z0-9_]. Fixed one regex, where it assumed, that service | 
					
						
							|  |  |  |    names can't have '-' inside | 
					
						
							|  |  |  |  * fixed bug https://rt.cpan.org/Ticket/Display.html?id=48131 | 
					
						
							|  |  |  |    where eli[AT]dvns[DOT]com reported warnings when perl -w was used. | 
					
						
							|  |  |  |    While there made it more aware of errors in Net::ssl_write_all (return | 
					
						
							|  |  |  |    undef not 0 in generic_write) | 
					
						
							|  |  |  |  * SECURITY BUGFIX!  | 
					
						
							|  |  |  |    fix Bug in verify_hostname_of_cert where it matched only the prefix for  | 
					
						
							|  |  |  |    the hostname when no wildcard was given, e.g. www.example.org matched | 
					
						
							|  |  |  |    against a certificate with name www.exam in it | 
					
						
							|  |  |  |    Thanks to MLEHMANN for reporting | 
					
						
							|  |  |  |  * t/nonblock.t: increase number of bytes written to fix bug with OS X 10.5 | 
					
						
							|  |  |  |    https://rt.cpan.org/Ticket/Display.html?id=47240 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-04-07 12:13:03 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Mon Apr  6 13:45:00 CEST 2009 - anicka@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.24 | 
					
						
							|  |  |  |  * add verify hostname scheme ftp, same as http | 
					
						
							|  |  |  |  * renew test certificates again (root CA expired, now valid for | 
					
						
							|  |  |  |    10 years) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-01-22 12:14:33 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							| 
									
										
										
										
											2009-02-23 22:48:47 +00:00
										 |  |  | Mon Feb 23 16:49:53 CET 2009 - anicka@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.23 | 
					
						
							|  |  |  |  * if neither SSL_ca_file nor SSL_ca_path are known (e.g not given | 
					
						
							|  |  |  |    and the default values have no existing file|path) disable | 
					
						
							|  |  |  |    checking of certificates, but carp about the problem | 
					
						
							|  |  |  |  * new test certificates, the old ones expired and caused tests  | 
					
						
							|  |  |  |    to fail | 
					
						
							|  |  |  |  * Net::SSLeay stores verify callbacks inside hash and never clears | 
					
						
							|  |  |  |    them, so set verify callback to NULL in destroy of context | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ------------------------------------------------------------------- | 
					
						
							| 
									
										
										
										
											2009-01-22 12:14:33 +00:00
										 |  |  | Tue Jan 20 17:50:47 CET 2009 - anicka@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.20 | 
					
						
							|  |  |  |  * only changes on test suite to make it ready for win32 | 
					
						
							|  |  |  |  * fix verfycn_name autodetection from PeerAddr/PeerHost | 
					
						
							|  |  |  |  * fixed typo in argument: wildcars_in_cn -> wildcards_in_cn | 
					
						
							|  |  |  |  * no code changes, publish v.16_3 as v.17 because it looks better  | 
					
						
							|  |  |  |    than v.16 | 
					
						
							|  |  |  |  * document win32 behavior regarding non-blocking and timeouts | 
					
						
							|  |  |  |  * fix t/nonblock.t with workaround for problems with  | 
					
						
							|  |  |  |    IO::Socket::INET on some systems (Mac,5.6.2) where it cannot do  | 
					
						
							|  |  |  |    nonblocking connect and leaves socket blocked. | 
					
						
							|  |  |  |  * make some tests less verbose by fixing diag in t/testlib.t  | 
					
						
							|  |  |  |    (send output to STDOUT not STDERR and prefix with '#') | 
					
						
							|  |  |  |  * work around Bug in IO::Socket::INET6 on BSD systems | 
					
						
							|  |  |  |    http://rt.cpan.org/Ticket/Display.html?id=39550 | 
					
						
							|  |  |  |    by setting Domain based on PeerAddr | 
					
						
							|  |  |  |  * remove tests of recv/send from t/core.t. Might badly interact | 
					
						
							|  |  |  |    with SSL handshake and cause crashes as seen on OS X 10.4 | 
					
						
							|  |  |  |  * IPv6 is enabled by default if IO::Socket::INET6 is available | 
					
						
							|  |  |  |  * t/inet6.t for basic tests | 
					
						
							|  |  |  | - remove last patch (fixed in upstream)  | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2008-11-18 12:31:26 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Mon Nov 17 16:45:47 CET 2008 - lnussel@suse.de | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - fix typo that prevented wildcards in CN (bnc#445678) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2008-10-06 15:20:01 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Mon Oct  6 15:05:26 CEST 2008 - anicka@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.16  | 
					
						
							|  |  |  |  * change code for SSL_check_crl to use X509_STORE_set_flags | 
					
						
							|  |  |  |    instead of X509_STORE_CTX_set_flags | 
					
						
							|  |  |  |  * change opened() to report -1 if the IO::Handle is open, but the | 
					
						
							|  |  |  |    SSL connection failed, needed with HTTP::Daemon::SSL which will | 
					
						
							|  |  |  |    send an error mssage over the unencrypted socket | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2008-08-18 22:22:02 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							| 
									
										
										
										
											2008-09-12 16:11:10 +00:00
										 |  |  | Wed Sep 10 16:58:20 CEST 2008 - anicka@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.15 | 
					
						
							|  |  |  |  * change internal behavior when SSL handshake failed (like when  | 
					
						
							|  |  |  |    verify callback returned an error) in the hope to fix spurios  | 
					
						
							|  |  |  |    errors in t/auto_verify_hostname.t | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ------------------------------------------------------------------- | 
					
						
							| 
									
										
										
										
											2008-08-18 22:22:02 +00:00
										 |  |  | Mon Aug 18 13:54:40 CEST 2008 - ro@suse.de | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - hack to build also in buildservice where 127.0.0.1 can | 
					
						
							|  |  |  |   resolve to the hostname instead of localhost | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2008-08-03 22:36:19 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Mon Aug  4 00:35:10 CEST 2008 - ro@suse.de | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update require for Net_SSLeay to Net-SSLeay  | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2008-01-28 15:08:44 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							| 
									
										
										
										
											2008-07-25 14:59:59 +00:00
										 |  |  | Fri Jul 25 15:59:47 CEST 2008 - anicka@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.14  | 
					
						
							|  |  |  |  * added support for verification of hostname from certificate | 
					
						
							|  |  |  |    including subjectAltNames, support for IDN etc | 
					
						
							|  |  |  |  * automatic verification of hostnames with SSL_verifycn_scheme and | 
					
						
							|  |  |  |    SSL_verifycn_name | 
					
						
							|  |  |  |  * global setting of default context options like SSL_verifycn_scheme, | 
					
						
							|  |  |  |    SSL_verify_mode with set_ctx_defaults | 
					
						
							|  |  |  |  * fix import of inet4,inet6 which got broken within 1.13_X. | 
					
						
							|  |  |  |  * clarified and enhanced debugging supppport | 
					
						
							|  |  |  |  * put information into README regarding the supported  | 
					
						
							|  |  |  |    and recommanded version of Net::SSLeay | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ------------------------------------------------------------------- | 
					
						
							| 
									
										
										
										
											2008-01-28 15:08:44 +00:00
										 |  |  | Mon Jan 28 15:27:25 CET 2008 - anicka@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.13 | 
					
						
							|  |  |  |  * removed CLONE_SKIP which was added in 1.03 because this breaks | 
					
						
							|  |  |  |    windows forking. Handled threads/windows forking better by  | 
					
						
							|  |  |  |    making sure that CTX from Net::SSLeay gets not freed multiple  | 
					
						
							|  |  |  |    times from different threads after cloning/forking | 
					
						
							|  |  |  |  * removed setting LocalPort to 0 in tests, instead leave it undef | 
					
						
							|  |  |  |    if a random port should be allocated. | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2007-11-02 00:37:21 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Thu Nov  1 15:42:58 CET 2007 - anicka@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.12 | 
					
						
							|  |  |  |   * treat timeouts of 0 for accept_SSL and connect_SSL like  | 
					
						
							|  |  |  |     no timeout, like IO::Socket does. | 
					
						
							|  |  |  |   * fixed errors in accept_SSL which would work when called  | 
					
						
							|  |  |  |     from start_SSL but not from accept | 
					
						
							|  |  |  |   * start_SSL, accept_SSL and connect_SSL have argument for  | 
					
						
							|  |  |  |     Timeout so that the SSL handshake will not block forever. Only  | 
					
						
							|  |  |  |     used if the socket is blocking. If not set the Timeout value  | 
					
						
							|  |  |  |     from the underlying IO::Socket is used | 
					
						
							|  |  |  |    | 
					
						
							| 
									
										
										
										
											2007-10-08 10:27:32 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Mon Oct  8 09:24:08 CEST 2007 - anicka@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.09 | 
					
						
							|  |  |  |   * new method stop_SSL as opposite of start_SSL | 
					
						
							|  |  |  |   * try to make it clearer that thread support is buggy | 
					
						
							|  |  |  |   * make sure that Scalar::Util has support for dualvar | 
					
						
							|  |  |  |     (Makefile.PL,SSL.pm) because the perl*only version has | 
					
						
							|  |  |  |     has no dualvar | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2007-06-11 11:08:20 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Mon Jun 11 09:36:41 CEST 2007 - anicka@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.07 | 
					
						
							|  |  |  |   * fix t/nonblock.t on systems which have by default a larger | 
					
						
							|  |  |  |     socket buffer. Set SO_SNDBUF explicitly with setsockopt | 
					
						
							|  |  |  |     to force smaller writes on the socket | 
					
						
							|  |  |  | - move testing to %check | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2007-05-17 09:52:01 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Tue May 15 16:10:34 CEST 2007 - anicka@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.06 | 
					
						
							|  |  |  |   * instead of setting undef args to '' in configure_SSL drop | 
					
						
							|  |  |  |     them. This makes Net::SMTP::SSL working again because it | 
					
						
							|  |  |  |     does not give LocalPort of '' to IO::Socket::INET any more | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2007-04-23 21:20:40 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Mon Apr 23 13:31:13 CEST 2007 - anicka@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.05 | 
					
						
							|  |  |  |   * make session cache working even if the IO::Socket::SSL object | 
					
						
							|  |  |  |     was not created with IO::Socket::SSL->new but with | 
					
						
							|  |  |  |     IO::Socket::SSL->start_SSL on an established socket | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2007-03-30 14:31:33 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Fri Mar 30 16:02:45 CEST 2007 - anicka@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.04 | 
					
						
							|  |  |  |   * added way to create SSL object with predefined session | 
					
						
							|  |  |  |     cache | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2007-03-07 12:38:30 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Wed Mar  7 10:46:00 CET 2007 - anicka@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.03 | 
					
						
							|  |  |  |   * add CLONE_SKIP | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2007-01-15 23:30:54 +00:00
										 |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Wed Dec 13 12:18:37 CET 2006 - anicka@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.02 | 
					
						
							|  |  |  |   * added some info to BUGS and to BUGS section of pod | 
					
						
							|  |  |  |   * added TELL and BINMODE to IO::Socket::SSL::SSL_HANDLE, even | 
					
						
							|  |  |  |     if they do nothing useful. | 
					
						
							|  |  |  |   * all tests allocate now the ports dynamically, so there should | 
					
						
							|  |  |  |     be no longer a conflict with open ports on the system where | 
					
						
							|  |  |  |     the tests run | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Thu Sep 14 12:24:11 CEST 2006 - anicka@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 1.01 | 
					
						
							|  |  |  |   * add support for Diffie Hellman Key Exchange.  | 
					
						
							|  |  |  |   * accept_SSL sets errors on $socket (the accepted socket) | 
					
						
							|  |  |  |     not $self (the listening socket if called from accept) | 
					
						
							|  |  |  |   * many bugfixes   | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Mon Jul 24 14:54:30 CEST 2006 - anicka@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 0.993 | 
					
						
							|  |  |  |   * added test for sysread/syswrite behavior | 
					
						
							|  |  |  |   * fix Makefile.PL to allow detectection of failures in PREREQ_PM | 
					
						
							|  |  |  |   * fix problems with HTTP::Daemon::SSL | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Tue Jul 18 17:07:11 CEST 2006 - anicka@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 0.99 | 
					
						
							|  |  |  |     * Maintainer changed to <Steffen_Ullrich at genua dot de> | 
					
						
							|  |  |  |     * Better support for nonblocking sockets | 
					
						
							|  |  |  |     * Bugfixes  | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Wed Jan 25 21:39:46 CET 2006 - mls@suse.de | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - converted neededforbuild to BuildRequires | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Mon Aug  1 12:46:17 CEST 2005 - mjancar@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 0.97 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Wed Sep 29 18:54:55 CEST 2004 - mls@suse.de | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - use X509_STORE_set_flags instead of X509_STORE_CTX_set_flags | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Thu Aug 19 13:10:44 CEST 2004 - mjancar@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 0.96 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Thu Feb 26 16:06:13 CET 2004 - mjancar@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to 0.95 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Sun Jan 11 11:30:00 CET 2004 - adrian@suse.de | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - build as user | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Fri Aug 22 14:58:22 CEST 2003 - mjancar@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - require the perl version we build with | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Thu Jul 24 13:21:17 CEST 2003 - mjancar@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update 0.94 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Thu Jul 17 16:44:45 CEST 2003 - mjancar@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - adapt to perl-5.8.1 | 
					
						
							|  |  |  | - use %perl_process_packlist | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Mon Jun 16 20:27:20 CEST 2003 - mjancar@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - run make test | 
					
						
							|  |  |  | - fix filelist | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Tue May 20 12:40:04 CEST 2003 - mjancar@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - remove unpackaged files | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Fri Dec 20 14:51:46 CET 2002 - prehak@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - updated to 0.92 | 
					
						
							|  |  |  | - added example directory | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Wed Dec 18 18:18:55 CET 2002 - prehak@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - updated to version 0.901 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Thu Jul 11 11:01:40 CEST 2002 - prehak@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - updated to version 0.81 | 
					
						
							|  |  |  | - added demo, util and more to documetation | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Tue Jul  2 17:40:06 MEST 2002 - mls@suse.de | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - remove race in .packlist generation | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Mon Jan 14 19:10:00 CET 2002 - rvasice@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to version 0.80 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Fri Aug 24 14:19:33 CEST 2001 - rvasice@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - removed make test - need network | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Tue Aug 14 15:54:06 CEST 2001 - rvasice@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to version 0.79 | 
					
						
							|  |  |  | - add make test | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Tue Mar 13 15:38:31 CET 2001 - cihlar@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - update to version 0.77 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Fri Nov 10 11:34:51 CET 2000 - cihlar@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - renamed p_iossl -> perl-IO-Socket-SSL | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ------------------------------------------------------------------- | 
					
						
							|  |  |  | Wed Aug 23 10:47:31 CEST 2000 - cihlar@suse.cz | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | - package created | 
					
						
							|  |  |  | 
 |