2007-01-16 00:30:54 +01:00
|
|
|
#
|
2011-05-17 10:25:26 +02:00
|
|
|
# spec file for package perl-IO-Socket-SSL
|
2007-01-16 00:30:54 +01:00
|
|
|
#
|
2015-04-15 06:42:00 +02:00
|
|
|
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
|
2007-01-16 00:30:54 +01:00
|
|
|
#
|
2008-08-19 00:22:02 +02:00
|
|
|
# All modifications and additions to the file contributed by third parties
|
|
|
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
|
|
|
# upon. The license for this file, and modifications and additions to the
|
|
|
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
|
|
|
# license for the pristine package is not an Open Source License, in which
|
|
|
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
|
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
|
|
|
# published by the Open Source Initiative.
|
|
|
|
|
|
2007-01-16 00:30:54 +01:00
|
|
|
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
|
|
|
|
#
|
|
|
|
|
|
2011-05-17 10:25:26 +02:00
|
|
|
|
2007-01-16 00:30:54 +01:00
|
|
|
Name: perl-IO-Socket-SSL
|
2015-04-15 06:42:00 +02:00
|
|
|
Version: 2.012
|
2011-12-08 12:15:34 +01:00
|
|
|
Release: 0
|
2013-11-26 09:14:16 +01:00
|
|
|
%define cpan_name IO-Socket-SSL
|
2015-04-15 06:42:00 +02:00
|
|
|
Summary: Nearly transparent SSL encapsulation for IO::Socket::INET
|
- update to 1.88
+ consider a value of '' the same as undef for SSL_ca_(path|file)
+ complain if given SSL_(key|cert|ca)_(file|path) do not exist or
if they are not readable
+ disabled client side SNI for openssl version < 1.0.0
+ added functions can_client_sni, can_server_sni, can_npn to check
avaibility of SNI and NPN features. Added more documentation for
SNI and NPN
+ Server Name Indication (SNI) support on the server side
+ sub error sets $SSL_ERROR etc only if there really is an error,
otherwise it will keep the latest error. This causes
IO::Socket::SSL->new.. to report the correct problem, even if
the problem is deeper in the code (like in connect)
+ deprecated set_ctx_defaults, new name ist set_defaults
+ changed handling of default path for SSL_(ca|cert|key)* keys: either
if one of these keys is user defined don't add defaults for the
others, e.g. don't mix user settings and defaults
+ cleaner handling of module defaults vs. global settings vs. socket
specific settings
+ prepare transition to a more secure default for SSL_verify_mode.
The use of the current default SSL_VERIFY_NONE will cause a big warning
for clients, unless SSL_verify_mode was explicitly set inside the
application to this insecure value.
In the near future the default will be SSL_VERIFY_PEER, and thus
causing verification failures in unchanged applications.
+ use getnameinfo instead of unpack_sockaddr_in6 to get PeerAddr and
PeerPort from sockaddr in _update_peer, because this provides scope
+ work around systems which don't defined AF_INET6
+ update_peer for IPv6 also
+ no longer depend on Socket.pm 1.95 for inet_pton, but use
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-IO-Socket-SSL?expand=0&rev=58
2013-05-12 01:06:34 +02:00
|
|
|
License: Artistic-1.0 or GPL-1.0+
|
2012-02-22 09:29:05 +01:00
|
|
|
Group: Development/Libraries/Perl
|
- update to 1.88
+ consider a value of '' the same as undef for SSL_ca_(path|file)
+ complain if given SSL_(key|cert|ca)_(file|path) do not exist or
if they are not readable
+ disabled client side SNI for openssl version < 1.0.0
+ added functions can_client_sni, can_server_sni, can_npn to check
avaibility of SNI and NPN features. Added more documentation for
SNI and NPN
+ Server Name Indication (SNI) support on the server side
+ sub error sets $SSL_ERROR etc only if there really is an error,
otherwise it will keep the latest error. This causes
IO::Socket::SSL->new.. to report the correct problem, even if
the problem is deeper in the code (like in connect)
+ deprecated set_ctx_defaults, new name ist set_defaults
+ changed handling of default path for SSL_(ca|cert|key)* keys: either
if one of these keys is user defined don't add defaults for the
others, e.g. don't mix user settings and defaults
+ cleaner handling of module defaults vs. global settings vs. socket
specific settings
+ prepare transition to a more secure default for SSL_verify_mode.
The use of the current default SSL_VERIFY_NONE will cause a big warning
for clients, unless SSL_verify_mode was explicitly set inside the
application to this insecure value.
In the near future the default will be SSL_VERIFY_PEER, and thus
causing verification failures in unchanged applications.
+ use getnameinfo instead of unpack_sockaddr_in6 to get PeerAddr and
PeerPort from sockaddr in _update_peer, because this provides scope
+ work around systems which don't defined AF_INET6
+ update_peer for IPv6 also
+ no longer depend on Socket.pm 1.95 for inet_pton, but use
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-IO-Socket-SSL?expand=0&rev=58
2013-05-12 01:06:34 +02:00
|
|
|
Url: http://search.cpan.org/dist/IO-Socket-SSL/
|
2013-11-26 09:14:16 +01:00
|
|
|
Source: http://www.cpan.org/authors/id/S/SU/SULLR/%{cpan_name}-%{version}.tar.gz
|
|
|
|
|
BuildArch: noarch
|
|
|
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
2010-11-24 22:06:13 +01:00
|
|
|
BuildRequires: perl
|
- update to 1.88
+ consider a value of '' the same as undef for SSL_ca_(path|file)
+ complain if given SSL_(key|cert|ca)_(file|path) do not exist or
if they are not readable
+ disabled client side SNI for openssl version < 1.0.0
+ added functions can_client_sni, can_server_sni, can_npn to check
avaibility of SNI and NPN features. Added more documentation for
SNI and NPN
+ Server Name Indication (SNI) support on the server side
+ sub error sets $SSL_ERROR etc only if there really is an error,
otherwise it will keep the latest error. This causes
IO::Socket::SSL->new.. to report the correct problem, even if
the problem is deeper in the code (like in connect)
+ deprecated set_ctx_defaults, new name ist set_defaults
+ changed handling of default path for SSL_(ca|cert|key)* keys: either
if one of these keys is user defined don't add defaults for the
others, e.g. don't mix user settings and defaults
+ cleaner handling of module defaults vs. global settings vs. socket
specific settings
+ prepare transition to a more secure default for SSL_verify_mode.
The use of the current default SSL_VERIFY_NONE will cause a big warning
for clients, unless SSL_verify_mode was explicitly set inside the
application to this insecure value.
In the near future the default will be SSL_VERIFY_PEER, and thus
causing verification failures in unchanged applications.
+ use getnameinfo instead of unpack_sockaddr_in6 to get PeerAddr and
PeerPort from sockaddr in _update_peer, because this provides scope
+ work around systems which don't defined AF_INET6
+ update_peer for IPv6 also
+ no longer depend on Socket.pm 1.95 for inet_pton, but use
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-IO-Socket-SSL?expand=0&rev=58
2013-05-12 01:06:34 +02:00
|
|
|
BuildRequires: perl-macros
|
Accepting request 182138 from home:lnussel:branches:devel:languages:perl
- new version 0.951
* better document builtin defaults for key,cert,CA and how they are depreceated
* use Net::SSLeay::SSL_CTX_set_default_verify_paths to use
openssl's builtin defaults for CA unless CA path/file was given
* MAJOR BEHAVIOR CHANGE:
ssl_verify_mode now defaults to verify_peer for client. Until
now it used verify_none, but loudly complained since 1.79 about
it. It will not complain any longer, but the connection might
probably fail. Please don't simply disable ssl verification, but
instead set SSL_ca_file etc so that verification succeeds!
* MAJOR BEHAVIOR CHANGE:
it will now complain if the builtin defaults of certs/my-ca.pem
or ca/ for CA and certs/{server,client}-{key,cert}.pem for cert
and key are used, e.g. no certificates are specified explicitly.
In the future these insecure (relative path!) defaults will be
removed and the CA replaced with the system defaults.
* Makefile.PL reported wrong version of openssl, if Net::SSLeay was not
installed instead of reporting missing dependency to Net::SSLeay.
* need at least OpenSSL version 0.9.8 now, since last 0.9.7 was released 6
years ago. Remove code to work around older releases.
* changed AUTHOR in Makefile.PL from array back to string, because the
array feature is not available in MakeMaker shipped with 5.8.9 (RT#85739)
* Intercept: use sha1-fingerprint of original cert for id into cache unless
otherwise given
* Fix pod error in IO::Socket::SSL::Utils RT#85733
* added IO::Socket::SSL::Utils for easier manipulation of certificates and keys
* moved SSL interception into IO::Socket::SSL::Intercept and simplified it
using IO::Socket::SSL::Utils
* enhance meta information in Makefile.PL
* RT#85290, support more digest, especially SHA-2.
OBS-URL: https://build.opensuse.org/request/show/182138
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-IO-Socket-SSL?expand=0&rev=59
2013-07-25 11:25:21 +02:00
|
|
|
BuildRequires: perl(Net::SSLeay) >= 1.46
|
|
|
|
|
Requires: perl(Net::SSLeay) >= 1.46
|
2011-05-04 13:11:22 +02:00
|
|
|
%{perl_requires}
|
2007-01-16 00:30:54 +01:00
|
|
|
|
|
|
|
|
%description
|
2014-07-25 11:50:24 +02:00
|
|
|
IO::Socket::SSL makes using SSL/TLS much easier by wrapping the necessary
|
|
|
|
|
functionality into the familiar the IO::Socket manpage interface and
|
|
|
|
|
providing secure defaults whenever possible. This way existing applications
|
|
|
|
|
can be made SSL-aware without much effort, at least if you do blocking I/O
|
|
|
|
|
and don't use select or poll.
|
|
|
|
|
|
|
|
|
|
But, under the hood SSL is a complex beast. So there are lots of methods to
|
|
|
|
|
make it do what you need if the default behavior is not adequate. Because
|
|
|
|
|
it is easy to inadvertently introduce critical security bugs or just
|
|
|
|
|
getting hard to debug problems, I would recommend to study the following
|
|
|
|
|
documentation carefully.
|
|
|
|
|
|
|
|
|
|
The documentation consists of the following parts:
|
|
|
|
|
|
|
|
|
|
* * the /"Essential Information About SSL/TLS" manpage
|
|
|
|
|
|
|
|
|
|
* * the /"Basic SSL Client" manpage
|
|
|
|
|
|
|
|
|
|
* * the /"Basic SSL Server" manpage
|
|
|
|
|
|
|
|
|
|
* * the /"Common Usage Errors" manpage
|
|
|
|
|
|
|
|
|
|
* * the /"Common Problems with SSL" manpage
|
|
|
|
|
|
|
|
|
|
* * the /"Using Non-Blocking Sockets" manpage
|
|
|
|
|
|
|
|
|
|
* * the /"Advanced Usage" manpage
|
|
|
|
|
|
|
|
|
|
* * the /"Integration Into Own Modules" manpage
|
|
|
|
|
|
|
|
|
|
* * the /"Description Of Methods" manpage
|
|
|
|
|
|
|
|
|
|
Additional documentation can be found in
|
|
|
|
|
|
|
|
|
|
* * the IO::Socket::SSL::Intercept manpage - Doing Man-In-The-Middle with
|
|
|
|
|
SSL
|
|
|
|
|
|
|
|
|
|
* * the IO::Socket::SSL::Utils manpage - Useful functions for certificates
|
|
|
|
|
etc
|
2007-01-16 00:30:54 +01:00
|
|
|
|
|
|
|
|
%prep
|
2010-11-24 22:06:13 +01:00
|
|
|
%setup -q -n %{cpan_name}-%{version}
|
2007-01-16 00:30:54 +01:00
|
|
|
|
|
|
|
|
%build
|
2013-11-26 09:14:16 +01:00
|
|
|
%{__perl} Makefile.PL INSTALLDIRS=vendor
|
|
|
|
|
%{__make} %{?_smp_mflags}
|
|
|
|
|
|
|
|
|
|
%check
|
|
|
|
|
%{__make} test
|
2007-06-11 13:08:20 +02:00
|
|
|
|
2007-01-16 00:30:54 +01:00
|
|
|
%install
|
|
|
|
|
%perl_make_install
|
|
|
|
|
%perl_process_packlist
|
2010-11-24 22:06:13 +01:00
|
|
|
%perl_gen_filelist
|
2007-01-16 00:30:54 +01:00
|
|
|
|
2010-11-24 22:06:13 +01:00
|
|
|
%files -f %{name}.files
|
2011-05-04 13:11:22 +02:00
|
|
|
%defattr(-,root,root,755)
|
2015-04-15 06:42:00 +02:00
|
|
|
%doc BUGS Changes example README README.Win32
|
2008-01-28 16:08:44 +01:00
|
|
|
|
2007-03-07 13:38:30 +01:00
|
|
|
%changelog
|
