Accepting request 182138 from home:lnussel:branches:devel:languages:perl

- new version 0.951
  * better document builtin defaults for key,cert,CA and how they are depreceated
  * use Net::SSLeay::SSL_CTX_set_default_verify_paths to use
    openssl's builtin defaults for CA unless CA path/file was given
  * MAJOR BEHAVIOR CHANGE:
    ssl_verify_mode now defaults to verify_peer for client. Until
    now it used verify_none, but loudly complained since 1.79 about
    it. It will not complain any longer, but the connection might
    probably fail. Please don't simply disable ssl verification, but
    instead set SSL_ca_file etc so that verification succeeds!
  * MAJOR BEHAVIOR CHANGE:
    it will now complain if the builtin defaults of certs/my-ca.pem
    or ca/ for CA and certs/{server,client}-{key,cert}.pem for cert
    and key are used, e.g. no certificates are specified explicitly.
    In the future these insecure (relative path!) defaults will be
    removed and the CA replaced with the system defaults.
  * Makefile.PL reported wrong version of openssl, if Net::SSLeay was not
    installed instead of reporting missing dependency to Net::SSLeay.
  * need at least OpenSSL version 0.9.8 now, since last 0.9.7 was released 6
    years ago. Remove code to work around older releases.
  * changed AUTHOR in Makefile.PL from array back to string, because the
    array feature is not available in MakeMaker shipped with 5.8.9 (RT#85739)
  * Intercept: use sha1-fingerprint of original cert for id into cache unless 
    otherwise given
  * Fix pod error in IO::Socket::SSL::Utils RT#85733
  * added IO::Socket::SSL::Utils for easier manipulation of certificates and keys
  * moved SSL interception into IO::Socket::SSL::Intercept and simplified it 
    using IO::Socket::SSL::Utils
  * enhance meta information in Makefile.PL
  * RT#85290, support more digest, especially SHA-2.

OBS-URL: https://build.opensuse.org/request/show/182138
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-IO-Socket-SSL?expand=0&rev=59

IO-Socket-SSL-1.88.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:25924349929e1d5bd75ff74751592ed76223214158b50143338bc17136daf0ba
-size 80942

IO-Socket-SSL-1.951.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3ebd457936ff6625ce93929b7f8f27368cfa600e185136fe582eae323521fd6f
+size 90040

perl-IO-Socket-SSL.changes

@@ -1,3 +1,45 @@
+-------------------------------------------------------------------
+Wed Jul  3 08:20:14 UTC 2013 - lnussel@suse.de
+
+- new version 0.951
+  * better document builtin defaults for key,cert,CA and how they are depreceated
+  * use Net::SSLeay::SSL_CTX_set_default_verify_paths to use
+    openssl's builtin defaults for CA unless CA path/file was given
+  * MAJOR BEHAVIOR CHANGE:
+    ssl_verify_mode now defaults to verify_peer for client. Until
+    now it used verify_none, but loudly complained since 1.79 about
+    it. It will not complain any longer, but the connection might
+    probably fail. Please don't simply disable ssl verification, but
+    instead set SSL_ca_file etc so that verification succeeds!
+  * MAJOR BEHAVIOR CHANGE:
+    it will now complain if the builtin defaults of certs/my-ca.pem
+    or ca/ for CA and certs/{server,client}-{key,cert}.pem for cert
+    and key are used, e.g. no certificates are specified explicitly.
+    In the future these insecure (relative path!) defaults will be
+    removed and the CA replaced with the system defaults.
+  * Makefile.PL reported wrong version of openssl, if Net::SSLeay was not
+    installed instead of reporting missing dependency to Net::SSLeay.
+  * need at least OpenSSL version 0.9.8 now, since last 0.9.7 was released 6
+    years ago. Remove code to work around older releases.
+  * changed AUTHOR in Makefile.PL from array back to string, because the
+    array feature is not available in MakeMaker shipped with 5.8.9 (RT#85739)
+  * Intercept: use sha1-fingerprint of original cert for id into cache unless 
+    otherwise given
+  * Fix pod error in IO::Socket::SSL::Utils RT#85733
+  * added IO::Socket::SSL::Utils for easier manipulation of certificates and keys
+  * moved SSL interception into IO::Socket::SSL::Intercept and simplified it 
+    using IO::Socket::SSL::Utils
+  * enhance meta information in Makefile.PL
+  * RT#85290, support more digest, especially SHA-2.
+    Thanks to ujvari[AT]microsec[DOT]hu
+  * added support for easy SSL interception (man in the middle) based
+    on ideas found in mojo*mitm proxy (which was written by Karel Miko)
+  * make 1.46 the minimal required version for Net::SSLeay, because it 
+    introduced lots of useful functions.
+  * if IO::Socket::IP is used it should be at least version 0.20, o
+  * Spelling corrections, thanks to dsteinbrunner
+- remove the dependency on IO::Socket::INET6 as it breaks the test suite
+
 -------------------------------------------------------------------
 Sat May 11 22:51:07 UTC 2013 - lars@linux-schulserver.de
 

perl-IO-Socket-SSL.spec

@@ -17,22 +17,24 @@
 
 
 Name:           perl-IO-Socket-SSL
-Version:        1.88
+Version:        1.951
 Release:        0
 %define         cpan_name IO-Socket-SSL
 Summary:        Nearly transparent SSL encapsulation for IO::Socket::INET
 License:        Artistic-1.0 or GPL-1.0+
 Group:          Development/Libraries/Perl
 Url:            http://search.cpan.org/dist/IO-Socket-SSL/
-Source:         http://www.cpan.org/authors/id/S/SU/SULLR/%{cpan_name}-%{version}.tar.gz
+Source:         http://www.cpan.org/modules/by-module/IO/%{cpan_name}-%{version}.tar.gz
 BuildRequires:  perl
 # MANUAL BEGIN
 BuildRequires:  perl-macros
-BuildRequires:  perl(IO::Socket::INET6)
+# the testsuite does not work with INET6 yet. If INET6 is enabled,
+# at least netcfg has to be installed as well.
+#BuildRequires:  perl(IO::Socket::INET6)
 BuildRequires:  perl(Net::LibIDN)
-BuildRequires:  perl(Net::SSLeay) >= 1.21
-Requires:       perl(Net::SSLeay) >= 1.21
-Recommends:     perl(IO::Socket::INET6)
+BuildRequires:  perl(Net::SSLeay) >= 1.46
+Requires:       perl(Net::SSLeay) >= 1.46
+#Recommends:     perl(IO::Socket::INET6)
 Recommends:     perl(Net::LibIDN)
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildArch:      noarch