pool/perl-IO-Socket-SSL
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- update to 1.88

Browse Source 
+ consider a value of '' the same as undef for SSL_ca_(path|file)
  + complain if given SSL_(key|cert|ca)_(file|path) do not exist or
    if they are not readable
  + disabled client side SNI for openssl version < 1.0.0 
  + added functions can_client_sni, can_server_sni, can_npn to check 
    avaibility of SNI and NPN features. Added more documentation for 
    SNI and NPN
  + Server Name Indication (SNI) support on the server side 
  + sub error sets $SSL_ERROR etc only if there really is an error,
    otherwise it will keep the latest error. This causes
    IO::Socket::SSL->new.. to report the correct problem, even if
    the problem is deeper in the code (like in connect)
  + deprecated set_ctx_defaults, new name ist set_defaults
  + changed handling of default path for SSL_(ca|cert|key)* keys: either
    if one of these keys is user defined don't add defaults for the
    others, e.g.  don't mix user settings and defaults
  + cleaner handling of module defaults vs. global settings vs. socket
    specific settings 
  + prepare transition to a more secure default for SSL_verify_mode.
  The use of the current default SSL_VERIFY_NONE will cause a big warning
  for clients, unless SSL_verify_mode was explicitly set inside the
  application to this insecure value.
  In the near future the default will be SSL_VERIFY_PEER, and thus
  causing verification failures in unchanged applications.
  + use getnameinfo instead of unpack_sockaddr_in6 to get PeerAddr and
    PeerPort from sockaddr in _update_peer, because this provides scope
  + work around systems which don't defined AF_INET6
  + update_peer for IPv6 also
  + no longer depend on Socket.pm 1.95 for inet_pton, but use

OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-IO-Socket-SSL?expand=0&rev=58
This commit is contained in:
Lars Vogdt 2013-05-11 23:06:34 +00:00 committed by Git OBS Bridge
parent 4b7cbd55fe
commit 873afd6d3f
4 changed files with 71 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
IO-Socket-SSL-1.55.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d32a4dc3a3ac7110e60f0e8aab818816af43bddd34ae8b8d55c820107d74e688
size 71831

3
IO-Socket-SSL-1.88.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:25924349929e1d5bd75ff74751592ed76223214158b50143338bc17136daf0ba
size 80942

59
perl-IO-Socket-SSL.changes
View File

@ -1,3 +1,62 @@
-------------------------------------------------------------------
Sat May 11 22:51:07 UTC 2013 - lars@linux-schulserver.de
- update to 1.88
+ consider a value of '' the same as undef for SSL_ca_(path|file)
+ complain if given SSL_(key|cert|ca)_(file|path) do not exist or
if they are not readable
+ disabled client side SNI for openssl version < 1.0.0
+ added functions can_client_sni, can_server_sni, can_npn to check
avaibility of SNI and NPN features. Added more documentation for
SNI and NPN
+ Server Name Indication (SNI) support on the server side
+ sub error sets $SSL_ERROR etc only if there really is an error,
otherwise it will keep the latest error. This causes
IO::Socket::SSL->new.. to report the correct problem, even if
the problem is deeper in the code (like in connect)
+ deprecated set_ctx_defaults, new name ist set_defaults
+ changed handling of default path for SSL_(ca|cert|key)* keys: either
if one of these keys is user defined don't add defaults for the
others, e.g. don't mix user settings and defaults
+ cleaner handling of module defaults vs. global settings vs. socket
specific settings
+ prepare transition to a more secure default for SSL_verify_mode.
The use of the current default SSL_VERIFY_NONE will cause a big warning
for clients, unless SSL_verify_mode was explicitly set inside the
application to this insecure value.
In the near future the default will be SSL_VERIFY_PEER, and thus
causing verification failures in unchanged applications.
+ use getnameinfo instead of unpack_sockaddr_in6 to get PeerAddr and
PeerPort from sockaddr in _update_peer, because this provides scope
+ work around systems which don't defined AF_INET6
+ update_peer for IPv6 also
+ no longer depend on Socket.pm 1.95 for inet_pton, but use
Socket6.pm if no current Socket.pm is available
+ made it possible to explicitly disable TLSv11 and TLSv12 in
SSL_version
+ fixed documentation errors
+ add support to IO::Socket::IP which support inet6 and inet4
+ make it possible to disable protols using SSL_version, make
SSL_version default to 'SSLv23:!SSLv2'
+ remove SSLv2 from default cipher list
+ if no explicit cipher list is given it will now default to ALL:!LOW
instead of the openssl default, which usually includes weak ciphers
+ new config key SSL_honor_cipher_order and documented how to use it
+ make it thread safer
+ added NPN (Next Protocol Negotiation) support
+ call CTX_set_session_id_context so that servers session caching
works with client certificates too
+ don't make blocking readline if socket was set nonblocking, but
return as soon no more data are available
+ if SSLv2 is not supported by Net::SSLeay set SSL_ERROR with useful
message when attempting to use it
+ add automatic or explicit (via SSL_hostname) SNI support, needed
for multiple SSL hostnames with same IP. Currently only supported
for the client
- enable tests
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Feb 22 02:35:27 UTC 2012 - vcizek@suse.com Wed Feb 22 02:35:27 UTC 2012 - vcizek@suse.com

14
perl-IO-Socket-SSL.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package perl-IO-Socket-SSL # spec file for package perl-IO-Socket-SSL
# #
# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -16,22 +16,21 @@
# #
Name: perl-IO-Socket-SSL Name: perl-IO-Socket-SSL
Version: 1.55 Version: 1.88
Release: 0 Release: 0
License: Artistic-1.0 or GPL-1.0+
%define cpan_name IO-Socket-SSL %define cpan_name IO-Socket-SSL
Summary: Nearly transparent SSL encapsulation for IO::Socket::INET Summary: Nearly transparent SSL encapsulation for IO::Socket::INET
Url: http://search.cpan.org/dist/IO-Socket-SSL/ License: Artistic-1.0 or GPL-1.0+
Group: Development/Libraries/Perl Group: Development/Libraries/Perl
Url: http://search.cpan.org/dist/IO-Socket-SSL/
Source: http://www.cpan.org/authors/id/S/SU/SULLR/%{cpan_name}-%{version}.tar.gz Source: http://www.cpan.org/authors/id/S/SU/SULLR/%{cpan_name}-%{version}.tar.gz
BuildRequires: perl BuildRequires: perl
# MANUAL BEGIN # MANUAL BEGIN
BuildRequires: perl-macros
BuildRequires: perl(IO::Socket::INET6) BuildRequires: perl(IO::Socket::INET6)
BuildRequires: perl(Net::LibIDN) BuildRequires: perl(Net::LibIDN)
BuildRequires: perl(Net::SSLeay) >= 1.21 BuildRequires: perl(Net::SSLeay) >= 1.21
BuildRequires: perl-macros
Requires: perl(Net::SSLeay) >= 1.21 Requires: perl(Net::SSLeay) >= 1.21
Recommends: perl(IO::Socket::INET6) Recommends: perl(IO::Socket::INET6)
Recommends: perl(Net::LibIDN) Recommends: perl(Net::LibIDN)
@ -72,6 +71,9 @@ make %{?_smp_mflags}
%perl_process_packlist %perl_process_packlist
%perl_gen_filelist %perl_gen_filelist
%check
make test
%clean %clean
rm -rf %{buildroot} rm -rf %{buildroot}