- update to 1.88

+ consider a value of '' the same as undef for SSL_ca_(path|file) + complain if given SSL_(key|cert|ca)_(file|path) do not exist or if they are not readable + disabled client side SNI for openssl version < 1.0.0 + added functions can_client_sni, can_server_sni, can_npn to check avaibility of SNI and NPN features. Added more documentation for SNI and NPN + Server Name Indication (SNI) support on the server side + sub error sets $SSL_ERROR etc only if there really is an error, otherwise it will keep the latest error. This causes IO::Socket::SSL->new.. to report the correct problem, even if the problem is deeper in the code (like in connect) + deprecated set_ctx_defaults, new name ist set_defaults + changed handling of default path for SSL_(ca|cert|key)* keys: either if one of these keys is user defined don't add defaults for the others, e.g. don't mix user settings and defaults + cleaner handling of module defaults vs. global settings vs. socket specific settings + prepare transition to a more secure default for SSL_verify_mode. The use of the current default SSL_VERIFY_NONE will cause a big warning for clients, unless SSL_verify_mode was explicitly set inside the application to this insecure value. In the near future the default will be SSL_VERIFY_PEER, and thus causing verification failures in unchanged applications. + use getnameinfo instead of unpack_sockaddr_in6 to get PeerAddr and PeerPort from sockaddr in _update_peer, because this provides scope + work around systems which don't defined AF_INET6 + update_peer for IPv6 also + no longer depend on Socket.pm 1.95 for inet_pton, but use OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-IO-Socket-SSL?expand=0&rev=58
2013-05-11 23:06:34 +00:00 · 2013-05-11 23:06:34 +00:00 · 873afd6d3f
commit 873afd6d3f
parent 4b7cbd55fe
4 changed files with 71 additions and 10 deletions
--- a/IO-Socket-SSL-1.55.tar.gz
+++ b/IO-Socket-SSL-1.55.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d32a4dc3a3ac7110e60f0e8aab818816af43bddd34ae8b8d55c820107d74e688
-size 71831
--- a/IO-Socket-SSL-1.88.tar.gz
+++ b/IO-Socket-SSL-1.88.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:25924349929e1d5bd75ff74751592ed76223214158b50143338bc17136daf0ba
+size 80942
--- a/perl-IO-Socket-SSL.changes
+++ b/perl-IO-Socket-SSL.changes
@ -1,3 +1,62 @@
+-------------------------------------------------------------------
+Sat May 11 22:51:07 UTC 2013 - lars@linux-schulserver.de
+
+- update to 1.88
+  + consider a value of '' the same as undef for SSL_ca_(path|file)
+  + complain if given SSL_(key|cert|ca)_(file|path) do not exist or
+    if they are not readable
+  + disabled client side SNI for openssl version < 1.0.0 
+  + added functions can_client_sni, can_server_sni, can_npn to check 
+    avaibility of SNI and NPN features. Added more documentation for 
+    SNI and NPN
+  + Server Name Indication (SNI) support on the server side 
+  + sub error sets $SSL_ERROR etc only if there really is an error,
+    otherwise it will keep the latest error. This causes
+    IO::Socket::SSL->new.. to report the correct problem, even if
+    the problem is deeper in the code (like in connect)
+  + deprecated set_ctx_defaults, new name ist set_defaults
+  + changed handling of default path for SSL_(ca|cert|key)* keys: either
+    if one of these keys is user defined don't add defaults for the
+    others, e.g.  don't mix user settings and defaults
+  + cleaner handling of module defaults vs. global settings vs. socket
+    specific settings 
+
+  + prepare transition to a more secure default for SSL_verify_mode.
+  The use of the current default SSL_VERIFY_NONE will cause a big warning
+  for clients, unless SSL_verify_mode was explicitly set inside the
+  application to this insecure value.
+  In the near future the default will be SSL_VERIFY_PEER, and thus
+  causing verification failures in unchanged applications.
+
+  + use getnameinfo instead of unpack_sockaddr_in6 to get PeerAddr and
+    PeerPort from sockaddr in _update_peer, because this provides scope
+  + work around systems which don't defined AF_INET6
+  + update_peer for IPv6 also
+  + no longer depend on Socket.pm 1.95 for inet_pton, but use 
+    Socket6.pm if no current Socket.pm is available
+  + made it possible to explicitly disable TLSv11 and TLSv12 in 
+    SSL_version
+  + fixed documentation errors
+  + add support to IO::Socket::IP which support inet6 and inet4 
+  + make it possible to disable protols using SSL_version, make 
+    SSL_version default to 'SSLv23:!SSLv2'
+  + remove SSLv2 from default cipher list 
+  + if no explicit cipher list is given it will now default to ALL:!LOW 
+    instead of the openssl default, which usually includes weak ciphers
+  + new config key SSL_honor_cipher_order and documented how to use it
+  + make it thread safer
+  + added NPN (Next Protocol Negotiation) support 
+  + call CTX_set_session_id_context so that servers session caching 
+    works with client certificates too
+  + don't make blocking readline if socket was set nonblocking, but 
+    return as soon no more data are available
+  + if SSLv2 is not supported by Net::SSLeay set SSL_ERROR with useful
+    message when attempting to use it 
+  + add automatic or explicit (via SSL_hostname) SNI support, needed
+    for multiple SSL hostnames with same IP. Currently only supported
+    for the client
+- enable tests
+
 -------------------------------------------------------------------
 Wed Feb 22 02:35:27 UTC 2012 - vcizek@suse.com

--- a/perl-IO-Socket-SSL.spec
+++ b/perl-IO-Socket-SSL.spec
@ -1,7 +1,7 @@
 #
 # spec file for package perl-IO-Socket-SSL
 #
-# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -16,22 +16,21 @@
 #


-
 Name:           perl-IO-Socket-SSL
-Version:        1.55
+Version:        1.88
 Release:        0
-License:        Artistic-1.0 or GPL-1.0+
-%define cpan_name IO-Socket-SSL
+%define         cpan_name IO-Socket-SSL
 Summary:        Nearly transparent SSL encapsulation for IO::Socket::INET
-Url:            http://search.cpan.org/dist/IO-Socket-SSL/
+License:        Artistic-1.0 or GPL-1.0+
 Group:          Development/Libraries/Perl
+Url:            http://search.cpan.org/dist/IO-Socket-SSL/
 Source:         http://www.cpan.org/authors/id/S/SU/SULLR/%{cpan_name}-%{version}.tar.gz
 BuildRequires:  perl
 # MANUAL BEGIN
+BuildRequires:  perl-macros
 BuildRequires:  perl(IO::Socket::INET6)
 BuildRequires:  perl(Net::LibIDN)
 BuildRequires:  perl(Net::SSLeay) >= 1.21
-BuildRequires:  perl-macros
 Requires:       perl(Net::SSLeay) >= 1.21
 Recommends:     perl(IO::Socket::INET6)
 Recommends:     perl(Net::LibIDN)
@ -72,6 +71,9 @@ make %{?_smp_mflags}
 %perl_process_packlist
 %perl_gen_filelist

+%check
+make test
+
 %clean
 rm -rf %{buildroot}