- updated to 1.967

- verify the hostname inside a certificate by default with a superset of
   common verification schemes instead of not verifying identity at all.
   For now it will only complain if name verification failed, in the future
   it will fail certificate verification, forcing you to set the expected
   SSL_verifycn_name if you want to accept the certificate.
 - new option SSL_fingerprint and new methods get_fingerprint and
   get_fingerprint_bin. Together they can be used to selectively accept
   specific certificates which would otherwise fail verification, like
   self-signed, outdated or from unknown CAs.
   This makes another reason to disable verification obsolete.
 - Utils:
   - default RSA key length 2048
   - digest algorithm to sign certificate in CERT_create can be given,
     defaults to SHA-256
   - CERT_create can now issue non-CA selfsigned certificate
   - CERT_create add some more useful constraints to certificate
 - spelling fixes, thanks to ville[dot]skytta[at]iki[dot]fi
 1.966 2014/01/21
 - fixed bug introduced in 1.964 - disabling TLSv1_2 worked no longer with
   specifying !TLSv12, only !TLSv1_2 worked
 - fixed leak of session objects in SessionCache, if another session 
   replaced an existing session (introduced in 1.965)
 1.965 2014/01/16
 - new key SSL_session_key to influence how sessions are inserted and looked
   up in the clients session cache. This makes it possible to share sessions
   over different ip:host (like required with some FTPS servers)
 - t/core.t - handle case, were default loopback source is not 127.0.0.1, like
   in FreeBSD jails
 1.964 2014/01/15

OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-IO-Socket-SSL?expand=0&rev=69

IO-Socket-SSL-1.962.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a5776b471e8be1d0614c42a52d0e6838e41e5db86a2b795d507b7a422f4ccb3f
-size 93076

IO-Socket-SSL-1.967.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d9ee42bf667ac92732e8c35d3930757fad6b8996d24a5e5b8eeb6250ba411299
+size 97036

perl-IO-Socket-SSL.changes

@@ -1,3 +1,40 @@
+-------------------------------------------------------------------
+Sun Feb  9 13:30:59 UTC 2014 - coolo@suse.com
+
+- updated to 1.967
+ - verify the hostname inside a certificate by default with a superset of
+   common verification schemes instead of not verifying identity at all.
+   For now it will only complain if name verification failed, in the future
+   it will fail certificate verification, forcing you to set the expected
+   SSL_verifycn_name if you want to accept the certificate.
+ - new option SSL_fingerprint and new methods get_fingerprint and
+   get_fingerprint_bin. Together they can be used to selectively accept
+   specific certificates which would otherwise fail verification, like
+   self-signed, outdated or from unknown CAs.
+   This makes another reason to disable verification obsolete.
+ - Utils:
+   - default RSA key length 2048
+   - digest algorithm to sign certificate in CERT_create can be given,
+     defaults to SHA-256
+   - CERT_create can now issue non-CA selfsigned certificate
+   - CERT_create add some more useful constraints to certificate
+ - spelling fixes, thanks to ville[dot]skytta[at]iki[dot]fi
+ 1.966 2014/01/21
+ - fixed bug introduced in 1.964 - disabling TLSv1_2 worked no longer with
+   specifying !TLSv12, only !TLSv1_2 worked
+ - fixed leak of session objects in SessionCache, if another session 
+   replaced an existing session (introduced in 1.965)
+ 1.965 2014/01/16
+ - new key SSL_session_key to influence how sessions are inserted and looked
+   up in the clients session cache. This makes it possible to share sessions
+   over different ip:host (like required with some FTPS servers)
+ - t/core.t - handle case, were default loopback source is not 127.0.0.1, like
+   in FreeBSD jails
+ 1.964 2014/01/15
+ - Disabling TLSv1_1 did not work, because the constant was wrong. Now it gets
+   the constants from calling Net::SSLeay::SSL_OP_NO_TLSv1_1 etc
+ - The new syntax for the protocols is TLSv1_1 instead of TLSv11.
+
 -------------------------------------------------------------------
 Fri Nov 29 11:05:49 UTC 2013 - coolo@suse.com
 

perl-IO-Socket-SSL.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package perl-IO-Socket-SSL
 #
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           perl-IO-Socket-SSL
-Version:        1.962
+Version:        1.967
 Release:        0
 %define cpan_name IO-Socket-SSL
 Summary:        Nearly transparent SSL encapsulation for IO::Socket::INET.
@@ -43,8 +43,11 @@ application: multiple SSL contexts, cipher selection, certificate
 verification, Server Name Indication (SNI), Next Protocol Negotiation
 (NPN), SSL version selection and more.
 
-If you have never used SSL before, you should read the appendix labelled
-'Using SSL' before attempting to use this module.
+If you have never used SSL before, you should read the section 'Using SSL'
+before attempting to use this module.
+
+If you used IO::Socket before you should read the following section
+'Differences to IO::Socket'.
 
 If you want to use SSL with non-blocking sockets and/or within an event
 loop please read very carefully the sections about non-blocking I/O and