diff --git a/IO-Socket-SSL-2.016.tar.gz b/IO-Socket-SSL-2.016.tar.gz deleted file mode 100644 index 3bc8fbd..0000000 --- a/IO-Socket-SSL-2.016.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:936268b3c152a4900f9c1762ab2e0aa3f84ed3a988e8e60aaad604beda7bfe41 -size 195529 diff --git a/IO-Socket-SSL-2.024.tar.gz b/IO-Socket-SSL-2.024.tar.gz new file mode 100644 index 0000000..c442deb --- /dev/null +++ b/IO-Socket-SSL-2.024.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:dab3125b004b24ff8dfc003aa81c00c0f976a1bc34a75e1d8d9de9de837ce6c9 +size 209567 diff --git a/perl-IO-Socket-SSL.changes b/perl-IO-Socket-SSL.changes index 074b732..662c17c 100644 --- a/perl-IO-Socket-SSL.changes +++ b/perl-IO-Socket-SSL.changes @@ -1,3 +1,58 @@ +------------------------------------------------------------------- +Fri Mar 11 10:14:57 UTC 2016 - coolo@suse.com + +- updated to 2.024 + see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes + + 2.024 2016/02/06 + - Work around issue where the connect fails on systems having only a loopback + interface and where IO::Socket::IP is used as super class (default when + available). Since IO::Socket::IP sets AI_ADDRCONFIG by default connect to + localhost would fail on this systems. This happened at least for the tests, + see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813796 + Workaround is to explicitely set GetAddrInfoFlags to 0 if no GetAddrInfoFlags + is set but the Family/Domain is given. In this case AI_ADDRCONFIG would not + be useful anyway but would cause at most harm. + 2.023 2016/01/30 + - OpenSSL 1.0.2f changed the behavior of SSL shutdown in case the TLS connection + was not fully established (commit: f73c737c7ac908c5d6407c419769123392a3b0a9). + This somehow resulted in Net::SSLeay::shutdown returning 0 (i.e. keep trying) + which caused an endless loop. It will now ignore this result in case the TLS + connection was not yet established and consider the TLS connection closed + instead. + 2.022 2015/12/10 + - fix stringification of IPv6 inside subjectAltNames in Utils::CERT_asHash. + Thanks to Mark.Martinec[AT]ijs[DOT]si for reporting in #110253 + 2.021 2015/12/02 + - Fixes for documentation and typos thanks to DavsX and jwilk. + - Update PublicSuffx with latest version from publicsuffix.org + 2.020 2015/09/20 + - support multiple directories in SSL_ca_path as proposed in RT#106711 + by dr1027[AT]evocat[DOT]ne. Directories can be given as array or as string + with a path separator, see documentation. + - typos fixed thanks to jwilk https://github.com/noxxi/p5-io-socket-ssl/pull/34 + 2.019 2015/09/01 + - work around different behavior of getnameinfo from Socket and Socket6 by + using a different wrapper depending on which module I use for IPv6. + Thanks to bluhm for reporting. + 2.018 2015/08/27 + - RT#106687 - startssl.t failed on darwin with old openssl since server + requested client certificate but offered also anon ciphers + 2.017 2015/08/24 + - checks for readability of files/dirs for certificates and CA no longer use + -r because this is not safe when ACLs are used. Thanks to BBYRD, RT#106295 + - new method sock_certificate similar to peer_certificate based on idea of + Paul Evans, RT#105733 + - get_fingerprint can now take optional certificate as argument and compute + the fingerprint of it. Useful in connection with sock_certificate. + - check for both EWOULDBLOCK and EAGAIN since these codes are different on + some platforms. Thanks to Andy Grundman, RT#106573 + - enforce default verification scheme if none was specified, i.e. no longer + just warn but accept. If really no verification is wanted a scheme of + 'none' must be explicitly specified. + - support different cipher suites per SNI hosts +- remove perl-IO-Socket-SSL_fix_offline.patch + ------------------------------------------------------------------- Tue Jul 7 18:54:46 UTC 2015 - coolo@suse.com diff --git a/perl-IO-Socket-SSL.spec b/perl-IO-Socket-SSL.spec index a8a0b2c..6695ece 100644 --- a/perl-IO-Socket-SSL.spec +++ b/perl-IO-Socket-SSL.spec @@ -1,7 +1,7 @@ # # spec file for package perl-IO-Socket-SSL # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: perl-IO-Socket-SSL -Version: 2.016 +Version: 2.024 Release: 0 %define cpan_name IO-Socket-SSL Summary: Nearly transparent SSL encapsulation for IO::Socket::INET @@ -27,7 +27,6 @@ Url: http://search.cpan.org/dist/IO-Socket-SSL/ Source0: http://www.cpan.org/authors/id/S/SU/SULLR/%{cpan_name}-%{version}.tar.gz Source1: cpanspec.yml Patch0: perl-IO-Socket-SSL_add_DHE-RSA_to_default_client_cipher_list.patch -Patch1: perl-IO-Socket-SSL_fix_offline.patch BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: perl @@ -38,10 +37,10 @@ Requires: perl(Net::SSLeay) >= 1.46 %description IO::Socket::SSL makes using SSL/TLS much easier by wrapping the necessary -functionality into the familiar the IO::Socket manpage interface and -providing secure defaults whenever possible. This way, existing -applications can be made SSL-aware without much effort, at least if you do -blocking I/O and don't use select or poll. +functionality into the familiar IO::Socket interface and providing secure +defaults whenever possible. This way, existing applications can be made +SSL-aware without much effort, at least if you do blocking I/O and don't +use select or poll. But, under the hood, SSL is a complex beast. So there are lots of methods to make it do what you need if the default behavior is not adequate. @@ -51,36 +50,34 @@ documentation carefully. The documentation consists of the following parts: -* * the /"Essential Information About SSL/TLS" manpage +* * "Essential Information About SSL/TLS" -* * the /"Basic SSL Client" manpage +* * "Basic SSL Client" -* * the /"Basic SSL Server" manpage +* * "Basic SSL Server" -* * the /"Common Usage Errors" manpage +* * "Common Usage Errors" -* * the /"Common Problems with SSL" manpage +* * "Common Problems with SSL" -* * the /"Using Non-Blocking Sockets" manpage +* * "Using Non-Blocking Sockets" -* * the /"Advanced Usage" manpage +* * "Advanced Usage" -* * the /"Integration Into Own Modules" manpage +* * "Integration Into Own Modules" -* * the /"Description Of Methods" manpage +* * "Description Of Methods" Additional documentation can be found in -* * the IO::Socket::SSL::Intercept manpage - Doing Man-In-The-Middle with - SSL +* * IO::Socket::SSL::Intercept - Doing Man-In-The-Middle with SSL -* * the IO::Socket::SSL::Utils manpage - Useful functions for certificates - etc +* * IO::Socket::SSL::Utils - Useful functions for certificates etc %prep %setup -q -n %{cpan_name}-%{version} +find . -type f ! -name \*.pl -print0 | xargs -0 chmod 644 %patch0 -p1 -%patch1 -p1 %build %{__perl} Makefile.PL INSTALLDIRS=vendor diff --git a/perl-IO-Socket-SSL_fix_offline.patch b/perl-IO-Socket-SSL_fix_offline.patch deleted file mode 100644 index eb1f383..0000000 --- a/perl-IO-Socket-SSL_fix_offline.patch +++ /dev/null @@ -1,362 +0,0 @@ -Subject: OBS has no network and no DNS - -Index: IO-Socket-SSL-2.016/t/acceptSSL-timeout.t -=================================================================== ---- IO-Socket-SSL-2.016.orig/t/acceptSSL-timeout.t -+++ IO-Socket-SSL-2.016/t/acceptSSL-timeout.t -@@ -65,6 +65,7 @@ sub client_ssl { - my $c = IO::Socket::SSL->new( - PeerAddr => $saddr, - Domain => AF_INET, -+ GetAddrInfoFlags => 0, # avoid AI_ADDRCONFIG - SSL_verify_mode => 0 - ) || die "connect failed: $!|$SSL_ERROR"; - print "Connected\n"; -Index: IO-Socket-SSL-2.016/t/auto_verify_hostname.t -=================================================================== ---- IO-Socket-SSL-2.016.orig/t/auto_verify_hostname.t -+++ IO-Socket-SSL-2.016/t/auto_verify_hostname.t -@@ -27,6 +27,7 @@ my $server = IO::Socket::SSL->new( - LocalPort => 0, - Listen => 2, - ReuseAddr => 1, -+ GetAddrInfoFlags => 0, # avoid AI_ADDRCONFIG - SSL_server => 1, - SSL_cert_file => "certs/server-wildcard.pem", - SSL_key_file => "certs/server-wildcard.pem", -@@ -51,6 +52,7 @@ for( my $i=0;$i<@tests;$i+=3 ) { - my $cl = IO::Socket::SSL->new( - PeerAddr => $saddr, - Domain => AF_INET, -+ GetAddrInfoFlags => 0, # avoid AI_ADDRCONFIG - SSL_verify_mode => 1, - SSL_verifycn_scheme => $scheme, - SSL_verifycn_name => $name, -Index: IO-Socket-SSL-2.016/t/mitm.t -=================================================================== ---- IO-Socket-SSL-2.016.orig/t/mitm.t -+++ IO-Socket-SSL-2.016/t/mitm.t -@@ -16,6 +16,7 @@ END { kill 9,@pid } - my $server = IO::Socket::SSL->new( - LocalAddr => '127.0.0.1', - LocalPort => 0, -+ GetAddrInfoFlags => 0, # avoid AI_ADDRCONFIG - SSL_cert_file => 'certs/server-cert.pem', - SSL_key_file => 'certs/server-key.pem', - Listen => 10, -@@ -28,6 +29,7 @@ push @pid,$pid; - close($server); - - my $proxy = IO::Socket::INET->new( -+ GetAddrInfoFlags => 0, # avoid AI_ADDRCONFIG - LocalAddr => '127.0.0.1', - LocalPort => 0, - Listen => 10, -@@ -44,6 +46,7 @@ close($proxy); - my $cl = IO::Socket::SSL->new( - PeerAddr => $saddr, - Domain => AF_INET, -+ GetAddrInfoFlags => 0, # avoid AI_ADDRCONFIG - SSL_verify_mode => 1, - SSL_ca_file => 'certs/my-ca.pem', - ); -@@ -57,6 +60,7 @@ $cl = IO::Socket::SSL->new( - PeerAddr => $paddr, - Domain => AF_INET, - SSL_verify_mode => 1, -+ GetAddrInfoFlags => 0, # avoid AI_ADDRCONFIG - SSL_ca_file => 'certs/proxyca.pem', - ); - ssl_ok($cl,"ssl connected to proxy"); -@@ -81,6 +85,7 @@ sub proxy { - my $toc = $proxy->accept or next; - my $tos = IO::Socket::SSL->new( - PeerAddr => $saddr, -+ GetAddrInfoFlags => 0, # avoid AI_ADDRCONFIG - Domain => AF_INET, - SSL_verify_mode => 1, - SSL_ca_file => 'certs/my-ca.pem', -Index: IO-Socket-SSL-2.016/t/plain_upgrade_downgrade.t -=================================================================== ---- IO-Socket-SSL-2.016.orig/t/plain_upgrade_downgrade.t -+++ IO-Socket-SSL-2.016/t/plain_upgrade_downgrade.t -@@ -11,6 +11,7 @@ IO::Socket::SSL::default_ca('certs/my-ca - my $server = IO::Socket::SSL->new( - LocalAddr => '127.0.0.1', - LocalPort => 0, -+ GetAddrInfoFlags => 0, # avoid AI_ADDRCONFIG - Listen => 2, - SSL_cert_file => 'certs/server-cert.pem', - SSL_key_file => 'certs/server-key.pem', -@@ -105,6 +106,7 @@ for my $test ( - if ($act =~m{newSSL(?::(.*))?$} ) { - $cl = IO::Socket::SSL->new( - PeerAddr => $saddr, -+ GetAddrInfoFlags => 0, # avoid AI_ADDRCONFIG - Domain => AF_INET, - defined($1) ? (SSL_startHandshake => $1):(), - ) or die "failed to connect: $!|$SSL_ERROR"; -Index: IO-Socket-SSL-2.016/t/alpn.t -=================================================================== ---- IO-Socket-SSL-2.016.orig/t/alpn.t -+++ IO-Socket-SSL-2.016/t/alpn.t -@@ -25,6 +25,7 @@ my $addr = '127.0.0.1'; - my $server = IO::Socket::SSL->new( - LocalAddr => $addr, - Listen => 2, -+ GetAddrInfoFlags => 0, # avoid AI_ADDRCONFIg - SSL_cert_file => 'certs/server-cert.pem', - SSL_key_file => 'certs/server-key.pem', - SSL_alpn_protocols => [qw(one two)], -@@ -49,6 +50,7 @@ if ( !defined $pid ) { - my $to_server = IO::Socket::SSL->new( - PeerAddr => $addr, - Domain => AF_INET, -+ GetAddrInfoFlags => 0, # avoid AI_ADDRCONFIG - SSL_verify_mode => 0, - SSL_alpn_protocols => [qw(two three)], - ) or do { -Index: IO-Socket-SSL-2.016/t/cert_no_file.t -=================================================================== ---- IO-Socket-SSL-2.016.orig/t/cert_no_file.t -+++ IO-Socket-SSL-2.016/t/cert_no_file.t -@@ -28,6 +28,7 @@ my %server_args = ( - LocalAddr => '127.0.0.1', - LocalPort => 0, - Listen => 2, -+ GetAddrInfoFlags => 0, - SSL_server => 1, - SSL_verify_mode => 0x00, - SSL_ca_file => "certs/test-ca.pem", -@@ -73,6 +74,7 @@ foreach my $test ( 1,2,3 ) { - - my $to_server = IO::Socket::SSL->new( - PeerAddr => $saddr, -+ GetAddrInfoFlags => 0, # avoid AI_ADDRCONFIG - Domain => AF_INET, - SSL_verify_mode => 0x00, - ); -Index: IO-Socket-SSL-2.016/t/core.t -=================================================================== ---- IO-Socket-SSL-2.016.orig/t/core.t -+++ IO-Socket-SSL-2.016/t/core.t -@@ -77,6 +77,7 @@ unless (fork) { - $client = IO::Socket::SSL->new( - PeerAddr => $saddr, - Domain => AF_INET, -+ GetAddrInfoFlags => 0, # avoid AI_ADDRCONFIg - SSL_verify_mode => 0x01, - SSL_ca_file => "certs/test-ca.pem", - SSL_use_cert => 1, -@@ -178,6 +179,7 @@ unless (fork) { - my $client_3 = IO::Socket::SSL->new( - PeerAddr => $saddr, - Domain => AF_INET, -+ GetAddrInfoFlags => 0, # avoid AI_ADDRCONFIG - SSL_verify_mode => 0x01, - SSL_version => 'TLSv1', - SSL_cipher_list => 'HIGH', -@@ -194,6 +196,7 @@ unless (fork) { - - my $client_4 = IO::Socket::SSL->new( - PeerAddr => $saddr, -+ GetAddrInfoFlags => 0, # avoid AI_ADDRCONFIG - Domain => AF_INET, - SSL_reuse_ctx => $client_3, - Blocking => 0 -Index: IO-Socket-SSL-2.016/t/dhe.t -=================================================================== ---- IO-Socket-SSL-2.016.orig/t/dhe.t -+++ IO-Socket-SSL-2.016/t/dhe.t -@@ -25,6 +25,7 @@ my $server = IO::Socket::SSL->new( - LocalAddr => $addr, - Listen => 2, - ReuseAddr => 1, -+ GetAddrInfoFlags => 0, # avoid AI_ADDRCONFIG - SSL_cert_file => "certs/server-rsa384-dh.pem", - SSL_key_file => "certs/server-rsa384-dh.pem", - SSL_dh_file => "certs/server-rsa384-dh.pem", -@@ -52,6 +53,7 @@ if ( !defined $pid ) { - my $to_server = IO::Socket::SSL->new( - PeerAddr => $addr, - Domain => AF_INET, -+ GetAddrInfoFlags => 0, # avoid AI_ADDRCONFIG - SSL_cipher_list => 'ALL:RSA:!aRSA', - SSL_verify_mode => 0 ) || do { - notok( "connect failed: $SSL_ERROR" ); -Index: IO-Socket-SSL-2.016/t/ecdhe.t -=================================================================== ---- IO-Socket-SSL-2.016.orig/t/ecdhe.t -+++ IO-Socket-SSL-2.016/t/ecdhe.t -@@ -47,6 +47,7 @@ if ( !defined $pid ) { - my $to_server = IO::Socket::SSL->new( - PeerAddr => $addr, - Domain => AF_INET, -+ GetAddrInfoFlags => 0, # avoid AI_ADDRCONFIG - SSL_verify_mode => 0 ) || do { - notok( "connect failed: $SSL_ERROR" ); - exit -Index: IO-Socket-SSL-2.016/t/nonblock.t -=================================================================== ---- IO-Socket-SSL-2.016.orig/t/nonblock.t -+++ IO-Socket-SSL-2.016/t/nonblock.t -@@ -119,6 +119,7 @@ if ( $pid == 0 ) { - - # upgrade to SSL socket w/o connection yet - if ( ! IO::Socket::SSL->start_SSL( $to_server, -+ GetAddrInfoFlags => 0, # avoid AI_ADDRCONFIG - SSL_startHandshake => 0, - SSL_verify_mode => 0, - SSL_key_file => "certs/server-key.enc", -@@ -283,6 +284,7 @@ if ( $pid == 0 ) { - # no handshake yet - if ( ! IO::Socket::SSL->start_SSL( $from_client, - SSL_startHandshake => 0, -+ GetAddrInfoFlags => 0, # avoid AI_ADDRCONFIG - SSL_server => 1, - SSL_verify_mode => 0x00, - SSL_ca_file => "certs/test-ca.pem", -Index: IO-Socket-SSL-2.016/t/npn.t -=================================================================== ---- IO-Socket-SSL-2.016.orig/t/npn.t -+++ IO-Socket-SSL-2.016/t/npn.t -@@ -49,6 +49,7 @@ if ( !defined $pid ) { - my $to_server = IO::Socket::SSL->new( - PeerAddr => $addr, - Domain => AF_INET, -+ GetAddrInfoFlags => 0, # avoid AI_ADDRCONFIG - SSL_verify_mode => 0, - SSL_npn_protocols => [qw(two three)], - ) or do { -Index: IO-Socket-SSL-2.016/t/protocol_version.t -=================================================================== ---- IO-Socket-SSL-2.016.orig/t/protocol_version.t -+++ IO-Socket-SSL-2.016/t/protocol_version.t -@@ -43,6 +43,7 @@ if ($pid == 0) { - my $cl = IO::Socket::SSL->new( - PeerAddr => $saddr, - Domain => AF_INET, -+ GetAddrInfoFlags => 0, # avoid AI_ADDRCONFIG - SSL_startHandshake => 0, - SSL_verify_mode => 0, - SSL_version => $ver, -Index: IO-Socket-SSL-2.016/t/readline.t -=================================================================== ---- IO-Socket-SSL-2.016.orig/t/readline.t -+++ IO-Socket-SSL-2.016/t/readline.t -@@ -154,6 +154,7 @@ my $testid = "Test00"; - foreach my $test (@tests) { - my $to_server = IO::Socket::SSL->new( - PeerAddr => $addr, -+ GetAddrInfoFlags => 0, # avoid AI_ADDRCONFIG - Domain => AF_INET, - SSL_verify_mode => 0 ) || do { - notok( "connect failed: ".IO::Socket::SSL->errstr() ); -Index: IO-Socket-SSL-2.016/t/sessions.t -=================================================================== ---- IO-Socket-SSL-2.016.orig/t/sessions.t -+++ IO-Socket-SSL-2.016/t/sessions.t -@@ -45,6 +45,7 @@ unless (fork) { - SSL_version => 'TLSv1', - SSL_cipher_list => 'HIGH', - SSL_session_cache_size => 4, -+ GetAddrInfoFlags => 0, # avoid AI_ADDRCONFIG - ); - - -@@ -97,8 +98,8 @@ unless (fork) { - - my $sock3 = IO::Socket::INET->new($saddr[2]); - my @clients = ( -- IO::Socket::SSL->new(PeerAddr => $saddr[0], Domain => AF_INET), -- IO::Socket::SSL->new(PeerAddr => $saddr[1], Domain => AF_INET), -+ IO::Socket::SSL->new(PeerAddr => $saddr[0], Domain => AF_INET, GetAddrInfoFlags => 0), -+ IO::Socket::SSL->new(PeerAddr => $saddr[1], Domain => AF_INET, GetAddrInfoFlags => 0), - IO::Socket::SSL->start_SSL( $sock3 ), - ); - -@@ -140,7 +141,7 @@ unless (fork) { - } - - @clients = map { -- IO::Socket::SSL->new(PeerAddr => $_, Domain => AF_INET) -+ IO::Socket::SSL->new(PeerAddr => $_, Domain => AF_INET, GetAddrInfoFlags => 0 ) - } @saddr; - - if (keys(%$cache) != 6) { -Index: IO-Socket-SSL-2.016/t/signal-readline.t -=================================================================== ---- IO-Socket-SSL-2.016.orig/t/signal-readline.t -+++ IO-Socket-SSL-2.016/t/signal-readline.t -@@ -36,6 +36,7 @@ if ( $pid == 0 ) { - close($server); - my $client = IO::Socket::SSL->new( - PeerAddr => $saddr, -+ GetAddrInfoFlags => 0, - Domain => AF_INET, - SSL_verify_mode => 0 - ) || print "not "; -Index: IO-Socket-SSL-2.016/t/sni.t -=================================================================== ---- IO-Socket-SSL-2.016.orig/t/sni.t -+++ IO-Socket-SSL-2.016/t/sni.t -@@ -60,6 +60,7 @@ if ( $pid == 0 ) { - my $client = IO::Socket::SSL->new( - PeerAddr => $saddr, - Domain => AF_INET, -+ GetAddrInfoFlags => 0, - SSL_verify_mode => 1, - SSL_hostname => $host, - SSL_ca_file => 'certs/my-ca.pem', -Index: IO-Socket-SSL-2.016/t/sni_verify.t -=================================================================== ---- IO-Socket-SSL-2.016.orig/t/sni_verify.t -+++ IO-Socket-SSL-2.016/t/sni_verify.t -@@ -61,6 +61,7 @@ if ( $pid == 0 ) { - my $client = IO::Socket::SSL->new( - PeerAddr => $saddr, - Domain => AF_INET, -+ GetAddrInfoFlags => 0, - SSL_verify_mode => 1, - SSL_hostname => $host, - SSL_ca_file => 'certs/my-ca.pem', -Index: IO-Socket-SSL-2.016/t/sysread_write.t -=================================================================== ---- IO-Socket-SSL-2.016.orig/t/sysread_write.t -+++ IO-Socket-SSL-2.016/t/sysread_write.t -@@ -47,6 +47,7 @@ if ( $pid == 0 ) { - - my $to_server = IO::Socket::SSL->new( - PeerAddr => $saddr, -+ GetAddrInfoFlags => 0, - Domain => AF_INET, - SSL_ca_file => "certs/test-ca.pem", - ) || do { -Index: IO-Socket-SSL-2.016/t/verify_hostname.t -=================================================================== ---- IO-Socket-SSL-2.016.orig/t/verify_hostname.t -+++ IO-Socket-SSL-2.016/t/verify_hostname.t -@@ -40,6 +40,7 @@ if ( $pid == 0 ) { - my $client = IO::Socket::SSL->new( - PeerAddr => $saddr, - Domain => AF_INET, -+ GetAddrInfoFlags => 0, - SSL_verify_mode => 0 - ) || print "not "; - ok( "client ssl connect" ); -@@ -110,6 +111,7 @@ defined( $pid = fork() ) || die $!; - if ( $pid == 0 ) { - IO::Socket::SSL->new( - PeerAddr => $saddr, -+ GetAddrInfoFlags => 0, - Domain => AF_INET, - SSL_ca_file => "certs/test-ca.pem", - SSL_verify_mode => 1, -@@ -129,6 +131,7 @@ if ( $pid == 0 ) { - PeerAddr => $saddr, - Domain => AF_INET, - SSL_ca_file => "certs/test-ca.pem", -+ GetAddrInfoFlags => 0, - SSL_verify_mode => 1, - SSL_verifycn_scheme => 'www', - SSL_verifycn_name => 'does.not.match.server.local'