- ignore Mozilla::CA
- updated to 2.054
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.054 2018/01/22
- added missing test certificates to MANIFEST
2.053 2018/01/21
- small behavior fixes
- if SSL_fingerprint is used and matches don't check for OCSP
- Utils::CERT_create - small fixes to properly specific purpose, ability to
use predefined complex purpose but disable some features
- update PublicSuffix
- updates for documentation, especially regarding pitfalls with forking or using
non-blocking sockets. Spelling fixes.
- test fixes and improvements
- stability improvements for live tests
- regenerate certificate in certs/ and make sure they are limited to the
correct purpose. Checkin program used to generate certificates.
- adjust tests since certificates have changed and some tests used
certificates intended for client authentication as server certificates,
which now no longer works
OBS-URL: https://build.opensuse.org/request/show/575636
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/perl-IO-Socket-SSL?expand=0&rev=76
- update to 2.051
fixes build with openssl 1.1
- syswrite: if SSL_write sets SSL_ERROR_SYSCALL but no $! (as seen with
OpenSSL 1.1.0 on Windows) set $! to EPIPE to propagate a useful error up
https://github.com/noxxi/p5-io-socket-ssl/issues/62
- removed unecessary settings of SSL_version and SSL_cipher_list from tests
- protocol_version.t can now deal when TLS 1.0 and/or TLS 1.1 are not supported
as is the case with openssl versions in latest Debian (buster)
- fixed problem caused by typo in the context of session cache
https://github.com/noxxi/p5-io-socket-ssl/issues/60
- update PublicSuffix information from publicsuffix.org
- fixed small memory leaks during destruction of socket and context, RT#120643
- better fix for problem which 2.046 tried to fix but broke LWP this way
- cleanup everything in DESTROY and make sure to start with a fresh %{*self}
in configure_SSL because it can happen that a GLOB gets used again without
calling DESTROY (https://github.com/noxxi/p5-io-socket-ssl/issues/56)
- fixed memory leak caused by not destroying CREATED_IN_THIS_THREAD for SSL
objects -> github pull#55
- optimization: don't track SSL objects and CTX in *CREATED_IN_THIS_THREAD
if perl is compiled w/o thread support
- small fix in t/protocol_version.t to use older versions of Net::SSLeay
with openssl build w/o SSLv3 support
- when setting SSL_keepSocketOnError to true the socket will not be closed
on fatal error. This is a modified version of
https://github.com/noxxi/p5-io-socket-ssl/pull/53/
- protect various 'eval'-based capability detections at startup with a localized
__DIE__ handler. This way dynamically requiring IO::Socket::SSL as done by
various third party software should cause less problems even if there is a
global __DIE__ handler which does not properly deal with 'eval'.
- make t/session_ticket.t work with OpenSSL 1.1.0. With this version the
session does not get reused any longer if it was not properly closed which
OBS-URL: https://build.opensuse.org/request/show/528108
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-IO-Socket-SSL?expand=0&rev=92
- updated to 2.024
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.024 2016/02/06
- Work around issue where the connect fails on systems having only a loopback
interface and where IO::Socket::IP is used as super class (default when
available). Since IO::Socket::IP sets AI_ADDRCONFIG by default connect to
localhost would fail on this systems. This happened at least for the tests,
see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813796
Workaround is to explicitely set GetAddrInfoFlags to 0 if no GetAddrInfoFlags
is set but the Family/Domain is given. In this case AI_ADDRCONFIG would not
be useful anyway but would cause at most harm.
2.023 2016/01/30
- OpenSSL 1.0.2f changed the behavior of SSL shutdown in case the TLS connection
was not fully established (commit: f73c737c7ac908c5d6407c419769123392a3b0a9).
This somehow resulted in Net::SSLeay::shutdown returning 0 (i.e. keep trying)
which caused an endless loop. It will now ignore this result in case the TLS
connection was not yet established and consider the TLS connection closed
instead.
2.022 2015/12/10
- fix stringification of IPv6 inside subjectAltNames in Utils::CERT_asHash.
Thanks to Mark.Martinec[AT]ijs[DOT]si for reporting in #110253
2.021 2015/12/02
- Fixes for documentation and typos thanks to DavsX and jwilk.
- Update PublicSuffx with latest version from publicsuffix.org
2.020 2015/09/20
- support multiple directories in SSL_ca_path as proposed in RT#106711
by dr1027[AT]evocat[DOT]ne. Directories can be given as array or as string
with a path separator, see documentation.
- typos fixed thanks to jwilk https://github.com/noxxi/p5-io-socket-ssl/pull/34
2.019 2015/09/01
OBS-URL: https://build.opensuse.org/request/show/370293
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/perl-IO-Socket-SSL?expand=0&rev=72
- updated to 1.967
- verify the hostname inside a certificate by default with a superset of
common verification schemes instead of not verifying identity at all.
For now it will only complain if name verification failed, in the future
it will fail certificate verification, forcing you to set the expected
SSL_verifycn_name if you want to accept the certificate.
- new option SSL_fingerprint and new methods get_fingerprint and
get_fingerprint_bin. Together they can be used to selectively accept
specific certificates which would otherwise fail verification, like
self-signed, outdated or from unknown CAs.
This makes another reason to disable verification obsolete.
- Utils:
- default RSA key length 2048
- digest algorithm to sign certificate in CERT_create can be given,
defaults to SHA-256
- CERT_create can now issue non-CA selfsigned certificate
- CERT_create add some more useful constraints to certificate
- spelling fixes, thanks to ville[dot]skytta[at]iki[dot]fi
1.966 2014/01/21
- fixed bug introduced in 1.964 - disabling TLSv1_2 worked no longer with
specifying !TLSv12, only !TLSv1_2 worked
- fixed leak of session objects in SessionCache, if another session
replaced an existing session (introduced in 1.965)
1.965 2014/01/16
- new key SSL_session_key to influence how sessions are inserted and looked
up in the clients session cache. This makes it possible to share sessions
over different ip:host (like required with some FTPS servers)
- t/core.t - handle case, were default loopback source is not 127.0.0.1, like
in FreeBSD jails
1.964 2014/01/15
OBS-URL: https://build.opensuse.org/request/show/221506
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/perl-IO-Socket-SSL?expand=0&rev=63
- verify the hostname inside a certificate by default with a superset of
common verification schemes instead of not verifying identity at all.
For now it will only complain if name verification failed, in the future
it will fail certificate verification, forcing you to set the expected
SSL_verifycn_name if you want to accept the certificate.
- new option SSL_fingerprint and new methods get_fingerprint and
get_fingerprint_bin. Together they can be used to selectively accept
specific certificates which would otherwise fail verification, like
self-signed, outdated or from unknown CAs.
This makes another reason to disable verification obsolete.
- Utils:
- default RSA key length 2048
- digest algorithm to sign certificate in CERT_create can be given,
defaults to SHA-256
- CERT_create can now issue non-CA selfsigned certificate
- CERT_create add some more useful constraints to certificate
- spelling fixes, thanks to ville[dot]skytta[at]iki[dot]fi
1.966 2014/01/21
- fixed bug introduced in 1.964 - disabling TLSv1_2 worked no longer with
specifying !TLSv12, only !TLSv1_2 worked
- fixed leak of session objects in SessionCache, if another session
replaced an existing session (introduced in 1.965)
1.965 2014/01/16
- new key SSL_session_key to influence how sessions are inserted and looked
up in the clients session cache. This makes it possible to share sessions
over different ip:host (like required with some FTPS servers)
- t/core.t - handle case, were default loopback source is not 127.0.0.1, like
in FreeBSD jails
1.964 2014/01/15
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-IO-Socket-SSL?expand=0&rev=69