- updated to 2.083
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.083 2023/05/18
- fix t/protocol_version.t for OpenSSL versions which don't support SECLEVEL
(regression from #122)
2.082 2023/05/17
- SSL_version default now TLS 1.2+ since TLS 1.1 and lower deprecated #122
- fix output of alert string when debugging #132
- improve regex for hostname validation #130, #126
- add can_ciphersuites subroutine for feature checking #127
- Utils::CERT_create - die if unexpected arguments are given instead of ignoring
these
OBS-URL: https://build.opensuse.org/request/show/1090332
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-IO-Socket-SSL?expand=0&rev=144
- updated to 2.081
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.081 2023/01/25
- new function set_msg_callback for user defined callback on each SSL message
- showcase function in example/ssl_client.pl and example/ssl_server.pl for
computing JA3S/JA3 fingerprints
- fix tracing added in 2.076 to no longer include SSL3_RT_HEADER (noise)
2.080 2023/01/18
- move certs into t/ so that distributions like CentOS don't install the
test certificates as part of the documentation any longer.
2.079 2023/01/16
- properly extract IPv6 address for verification from PeerAddr if not explicitly
given as SSL_verifycn_name.
https://github.com/noxxi/p5-io-socket-ssl/issues/123
OBS-URL: https://build.opensuse.org/request/show/1061401
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-IO-Socket-SSL?expand=0&rev=142
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.064
- make algorithm for fingerprint optional, i.e. detect based on length of
fingerprint - https://rt.cpan.org/Ticket/Display.html?id=127773
- fix t/sessions.t and improve stability of t/verify_hostname.t on windows
- use CTX_set_ecdh_auto when needed (OpenSSL 1.0.2) if explicit curves are set
- update fingerprints for live tests
2.063
- support for both RSA and ECDSA certificate on same domain
- update PublicSuffix
- Refuse to build if Net::SSLeay is compiled with one version of OpenSSL but
then linked against another API-incompatible version (ie. more than just the
patchlevel differs).
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-IO-Socket-SSL?expand=0&rev=116
- update to 2.051
fixes build with openssl 1.1
- syswrite: if SSL_write sets SSL_ERROR_SYSCALL but no $! (as seen with
OpenSSL 1.1.0 on Windows) set $! to EPIPE to propagate a useful error up
https://github.com/noxxi/p5-io-socket-ssl/issues/62
- removed unecessary settings of SSL_version and SSL_cipher_list from tests
- protocol_version.t can now deal when TLS 1.0 and/or TLS 1.1 are not supported
as is the case with openssl versions in latest Debian (buster)
- fixed problem caused by typo in the context of session cache
https://github.com/noxxi/p5-io-socket-ssl/issues/60
- update PublicSuffix information from publicsuffix.org
- fixed small memory leaks during destruction of socket and context, RT#120643
- better fix for problem which 2.046 tried to fix but broke LWP this way
- cleanup everything in DESTROY and make sure to start with a fresh %{*self}
in configure_SSL because it can happen that a GLOB gets used again without
calling DESTROY (https://github.com/noxxi/p5-io-socket-ssl/issues/56)
- fixed memory leak caused by not destroying CREATED_IN_THIS_THREAD for SSL
objects -> github pull#55
- optimization: don't track SSL objects and CTX in *CREATED_IN_THIS_THREAD
if perl is compiled w/o thread support
- small fix in t/protocol_version.t to use older versions of Net::SSLeay
with openssl build w/o SSLv3 support
- when setting SSL_keepSocketOnError to true the socket will not be closed
on fatal error. This is a modified version of
https://github.com/noxxi/p5-io-socket-ssl/pull/53/
- protect various 'eval'-based capability detections at startup with a localized
__DIE__ handler. This way dynamically requiring IO::Socket::SSL as done by
various third party software should cause less problems even if there is a
global __DIE__ handler which does not properly deal with 'eval'.
- make t/session_ticket.t work with OpenSSL 1.1.0. With this version the
session does not get reused any longer if it was not properly closed which
OBS-URL: https://build.opensuse.org/request/show/528108
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-IO-Socket-SSL?expand=0&rev=92
- verify the hostname inside a certificate by default with a superset of
common verification schemes instead of not verifying identity at all.
For now it will only complain if name verification failed, in the future
it will fail certificate verification, forcing you to set the expected
SSL_verifycn_name if you want to accept the certificate.
- new option SSL_fingerprint and new methods get_fingerprint and
get_fingerprint_bin. Together they can be used to selectively accept
specific certificates which would otherwise fail verification, like
self-signed, outdated or from unknown CAs.
This makes another reason to disable verification obsolete.
- Utils:
- default RSA key length 2048
- digest algorithm to sign certificate in CERT_create can be given,
defaults to SHA-256
- CERT_create can now issue non-CA selfsigned certificate
- CERT_create add some more useful constraints to certificate
- spelling fixes, thanks to ville[dot]skytta[at]iki[dot]fi
1.966 2014/01/21
- fixed bug introduced in 1.964 - disabling TLSv1_2 worked no longer with
specifying !TLSv12, only !TLSv1_2 worked
- fixed leak of session objects in SessionCache, if another session
replaced an existing session (introduced in 1.965)
1.965 2014/01/16
- new key SSL_session_key to influence how sessions are inserted and looked
up in the clients session cache. This makes it possible to share sessions
over different ip:host (like required with some FTPS servers)
- t/core.t - handle case, were default loopback source is not 127.0.0.1, like
in FreeBSD jails
1.964 2014/01/15
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-IO-Socket-SSL?expand=0&rev=69
