e7c6e95ad2
Accepting request 221506 from devel:languages:perl
Stephan Kulow
2014-02-12 16:32:12 +00:00
978fadfd7c
- updated to 1.967 - verify the hostname inside a certificate by default with a superset of common verification schemes instead of not verifying identity at all. For now it will only complain if name verification failed, in the future it will fail certificate verification, forcing you to set the expected SSL_verifycn_name if you want to accept the certificate. - new option SSL_fingerprint and new methods get_fingerprint and get_fingerprint_bin. Together they can be used to selectively accept specific certificates which would otherwise fail verification, like self-signed, outdated or from unknown CAs. This makes another reason to disable verification obsolete. - Utils: - default RSA key length 2048 - digest algorithm to sign certificate in CERT_create can be given, defaults to SHA-256 - CERT_create can now issue non-CA selfsigned certificate - CERT_create add some more useful constraints to certificate - spelling fixes, thanks to ville[dot]skytta[at]iki[dot]fi 1.966 2014/01/21 - fixed bug introduced in 1.964 - disabling TLSv1_2 worked no longer with specifying !TLSv12, only !TLSv1_2 worked - fixed leak of session objects in SessionCache, if another session replaced an existing session (introduced in 1.965) 1.965 2014/01/16 - new key SSL_session_key to influence how sessions are inserted and looked up in the clients session cache. This makes it possible to share sessions over different ip:host (like required with some FTPS servers) - t/core.t - handle case, were default loopback source is not 127.0.0.1, like in FreeBSD jails 1.964 2014/01/15
Stephan Kulow
2014-02-09 14:36:31 +00:00
d486f7e6ec
Accepting request 208877 from devel:languages:perl
Stephan Kulow
2013-11-29 15:25:08 +00:00
2149b12eb2
update
Stephan Kulow
2013-11-29 11:17:04 +00:00
ff4a6e6d1c
Accepting request 208439 from devel:languages:perl
Stephan Kulow
2013-11-26 18:25:41 +00:00
8fa2af46bf
update
Stephan Kulow
2013-11-26 08:14:16 +00:00
823a58f5a5
Accepting request 202212 from devel:languages:perl
Tomáš Chvátal
2013-10-06 12:53:50 +00:00
795e4b0fd5
update
Stephan Kulow
2013-10-04 11:45:41 +00:00
a1416ade3f
Accepting request 184797 from devel:languages:perl
Stephan Kulow
2013-07-30 16:43:51 +00:00
c68333df45
- updated to 1.953 - fixes to IO::Socket::SSL::Utils, thanks to rurban[AT]x-ray[DOT]at, RT#87052 - fix t/acceptSSL-timeout.t on Win32, RT#86862
Stephan Kulow
2013-07-27 12:19:06 +00:00
f6c49fe7ad
Accepting request 184296 from devel:languages:perl
Stephan Kulow
2013-07-25 12:46:29 +00:00
228fd437b4
Accepting request 182138 from home:lnussel:branches:devel:languages:perl
Lars Vogdt
2013-07-25 09:25:21 +00:00
873afd6d3f
- update to 1.88 + consider a value of '' the same as undef for SSL_ca_(path|file) + complain if given SSL_(key|cert|ca)_(file|path) do not exist or if they are not readable + disabled client side SNI for openssl version < 1.0.0 + added functions can_client_sni, can_server_sni, can_npn to check avaibility of SNI and NPN features. Added more documentation for SNI and NPN + Server Name Indication (SNI) support on the server side + sub error sets $SSL_ERROR etc only if there really is an error, otherwise it will keep the latest error. This causes IO::Socket::SSL->new.. to report the correct problem, even if the problem is deeper in the code (like in connect) + deprecated set_ctx_defaults, new name ist set_defaults + changed handling of default path for SSL_(ca|cert|key)* keys: either if one of these keys is user defined don't add defaults for the others, e.g. don't mix user settings and defaults + cleaner handling of module defaults vs. global settings vs. socket specific settings + prepare transition to a more secure default for SSL_verify_mode. The use of the current default SSL_VERIFY_NONE will cause a big warning for clients, unless SSL_verify_mode was explicitly set inside the application to this insecure value. In the near future the default will be SSL_VERIFY_PEER, and thus causing verification failures in unchanged applications. + use getnameinfo instead of unpack_sockaddr_in6 to get PeerAddr and PeerPort from sockaddr in _update_peer, because this provides scope + work around systems which don't defined AF_INET6 + update_peer for IPv6 also + no longer depend on Socket.pm 1.95 for inet_pton, but use
Lars Vogdt
2013-05-11 23:06:34 +00:00
b745629f93
Accepting request 107589 from devel:languages:perl
Stephan Kulow
2012-03-01 16:24:25 +00:00
4b7cbd55fe
- update to 1.55 - work around IO::Sockets work around for systems returning EISCONN etc on connect retry for non-blocking sockets by clearing $! if SUPER::connect returned true. https://rt.cpan.org/Ticket/Display.html?id=75101 Thanks for Manoj Kumar for reporting.
Vítězslav Čížek
2012-02-22 08:29:05 +00:00
c80c0a9164
Accepting request 103907 from devel:languages:perl
Stephan Kulow
2012-02-14 12:09:21 +00:00
6bc0ae9c39
- update to 1.54 - return 0 instead of undef in SSL_verify_callback to fix unitialized warnings. Thanks to d[DOT]thomas[AT]its[DOT]uq[DOT]edu[DOT]au for reporting the bug and MIKEM for the fix. https://rt.cpan.org/Ticket/Display.html?id=73629
Vítězslav Čížek
2012-01-13 12:39:39 +00:00
47336bf66e
Accepting request 98292 from devel:languages:perl
Stephan Kulow
2011-12-27 17:14:15 +00:00
1a698f44d6
Accepting request 95917 from devel:languages:perl
Stephan Kulow
2011-12-08 13:46:23 +00:00
5f60237218
- update to 1.52 - fix syntax error in t/memleak_bad_handshake.t - disable t/memleak_bad_handshake.t on AIX, because it might hang https://rt.cpan.org/Ticket/Display.html?id=72170
Vítězslav Čížek
2011-12-08 11:15:34 +00:00
7ebf04eadc
replace license with spdx.org variant
Stephan Kulow
2011-12-06 17:43:06 +00:00
1ae95f85d8
Updating link to change in openSUSE:Factory/perl-IO-Socket-SSL revision 50.0
OBS User buildservice-autocommit
2011-12-06 17:43:06 +00:00
cfdf98f2da
Accepting request 89784 from devel:languages:perl
Stephan Kulow
2011-11-02 11:14:23 +00:00
5eb8f4b3dd
- update to 1.49 - another regression for readline fix, this time it failed to return lines at eof which don't end with newline. Extended t/readline.t to catch this
Vítězslav Čížek
2011-10-31 08:37:11 +00:00
9f56ef0380
Accepting request 89536 from devel:languages:perl
Stephan Kulow
2011-10-27 12:26:53 +00:00
67437a47d8
- update to 1.48 - bugfix for readline fix in 1.45. If the pending data where false (like '0') it failed to read rest of line. Thanks to Victor Popov for reporting https://rt.cpan.org/Ticket/Display.html?id=71953
Vítězslav Čížek
2011-10-27 11:09:21 +00:00
ac9073442e
- update to 1.47 fix for 1.46 - check for mswin32 needs to be /i. Thanks to Alexandr Ciornii for reporting
Vítězslav Čížek
2011-10-24 09:41:50 +00:00
fe012d983a
- update to 1.46 - added test for signals
Vítězslav Čížek
2011-10-19 11:39:44 +00:00
ba0fcf3f41
- update to 1.45 - fix readline to continue when getting interrupt waiting for more data. Thanks to kgc[AT]corp[DOT]sonic[DOT]net for reporting problem
Vítězslav Čížek
2011-10-17 14:44:21 +00:00
9922d824d8
- updated to 1.40 - integrated patch from GAAS to get IDN support from URI. https://rt.cpan.org/Ticket/Display.html?id=67676 - fix in exampel/async_https_server. Thanks to DetlefPilzecker[AT]web[DOT]de for reporting
Stephan Kulow
2011-05-04 11:11:22 +00:00
a2e3a08e88
- update to 1.39 - fixed documentation of http verification: wildcards in cn is allowed - close should undef _SSL_fileno, because the fileno is no longer valid (SSL connection and socket are closed)
Vítězslav Čížek
2011-03-04 16:40:07 +00:00
f3211b7942
Autobuild autoformatter for 59034
Lars Vogdt
2011-01-24 14:58:37 +00:00
b34cd4fe9a
Accepting request 59034 from devel:languages:perl
Lars Vogdt
2011-01-24 14:58:23 +00:00
f35763fdc0
- update to 1.38 - fixed wildcards_in_cn setting for http (wrongly set in 1.34 to 1 instead of anywhere). Thanks to dagolden[AT]cpan[DOT]org for reporting https://rt.cpan.org/Ticket/Display.html?id=64864
Vítězslav Čížek
2011-01-19 16:36:06 +00:00
a78a192c68
Autobuild autoformatter for 56198
Lars Vogdt
2010-12-19 13:03:08 +00:00
75e8bb21d0
Updating link to change in openSUSE:Factory/perl-IO-Socket-SSL revision 37.0
OBS User buildservice-autocommit
2010-12-19 13:03:08 +00:00
74f31bd350
Accepting request 56198 from devel:languages:perl
Lars Vogdt
2010-12-19 13:02:59 +00:00
f485fcce5f
- update to 1.37 * don't complain about invalid certificate locations if user explicitly set SSL_ca_path and SSL_ca_file to undef. Assume that user knows what he is doing and will work around the problems by itself. * update documentation for SSL_verify_callback based on
Anna Maresova2010-12-16 12:53:20 +00:00
3f4c9c3419
Updating link to change in openSUSE:Factory/perl-IO-Socket-SSL revision 35.0
OBS User buildservice-autocommit
2010-12-08 13:24:09 +00:00
592af9de2f
Accepting request 55022 from devel:languages:perl
Marcus Rueckert2010-12-08 13:24:03 +00:00
8dc14a06f7
- update to 1.35 (fixes bnc#657907) * if verify_mode is not VERIFY_NONE and the ca_file/ca_path cannot be verified as valid it will no longer fall back to VERIFY_NONE but throw an error.
Anna Maresova2010-12-07 14:04:25 +00:00
f1f54a3ba7
Autobuild autoformatter for 54563
Lars Vogdt
2010-12-05 20:58:29 +00:00
f2105150de
Updating link to change in openSUSE:Factory/perl-IO-Socket-SSL revision 33.0
OBS User buildservice-autocommit
2010-12-05 20:58:29 +00:00
34dfc4178a
Accepting request 54563 from devel:languages:perl
Lars Vogdt
2010-12-05 20:58:23 +00:00
6d56742057
always buildrequire perl-macros if not present, move %perl_requires behind buildroot (script commit)
Stephan Kulow
2010-12-03 14:38:49 +00:00
3ef0b0c10a
siwtch to perl_requires macro
Stephan Kulow
2010-12-01 13:47:26 +00:00
bb04bdee48
- update to 1.34 * schema http for certificate verification changed to wildcards_in_cn=1, because according to rfc2818 this is valid and also seen in the wild * if upgrading socket from inet to ssl fails due to handshake problems the socket gets downgraded, but is still open. * depreceate kill_socket, just use close()
Anna Maresova2010-11-01 12:59:15 +00:00
3da450dfb6
Accepting request 35784 from devel:languages:perl
OBS User autobuild
2010-03-26 15:35:35 +00:00
af47ee9858
Accepting request 35784 from devel:languages:perl
OBS User autobuild
2010-03-26 15:35:34 +00:00
eb7faa8cae
- update to 1.33 * attempt to make t/memleak_bad_handshake.t more stable, it fails for unknown reason on various systems * fix hostname checking: an IP should only be checked against subjectAltName GEN_IPADD, never against GEN_DNS or CN.
Anna Maresova2010-03-26 10:54:20 +00:00
2f4425831f
Accepting request 33265 from devel:languages:perl
OBS User autobuild
2010-02-24 01:24:19 +00:00
bcaf353e5e
Accepting request 33265 from devel:languages:perl
OBS User autobuild
2010-02-24 01:24:18 +00:00
bc9c18a800
- update to 1.32 * Makefile.PL: die if Scalar::Util has no dualvar support instead of only complaining.
Anna Maresova2010-02-23 15:47:11 +00:00
b7280c882a
Accepting request 29459 from devel:languages:perl
OBS User autobuild
2010-01-14 17:13:04 +00:00
80f9958faa
Updating link to change in openSUSE:Factory/perl-IO-Socket-SSL revision 22.0
OBS User buildservice-autocommit
2010-01-14 17:13:04 +00:00
76dfc93159
checked in (request 29459)
OBS User autobuild
2010-01-14 17:13:03 +00:00
7543f01546
- update to 1.31 * add and export constants for SSL_VERIFY_* * set SSL_use_cert if cert is given and not SSL_server * support alternative CRL file with SSL_crl_file thanks to patch of w[DOT]phillip[DOT]moore[AT]gmail[DOT]com * make t/memleak_bad_handshake.t more stable (increase listen queue, ignore errors on connect, don't run on windows..) * t/memleak_bad_handshake.t don't write errors with ps to stderr, -o vsize argument is not supported on all platforms, just skip test then * make sure that idn_to_ascii gets no \0 bytes from identity, because it simply cuts the string their (using C semantics). Not really a security problem because IDN like identity is provided by user in hostname, not by certificate. * fix test t/memleak_bad_handshake.t * fixed thanks for version 1.28 * fix memleak when SSL handshake failed.
Anna Maresova2010-01-13 15:57:10 +00:00
088108a2f7
Accepting request 28981 from devel:languages:perl
OBS User autobuild
2010-01-11 15:27:14 +00:00
9f15233f23
checked in
OBS User autobuild
2010-01-11 15:27:14 +00:00
939a8475b2
Accepting request 28798 from home:jengelh:branches:devel:languages:perl
Stephan Kulow
2010-01-10 18:13:15 +00:00
b9d3b16e89
Accepting request 19024 from devel:languages:perl
OBS User autobuild
2009-08-27 22:36:48 +00:00
Stephan Kulow
Tomáš Chvátal
Lars Vogdt
Vítězslav Čížek
Pascal Bleser
OBS User buildservice-autocommit
Anna Maresova
Marcus Rueckert
Christian Wittmer
Ruediger Oertel