------------------------------------------------------------------- Wed May 11 10:45:47 UTC 2011 - pascal.bleser@opensuse.org - update to 1.43: no user-visible changes: fixes in testsuite ------------------------------------------------------------------- Tue May 10 19:18:51 UTC 2011 - pascal.bleser@opensuse.org - update to 1.42: * add SSL_create_ctx_callback to have a way to adjust context on creation RT#67799 * describe problem of fake memory leak because of big session cache and how to fix it, see RT#68073 - changes from 1.41: * fix issue in stop_SSL where it did not issue a shutdown of the SSL connection if it first received the shutdown from the other side ------------------------------------------------------------------- Wed May 4 10:55:36 UTC 2011 - coolo@opensuse.org - updated to 1.40 - integrated patch from GAAS to get IDN support from URI. https://rt.cpan.org/Ticket/Display.html?id=67676 - fix in exampel/async_https_server. Thanks to DetlefPilzecker[AT]web[DOT]de for reporting ------------------------------------------------------------------- Fri Mar 4 16:34:20 UTC 2011 - vcizek@novell.com - update to 1.39 - fixed documentation of http verification: wildcards in cn is allowed - close should undef _SSL_fileno, because the fileno is no longer valid (SSL connection and socket are closed) ------------------------------------------------------------------- Wed Jan 19 15:49:23 UTC 2011 - vcizek@novell.com - update to 1.38 - fixed wildcards_in_cn setting for http (wrongly set in 1.34 to 1 instead of anywhere). Thanks to dagolden[AT]cpan[DOT]org for reporting https://rt.cpan.org/Ticket/Display.html?id=64864 ------------------------------------------------------------------- Thu Dec 16 13:34:57 CET 2010 - anicka@suse.cz - update to 1.37 * don't complain about invalid certificate locations if user explicitly set SSL_ca_path and SSL_ca_file to undef. Assume that user knows what he is doing and will work around the problems by itself. * update documentation for SSL_verify_callback based on ------------------------------------------------------------------- Tue Dec 7 15:02:25 CET 2010 - anicka@suse.cz - update to 1.35 (fixes bnc#657907) * if verify_mode is not VERIFY_NONE and the ca_file/ca_path cannot be verified as valid it will no longer fall back to VERIFY_NONE but throw an error. ------------------------------------------------------------------- Wed Dec 1 13:33:05 UTC 2010 - coolo@novell.com - switch to perl_requires macro ------------------------------------------------------------------- Wed Nov 24 21:12:12 UTC 2010 - chris@computersalat.de - recreated by cpanspec 1.78 o fix deps - noarch pkg - removed Obsoletes/Provides p_iossl ------------------------------------------------------------------- Mon Nov 1 13:09:07 CET 2010 - anicka@suse.cz - update to 1.34 * schema http for certificate verification changed to wildcards_in_cn=1, because according to rfc2818 this is valid and also seen in the wild * if upgrading socket from inet to ssl fails due to handshake problems the socket gets downgraded, but is still open. * depreceate kill_socket, just use close() ------------------------------------------------------------------- Thu Mar 25 17:42:20 CET 2010 - anicka@suse.cz - update to 1.33 * attempt to make t/memleak_bad_handshake.t more stable, it fails for unknown reason on various systems * fix hostname checking: an IP should only be checked against subjectAltName GEN_IPADD, never against GEN_DNS or CN. ------------------------------------------------------------------- Tue Feb 23 16:22:22 CET 2010 - anicka@suse.cz - update to 1.32 * Makefile.PL: die if Scalar::Util has no dualvar support instead of only complaining. ------------------------------------------------------------------- Wed Jan 13 16:34:59 CET 2010 - anicka@suse.cz - update to 1.31 * add and export constants for SSL_VERIFY_* * set SSL_use_cert if cert is given and not SSL_server * support alternative CRL file with SSL_crl_file thanks to patch of w[DOT]phillip[DOT]moore[AT]gmail[DOT]com * make t/memleak_bad_handshake.t more stable (increase listen queue, ignore errors on connect, don't run on windows..) * t/memleak_bad_handshake.t don't write errors with ps to stderr, -o vsize argument is not supported on all platforms, just skip test then * make sure that idn_to_ascii gets no \0 bytes from identity, because it simply cuts the string their (using C semantics). Not really a security problem because IDN like identity is provided by user in hostname, not by certificate. * fix test t/memleak_bad_handshake.t * fixed thanks for version 1.28 * fix memleak when SSL handshake failed. ------------------------------------------------------------------- Sun Jan 10 15:43:32 CET 2010 - jengelh@medozas.de - enable parallel build ------------------------------------------------------------------- Mon Aug 3 16:01:26 CEST 2009 - anicka@suse.cz - update to 1.27 * changed possible local/utf-8 depended \w in some regex against more explicit [a-zA-Z0-9_]. Fixed one regex, where it assumed, that service names can't have '-' inside * fixed bug https://rt.cpan.org/Ticket/Display.html?id=48131 where eli[AT]dvns[DOT]com reported warnings when perl -w was used. While there made it more aware of errors in Net::ssl_write_all (return undef not 0 in generic_write) * SECURITY BUGFIX! fix Bug in verify_hostname_of_cert where it matched only the prefix for the hostname when no wildcard was given, e.g. www.example.org matched against a certificate with name www.exam in it Thanks to MLEHMANN for reporting * t/nonblock.t: increase number of bytes written to fix bug with OS X 10.5 https://rt.cpan.org/Ticket/Display.html?id=47240 ------------------------------------------------------------------- Mon Apr 6 13:45:00 CEST 2009 - anicka@suse.cz - update to 1.24 * add verify hostname scheme ftp, same as http * renew test certificates again (root CA expired, now valid for 10 years) ------------------------------------------------------------------- Mon Feb 23 16:49:53 CET 2009 - anicka@suse.cz - update to 1.23 * if neither SSL_ca_file nor SSL_ca_path are known (e.g not given and the default values have no existing file|path) disable checking of certificates, but carp about the problem * new test certificates, the old ones expired and caused tests to fail * Net::SSLeay stores verify callbacks inside hash and never clears them, so set verify callback to NULL in destroy of context ------------------------------------------------------------------- Tue Jan 20 17:50:47 CET 2009 - anicka@suse.cz - update to 1.20 * only changes on test suite to make it ready for win32 * fix verfycn_name autodetection from PeerAddr/PeerHost * fixed typo in argument: wildcars_in_cn -> wildcards_in_cn * no code changes, publish v.16_3 as v.17 because it looks better than v.16 * document win32 behavior regarding non-blocking and timeouts * fix t/nonblock.t with workaround for problems with IO::Socket::INET on some systems (Mac,5.6.2) where it cannot do nonblocking connect and leaves socket blocked. * make some tests less verbose by fixing diag in t/testlib.t (send output to STDOUT not STDERR and prefix with '#') * work around Bug in IO::Socket::INET6 on BSD systems http://rt.cpan.org/Ticket/Display.html?id=39550 by setting Domain based on PeerAddr * remove tests of recv/send from t/core.t. Might badly interact with SSL handshake and cause crashes as seen on OS X 10.4 * IPv6 is enabled by default if IO::Socket::INET6 is available * t/inet6.t for basic tests - remove last patch (fixed in upstream) ------------------------------------------------------------------- Mon Nov 17 16:45:47 CET 2008 - lnussel@suse.de - fix typo that prevented wildcards in CN (bnc#445678) ------------------------------------------------------------------- Mon Oct 6 15:05:26 CEST 2008 - anicka@suse.cz - update to 1.16 * change code for SSL_check_crl to use X509_STORE_set_flags instead of X509_STORE_CTX_set_flags * change opened() to report -1 if the IO::Handle is open, but the SSL connection failed, needed with HTTP::Daemon::SSL which will send an error mssage over the unencrypted socket ------------------------------------------------------------------- Wed Sep 10 16:58:20 CEST 2008 - anicka@suse.cz - update to 1.15 * change internal behavior when SSL handshake failed (like when verify callback returned an error) in the hope to fix spurios errors in t/auto_verify_hostname.t ------------------------------------------------------------------- Mon Aug 18 13:54:40 CEST 2008 - ro@suse.de - hack to build also in buildservice where 127.0.0.1 can resolve to the hostname instead of localhost ------------------------------------------------------------------- Mon Aug 4 00:35:10 CEST 2008 - ro@suse.de - update require for Net_SSLeay to Net-SSLeay ------------------------------------------------------------------- Fri Jul 25 15:59:47 CEST 2008 - anicka@suse.cz - update to 1.14 * added support for verification of hostname from certificate including subjectAltNames, support for IDN etc * automatic verification of hostnames with SSL_verifycn_scheme and SSL_verifycn_name * global setting of default context options like SSL_verifycn_scheme, SSL_verify_mode with set_ctx_defaults * fix import of inet4,inet6 which got broken within 1.13_X. * clarified and enhanced debugging supppport * put information into README regarding the supported and recommanded version of Net::SSLeay ------------------------------------------------------------------- Mon Jan 28 15:27:25 CET 2008 - anicka@suse.cz - update to 1.13 * removed CLONE_SKIP which was added in 1.03 because this breaks windows forking. Handled threads/windows forking better by making sure that CTX from Net::SSLeay gets not freed multiple times from different threads after cloning/forking * removed setting LocalPort to 0 in tests, instead leave it undef if a random port should be allocated. ------------------------------------------------------------------- Thu Nov 1 15:42:58 CET 2007 - anicka@suse.cz - update to 1.12 * treat timeouts of 0 for accept_SSL and connect_SSL like no timeout, like IO::Socket does. * fixed errors in accept_SSL which would work when called from start_SSL but not from accept * start_SSL, accept_SSL and connect_SSL have argument for Timeout so that the SSL handshake will not block forever. Only used if the socket is blocking. If not set the Timeout value from the underlying IO::Socket is used ------------------------------------------------------------------- Mon Oct 8 09:24:08 CEST 2007 - anicka@suse.cz - update to 1.09 * new method stop_SSL as opposite of start_SSL * try to make it clearer that thread support is buggy * make sure that Scalar::Util has support for dualvar (Makefile.PL,SSL.pm) because the perl*only version has has no dualvar ------------------------------------------------------------------- Mon Jun 11 09:36:41 CEST 2007 - anicka@suse.cz - update to 1.07 * fix t/nonblock.t on systems which have by default a larger socket buffer. Set SO_SNDBUF explicitly with setsockopt to force smaller writes on the socket - move testing to %check ------------------------------------------------------------------- Tue May 15 16:10:34 CEST 2007 - anicka@suse.cz - update to 1.06 * instead of setting undef args to '' in configure_SSL drop them. This makes Net::SMTP::SSL working again because it does not give LocalPort of '' to IO::Socket::INET any more ------------------------------------------------------------------- Mon Apr 23 13:31:13 CEST 2007 - anicka@suse.cz - update to 1.05 * make session cache working even if the IO::Socket::SSL object was not created with IO::Socket::SSL->new but with IO::Socket::SSL->start_SSL on an established socket ------------------------------------------------------------------- Fri Mar 30 16:02:45 CEST 2007 - anicka@suse.cz - update to 1.04 * added way to create SSL object with predefined session cache ------------------------------------------------------------------- Wed Mar 7 10:46:00 CET 2007 - anicka@suse.cz - update to 1.03 * add CLONE_SKIP ------------------------------------------------------------------- Wed Dec 13 12:18:37 CET 2006 - anicka@suse.cz - update to 1.02 * added some info to BUGS and to BUGS section of pod * added TELL and BINMODE to IO::Socket::SSL::SSL_HANDLE, even if they do nothing useful. * all tests allocate now the ports dynamically, so there should be no longer a conflict with open ports on the system where the tests run ------------------------------------------------------------------- Thu Sep 14 12:24:11 CEST 2006 - anicka@suse.cz - update to 1.01 * add support for Diffie Hellman Key Exchange. * accept_SSL sets errors on $socket (the accepted socket) not $self (the listening socket if called from accept) * many bugfixes ------------------------------------------------------------------- Mon Jul 24 14:54:30 CEST 2006 - anicka@suse.cz - update to 0.993 * added test for sysread/syswrite behavior * fix Makefile.PL to allow detectection of failures in PREREQ_PM * fix problems with HTTP::Daemon::SSL ------------------------------------------------------------------- Tue Jul 18 17:07:11 CEST 2006 - anicka@suse.cz - update to 0.99 * Maintainer changed to * Better support for nonblocking sockets * Bugfixes ------------------------------------------------------------------- Wed Jan 25 21:39:46 CET 2006 - mls@suse.de - converted neededforbuild to BuildRequires ------------------------------------------------------------------- Mon Aug 1 12:46:17 CEST 2005 - mjancar@suse.cz - update to 0.97 ------------------------------------------------------------------- Wed Sep 29 18:54:55 CEST 2004 - mls@suse.de - use X509_STORE_set_flags instead of X509_STORE_CTX_set_flags ------------------------------------------------------------------- Thu Aug 19 13:10:44 CEST 2004 - mjancar@suse.cz - update to 0.96 ------------------------------------------------------------------- Thu Feb 26 16:06:13 CET 2004 - mjancar@suse.cz - update to 0.95 ------------------------------------------------------------------- Sun Jan 11 11:30:00 CET 2004 - adrian@suse.de - build as user ------------------------------------------------------------------- Fri Aug 22 14:58:22 CEST 2003 - mjancar@suse.cz - require the perl version we build with ------------------------------------------------------------------- Thu Jul 24 13:21:17 CEST 2003 - mjancar@suse.cz - update 0.94 ------------------------------------------------------------------- Thu Jul 17 16:44:45 CEST 2003 - mjancar@suse.cz - adapt to perl-5.8.1 - use %perl_process_packlist ------------------------------------------------------------------- Mon Jun 16 20:27:20 CEST 2003 - mjancar@suse.cz - run make test - fix filelist ------------------------------------------------------------------- Tue May 20 12:40:04 CEST 2003 - mjancar@suse.cz - remove unpackaged files ------------------------------------------------------------------- Fri Dec 20 14:51:46 CET 2002 - prehak@suse.cz - updated to 0.92 - added example directory ------------------------------------------------------------------- Wed Dec 18 18:18:55 CET 2002 - prehak@suse.cz - updated to version 0.901 ------------------------------------------------------------------- Thu Jul 11 11:01:40 CEST 2002 - prehak@suse.cz - updated to version 0.81 - added demo, util and more to documetation ------------------------------------------------------------------- Tue Jul 2 17:40:06 MEST 2002 - mls@suse.de - remove race in .packlist generation ------------------------------------------------------------------- Mon Jan 14 19:10:00 CET 2002 - rvasice@suse.cz - update to version 0.80 ------------------------------------------------------------------- Fri Aug 24 14:19:33 CEST 2001 - rvasice@suse.cz - removed make test - need network ------------------------------------------------------------------- Tue Aug 14 15:54:06 CEST 2001 - rvasice@suse.cz - update to version 0.79 - add make test ------------------------------------------------------------------- Tue Mar 13 15:38:31 CET 2001 - cihlar@suse.cz - update to version 0.77 ------------------------------------------------------------------- Fri Nov 10 11:34:51 CET 2000 - cihlar@suse.cz - renamed p_iossl -> perl-IO-Socket-SSL ------------------------------------------------------------------- Wed Aug 23 10:47:31 CEST 2000 - cihlar@suse.cz - package created