873afd6d3f
+ consider a value of '' the same as undef for SSL_ca_(path|file) + complain if given SSL_(key|cert|ca)_(file|path) do not exist or if they are not readable + disabled client side SNI for openssl version < 1.0.0 + added functions can_client_sni, can_server_sni, can_npn to check avaibility of SNI and NPN features. Added more documentation for SNI and NPN + Server Name Indication (SNI) support on the server side + sub error sets $SSL_ERROR etc only if there really is an error, otherwise it will keep the latest error. This causes IO::Socket::SSL->new.. to report the correct problem, even if the problem is deeper in the code (like in connect) + deprecated set_ctx_defaults, new name ist set_defaults + changed handling of default path for SSL_(ca|cert|key)* keys: either if one of these keys is user defined don't add defaults for the others, e.g. don't mix user settings and defaults + cleaner handling of module defaults vs. global settings vs. socket specific settings + prepare transition to a more secure default for SSL_verify_mode. The use of the current default SSL_VERIFY_NONE will cause a big warning for clients, unless SSL_verify_mode was explicitly set inside the application to this insecure value. In the near future the default will be SSL_VERIFY_PEER, and thus causing verification failures in unchanged applications. + use getnameinfo instead of unpack_sockaddr_in6 to get PeerAddr and PeerPort from sockaddr in _update_peer, because this provides scope + work around systems which don't defined AF_INET6 + update_peer for IPv6 also + no longer depend on Socket.pm 1.95 for inet_pton, but use OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-IO-Socket-SSL?expand=0&rev=58 |
||
---|---|---|
.gitattributes | ||
.gitignore | ||
IO-Socket-SSL-1.88.tar.gz | ||
perl-IO-Socket-SSL.changes | ||
perl-IO-Socket-SSL.spec |