- update to 1.90:
- New stable release incorporating all changes from developer releases
1.89_01 to 1.89_05.
- Summary of major changes since version 1.88:
- Formalised libssl version support policy: all stable versions of OpenSSL
in the 0.9.8 - 1.1.1 branches (with the exception of 0.9.8 - 0.9.8b) and
all stable releases of LibreSSL in the 2.0 - 3.1 series are supported.
The LibreSSL 3.2 series is not yet fully supported because its TLSv1.3
implementation is not currently libssl-compatible.
- Added support for LibreSSL on Windows when built with Visual C++.
- Exposed P_X509_CRL_add_extensions, several SSL_CIPHER functions, and
several stack functions.
- Fixed crashes in the callback functions CTX_set_next_proto_select_cb and
CTX_set_alpn_select_cb.
- The test suite is now compatible with OpenSSL 1.1.1e onwards, as well as
OpenSSL security level 2 (the default on many Linux distributions).
OBS-URL: https://build.opensuse.org/request/show/867078
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-Net-SSLeay?expand=0&rev=48
- Update to 1.88
1.88 2019-05-10
- New stable release incorporating all changes from developer
releases 1.86_01 to 1.86_11.
- From this release, Net-SSLeay is switching to an "odd/even"
developer/stable release version numbering system, like that of
many core modules (e.g. ExtUtils::MakeMaker): developer releases
will have an odd minor version number (and the usual "_xx" suffix),
and stable releases will have an even minor version number. This
means there is no Net-SSLeay 1.87.
- Summary of major changes since version 1.85:
- Mike McCauley has stepped down as maintainer. The new maintainers
are Chris Novakovic, Heikki Vatiainen and Tuure Vartiainen.
- The source code has moved from the now-defunct Debian Subversion
server (alioth.debian.org) to GitHub
(https://github.com/radiator-software/p5-net-ssleay).
- Net-SSLeay is provided under the terms of the Artistic License
2.0 - this has been the case since version 1.66, but references
to other licenses remained in the source code, causing ambiguity.
- Perl 5.8.1 or newer is now required to use Net-SSLeay. This has
already been the case for some time in practice, as the test
suite hasn't fully passed on Perl 5.6 for several years.
- Much-improved compatibility with OpenSSL 1.1.1, and improved
support for TLS 1.3.
- Fixed a long-standing bug in cb_data_advanced_put() that caused
memory leaks when callbacks were frequently added and removed.
- Support in the test suite for "hardened" OpenSSL configurations
that set a default security level of 2 or higher (e.g., in the
OpenSSL packages that ship with recent versions of Debian, Fedora
and Ubuntu).
OBS-URL: https://build.opensuse.org/request/show/705651
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-Net-SSLeay?expand=0&rev=46
- Update to 1.86_07
1.86_07 2018-12-13
- Net::SSLeay::RSA_generate_key() now prefers using
RSA_generate_key_ex. This avois deprecated RSA_generate_key
and allows removing the only Android specific code in
SSLeay.xs. Fixes RT#127593. Thanks to Rouven Weiler.
- SSL_CTX_get0_param, SSL_CTX_get0_param,
X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host,
X509_VERIFY_PARAM_set_hostflags,
X509_VERIFY_PARAM_get0_peername,
X509_VERIFY_PARAM_set1_email, X509_VERIFY_PARAM_set1_ip and
X509_VERIFY_PARAM_set1_ip_asc added in 1.83 for OpenSSL
1.0.2 and later are now available with LibreSSL 2.7.0 and
later.
- get_keyblock_size() now gets the MAC secret size from the
cipher on LibreSSL 2.7.0 and later, rather than reaching
into libssl internals. This effectively takes the OpenSSL
1.1 code path for LibreSSL 2.7.0 instead of the OpenSSL 1.0
code path. Thanks to Alexander Bluhm.
- get_client_random and get_server_random now use API
functions supported by LibreSSL 2.7.0 and later. Thanks to
Alexander Bluhm.
- Add X509_check_host(), X509_check_email(), X509_check_ip(),
and X509_check_ip_asc() for LibreSSL 2.5.0 and later. Thanks
to Alexander Bluhm.
- OpenSSL_version() and OpenSSL_version_num() are available
with LibreSSL 2.7.0 and later. Thanks to Alexander Bluhm.
- Use OPENSSL_cleanse() instead of memset(). Fixes
RT#116599. Thanks to A. Sinan Unur.
1.86_06 2018-09-29
OBS-URL: https://build.opensuse.org/request/show/681761
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-Net-SSLeay?expand=0&rev=44
- updated to 1.68
Fixed a problem on OSX when macports openssl 1.x is installed: headers from
macport were found but older OSX openssl libraries were linked, resulting
in "Symbol not found: _EVP_MD_do_all_sorted".
Added notes about runtime error "no OPENSSL_Applink", when calling
Net::SSLeay::P_PKCS12_load_file.
1.67 2015-01-17
Improvements to inc/Module/Install/PRIVATE/Net/SSLeay.pm to handle the
case whe there are muliple OPENSSLs installed. Patch from HBRAND
Fixed a documentation error in get_peer_cert_chain, reported by tejas.
Fixed a problem with building on Windows that prevented correct OpenSSL
directory detection with version 1.0.1j as delivered with Shining Light OpenSSL.
Fixed a problem with building on Windows that prevented finding MT or MD
versions of SSL libraries.
Updated doc in README.Win32 to build with Microsoft Visual Studio 2010 Express.
Added Windows crypt32 library to Windows linking as some compilers/platforms seem to
require it and it is innocuous otherwise. For Steve Hay.
Fixed a failure in t/external/20_cert_chain.t where some platforms do not
have HTTPS in /etc/services. Reported and patched by Gisle Aas.
Recent 1.0.2 betas have dropped the SSLv3_method function.
This patch leaves out the function on newer versions, much the same as
the SSLv2 deprecation is handled. Patch from Tom Molesworth.
Fix the ALPN test, which was incorrectly failing on OpenSSL due to the
LibreSSL check (earlier versions bailed out before that line).Patch from
Tom Molesworth.
1.66 2014-08-21
Fixed compile problem with perl prior to 5.8.8, similar to
OBS-URL: https://build.opensuse.org/request/show/284487
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/perl-Net-SSLeay?expand=0&rev=24
Fixed a problem on OSX when macports openssl 1.x is installed: headers from
macport were found but older OSX openssl libraries were linked, resulting
in "Symbol not found: _EVP_MD_do_all_sorted".
Added notes about runtime error "no OPENSSL_Applink", when calling
Net::SSLeay::P_PKCS12_load_file.
1.67 2015-01-17
Improvements to inc/Module/Install/PRIVATE/Net/SSLeay.pm to handle the
case whe there are muliple OPENSSLs installed. Patch from HBRAND
Fixed a documentation error in get_peer_cert_chain, reported by tejas.
Fixed a problem with building on Windows that prevented correct OpenSSL
directory detection with version 1.0.1j as delivered with Shining Light OpenSSL.
Fixed a problem with building on Windows that prevented finding MT or MD
versions of SSL libraries.
Updated doc in README.Win32 to build with Microsoft Visual Studio 2010 Express.
Added Windows crypt32 library to Windows linking as some compilers/platforms seem to
require it and it is innocuous otherwise. For Steve Hay.
Fixed a failure in t/external/20_cert_chain.t where some platforms do not
have HTTPS in /etc/services. Reported and patched by Gisle Aas.
Recent 1.0.2 betas have dropped the SSLv3_method function.
This patch leaves out the function on newer versions, much the same as
the SSLv2 deprecation is handled. Patch from Tom Molesworth.
Fix the ALPN test, which was incorrectly failing on OpenSSL due to the
LibreSSL check (earlier versions bailed out before that line).Patch from
Tom Molesworth.
1.66 2014-08-21
Fixed compile problem with perl prior to 5.8.8, similar to
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-Net-SSLeay?expand=0&rev=29
1.63 2014-05-19
Fixed error in version number in META.yml
1.62 2014-05-19
Improvements to OCSP support: It turns out that some CA (like Verisign)
sign the OCSP response with the CA we have in the trust store and don't
attach this certifcate in the response. But OpenSSL by itself only
considers the certificates included in the response and
SSL_OCSP_response_verify added the certificates in the chain too.
Now, we also add the trusted CA from the store which
signed the lowest chain certificate, at least if we could not verify the
OCSP response without doing it. Patch from Steffen
Ullrich. Thanks.
Fixed some compiler warnings.
1.61 2014-05-12
Changes calloc to Newx and free to Safefree, otherwise there might be
problems because calloc is done from a different memory pool than free (depends
on the build options for perl, but seen on Windows). Patch from Steffen
Ullrich. Thanks.
1.60 2014-05-10
Fixed a typo in an error message. Patch from gregor herrmann. Thanks.
Fixed a problem with building with openssl that does not support
OCSP. Also fixed some newly introduced warnings
if compiled with -Wall. Patch from Steffen Ullrich. Thanks.
fix build-failure on most Debian architectures:
SSLeay.xs: In function 'XS_Net__SSLeay_OCSP_response_results':
SSLeay.xs:5602:3: error: format not a string literal and no format
arguments. Patch from gregor herrmann.
1.59 2014-05-10
Fixed local/30_error.t, so that tests do not fail if diagnostics are
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-Net-SSLeay?expand=0&rev=25
- updated to 1.58
Always use size_t for strlen() return value, requested by Alexander Bluhm.
t/external/20_cert_chain.t was missing from dist.
Version number in META.yml was incorrect
Improvements to test t/external/20_cert_chain.t to provoke following bug:
Fixed crash due to SSL_get_peer_cert_chain incorrectly free'ing the chain
after use.
Fixed a problem when compiling against openssl where OPENSSL_NO_EC is set.
1.57 2014-01-09
Fixed remaining problems with test suite: pod coverage and kwalitee tests
are only enabled with RELEASE_TESTING=1
1.56 2014-01-08
Fixed a typo in documentation of BEAST Attack, patched by gregor
herrmann.
Added LICENSE file copied form OpenSSL distribution to prevent complaints
from various versions of kwalitee.
Adjusted license: in META.yml to be 'openssl'
Adds support for the basic operations necessary to support ECDH for PFS,
e.g. EC_KEY_new_by_curve_name, EC_KEY_free and SSL_CTX_set_tmp_ecdh.
Improvements to t/handle/external/50_external.t to handle the case when a
test connection was not possible. Patched by Alexandr Ciornii.
Added support for ALPN TLS extension. Patch from Lubomir Rintel. Tested
with openssl-1.0.2-stable-SNAP-20131205.
Fix an use-after-free error. Patch from Lubomir Rintel.
Fixed a problem with Invalid comparison on OBJ_cmp result in
t/local/36_verify.t. Contributed by paul.
Added support for get_peer_cert_chain(). Patch by Markus Benning.
Fixed a bug that could cause stack faults: mixed up PUTBACK with SPAGAIN in ssleay_RSA_generate_key_cb_invoke()
OBS-URL: https://build.opensuse.org/request/show/221510
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/perl-Net-SSLeay?expand=0&rev=21
Always use size_t for strlen() return value, requested by Alexander Bluhm.
t/external/20_cert_chain.t was missing from dist.
Version number in META.yml was incorrect
Improvements to test t/external/20_cert_chain.t to provoke following bug:
Fixed crash due to SSL_get_peer_cert_chain incorrectly free'ing the chain
after use.
Fixed a problem when compiling against openssl where OPENSSL_NO_EC is set.
1.57 2014-01-09
Fixed remaining problems with test suite: pod coverage and kwalitee tests
are only enabled with RELEASE_TESTING=1
1.56 2014-01-08
Fixed a typo in documentation of BEAST Attack, patched by gregor
herrmann.
Added LICENSE file copied form OpenSSL distribution to prevent complaints
from various versions of kwalitee.
Adjusted license: in META.yml to be 'openssl'
Adds support for the basic operations necessary to support ECDH for PFS,
e.g. EC_KEY_new_by_curve_name, EC_KEY_free and SSL_CTX_set_tmp_ecdh.
Improvements to t/handle/external/50_external.t to handle the case when a
test connection was not possible. Patched by Alexandr Ciornii.
Added support for ALPN TLS extension. Patch from Lubomir Rintel. Tested
with openssl-1.0.2-stable-SNAP-20131205.
Fix an use-after-free error. Patch from Lubomir Rintel.
Fixed a problem with Invalid comparison on OBJ_cmp result in
t/local/36_verify.t. Contributed by paul.
Added support for get_peer_cert_chain(). Patch by Markus Benning.
Fixed a bug that could cause stack faults: mixed up PUTBACK with SPAGAIN in ssleay_RSA_generate_key_cb_invoke()
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-Net-SSLeay?expand=0&rev=23
- new version 1.55
* Added support for TLSV1_1 and TLSV1_2 methods with
SSL_CTX_tlsv1_1_new(), SSL_CTX_tlsv1_2_new(), TLSv1_1_method() and
TLSv1_2_method(), where available in the underlying openssl.
* Added CRL support functions X509_CRL_get_ext(),
X509_CRL_get_ext_by_NID(), X509_CRL_get_ext_count(). Patch from
Franck Youssef.
* Added support for SSL_get_tlsa_record_byname() required for DANE
support in openssl*1.0.2 and later. SSL_get_tlsa_record_byname()
was added to OpenSSL with the financial assistance of .SE.
* Added X509_NAME_new and X509_NAME_hash, patched by Franck Youssef.
* Added support for SSL_export_keying_material where present
* Net::SSLeay::ASN1_INTEGER_get, since it works differntly on 32 and
64 bit platforms. Updated author and distribution location details
to airspayce.com
* Fixed a few compiler warnings in SSLeay.xs. Most of them are just
signed/unsigned pointer mismatches but there is one that actually
fixes returning what would be an arbitrary value off the stack
from get_my_thread_id if it happened to be called in a
non*threaded build.
* Added SSL_set_tlsext_host_name, SSL_get_servername,
SSL_get_servername_type, SSL_CTX_set_tlsext_servername_callback
for server side Server Name Indication (SNI) support. Patched by
kmx.
* Improvements to Net::SSLeay::read to make it easier to use with
non*blocking IO Added documentation about how to mitigatxe various
SSL/TLS vulnerabilities.
* initializes the SSL library at most once.
* Patch from kmx to protect SSLeay_add_ssl_algorithms from multiple
loads and reentrancy in multi*threaded perls. (forwarded request 181902 from lnussel)
OBS-URL: https://build.opensuse.org/request/show/182615
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/perl-Net-SSLeay?expand=0&rev=18
- new version 1.55
* Added support for TLSV1_1 and TLSV1_2 methods with
SSL_CTX_tlsv1_1_new(), SSL_CTX_tlsv1_2_new(), TLSv1_1_method() and
TLSv1_2_method(), where available in the underlying openssl.
* Added CRL support functions X509_CRL_get_ext(),
X509_CRL_get_ext_by_NID(), X509_CRL_get_ext_count(). Patch from
Franck Youssef.
* Added support for SSL_get_tlsa_record_byname() required for DANE
support in openssl*1.0.2 and later. SSL_get_tlsa_record_byname()
was added to OpenSSL with the financial assistance of .SE.
* Added X509_NAME_new and X509_NAME_hash, patched by Franck Youssef.
* Added support for SSL_export_keying_material where present
* Net::SSLeay::ASN1_INTEGER_get, since it works differntly on 32 and
64 bit platforms. Updated author and distribution location details
to airspayce.com
* Fixed a few compiler warnings in SSLeay.xs. Most of them are just
signed/unsigned pointer mismatches but there is one that actually
fixes returning what would be an arbitrary value off the stack
from get_my_thread_id if it happened to be called in a
non*threaded build.
* Added SSL_set_tlsext_host_name, SSL_get_servername,
SSL_get_servername_type, SSL_CTX_set_tlsext_servername_callback
for server side Server Name Indication (SNI) support. Patched by
kmx.
* Improvements to Net::SSLeay::read to make it easier to use with
non*blocking IO Added documentation about how to mitigatxe various
SSL/TLS vulnerabilities.
* initializes the SSL library at most once.
* Patch from kmx to protect SSLeay_add_ssl_algorithms from multiple
loads and reentrancy in multi*threaded perls.
OBS-URL: https://build.opensuse.org/request/show/181902
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-Net-SSLeay?expand=0&rev=19
- update to 1.42
Fixed incorrect documentation of how to enable CRL checking. Patched
by Steffen_Ullrich.
Fixed incorrect letter in Sebastien in Credits. Patch by Neil Bowers.
Reversed order of the Changes file to be reverse chronological. Patch by
Neil Bowers.
Fixed a a compile error when building on Windows with MSVC6. reported and
patched by "Andrew J. Savige via RT".
1.41 2011-09-25
Fixed incorrect const signatures for 1.0 that were causing warnings.
Patches provided by "Douglas
Christopher Wilson via RT". Now have clean compile with 0.9.8a through 1.0.0.
1.40 2011-09-23
Fixed incorrect argument type in call to SSL_set1_param
Fixed a number of issues with pointer sizes, patched by "Douglas
Christopher Wilson via RT". Removed redundant pointer cast tests from t/
Added Perl version requirements to SSLeay.pm
1.39 2011-09-21
Downgraded Module::Install to 0.93 since 1.01 was causing problems in
the Makefile. Reported by Albert Chin.
1.38 2011-09-16
- Fixed a problem with various symbols that only became
available in OpenSSL 0.9.8 such as X509_VERIFY_PARAM and
X509_POLICY_NODE, causing build failures with older versions of
OpenSSL. Patched by paul.
1.37 2011-09-16
- Added X509_get_fingerprint, contributed by Thierry Walrant (with
minor changes die to the fact that stricmp is not avialable. Cert
types must be lowercase. Also added test to 07_sslecho.t
- Added suport for SSL_CTX_set1_param, SSL_set1_param,
OBS-URL: https://build.opensuse.org/request/show/103398
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-Net-SSLeay?expand=0&rev=15
