| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: perl-IO-Socket-SSL | Distribution: SUSE Linux Enterprise 15 |
| Version: 2.84.0 | Vendor: SUSE LLC <https://www.suse.com/> |
| Release: 150600.1.2 | Build date: Fri Mar 8 20:33:42 2024 |
| Group: Unspecified | Build host: h01-ch3d |
| Size: 636477 | Source RPM: perl-IO-Socket-SSL-2.84.0-150600.1.2.src.rpm |
| Packager: https://www.suse.com/ | |
| Url: https://metacpan.org/release/IO-Socket-SSL | |
| Summary: Nearly transparent SSL encapsulation for IO::Socket::INET | |
IO::Socket::SSL makes using SSL/TLS much easier by wrapping the necessary functionality into the familiar IO::Socket interface and providing secure defaults whenever possible. This way, existing applications can be made SSL-aware without much effort, at least if you do blocking I/O and don't use select or poll. But, under the hood, SSL is a complex beast. So there are lots of methods to make it do what you need if the default behavior is not adequate. Because it is easy to inadvertently introduce critical security bugs or just hard to debug problems, I would recommend studying the following documentation carefully. The documentation consists of the following parts: * * "Essential Information About SSL/TLS" * * "Basic SSL Client" * * "Basic SSL Server" * * "Common Usage Errors" * * "Common Problems with SSL" * * "Using Non-Blocking Sockets" * * "Advanced Usage" * * "Integration Into Own Modules" * * "Description Of Methods" Additional documentation can be found in * * IO::Socket::SSL::Intercept - Doing Man-In-The-Middle with SSL * * IO::Socket::SSL::Utils - Useful functions for certificates etc
Artistic-1.0 OR GPL-1.0-or-later
* Fri Dec 22 2023 [email protected]
- Fix the test t/core.t to build with OpenSSL 3.2.0. [bsc#1218342]
* https://github.com/noxxi/p5-io-socket-ssl/issues/147
* Add perl-IO-Socket-SSL-Openssl32.patch
* Tue Nov 07 2023 [email protected]
- updated to 2.084
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.084 2023/11/06
- various fixes for edge cases and build: #136, #141, #142, #143, #145
- update documentation to reflect default SSL_version
* Fri May 19 2023 [email protected]
- updated to 2.083
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.083 2023/05/18
- fix t/protocol_version.t for OpenSSL versions which don't support SECLEVEL
(regression from #122)
2.082 2023/05/17
- SSL_version default now TLS 1.2+ since TLS 1.1 and lower deprecated #122
- fix output of alert string when debugging #132
- improve regex for hostname validation #130, #126
- add can_ciphersuites subroutine for feature checking #127
- Utils::CERT_create - die if unexpected arguments are given instead of ignoring
these
* Thu Jan 26 2023 [email protected]
- updated to 2.081
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.081 2023/01/25
- new function set_msg_callback for user defined callback on each SSL message
- showcase function in example/ssl_client.pl and example/ssl_server.pl for
computing JA3S/JA3 fingerprints
- fix tracing added in 2.076 to no longer include SSL3_RT_HEADER (noise)
2.080 2023/01/18
- move certs into t/ so that distributions like CentOS don't install the
test certificates as part of the documentation any longer.
2.079 2023/01/16
- properly extract IPv6 address for verification from PeerAddr if not explicitly
given as SSL_verifycn_name.
https://github.com/noxxi/p5-io-socket-ssl/issues/123
* Mon Dec 12 2022 [email protected]
- updated to 2.078
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.078 2022/12/11
- revert decision from 2014 to not verify hostname by default if hostname is
IP address but no explicit verification scheme given
https://github.com/noxxi/p5-io-socket-ssl/issues/121
* Tue Nov 22 2022 [email protected]
- updated to 2.077
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.077 2022/11/21
- fix memory leak in session cache, thanks to genuaboro
https://github.com/noxxi/p5-io-socket-ssl/pull/118
- more race conditions in tests fixed thanks to jddurand
https://github.com/noxxi/p5-io-socket-ssl/issues/97
2.076 2022/11/12
- added curl like tracing based on contribution from jddurand
https://github.com/noxxi/p5-io-socket-ssl/pull/117
- fixed race condition in t/sni_verify.t based on analysis from jddurand
https://github.com/noxxi/p5-io-socket-ssl/issues/97
* Sat Sep 03 2022 [email protected]
- updated to 2.075
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.075
- treat SSL_write returning 0 same as previously -1, as suggested by both
OpenSSL and LibreSSL documentation
- propagate error from SSL_shutdown, but if the shutdown is caused by an outer
SSL error keep the original error
- small tests fixes
* Thu Jun 09 2022 [email protected]
- (bsc#1200295) follow system "PROFILE=SYSTEM" openSSL ciphers
* Add perl-IO-Socket-SSL-use-system-default-cipher-list.patch
* Sat Jan 08 2022 [email protected]
- updated to 2.074
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.074
- add SSL_ciphersuites option for TLS 1.3 ciphers
- no longer use own default for ciphers, instead use system default but disable
some weak ciphers which might still be enabled on older systems
* Thu Dec 23 2021 [email protected]
- updated to 2.073
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.073
- fix behavior and tests for openssl 3.0.1
- fix #110 - prevent internal error warning in some cases
* Tue Aug 17 2021 [email protected]
- updated to 2.072
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.072
- add PEM_certs2file and PEM_file2certs in IO::Socket::SSL::Utils based
on idea by rovo89 in #101
- certs/*.p12 used for testing should now work with OpenSSL 3.0 too #108
- update public suffix database
* Mon May 24 2021 [email protected]
- updated to 2.071
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.071 2021/05/23
- fix t/nonblock.t race on some systems. Fixes issue #102, maybe #98 too.
* Sat Feb 27 2021 [email protected]
- updated to 2.070
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.070 2021/02/26
- changed bugtracker in Makefile.PL to github, away from obsolete rt.cpan.org
2.069 2021/01/22
- IO::Socket::Utils CERT_asHash and CERT_create now support subject and issuer
with multiple same parts (like multiple OU). In this case an array ref instead
of a scalar is used as hash value.
https://github.com/noxxi/p5-io-socket-ssl/issues/95
* Mon May 04 2020 [email protected]
- updated to 2.068
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.068 2020/03/31
- treat OpenSSL 1.1.1e as broken and refuse to build with it in order to
prevent follow-up problems in tests and user code
https://github.com/noxxi/p5-io-socket-ssl/issues/93
https://github.com/openssl/openssl/issues/11388
https://github.com/openssl/openssl/issues/11378
- update PublicSuffix with latest data from publicsuffix.org
* Tue Feb 18 2020 [email protected]
- Add removal of the README.Win32 file in cpanspec.yml
* Sat Feb 15 2020 [email protected]
- updated to 2.067
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
* Mon May 27 2019 [email protected]
- Remove not needed README.Win32 from the files section.
- Cleaned spec file with spec-cleaner.
* Wed Mar 06 2019 [email protected]
- updated to 2.066
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.066
- fix test t/verify_partial_chain.t by using the newly exposed function
can_partial_chain instead of guessing (wrongly) if the functionality is
available
* Wed Mar 06 2019 [email protected]
- updated to 2.065
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.065
- make sure that Net::SSLeay::CTX_get0_param is defined before using
X509_V_FLAG_PARTIAL_CHAIN. Net::SSLeay 1.85 defined only the second with
LibreSSL 2.7.4 but not the first
https://rt.cpan.org/Ticket/Display.html?id=128716
- prefer AES for server side cipher default since it is usually
hardware-accelerated
* Tue Mar 05 2019 [email protected]
- updated to 2.064
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.064
- make algorithm for fingerprint optional, i.e. detect based on length of
fingerprint - https://rt.cpan.org/Ticket/Display.html?id=127773
- fix t/sessions.t and improve stability of t/verify_hostname.t on windows
- use CTX_set_ecdh_auto when needed (OpenSSL 1.0.2) if explicit curves are set
- update fingerprints for live tests
2.063
- support for both RSA and ECDSA certificate on same domain
- update PublicSuffix
- Refuse to build if Net::SSLeay is compiled with one version of OpenSSL but
then linked against another API-incompatible version (ie. more than just the
patchlevel differs).
* Sun Feb 24 2019 [email protected]
- updated to 2.062
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.062
- Enable X509_V_FLAG_PARTIAL_CHAIN if supported by Net::SSLeay (1.83+) and
OpenSSL (1.1.0+). This makes leaf certificates or intermediate certificates in
the trust store be usable as full trust anchors too.
* Sat Feb 23 2019 [email protected]
- updated to 2.061
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.061
- Support for TLS 1.3 session reuse. Needs Net::SSLeay 1.86+.
Note that the previous (and undocumented) API for the session cache has been
changed.
- Support for multiple curves, automatic setting of curves and setting of
supported curves in client. Needs Net::SSLeay 1.86+.
- Enable Post-Handshake-Authentication (TLSv1.3 feature) client-side when
client certificates are provided. Thanks to jorton[AT]redhat[DOT]com.
Needs Net::SSLeay 1.86+.
- Removed patch:
IO-Socket-SSL-2.060-make-all-tests-which-use-fork-also-ignore-signal-PIP.patch
* Thu Nov 01 2018 [email protected]
- prevent flaky test failures with openssl 1.1.1 on overloaded
systems(bsc#1108977)
* https://rt.cpan.org/Public/Bug/Display.html?id=126899
* add IO-Socket-SSL-2.060-make-all-tests-which-use-fork-also-ignore-signal-PIP.patch
* Wed Sep 19 2018 [email protected]
- updated to 2.060
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
* Thu Aug 16 2018 [email protected]
- updated to 2.059
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.058 2018/08/15
- fix memleak when CRL are used.
Thanks to Franz Skale for report and patch
https://rt.cpan.org/Ticket/Display.html?id=125867
- fix memleak when using stop_SSL and threads, reported by Paul Evans
https://rt.cpan.org/Ticket/Display.html?id=125867#txn-1797132
* Fri Jul 20 2018 [email protected]
- updated to 2.058
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.058 2018/07/19
- fix t/session_ticket.t: it failed with OpenSSL 1.1.* since this version
expects the extKeyUsage of clientAuth in the client cert also to be allowed
by the CA if CA uses extKeyUsage
* Thu Jul 19 2018 [email protected]
- updated to 2.057
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.057 2018/07/18
- fix memory leak which occured with explicit stop_SSL in connection with
non-blocking sockets or timeout - https://rt.cpan.org/Ticket/Display.html?id=125867
Thanks to Paul Evans for reporting
- fix redefine warnings in case Socket6 is installed but neither IO::Socket::IP
nor IO::Socket::INET6 - https://rt.cpan.org/Ticket/Display.html?id=124963
- IO::Socket::SSL::Intercept - optional 'serial' argument can be starting number
or callback to create serial number based on the original certificate
- new function get_session_reused to check if a session got reused
- IO::Socket::SSL::Utils::CERT_asHash: fingerprint_xxx now set to the correct value
* Tue Feb 20 2018 [email protected]
- updated to 2.056
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.056 2018/02/19
- Intercept - fix creation of serial number: base it on binary digest instead of
treating hex fingerprint as binary. Allow use of own serial numbers again.
- t/io-socket-ip.t - skip test if no IPv6 support on system RT#124464
- update PublicSuffix
* Fri Feb 16 2018 [email protected]
- updated to 2.055
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.055 2018/02/15
- use SNI also if hostname was given all-uppercase
- Utils::CERT_create - don't add authority key for issuer since Chrome does
not like this
- Intercept:
- change behavior of code based cache to better support synchronizing
within multiprocess/threaded setups
- don't use counter for serial number but somehow base it on original
certificate in order to avoid conflicts with reuse of serial numbers
after restart
- RT#124431 - better support platforms w/o IPv6
- RT#124306 - spelling fixes in documentation
* Mon Feb 12 2018 [email protected]
- ignore Mozilla::CA
* Wed Feb 07 2018 [email protected]
- updated to 2.054
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.054 2018/01/22
- added missing test certificates to MANIFEST
2.053 2018/01/21
- small behavior fixes
- if SSL_fingerprint is used and matches don't check for OCSP
- Utils::CERT_create - small fixes to properly specific purpose, ability to
use predefined complex purpose but disable some features
- update PublicSuffix
- updates for documentation, especially regarding pitfalls with forking or using
non-blocking sockets. Spelling fixes.
- test fixes and improvements
- stability improvements for live tests
- regenerate certificate in certs/ and make sure they are limited to the
correct purpose. Checkin program used to generate certificates.
- adjust tests since certificates have changed and some tests used
certificates intended for client authentication as server certificates,
which now no longer works
* Mon Oct 23 2017 [email protected]
- updated to 2.052
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.052 2017/10/22
- disable NPN support if LibreSSL>=2.6.1 is detected since they've replaced the
functions with dummies instead of removing NPN completly or setting
OPENSSL_NO_NEXTPROTONEG
- t/01loadmodule.t shows more output helpful in debugging problems
- update fingerprints for extenal tests
- update documentation to make behavior of syswrite more clear
* Thu Sep 21 2017 [email protected]
- update to 2.051
- syswrite: if SSL_write sets SSL_ERROR_SYSCALL but no $! (as seen with
OpenSSL 1.1.0 on Windows) set $! to EPIPE to propagate a useful error up
https://github.com/noxxi/p5-io-socket-ssl/issues/62
- removed unecessary settings of SSL_version and SSL_cipher_list from tests
- protocol_version.t can now deal when TLS 1.0 and/or TLS 1.1 are not supported
as is the case with openssl versions in latest Debian (buster)
- fixed problem caused by typo in the context of session cache
https://github.com/noxxi/p5-io-socket-ssl/issues/60
- update PublicSuffix information from publicsuffix.org
- fixed small memory leaks during destruction of socket and context, RT#120643
- better fix for problem which 2.046 tried to fix but broke LWP this way
- cleanup everything in DESTROY and make sure to start with a fresh %{*self}
in configure_SSL because it can happen that a GLOB gets used again without
calling DESTROY (https://github.com/noxxi/p5-io-socket-ssl/issues/56)
- fixed memory leak caused by not destroying CREATED_IN_THIS_THREAD for SSL
objects -> github pull#55
- optimization: don't track SSL objects and CTX in *CREATED_IN_THIS_THREAD
if perl is compiled w/o thread support
- small fix in t/protocol_version.t to use older versions of Net::SSLeay
with openssl build w/o SSLv3 support
- when setting SSL_keepSocketOnError to true the socket will not be closed
on fatal error. This is a modified version of
https://github.com/noxxi/p5-io-socket-ssl/pull/53/
- protect various 'eval'-based capability detections at startup with a localized
__DIE__ handler. This way dynamically requiring IO::Socket::SSL as done by
various third party software should cause less problems even if there is a
global __DIE__ handler which does not properly deal with 'eval'.
- make t/session_ticket.t work with OpenSSL 1.1.0. With this version the
session does not get reused any longer if it was not properly closed which
is now done using an explicit close by the client which causes a
proper SSL_shutdown
- enable session ticket callback with Net::SSLeay>=1.80
- leave session ticket callback off for now until the needed patch is
included in Net::SSLeay. See
https://rt.cpan.org/Ticket/Display.html?id=116118#txn-1696146
- fix detection of default CA path for OpenSSL 1.1.x
- Utils::CERT_asHash now includes the signature algorithm used
- Utils::CERT_asHash can now deal with large serial numbers
- OpenSSL 1.1.0c changed the behavior of SSL_read so that it now returns -1 on
EOF without proper SSL shutdown. Since it looks like that this behavior will
be kept at least for 1.1.1+ adapt to the changed API by treating errno=NOERR
on SSL_ERROR_SYSCALL as EOF.
- restrict session ticket callback to Net::SSLeay 1.79+ since version before
contains bug. Add test for session reuse
- extend SSL fingerprint to pubkey digest, i.e. 'sha1$pub$xxxxxx....'
- fix t/external/ocsp.t to use different server (under my control) to check
OCSP stapling
- fix session cache del_session: it freed the session but did not properly
remove it from the cache. Further reuse causes crash.
- disable OCSP support when Net::SSLeay 1.75..1.77 is used, see RT#116795
- move handling of global SSL arguments into creation of context, so that these
get also applied when creating a context only.
- support for session ticket reuse over multiple contexts and processes
(if supported by Net::SSLeay)
- small optimizations, like saving various Net::SSLeay constants into variables
and access variables instead of calling the constant sub all the time
- make t/dhe.t work with openssl 1.1.0
- Set session id context only on the server side. Even if the documentation for
SSL_CTX_set_session_id_context makes clear that this function is server side
only it actually affects hndling of session reuse on the client side too and
can result in error "SSL3_GET_SERVER_HELLO:attempt to reuse session in
different context" at the client.
- Utils::CERT_create - don't add given extensions again if they were already
added. Firefox croaks with sec_error_extension_value_invalid if (specific?)
extensions are given twice.
- assume that Net::SSLeay::P_PKCS12_load_file will return the CA certificates
with the reverse order as in the PKCS12 file, because that's what it does.
- support for creating ECC keys in Utils once supported by Net::SSLeay
- remove internal sub session_cache and access cache directly (faster)
- fix del_session method in case a single item was in the cache
- use SSL_session_key as the real key for the cache and not some derivate of it,
so that it works to remove the entry using the same key
- add del_session method to session cache
- only added Changes for 2.026
- update default server and client ciphers based on recommendation of
Mozilla and what the current browsers use. Notably this finally disables
RC4 for the client (was disabled for server long ago) and adds CHACHA20.
- drop perl-IO-Socket-SSL_add_DHE-RSA_to_default_client_cipher_list.patch
(upstream)
* Wed Apr 06 2016 [email protected]
- updated to 2.025
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.025 2016/04/04
- Resolved memleak if SSL_crl_file was used: RT#113257, RT#113530
Thanks to avi[DOT]maslati[AT]forescout[DOT]com and
mark[DOT]kurman[AT]gmail[DOT]com for reporting the problem
* Fri Mar 11 2016 [email protected]
- updated to 2.024
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.024 2016/02/06
- Work around issue where the connect fails on systems having only a loopback
interface and where IO::Socket::IP is used as super class (default when
available). Since IO::Socket::IP sets AI_ADDRCONFIG by default connect to
localhost would fail on this systems. This happened at least for the tests,
see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813796
Workaround is to explicitely set GetAddrInfoFlags to 0 if no GetAddrInfoFlags
is set but the Family/Domain is given. In this case AI_ADDRCONFIG would not
be useful anyway but would cause at most harm.
2.023 2016/01/30
- OpenSSL 1.0.2f changed the behavior of SSL shutdown in case the TLS connection
was not fully established (commit: f73c737c7ac908c5d6407c419769123392a3b0a9).
This somehow resulted in Net::SSLeay::shutdown returning 0 (i.e. keep trying)
which caused an endless loop. It will now ignore this result in case the TLS
connection was not yet established and consider the TLS connection closed
instead.
2.022 2015/12/10
- fix stringification of IPv6 inside subjectAltNames in Utils::CERT_asHash.
Thanks to Mark.Martinec[AT]ijs[DOT]si for reporting in #110253
2.021 2015/12/02
- Fixes for documentation and typos thanks to DavsX and jwilk.
- Update PublicSuffx with latest version from publicsuffix.org
2.020 2015/09/20
- support multiple directories in SSL_ca_path as proposed in RT#106711
by dr1027[AT]evocat[DOT]ne. Directories can be given as array or as string
with a path separator, see documentation.
- typos fixed thanks to jwilk https://github.com/noxxi/p5-io-socket-ssl/pull/34
2.019 2015/09/01
- work around different behavior of getnameinfo from Socket and Socket6 by
using a different wrapper depending on which module I use for IPv6.
Thanks to bluhm for reporting.
2.018 2015/08/27
- RT#106687 - startssl.t failed on darwin with old openssl since server
requested client certificate but offered also anon ciphers
2.017 2015/08/24
- checks for readability of files/dirs for certificates and CA no longer use
- r because this is not safe when ACLs are used. Thanks to BBYRD, RT#106295
- new method sock_certificate similar to peer_certificate based on idea of
Paul Evans, RT#105733
- get_fingerprint can now take optional certificate as argument and compute
the fingerprint of it. Useful in connection with sock_certificate.
- check for both EWOULDBLOCK and EAGAIN since these codes are different on
some platforms. Thanks to Andy Grundman, RT#106573
- enforce default verification scheme if none was specified, i.e. no longer
just warn but accept. If really no verification is wanted a scheme of
'none' must be explicitly specified.
- support different cipher suites per SNI hosts
- remove perl-IO-Socket-SSL_fix_offline.patch
* Tue Jul 07 2015 [email protected]
- add perl-IO-Socket-SSL_fix_offline.patch to fix build in OBS with
updated perl
* Sun Jun 07 2015 [email protected]
- updated to 2.016
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
* Thu May 14 2015 [email protected]
- updated to 2.015
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.014 2015/05/13
- work around problem with IO::Socket::INET6 on windows, by explicitly using
Domain AF_INET in the tests.
Fixes RT#104226 reported by CHORNY
* Wed May 13 2015 [email protected]
- updated to 2.014
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.014 2015/05/05
- Utils::CERT_create - work around problems with authorityInfoAccess, where
OpenSSL i2v does not create the same string as v2i expects
- Intercept - don't clone some specific extensions which make only sense with
the original certificate
* Sat May 02 2015 [email protected]
- updated to 2.013
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
* Fri Apr 17 2015 [email protected]
- add DHE-RSA to the default client cipher list to support PFS with
older machines (bnc#924976)
* added perl-IO-Socket-SSL_add_DHE-RSA_to_default_client_cipher_list.patch
- add cpanspec.yml to support automatic version updates
(see http://lists.opensuse.org/opensuse-packaging/2015-04/msg00084.html)
* Tue Apr 14 2015 [email protected]
- updated to 2.012
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.012 2014/02/02
- fix t/ocsp.t in case no HTTP::Tiny is installed
2.011 2014/02/01
- fix t/ocsp.t - don't count on revoked.grc.com using OCSP stapling #101855
- added option 'purpose' to Utils::CERT_create to get better control of the
certificates purpose. Default is 'server,client' for non-CA (contrary to
only 'server' before)
- removed RC4 from default cipher suites on the server site
https://github.com/noxxi/p5-io-socket-ssl/issues/22
- refactoring of some tests using Test::More thanks to Sweet-kid and the
2015 Pull Request Challenge
2.010 2014/01/14
- new options SSL_client_ca_file and SSL_client_ca to let the server send
the list of acceptable CAs for the client certificate.
- t/protocol_version.t - fix in case SSLv3 is not supported in Net::SSLeay.
RT#101485, thanks to TEAM.
2.009 2014/01/12
- remove util/analyze.pl. This tool is now together with other SSL tools in
https://github.com/noxxi/p5-ssl-tools
- added ALPN support (needs OpenSSL1.02, Net::SSLeay 1.56+) thanks to TEAM,
RT#101452
2.008 2014/12/16
- work around recent OCSP verification errors for revoked.grc.com (badly signed
OCSP response, Firefox also complains about it) in test t/external/ocsp.t.
- util/analyze.pl - report more details about preferred cipher for specific TLS
versions
2.007 2014/11/26
- make getline/readline fall back to super class if class is not sslified yet,
i.e. behave the same as sysread, syswrite etc.
This fixes RT#100529
2.006 2014/11/22
- Make (hopefully) non-blocking work on windows by using EWOULDBLOCK instead of
EAGAIN. While this is the same on UNIX it is different on Windows and socket
operations return there (WSA)EWOULDBLOCK and not EAGAIN. Enable non-blocking
tests on Windows too.
- make PublicSuffix::_default_data thread safe
- update PublicSuffix with latest list from publicsuffix.org
2.005 2014/11/15
- next try to fix t/protocol_version.t for OpenSSL w/o SSLv3 support
2.004 2014/11/15
- only test fix: fix t/protocol_version.t to deal with OpenSSL installations
which are compiled without SSLv3 support.
2.003 2014/11/14
- make SSLv3 available even if the SSL library disables it by default in
SSL_CTX_new (like done in LibreSSL). Default will stay to disable SSLv3,
so this will be only done when setting SSL_version explicitly.
- fix possible segmentation fault when trying to use an invalid certificate,
reported by Nick Andrew.
- Use only the ICANN part of the default public suffix list and not the
private domains. This makes existing exceptions for s3.amazonaws.com and
googleapis.com obsolete. Thanks to Gervase Markham from mozilla.org.
2.002 2014/10/21
- fix check for (invalid) IPv4 when validating hostname against certificate. Do
not use inet_aton any longer because it can cause DNS lookups for malformed
IP. RT#99448, thanks to justincase[AT]yopmail[DOT]com.
- Update PublicSuffix with latest version from publicsuffix.org - lots of new
top level domains.
- Add exception to PublicSuffix for s3.amazonaws.com - RT#99702, thanks to
cpan[AT]cpanel[DOT]net.
2.001 2014/10/21
- Add SSL_OP_SINGLE_(DH|ECDH)_USE to default options to increase PFS security.
Thanks to Heikki Vatiainen for suggesting.
- Update external tests with currently expected fingerprints of hosts.
- Some fixes to make it still work on 5.8.1.
2.000 2014/10/15
- consider SSL3.0 as broken because of POODLE and disable it by default.
- Skip live tests without asking if environment NO_NETWORK_TESTING is set.
Thanks to ntyni[AT]debian[DOT]org for suggestion.
- skip tests which require fork on non-default windows setups without proper
fork. Thanks to SHAY for https://github.com/noxxi/p5-io-socket-ssl/pull/18
1.999 2014/10/09
- make sure we don't use version 0.30 of IO::Socket::IP
- make sure that PeerHost is checked on all places where PeerAddr is
checked, because these are synonyms and IO::Socket::IP prefers PeerHost
while others prefer PeerAddr. Also accept PeerService additionally to
PeerPort.
See https://github.com/noxxi/p5-io-socket-ssl/issues/16 for details.
- add ability to use client certificates and to overwrite hostname with
util/analyze-ssl.pl.
1.998 2014/09/07
- make client authentication work at the server side when SNI is in by use
having CA path and other settings in all SSL contexts instead of only the main
one. Based on code from lundstrom[DOT]jerry[AT]gmail[DOT]com,
https://github.com/noxxi/p5-io-socket-ssl/pull/15
/usr/lib/perl5/vendor_perl/5.26.1/IO /usr/lib/perl5/vendor_perl/5.26.1/IO/Socket /usr/lib/perl5/vendor_perl/5.26.1/IO/Socket/SSL /usr/lib/perl5/vendor_perl/5.26.1/IO/Socket/SSL.pm /usr/lib/perl5/vendor_perl/5.26.1/IO/Socket/SSL.pod /usr/lib/perl5/vendor_perl/5.26.1/IO/Socket/SSL/Intercept.pm /usr/lib/perl5/vendor_perl/5.26.1/IO/Socket/SSL/PublicSuffix.pm /usr/lib/perl5/vendor_perl/5.26.1/IO/Socket/SSL/Utils.pm /usr/lib/perl5/vendor_perl/5.26.1/x86_64-linux-thread-multi /usr/share/doc/packages/perl-IO-Socket-SSL /usr/share/doc/packages/perl-IO-Socket-SSL/BUGS /usr/share/doc/packages/perl-IO-Socket-SSL/Changes /usr/share/doc/packages/perl-IO-Socket-SSL/README /usr/share/doc/packages/perl-IO-Socket-SSL/README.Win32 /usr/share/doc/packages/perl-IO-Socket-SSL/docs /usr/share/doc/packages/perl-IO-Socket-SSL/docs/debugging.txt /usr/share/doc/packages/perl-IO-Socket-SSL/example /usr/share/doc/packages/perl-IO-Socket-SSL/example/async_https_server.pl /usr/share/doc/packages/perl-IO-Socket-SSL/example/lwp-with-verifycn.pl /usr/share/doc/packages/perl-IO-Socket-SSL/example/simulate_proxy.pl /usr/share/doc/packages/perl-IO-Socket-SSL/example/ssl_client.pl /usr/share/doc/packages/perl-IO-Socket-SSL/example/ssl_mitm.pl /usr/share/doc/packages/perl-IO-Socket-SSL/example/ssl_server.pl /usr/share/man/man3/IO::Socket::SSL.3pm.gz /usr/share/man/man3/IO::Socket::SSL::Intercept.3pm.gz /usr/share/man/man3/IO::Socket::SSL::PublicSuffix.3pm.gz /usr/share/man/man3/IO::Socket::SSL::Utils.3pm.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Jul 9 19:58:50 2024