rpms/perl-IO-Socket-SSL
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to 1.951

Browse Source 
- New upstream release 1.951
  (1.950)
  - MAJOR BEHAVIOR CHANGE:
    - ssl_verify_mode now defaults to verify_peer for client
    - Previously it used verify_none, but loudly complained since 1.79 about it
    - It will not complain any longer, but the connection will probably fail
    - Please don't simply disable ssl verification; instead, set SSL_ca_file
      etc. so that verification succeeds!
  - MAJOR BEHAVIOR CHANGE:
    - It will now complain if the built-in defaults of certs/my-ca.pem or ca/
      for CA and certs/{server,client}-{key,cert}.pem for cert and key are
      used, i.e. no certificates are specified explicitly
    - In the future these insecure (relative path!) defaults will be removed
      and the CA replaced with the system defaults
  (1.951)
  - Use Net::SSLeay::SSL_CTX_set_default_verify_paths to use openssl's built-in
    defaults for CA unless CA path/file was given (or IO::Socket::SSL built-ins
    used)
This commit is contained in:
Paul Howarth 2013-07-03 13:04:57 +01:00
parent 4b2baf4c09
commit 5289b4544b
2 changed files with 28 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
perl-IO-Socket-SSL.spec
View File

@ -1,11 +1,15 @@
# Work around Perl/RPM versioning inconsistencies
%global rpmversion 1.95.1
%global cpanversion 1.951
Name: perl-IO-Socket-SSL
Version: 1.94
Version: %{rpmversion}
Release: 1%{?dist}
Summary: Perl library for transparent SSL
Group: Development/Libraries
License: GPL+ or Artistic
URL: http://search.cpan.org/dist/IO-Socket-SSL/
Source0: http://search.cpan.org/CPAN/authors/id/S/SU/SULLR/IO-Socket-SSL-%{version}.tar.gz
Source0: http://search.cpan.org/CPAN/authors/id/S/SU/SULLR/IO-Socket-SSL-%{cpanversion}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu)
BuildArch: noarch
BuildRequires: openssl >= 0.9.8
@ -44,7 +48,7 @@ SSL version selection. As an extra bonus, it works perfectly with
mod_perl.
%prep
%setup -q -n IO-Socket-SSL-%{version}
%setup -q -n IO-Socket-SSL-%{cpanversion}
%build
perl Makefile.PL INSTALLDIRS=vendor
@ -70,6 +74,26 @@ rm -rf %{buildroot}
%{_mandir}/man3/IO::Socket::SSL::Utils.3pm*
%changelog
* Wed Jul 3 2013 Paul Howarth <paul@city-fan.org> - 1.95.1-1
- Update to 1.951
(1.950)
- MAJOR BEHAVIOR CHANGE:
- ssl_verify_mode now defaults to verify_peer for client
- Previously it used verify_none, but loudly complained since 1.79 about it
- It will not complain any longer, but the connection will probably fail
- Please don't simply disable ssl verification; instead, set SSL_ca_file
etc. so that verification succeeds!
- MAJOR BEHAVIOR CHANGE:
- It will now complain if the built-in defaults of certs/my-ca.pem or ca/
for CA and certs/{server,client}-{key,cert}.pem for cert and key are
used, i.e. no certificates are specified explicitly
- In the future these insecure (relative path!) defaults will be removed
and the CA replaced with the system defaults
(1.951)
- Use Net::SSLeay::SSL_CTX_set_default_verify_paths to use openssl's built-in
defaults for CA unless CA path/file was given (or IO::Socket::SSL built-ins
used)
* Sat Jun 1 2013 Paul Howarth <paul@city-fan.org> - 1.94-1
- Update to 1.94
- Makefile.PL reported wrong version of openssl if Net::SSLeay was not

2
sources
View File

@ -1 +1 @@
96f19be345b87f659d945764b058e750 IO-Socket-SSL-1.94.tar.gz
dcaec234df6c405609fef322f6e0c3f9 IO-Socket-SSL-1.951.tar.gz