From 5289b4544b356a6f0b3c58e3f8d1afb184676940 Mon Sep 17 00:00:00 2001 From: Paul Howarth Date: Wed, 3 Jul 2013 13:04:57 +0100 Subject: [PATCH] Update to 1.951 - New upstream release 1.951 (1.950) - MAJOR BEHAVIOR CHANGE: - ssl_verify_mode now defaults to verify_peer for client - Previously it used verify_none, but loudly complained since 1.79 about it - It will not complain any longer, but the connection will probably fail - Please don't simply disable ssl verification; instead, set SSL_ca_file etc. so that verification succeeds! - MAJOR BEHAVIOR CHANGE: - It will now complain if the built-in defaults of certs/my-ca.pem or ca/ for CA and certs/{server,client}-{key,cert}.pem for cert and key are used, i.e. no certificates are specified explicitly - In the future these insecure (relative path!) defaults will be removed and the CA replaced with the system defaults (1.951) - Use Net::SSLeay::SSL_CTX_set_default_verify_paths to use openssl's built-in defaults for CA unless CA path/file was given (or IO::Socket::SSL built-ins used) --- perl-IO-Socket-SSL.spec | 30 +++++++++++++++++++++++++++--- sources | 2 +- 2 files changed, 28 insertions(+), 4 deletions(-) diff --git a/perl-IO-Socket-SSL.spec b/perl-IO-Socket-SSL.spec index 5de6d18..e7eec89 100644 --- a/perl-IO-Socket-SSL.spec +++ b/perl-IO-Socket-SSL.spec @@ -1,11 +1,15 @@ +# Work around Perl/RPM versioning inconsistencies +%global rpmversion 1.95.1 +%global cpanversion 1.951 + Name: perl-IO-Socket-SSL -Version: 1.94 +Version: %{rpmversion} Release: 1%{?dist} Summary: Perl library for transparent SSL Group: Development/Libraries License: GPL+ or Artistic URL: http://search.cpan.org/dist/IO-Socket-SSL/ -Source0: http://search.cpan.org/CPAN/authors/id/S/SU/SULLR/IO-Socket-SSL-%{version}.tar.gz +Source0: http://search.cpan.org/CPAN/authors/id/S/SU/SULLR/IO-Socket-SSL-%{cpanversion}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu) BuildArch: noarch BuildRequires: openssl >= 0.9.8 @@ -44,7 +48,7 @@ SSL version selection. As an extra bonus, it works perfectly with mod_perl. %prep -%setup -q -n IO-Socket-SSL-%{version} +%setup -q -n IO-Socket-SSL-%{cpanversion} %build perl Makefile.PL INSTALLDIRS=vendor @@ -70,6 +74,26 @@ rm -rf %{buildroot} %{_mandir}/man3/IO::Socket::SSL::Utils.3pm* %changelog +* Wed Jul 3 2013 Paul Howarth - 1.95.1-1 +- Update to 1.951 + (1.950) + - MAJOR BEHAVIOR CHANGE: + - ssl_verify_mode now defaults to verify_peer for client + - Previously it used verify_none, but loudly complained since 1.79 about it + - It will not complain any longer, but the connection will probably fail + - Please don't simply disable ssl verification; instead, set SSL_ca_file + etc. so that verification succeeds! + - MAJOR BEHAVIOR CHANGE: + - It will now complain if the built-in defaults of certs/my-ca.pem or ca/ + for CA and certs/{server,client}-{key,cert}.pem for cert and key are + used, i.e. no certificates are specified explicitly + - In the future these insecure (relative path!) defaults will be removed + and the CA replaced with the system defaults + (1.951) + - Use Net::SSLeay::SSL_CTX_set_default_verify_paths to use openssl's built-in + defaults for CA unless CA path/file was given (or IO::Socket::SSL built-ins + used) + * Sat Jun 1 2013 Paul Howarth - 1.94-1 - Update to 1.94 - Makefile.PL reported wrong version of openssl if Net::SSLeay was not diff --git a/sources b/sources index 1aa7f71..a6c96f4 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -96f19be345b87f659d945764b058e750 IO-Socket-SSL-1.94.tar.gz +dcaec234df6c405609fef322f6e0c3f9 IO-Socket-SSL-1.951.tar.gz