Update to 1.951
- New upstream release 1.951 (1.950) - MAJOR BEHAVIOR CHANGE: - ssl_verify_mode now defaults to verify_peer for client - Previously it used verify_none, but loudly complained since 1.79 about it - It will not complain any longer, but the connection will probably fail - Please don't simply disable ssl verification; instead, set SSL_ca_file etc. so that verification succeeds! - MAJOR BEHAVIOR CHANGE: - It will now complain if the built-in defaults of certs/my-ca.pem or ca/ for CA and certs/{server,client}-{key,cert}.pem for cert and key are used, i.e. no certificates are specified explicitly - In the future these insecure (relative path!) defaults will be removed and the CA replaced with the system defaults (1.951) - Use Net::SSLeay::SSL_CTX_set_default_verify_paths to use openssl's built-in defaults for CA unless CA path/file was given (or IO::Socket::SSL built-ins used)
This commit is contained in:
parent
4b2baf4c09
commit
5289b4544b
@ -1,11 +1,15 @@
|
||||
# Work around Perl/RPM versioning inconsistencies
|
||||
%global rpmversion 1.95.1
|
||||
%global cpanversion 1.951
|
||||
|
||||
Name: perl-IO-Socket-SSL
|
||||
Version: 1.94
|
||||
Version: %{rpmversion}
|
||||
Release: 1%{?dist}
|
||||
Summary: Perl library for transparent SSL
|
||||
Group: Development/Libraries
|
||||
License: GPL+ or Artistic
|
||||
URL: http://search.cpan.org/dist/IO-Socket-SSL/
|
||||
Source0: http://search.cpan.org/CPAN/authors/id/S/SU/SULLR/IO-Socket-SSL-%{version}.tar.gz
|
||||
Source0: http://search.cpan.org/CPAN/authors/id/S/SU/SULLR/IO-Socket-SSL-%{cpanversion}.tar.gz
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu)
|
||||
BuildArch: noarch
|
||||
BuildRequires: openssl >= 0.9.8
|
||||
@ -44,7 +48,7 @@ SSL version selection. As an extra bonus, it works perfectly with
|
||||
mod_perl.
|
||||
|
||||
%prep
|
||||
%setup -q -n IO-Socket-SSL-%{version}
|
||||
%setup -q -n IO-Socket-SSL-%{cpanversion}
|
||||
|
||||
%build
|
||||
perl Makefile.PL INSTALLDIRS=vendor
|
||||
@ -70,6 +74,26 @@ rm -rf %{buildroot}
|
||||
%{_mandir}/man3/IO::Socket::SSL::Utils.3pm*
|
||||
|
||||
%changelog
|
||||
* Wed Jul 3 2013 Paul Howarth <paul@city-fan.org> - 1.95.1-1
|
||||
- Update to 1.951
|
||||
(1.950)
|
||||
- MAJOR BEHAVIOR CHANGE:
|
||||
- ssl_verify_mode now defaults to verify_peer for client
|
||||
- Previously it used verify_none, but loudly complained since 1.79 about it
|
||||
- It will not complain any longer, but the connection will probably fail
|
||||
- Please don't simply disable ssl verification; instead, set SSL_ca_file
|
||||
etc. so that verification succeeds!
|
||||
- MAJOR BEHAVIOR CHANGE:
|
||||
- It will now complain if the built-in defaults of certs/my-ca.pem or ca/
|
||||
for CA and certs/{server,client}-{key,cert}.pem for cert and key are
|
||||
used, i.e. no certificates are specified explicitly
|
||||
- In the future these insecure (relative path!) defaults will be removed
|
||||
and the CA replaced with the system defaults
|
||||
(1.951)
|
||||
- Use Net::SSLeay::SSL_CTX_set_default_verify_paths to use openssl's built-in
|
||||
defaults for CA unless CA path/file was given (or IO::Socket::SSL built-ins
|
||||
used)
|
||||
|
||||
* Sat Jun 1 2013 Paul Howarth <paul@city-fan.org> - 1.94-1
|
||||
- Update to 1.94
|
||||
- Makefile.PL reported wrong version of openssl if Net::SSLeay was not
|
||||
|
Loading…
Reference in New Issue
Block a user