From 536e7cbbbc7704b82fd1a6f546528071d36cc230 Mon Sep 17 00:00:00 2001 From: Paul Howarth Date: Sat, 2 Mar 2019 15:25:22 +0000 Subject: [PATCH] Update to 2.063 - New upstream release 2.063 - Support for both RSA and ECDSA certificate on same domain - Update PublicSuffix - Refuse to build if Net::SSLeay is compiled with one version of OpenSSL but then linked against another API-incompatible version (i.e. more than just the patchlevel differs) --- ...-performs-Post-Handshake-Authentication.patch | 6 +++--- ...SL-2.063-use-system-default-SSL-version.patch | 6 +++--- ...SL-2.063-use-system-default-cipher-list.patch | 6 +++--- perl-IO-Socket-SSL.spec | 16 ++++++++++++---- sources | 2 +- 5 files changed, 22 insertions(+), 14 deletions(-) rename IO-Socket-SSL-2.060-Test-client-performs-Post-Handshake-Authentication.patch => IO-Socket-SSL-2.063-Test-client-performs-Post-Handshake-Authentication.patch (97%) rename IO-Socket-SSL-2.062-use-system-default-SSL-version.patch => IO-Socket-SSL-2.063-use-system-default-SSL-version.patch (90%) rename IO-Socket-SSL-2.062-use-system-default-cipher-list.patch => IO-Socket-SSL-2.063-use-system-default-cipher-list.patch (96%) diff --git a/IO-Socket-SSL-2.060-Test-client-performs-Post-Handshake-Authentication.patch b/IO-Socket-SSL-2.063-Test-client-performs-Post-Handshake-Authentication.patch similarity index 97% rename from IO-Socket-SSL-2.060-Test-client-performs-Post-Handshake-Authentication.patch rename to IO-Socket-SSL-2.063-Test-client-performs-Post-Handshake-Authentication.patch index 83191e7..86f4484 100644 --- a/IO-Socket-SSL-2.060-Test-client-performs-Post-Handshake-Authentication.patch +++ b/IO-Socket-SSL-2.063-Test-client-performs-Post-Handshake-Authentication.patch @@ -21,14 +21,14 @@ diff --git a/MANIFEST b/MANIFEST index 5c2b87c..e46f919 100644 --- a/MANIFEST +++ b/MANIFEST -@@ -52,6 +52,7 @@ t/memleak_bad_handshake.t - t/mitm.t +@@ -57,6 +57,7 @@ t/memleak_bad_handshake.t + t/multiple-cert-rsa-ecc.t t/nonblock.t t/npn.t +t/pha_client.t t/plain_upgrade_downgrade.t t/protocol_version.t - t/public_suffix_lib.pl + t/public_suffix_lib_encode_idn.t diff --git a/t/pha_client.t b/t/pha_client.t new file mode 100755 index 0000000..6699443 diff --git a/IO-Socket-SSL-2.062-use-system-default-SSL-version.patch b/IO-Socket-SSL-2.063-use-system-default-SSL-version.patch similarity index 90% rename from IO-Socket-SSL-2.062-use-system-default-SSL-version.patch rename to IO-Socket-SSL-2.063-use-system-default-SSL-version.patch index a767a99..0569738 100644 --- a/IO-Socket-SSL-2.062-use-system-default-SSL-version.patch +++ b/IO-Socket-SSL-2.063-use-system-default-SSL-version.patch @@ -1,6 +1,6 @@ --- lib/IO/Socket/SSL.pm +++ lib/IO/Socket/SSL.pm -@@ -155,7 +155,7 @@ if ( defined &Net::SSLeay::CTX_set_min_p +@@ -158,7 +158,7 @@ if ( defined &Net::SSLeay::CTX_set_min_p # global defaults my %DEFAULT_SSL_ARGS = ( SSL_check_crl => 0, @@ -9,7 +9,7 @@ SSL_verify_callback => undef, SSL_verifycn_scheme => undef, # fallback cn verification SSL_verifycn_publicsuffix => undef, # fallback default list verification -@@ -2324,7 +2324,7 @@ sub new { +@@ -2328,7 +2328,7 @@ sub new { my $ssl_op = $DEFAULT_SSL_OP; @@ -20,7 +20,7 @@ or croak("invalid SSL_version specified"); --- lib/IO/Socket/SSL.pod +++ lib/IO/Socket/SSL.pod -@@ -1011,11 +1011,12 @@ All values are case-insensitive. Instea +@@ -1022,11 +1022,12 @@ All values are case-insensitive. Instea 'TLSv1_3' one can also use 'TLSv11', 'TLSv12', and 'TLSv13'. Support for 'TLSv1_1', 'TLSv1_2', and 'TLSv1_3' requires recent versions of Net::SSLeay and openssl. diff --git a/IO-Socket-SSL-2.062-use-system-default-cipher-list.patch b/IO-Socket-SSL-2.063-use-system-default-cipher-list.patch similarity index 96% rename from IO-Socket-SSL-2.062-use-system-default-cipher-list.patch rename to IO-Socket-SSL-2.063-use-system-default-cipher-list.patch index e9883bc..0103ff4 100644 --- a/IO-Socket-SSL-2.062-use-system-default-cipher-list.patch +++ b/IO-Socket-SSL-2.063-use-system-default-cipher-list.patch @@ -1,6 +1,6 @@ --- lib/IO/Socket/SSL.pm +++ lib/IO/Socket/SSL.pm -@@ -163,10 +163,10 @@ my %DEFAULT_SSL_ARGS = ( +@@ -166,10 +166,10 @@ my %DEFAULT_SSL_ARGS = ( SSL_npn_protocols => undef, # meaning depends whether on server or client side SSL_alpn_protocols => undef, # list of protocols we'll accept/send, for example ['http/1.1','spdy/3.1'] @@ -15,7 +15,7 @@ ); my %DEFAULT_SSL_CLIENT_ARGS = ( -@@ -176,63 +176,6 @@ my %DEFAULT_SSL_CLIENT_ARGS = ( +@@ -179,63 +179,6 @@ my %DEFAULT_SSL_CLIENT_ARGS = ( SSL_ca_file => undef, SSL_ca_path => undef, @@ -81,7 +81,7 @@ # set values inside _init to work with perlcc, RT#95452 --- lib/IO/Socket/SSL.pod +++ lib/IO/Socket/SSL.pod -@@ -1037,12 +1037,8 @@ documentation (L - 2.063-1 +- Update to 2.063 + - Support for both RSA and ECDSA certificate on same domain + - Update PublicSuffix + - Refuse to build if Net::SSLeay is compiled with one version of OpenSSL but + then linked against another API-incompatible version (i.e. more than just + the patchlevel differs) + * Mon Feb 25 2019 Paul Howarth - 2.062-1 - Update to 2.062 - Enable X509_V_FLAG_PARTIAL_CHAIN if supported by Net::SSLeay (1.83+) and diff --git a/sources b/sources index 94b5acd..0ffa20d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (IO-Socket-SSL-2.062.tar.gz) = 8a568b08961550df532cbad2707aea670d00a4e446c3f91e2ba6ca2bb1d85e09428d1f495dab1c8f7d9a74b04717852a1dcdb1b9e2684cf37b7166797b6f1183 +SHA512 (IO-Socket-SSL-2.063.tar.gz) = 31e42de5244fe1766c9c699767473d691657350a8dce115a17dde605274a0e99b460bc165625733d473febda699e07c0318a74f8398faa902683722b0c5e80cb