Update to 2.063

- New upstream release 2.063 - Support for both RSA and ECDSA certificate on same domain - Update PublicSuffix - Refuse to build if Net::SSLeay is compiled with one version of OpenSSL but then linked against another API-incompatible version (i.e. more than just the patchlevel differs)
2019-03-02 15:25:22 +00:00 · 2019-03-02 15:25:22 +00:00 · 536e7cbbbc
commit 536e7cbbbc
parent ee2bb1ed57
5 changed files with 22 additions and 14 deletions
--- a/IO-Socket-SSL-2.063-Test-client-performs-Post-Handshake-Authentication.patch
+++ b/IO-Socket-SSL-2.063-Test-client-performs-Post-Handshake-Authentication.patch
@ -21,14 +21,14 @@ diff --git a/MANIFEST b/MANIFEST
 index 5c2b87c..e46f919 100644
 --- a/MANIFEST
 +++ b/MANIFEST
-@@ -52,6 +52,7 @@ t/memleak_bad_handshake.t
+@@ -57,6 +57,7 @@ t/memleak_bad_handshake.t
- t/mitm.t
+ t/multiple-cert-rsa-ecc.t
 t/nonblock.t
 t/npn.t
 +t/pha_client.t
 t/plain_upgrade_downgrade.t
 t/protocol_version.t
- t/public_suffix_lib.pl
+ t/public_suffix_lib_encode_idn.t
 diff --git a/t/pha_client.t b/t/pha_client.t
 new file mode 100755
 index 0000000..6699443
--- a/IO-Socket-SSL-2.063-use-system-default-SSL-version.patch
+++ b/IO-Socket-SSL-2.063-use-system-default-SSL-version.patch
@ -1,6 +1,6 @@
 --- lib/IO/Socket/SSL.pm
 +++ lib/IO/Socket/SSL.pm
-@@ -155,7 +155,7 @@ if ( defined &Net::SSLeay::CTX_set_min_p
+@@ -158,7 +158,7 @@ if ( defined &Net::SSLeay::CTX_set_min_p
 # global defaults
 my %DEFAULT_SSL_ARGS = (
     SSL_check_crl => 0,
@ -9,7 +9,7 @@
     SSL_verify_callback => undef,
     SSL_verifycn_scheme => undef,  # fallback cn verification
     SSL_verifycn_publicsuffix => undef,  # fallback default list verification
-@@ -2324,7 +2324,7 @@ sub new {
+@@ -2328,7 +2328,7 @@ sub new {
     my $ssl_op = $DEFAULT_SSL_OP;
@ -20,7 +20,7 @@
 	or croak("invalid SSL_version specified");
 --- lib/IO/Socket/SSL.pod
 +++ lib/IO/Socket/SSL.pod
-@@ -1011,11 +1011,12 @@ All values are case-insensitive.  Instea
+@@ -1022,11 +1022,12 @@ All values are case-insensitive.  Instea
 'TLSv1_3' one can also use 'TLSv11', 'TLSv12', and 'TLSv13'.  Support for
 'TLSv1_1', 'TLSv1_2', and 'TLSv1_3' requires recent versions of Net::SSLeay
 and openssl.
--- a/IO-Socket-SSL-2.063-use-system-default-cipher-list.patch
+++ b/IO-Socket-SSL-2.063-use-system-default-cipher-list.patch
@ -1,6 +1,6 @@
 --- lib/IO/Socket/SSL.pm
 +++ lib/IO/Socket/SSL.pm
-@@ -163,10 +163,10 @@ my %DEFAULT_SSL_ARGS = (
+@@ -166,10 +166,10 @@ my %DEFAULT_SSL_ARGS = (
     SSL_npn_protocols => undef,    # meaning depends whether on server or client side
     SSL_alpn_protocols => undef,   # list of protocols we'll accept/send, for example ['http/1.1','spdy/3.1']
@ -15,7 +15,7 @@
 );
 my %DEFAULT_SSL_CLIENT_ARGS = (
-@@ -176,63 +176,6 @@ my %DEFAULT_SSL_CLIENT_ARGS = (
+@@ -179,63 +179,6 @@ my %DEFAULT_SSL_CLIENT_ARGS = (
     SSL_ca_file => undef,
     SSL_ca_path => undef,
@ -81,7 +81,7 @@
 # set values inside _init to work with perlcc, RT#95452
 --- lib/IO/Socket/SSL.pod
 +++ lib/IO/Socket/SSL.pod
-@@ -1037,12 +1037,8 @@ documentation (L<http://www.openssl.org/
+@@ -1048,12 +1048,8 @@ documentation (L<http://www.openssl.org/
 for more details.
 Unless you fail to contact your peer because of no shared ciphers it is
--- a/perl-IO-Socket-SSL.spec
+++ b/perl-IO-Socket-SSL.spec
@ -1,15 +1,15 @@
 Name:		perl-IO-Socket-SSL
-Version:	2.062
+Version:	2.063
 Release:	1%{?dist}
 Summary:	Perl library for transparent SSL
 License:	GPL+ or Artistic
 URL:		https://metacpan.org/release/IO-Socket-SSL
 Source0:	https://cpan.metacpan.org/modules/by-module/IO/IO-Socket-SSL-%{version}.tar.gz
-Patch0:		IO-Socket-SSL-2.062-use-system-default-cipher-list.patch
+Patch0:		IO-Socket-SSL-2.063-use-system-default-cipher-list.patch
-Patch1:		IO-Socket-SSL-2.062-use-system-default-SSL-version.patch
+Patch1:		IO-Socket-SSL-2.063-use-system-default-SSL-version.patch
 # A test for Enable-Post-Handshake-Authentication-TLSv1.3-feature.patch,
 # bug #1632660, requires openssl tool
-Patch4:		IO-Socket-SSL-2.060-Test-client-performs-Post-Handshake-Authentication.patch
+Patch4:		IO-Socket-SSL-2.063-Test-client-performs-Post-Handshake-Authentication.patch
 BuildArch:	noarch
 # Module Build
 BuildRequires:	coreutils
@ -121,6 +121,14 @@ make test
 %{_mandir}/man3/IO::Socket::SSL::Utils.3*
 %changelog
 * Sat Mar  2 2019 Paul Howarth <paul@city-fan.org> - 2.063-1
 - Update to 2.063
  - Support for both RSA and ECDSA certificate on same domain
  - Update PublicSuffix
  - Refuse to build if Net::SSLeay is compiled with one version of OpenSSL but
    then linked against another API-incompatible version (i.e. more than just
    the patchlevel differs)
 * Mon Feb 25 2019 Paul Howarth <paul@city-fan.org> - 2.062-1
 - Update to 2.062
  - Enable X509_V_FLAG_PARTIAL_CHAIN if supported by Net::SSLeay (1.83+) and
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (IO-Socket-SSL-2.062.tar.gz) = 8a568b08961550df532cbad2707aea670d00a4e446c3f91e2ba6ca2bb1d85e09428d1f495dab1c8f7d9a74b04717852a1dcdb1b9e2684cf37b7166797b6f1183
+SHA512 (IO-Socket-SSL-2.063.tar.gz) = 31e42de5244fe1766c9c699767473d691657350a8dce115a17dde605274a0e99b460bc165625733d473febda699e07c0318a74f8398faa902683722b0c5e80cb
`@ -1 +1 @@`
	`SHA512 (IO-Socket-SSL-2.062.tar.gz) = 8a568b08961550df532cbad2707aea670d00a4e446c3f91e2ba6ca2bb1d85e09428d1f495dab1c8f7d9a74b04717852a1dcdb1b9e2684cf37b7166797b6f1183`	`SHA512 (IO-Socket-SSL-2.063.tar.gz) = 31e42de5244fe1766c9c699767473d691657350a8dce115a17dde605274a0e99b460bc165625733d473febda699e07c0318a74f8398faa902683722b0c5e80cb`