Update to 1.988
- New upstream release 1.988
- Allow IPv4 in common name, because browsers allow this too; only for scheme
www/http though, not for rfc2818 (because RC2818 does not allow this; in
default scheme IPv6 and IPv4 are allowed in CN)
- Fix handling of public suffix; add exemption for *.googleapis.com
wildcard, which should not be allowed according to public suffix list but
actually is used
- Add hostname verification test based on older test of chromium, but change
some of the test expectations because we don't want to support IP as SAN
DNS and because we enforce a public suffix list (and thus *.co.uk should
not be allowed)
- Fix t/verify_hostname_standalone.t on systems without usable IDNA or IPv6
(CPAN RT#95719)
- Enable IPv6 support only if we have a usable inet_pton
- Remove stale entries from MANIFEST
- Add transparent support for DER and PKCS#12 files to specify cert and key,
e.g. it will autodetect the format
- If SSL_cert_file is PEM and no SSL_key_file is given it will check if the
key is in SSL_cert_file too
This commit is contained in:
Paul Howarth
parent
e1aa44992f
commit
5e48e602cd
@ -1,5 +1,5 @@
|
||||
Name: perl-IO-Socket-SSL
|
||||
Version: 1.985
|
||||
Version: 1.988
|
||||
Release: 1%{?dist}
|
||||
Summary: Perl library for transparent SSL
|
||||
Group: Development/Libraries
|
||||
@ -15,6 +15,7 @@ BuildRequires: perl(constant)
|
||||
BuildRequires: perl(Data::Dumper)
|
||||
BuildRequires: perl(Exporter)
|
||||
BuildRequires: perl(ExtUtils::MakeMaker)
|
||||
BuildRequires: perl(File::Temp)
|
||||
BuildRequires: perl(IO::Select)
|
||||
BuildRequires: perl(IO::Socket)
|
||||
BuildRequires: perl(IO::Socket::INET)
|
||||
@ -23,7 +24,9 @@ BuildRequires: perl(Net::SSLeay) >= 1.46
|
||||
BuildRequires: perl(Scalar::Util)
|
||||
BuildRequires: perl(Socket)
|
||||
BuildRequires: perl(Socket6)
|
||||
BuildRequires: perl(strict)
|
||||
BuildRequires: perl(Test::More)
|
||||
BuildRequires: perl(warnings)
|
||||
BuildRequires: procps
|
||||
# Use IO::Socket::IP for IPv6 support where available, else IO::Socket::INET6
|
||||
%if 0%{?fedora} > 15 || 0%{?rhel} > 6
|
||||
@ -83,6 +86,27 @@ rm -rf %{buildroot}
|
||||
%{_mandir}/man3/IO::Socket::SSL::Utils.3*
|
||||
|
||||
%changelog
|
||||
* Sat May 17 2014 Paul Howarth <paul@city-fan.org> - 1.988-1
|
||||
- Update to 1.988
|
||||
- Allow IPv4 in common name, because browsers allow this too; only for scheme
|
||||
www/http though, not for rfc2818 (because RC2818 does not allow this; in
|
||||
default scheme IPv6 and IPv4 are allowed in CN)
|
||||
- Fix handling of public suffix; add exemption for *.googleapis.com
|
||||
wildcard, which should not be allowed according to public suffix list but
|
||||
actually is used
|
||||
- Add hostname verification test based on older test of chromium, but change
|
||||
some of the test expectations because we don't want to support IP as SAN
|
||||
DNS and because we enforce a public suffix list (and thus *.co.uk should
|
||||
not be allowed)
|
||||
- Fix t/verify_hostname_standalone.t on systems without usable IDNA or IPv6
|
||||
(CPAN RT#95719)
|
||||
- Enable IPv6 support only if we have a usable inet_pton
|
||||
- Remove stale entries from MANIFEST
|
||||
- Add transparent support for DER and PKCS#12 files to specify cert and key,
|
||||
e.g. it will autodetect the format
|
||||
- If SSL_cert_file is PEM and no SSL_key_file is given it will check if the
|
||||
key is in SSL_cert_file too
|
||||
|
||||
* Thu May 15 2014 Paul Howarth <paul@city-fan.org> - 1.985-1
|
||||
- Update to 1.985
|
||||
- Make OCSP callback return 1 even if it was called on the server side
|
||||
|
||||
Loading…
Reference in New Issue
Block a user