From 5e48e602cd72663d42d283273a7276e2332b65b6 Mon Sep 17 00:00:00 2001 From: Paul Howarth Date: Sun, 18 May 2014 01:18:49 +0100 Subject: [PATCH] Update to 1.988 - New upstream release 1.988 - Allow IPv4 in common name, because browsers allow this too; only for scheme www/http though, not for rfc2818 (because RC2818 does not allow this; in default scheme IPv6 and IPv4 are allowed in CN) - Fix handling of public suffix; add exemption for *.googleapis.com wildcard, which should not be allowed according to public suffix list but actually is used - Add hostname verification test based on older test of chromium, but change some of the test expectations because we don't want to support IP as SAN DNS and because we enforce a public suffix list (and thus *.co.uk should not be allowed) - Fix t/verify_hostname_standalone.t on systems without usable IDNA or IPv6 (CPAN RT#95719) - Enable IPv6 support only if we have a usable inet_pton - Remove stale entries from MANIFEST - Add transparent support for DER and PKCS#12 files to specify cert and key, e.g. it will autodetect the format - If SSL_cert_file is PEM and no SSL_key_file is given it will check if the key is in SSL_cert_file too --- perl-IO-Socket-SSL.spec | 26 +++++++++++++++++++++++++- sources | 2 +- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/perl-IO-Socket-SSL.spec b/perl-IO-Socket-SSL.spec index fb5d762..cd4d8fb 100644 --- a/perl-IO-Socket-SSL.spec +++ b/perl-IO-Socket-SSL.spec @@ -1,5 +1,5 @@ Name: perl-IO-Socket-SSL -Version: 1.985 +Version: 1.988 Release: 1%{?dist} Summary: Perl library for transparent SSL Group: Development/Libraries @@ -15,6 +15,7 @@ BuildRequires: perl(constant) BuildRequires: perl(Data::Dumper) BuildRequires: perl(Exporter) BuildRequires: perl(ExtUtils::MakeMaker) +BuildRequires: perl(File::Temp) BuildRequires: perl(IO::Select) BuildRequires: perl(IO::Socket) BuildRequires: perl(IO::Socket::INET) @@ -23,7 +24,9 @@ BuildRequires: perl(Net::SSLeay) >= 1.46 BuildRequires: perl(Scalar::Util) BuildRequires: perl(Socket) BuildRequires: perl(Socket6) +BuildRequires: perl(strict) BuildRequires: perl(Test::More) +BuildRequires: perl(warnings) BuildRequires: procps # Use IO::Socket::IP for IPv6 support where available, else IO::Socket::INET6 %if 0%{?fedora} > 15 || 0%{?rhel} > 6 @@ -83,6 +86,27 @@ rm -rf %{buildroot} %{_mandir}/man3/IO::Socket::SSL::Utils.3* %changelog +* Sat May 17 2014 Paul Howarth - 1.988-1 +- Update to 1.988 + - Allow IPv4 in common name, because browsers allow this too; only for scheme + www/http though, not for rfc2818 (because RC2818 does not allow this; in + default scheme IPv6 and IPv4 are allowed in CN) + - Fix handling of public suffix; add exemption for *.googleapis.com + wildcard, which should not be allowed according to public suffix list but + actually is used + - Add hostname verification test based on older test of chromium, but change + some of the test expectations because we don't want to support IP as SAN + DNS and because we enforce a public suffix list (and thus *.co.uk should + not be allowed) + - Fix t/verify_hostname_standalone.t on systems without usable IDNA or IPv6 + (CPAN RT#95719) + - Enable IPv6 support only if we have a usable inet_pton + - Remove stale entries from MANIFEST + - Add transparent support for DER and PKCS#12 files to specify cert and key, + e.g. it will autodetect the format + - If SSL_cert_file is PEM and no SSL_key_file is given it will check if the + key is in SSL_cert_file too + * Thu May 15 2014 Paul Howarth - 1.985-1 - Update to 1.985 - Make OCSP callback return 1 even if it was called on the server side diff --git a/sources b/sources index a1410f4..be1b440 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -7ed8bab5859c20a44782e0799ae762a2 IO-Socket-SSL-1.985.tar.gz +1dd372023ba79550835932c1248a3f25 IO-Socket-SSL-1.988.tar.gz