diff --git a/IO-Socket-SSL-2.016-use-system-default-SSL-version.patch b/IO-Socket-SSL-2.018-use-system-default-SSL-version.patch similarity index 94% rename from IO-Socket-SSL-2.016-use-system-default-SSL-version.patch rename to IO-Socket-SSL-2.018-use-system-default-SSL-version.patch index 9cebdef..e1b2784 100644 --- a/IO-Socket-SSL-2.016-use-system-default-SSL-version.patch +++ b/IO-Socket-SSL-2.018-use-system-default-SSL-version.patch @@ -9,7 +9,7 @@ SSL_verify_callback => undef, SSL_verifycn_scheme => undef, # fallback cn verification SSL_verifycn_publicsuffix => undef, # fallback default list verification -@@ -2133,7 +2133,7 @@ WARN +@@ -2135,7 +2135,7 @@ sub new { $ssl_op |= &Net::SSLeay::OP_SINGLE_DH_USE; $ssl_op |= &Net::SSLeay::OP_SINGLE_ECDH_USE if $can_ecdh; @@ -20,7 +20,7 @@ or croak("invalid SSL_version specified"); --- lib/IO/Socket/SSL.pod +++ lib/IO/Socket/SSL.pod -@@ -932,11 +932,12 @@ protocol to the specified version. +@@ -934,11 +934,12 @@ protocol to the specified version. All values are case-insensitive. Instead of 'TLSv1_1' and 'TLSv1_2' one can also use 'TLSv11' and 'TLSv12'. Support for 'TLSv1_1' and 'TLSv1_2' requires recent versions of Net::SSLeay and openssl. diff --git a/IO-Socket-SSL-2.016-use-system-default-cipher-list.patch b/IO-Socket-SSL-2.018-use-system-default-cipher-list.patch similarity index 92% rename from IO-Socket-SSL-2.016-use-system-default-cipher-list.patch rename to IO-Socket-SSL-2.018-use-system-default-cipher-list.patch index f6b94f2..8468bc9 100644 --- a/IO-Socket-SSL-2.016-use-system-default-cipher-list.patch +++ b/IO-Socket-SSL-2.018-use-system-default-cipher-list.patch @@ -56,7 +56,7 @@ # set values inside _init to work with perlcc, RT#95452 --- lib/IO/Socket/SSL.pod +++ lib/IO/Socket/SSL.pod -@@ -958,12 +958,8 @@ documentation (L - 2.018-1 +- Update to 2.018 + - Checks for readability of files/dirs for certificates and CA no longer use + -r because this is not safe when ACLs are used (CPAN RT#106295) + - New method sock_certificate similar to peer_certificate (CPAN RT#105733) + - get_fingerprint can now take optional certificate as argument and compute + the fingerprint of it; useful in connection with sock_certificate + - Check for both EWOULDBLOCK and EAGAIN since these codes are different on + some platforms (CPAN RT#106573) + - Enforce default verification scheme if nothing was specified, i.e. no + longer just warn but accept; if really no verification is wanted, a scheme + of 'none' must be explicitly specified + - Support different cipher suites per SNI hosts + - startssl.t failed on darwin with old openssl since server requested client + certificate but offered also anon ciphers (CPAN RT#106687) +- Update patches as needed + * Thu Jun 18 2015 Fedora Release Engineering - 2.016-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild diff --git a/sources b/sources index c4c64f6..fefc0b8 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -a71e9f0f76c7a15a11fef14ca8ef8aa8 IO-Socket-SSL-2.016.tar.gz +817adc9e0cd6817998fd49dea3fe0349 IO-Socket-SSL-2.018.tar.gz