From 8c3e5b5c0fb8cbd2930ec48593945d45c4255901 Mon Sep 17 00:00:00 2001
From: Paul Howarth <paul@city-fan.org>
Date: Sun, 1 Feb 2015 19:12:03 +0000
Subject: [PATCH] Update to 2.011

- New upstream release 2.011
  - Fix t/ocsp.t - don't count on revoked.grc.com using OCSP stapling
    (CPAN RT#101855)
  - Added option 'purpose' to Utils::CERT_create to get better control of the
    certificate's purpose; default is 'server,client' for non-CA (contrary to
    only 'server' before)
  - Removed RC4 from default cipher suites on the server side
    (https://github.com/noxxi/p5-io-socket-ssl/issues/22)
  - Refactoring of some tests using Test::More
- Note that this package still uses system-default cipher and SSL versions,
  which may have RC4 enabled
- Update patches as needed
---
 ...2.011-use-system-default-SSL-version.patch |  4 ++--
 ...2.011-use-system-default-cipher-list.patch |  4 ++--
 perl-IO-Socket-SSL.spec                       | 20 ++++++++++++++++---
 3 files changed, 21 insertions(+), 7 deletions(-)
 rename IO-Socket-SSL-2.010-use-system-default-SSL-version.patch => IO-Socket-SSL-2.011-use-system-default-SSL-version.patch (94%)
 rename IO-Socket-SSL-2.010-use-system-default-cipher-list.patch => IO-Socket-SSL-2.011-use-system-default-cipher-list.patch (95%)

diff --git a/IO-Socket-SSL-2.010-use-system-default-SSL-version.patch b/IO-Socket-SSL-2.011-use-system-default-SSL-version.patch
similarity index 94%
rename from IO-Socket-SSL-2.010-use-system-default-SSL-version.patch
rename to IO-Socket-SSL-2.011-use-system-default-SSL-version.patch
index 04fea61..65836c4 100644
--- a/IO-Socket-SSL-2.010-use-system-default-SSL-version.patch
+++ b/IO-Socket-SSL-2.011-use-system-default-SSL-version.patch
@@ -9,7 +9,7 @@
      SSL_verify_callback => undef,
      SSL_verifycn_scheme => undef,  # fallback cn verification
      SSL_verifycn_publicsuffix => undef,  # fallback default list verification
-@@ -2086,7 +2086,7 @@ WARN
+@@ -2088,7 +2088,7 @@ WARN
      $ssl_op |= &Net::SSLeay::OP_SINGLE_DH_USE;
      $ssl_op |= &Net::SSLeay::OP_SINGLE_ECDH_USE if $can_ecdh;
  
@@ -20,7 +20,7 @@
  	or croak("invalid SSL_version specified");
 --- lib/IO/Socket/SSL.pod
 +++ lib/IO/Socket/SSL.pod
-@@ -918,11 +918,12 @@ protocol to the specified version.
+@@ -928,11 +928,12 @@ protocol to the specified version.
  All values are case-insensitive.  Instead of 'TLSv1_1' and 'TLSv1_2' one can
  also use 'TLSv11' and 'TLSv12'.  Support for 'TLSv1_1' and 'TLSv1_2' requires
  recent versions of Net::SSLeay and openssl.
diff --git a/IO-Socket-SSL-2.010-use-system-default-cipher-list.patch b/IO-Socket-SSL-2.011-use-system-default-cipher-list.patch
similarity index 95%
rename from IO-Socket-SSL-2.010-use-system-default-cipher-list.patch
rename to IO-Socket-SSL-2.011-use-system-default-cipher-list.patch
index 3f11860..136668c 100644
--- a/IO-Socket-SSL-2.010-use-system-default-cipher-list.patch
+++ b/IO-Socket-SSL-2.011-use-system-default-cipher-list.patch
@@ -6,7 +6,7 @@
      SSL_alpn_protocols => undef,   # list of protocols we'll accept/send, for example ['http/1.1','spdy/3.1']
 -    SSL_cipher_list =>
 -	'EECDH+AESGCM+ECDSA EECDH+AESGCM EECDH+ECDSA +AES256 EECDH EDH+AESGCM '.
--	'EDH ALL +SHA +3DES +RC4 !LOW !EXP !eNULL !aNULL !DES !MD5 !PSK !SRP',
+-	'EDH ALL +SHA +3DES !RC4 !LOW !EXP !eNULL !aNULL !DES !MD5 !PSK !SRP',
 +    SSL_cipher_list => 'DEFAULT',
  );
  
@@ -56,7 +56,7 @@
  # set values inside _init to work with perlcc, RT#95452
 --- lib/IO/Socket/SSL.pod
 +++ lib/IO/Socket/SSL.pod
-@@ -944,12 +944,8 @@ documentation (L<http://www.openssl.org/
+@@ -954,12 +954,8 @@ documentation (L<http://www.openssl.org/
  for more details.
  
  Unless you fail to contact your peer because of no shared ciphers it is
diff --git a/perl-IO-Socket-SSL.spec b/perl-IO-Socket-SSL.spec
index 6bb9c47..65ec8f4 100644
--- a/perl-IO-Socket-SSL.spec
+++ b/perl-IO-Socket-SSL.spec
@@ -1,13 +1,13 @@
 Name:		perl-IO-Socket-SSL
-Version:	2.010
+Version:	2.011
 Release:	1%{?dist}
 Summary:	Perl library for transparent SSL
 Group:		Development/Libraries
 License:	GPL+ or Artistic
 URL:		http://search.cpan.org/dist/IO-Socket-SSL/
 Source0:	http://search.cpan.org/CPAN/authors/id/S/SU/SULLR/IO-Socket-SSL-%{version}.tar.gz
-Patch0:		IO-Socket-SSL-2.010-use-system-default-cipher-list.patch
-Patch1:		IO-Socket-SSL-2.010-use-system-default-SSL-version.patch
+Patch0:		IO-Socket-SSL-2.011-use-system-default-cipher-list.patch
+Patch1:		IO-Socket-SSL-2.011-use-system-default-SSL-version.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu)
 BuildArch:	noarch
 # Module Build
@@ -112,6 +112,20 @@ rm -rf %{buildroot}
 %{_mandir}/man3/IO::Socket::SSL::Utils.3*
 
 %changelog
+* Sun Feb  1 2015 Paul Howarth <paul@city-fan.org> - 2.011-1
+- Update to 2.011
+  - Fix t/ocsp.t - don't count on revoked.grc.com using OCSP stapling
+    (CPAN RT#101855)
+  - Added option 'purpose' to Utils::CERT_create to get better control of the
+    certificate's purpose; default is 'server,client' for non-CA (contrary to
+    only 'server' before)
+  - Removed RC4 from default cipher suites on the server side
+    (https://github.com/noxxi/p5-io-socket-ssl/issues/22)
+  - Refactoring of some tests using Test::More
+- Note that this package still uses system-default cipher and SSL versions,
+  which may have RC4 enabled
+- Update patches as needed
+
 * Thu Jan 15 2015 Paul Howarth <paul@city-fan.org> - 2.010-1
 - Update to 2.010
   - New options SSL_client_ca_file and SSL_client_ca to let the server send the