Update to 2.011

- New upstream release 2.011
  - Fix t/ocsp.t - don't count on revoked.grc.com using OCSP stapling
    (CPAN RT#101855)
  - Added option 'purpose' to Utils::CERT_create to get better control of the
    certificate's purpose; default is 'server,client' for non-CA (contrary to
    only 'server' before)
  - Removed RC4 from default cipher suites on the server side
    (https://github.com/noxxi/p5-io-socket-ssl/issues/22)
  - Refactoring of some tests using Test::More
- Note that this package still uses system-default cipher and SSL versions,
  which may have RC4 enabled
- Update patches as needed
This commit is contained in:
Paul Howarth 2015-02-01 19:12:03 +00:00
parent 98379599a5
commit 8c3e5b5c0f
3 changed files with 21 additions and 7 deletions

View File

@ -9,7 +9,7 @@
SSL_verify_callback => undef, SSL_verify_callback => undef,
SSL_verifycn_scheme => undef, # fallback cn verification SSL_verifycn_scheme => undef, # fallback cn verification
SSL_verifycn_publicsuffix => undef, # fallback default list verification SSL_verifycn_publicsuffix => undef, # fallback default list verification
@@ -2086,7 +2086,7 @@ WARN @@ -2088,7 +2088,7 @@ WARN
$ssl_op |= &Net::SSLeay::OP_SINGLE_DH_USE; $ssl_op |= &Net::SSLeay::OP_SINGLE_DH_USE;
$ssl_op |= &Net::SSLeay::OP_SINGLE_ECDH_USE if $can_ecdh; $ssl_op |= &Net::SSLeay::OP_SINGLE_ECDH_USE if $can_ecdh;
@ -20,7 +20,7 @@
or croak("invalid SSL_version specified"); or croak("invalid SSL_version specified");
--- lib/IO/Socket/SSL.pod --- lib/IO/Socket/SSL.pod
+++ lib/IO/Socket/SSL.pod +++ lib/IO/Socket/SSL.pod
@@ -918,11 +918,12 @@ protocol to the specified version. @@ -928,11 +928,12 @@ protocol to the specified version.
All values are case-insensitive. Instead of 'TLSv1_1' and 'TLSv1_2' one can All values are case-insensitive. Instead of 'TLSv1_1' and 'TLSv1_2' one can
also use 'TLSv11' and 'TLSv12'. Support for 'TLSv1_1' and 'TLSv1_2' requires also use 'TLSv11' and 'TLSv12'. Support for 'TLSv1_1' and 'TLSv1_2' requires
recent versions of Net::SSLeay and openssl. recent versions of Net::SSLeay and openssl.

View File

@ -6,7 +6,7 @@
SSL_alpn_protocols => undef, # list of protocols we'll accept/send, for example ['http/1.1','spdy/3.1'] SSL_alpn_protocols => undef, # list of protocols we'll accept/send, for example ['http/1.1','spdy/3.1']
- SSL_cipher_list => - SSL_cipher_list =>
- 'EECDH+AESGCM+ECDSA EECDH+AESGCM EECDH+ECDSA +AES256 EECDH EDH+AESGCM '. - 'EECDH+AESGCM+ECDSA EECDH+AESGCM EECDH+ECDSA +AES256 EECDH EDH+AESGCM '.
- 'EDH ALL +SHA +3DES +RC4 !LOW !EXP !eNULL !aNULL !DES !MD5 !PSK !SRP', - 'EDH ALL +SHA +3DES !RC4 !LOW !EXP !eNULL !aNULL !DES !MD5 !PSK !SRP',
+ SSL_cipher_list => 'DEFAULT', + SSL_cipher_list => 'DEFAULT',
); );
@ -56,7 +56,7 @@
# set values inside _init to work with perlcc, RT#95452 # set values inside _init to work with perlcc, RT#95452
--- lib/IO/Socket/SSL.pod --- lib/IO/Socket/SSL.pod
+++ lib/IO/Socket/SSL.pod +++ lib/IO/Socket/SSL.pod
@@ -944,12 +944,8 @@ documentation (L<http://www.openssl.org/ @@ -954,12 +954,8 @@ documentation (L<http://www.openssl.org/
for more details. for more details.
Unless you fail to contact your peer because of no shared ciphers it is Unless you fail to contact your peer because of no shared ciphers it is

View File

@ -1,13 +1,13 @@
Name: perl-IO-Socket-SSL Name: perl-IO-Socket-SSL
Version: 2.010 Version: 2.011
Release: 1%{?dist} Release: 1%{?dist}
Summary: Perl library for transparent SSL Summary: Perl library for transparent SSL
Group: Development/Libraries Group: Development/Libraries
License: GPL+ or Artistic License: GPL+ or Artistic
URL: http://search.cpan.org/dist/IO-Socket-SSL/ URL: http://search.cpan.org/dist/IO-Socket-SSL/
Source0: http://search.cpan.org/CPAN/authors/id/S/SU/SULLR/IO-Socket-SSL-%{version}.tar.gz Source0: http://search.cpan.org/CPAN/authors/id/S/SU/SULLR/IO-Socket-SSL-%{version}.tar.gz
Patch0: IO-Socket-SSL-2.010-use-system-default-cipher-list.patch Patch0: IO-Socket-SSL-2.011-use-system-default-cipher-list.patch
Patch1: IO-Socket-SSL-2.010-use-system-default-SSL-version.patch Patch1: IO-Socket-SSL-2.011-use-system-default-SSL-version.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu)
BuildArch: noarch BuildArch: noarch
# Module Build # Module Build
@ -112,6 +112,20 @@ rm -rf %{buildroot}
%{_mandir}/man3/IO::Socket::SSL::Utils.3* %{_mandir}/man3/IO::Socket::SSL::Utils.3*
%changelog %changelog
* Sun Feb 1 2015 Paul Howarth <paul@city-fan.org> - 2.011-1
- Update to 2.011
- Fix t/ocsp.t - don't count on revoked.grc.com using OCSP stapling
(CPAN RT#101855)
- Added option 'purpose' to Utils::CERT_create to get better control of the
certificate's purpose; default is 'server,client' for non-CA (contrary to
only 'server' before)
- Removed RC4 from default cipher suites on the server side
(https://github.com/noxxi/p5-io-socket-ssl/issues/22)
- Refactoring of some tests using Test::More
- Note that this package still uses system-default cipher and SSL versions,
which may have RC4 enabled
- Update patches as needed
* Thu Jan 15 2015 Paul Howarth <paul@city-fan.org> - 2.010-1 * Thu Jan 15 2015 Paul Howarth <paul@city-fan.org> - 2.010-1
- Update to 2.010 - Update to 2.010
- New options SSL_client_ca_file and SSL_client_ca to let the server send the - New options SSL_client_ca_file and SSL_client_ca to let the server send the