import perl-IO-Socket-SSL-2.066-3.el8
This commit is contained in:
parent
d677c2d9c7
commit
e133716360
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
||||
SOURCES/IO-Socket-SSL-2.060.tar.gz
|
||||
SOURCES/IO-Socket-SSL-2.066.tar.gz
|
||||
|
@ -1 +1 @@
|
||||
d00985ca87425ab5860bc38e59bcb9d39b372508 SOURCES/IO-Socket-SSL-2.060.tar.gz
|
||||
4eacd69b81f7edae24135a53411cf87429584289 SOURCES/IO-Socket-SSL-2.066.tar.gz
|
||||
|
@ -1,121 +0,0 @@
|
||||
From e96b1c9e394011de4ee181cfa42b8021796bf7d4 Mon Sep 17 00:00:00 2001
|
||||
From: Steffen Ullrich <Steffen_Ullrich@genua.de>
|
||||
Date: Mon, 17 Sep 2018 14:09:48 +0200
|
||||
Subject: [PATCH] make all tests which use fork also ignore signal PIPE
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
||||
---
|
||||
t/nonblock.t | 4 +---
|
||||
t/protocol_version.t | 2 --
|
||||
t/session_ticket.t | 2 --
|
||||
t/signal-readline.t | 1 -
|
||||
t/sni.t | 2 --
|
||||
t/sni_verify.t | 2 --
|
||||
t/testlib.pl | 2 ++
|
||||
7 files changed, 3 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/t/nonblock.t b/t/nonblock.t
|
||||
index 6c1bc38..ad62799 100644
|
||||
--- a/t/nonblock.t
|
||||
+++ b/t/nonblock.t
|
||||
@@ -9,7 +9,7 @@ use Net::SSLeay;
|
||||
use Socket;
|
||||
use IO::Socket::SSL;
|
||||
use IO::Select;
|
||||
-use Errno qw( EWOULDBLOCK EAGAIN EINPROGRESS EPIPE ECONNRESET );
|
||||
+use Errno qw( EWOULDBLOCK EAGAIN EINPROGRESS);
|
||||
do './testlib.pl' || do './t/testlib.pl' || die "no testlib";
|
||||
|
||||
if ( ! eval "use 5.006; use IO::Select; return 1" ) {
|
||||
@@ -17,8 +17,6 @@ if ( ! eval "use 5.006; use IO::Select; return 1" ) {
|
||||
exit;
|
||||
}
|
||||
|
||||
-$SIG{PIPE} = 'IGNORE'; # use EPIPE not signal handler
|
||||
-
|
||||
$|=1;
|
||||
print "1..27\n";
|
||||
|
||||
diff --git a/t/protocol_version.t b/t/protocol_version.t
|
||||
index 2e5cc6f..3577720 100644
|
||||
--- a/t/protocol_version.t
|
||||
+++ b/t/protocol_version.t
|
||||
@@ -7,8 +7,6 @@ use Socket;
|
||||
use IO::Socket::SSL;
|
||||
do './testlib.pl' || do './t/testlib.pl' || die "no testlib";
|
||||
|
||||
-$SIG{PIPE} = 'IGNORE';
|
||||
-
|
||||
plan skip_all => "Test::More has no done_testing"
|
||||
if !defined &done_testing;
|
||||
|
||||
diff --git a/t/session_ticket.t b/t/session_ticket.t
|
||||
index ca70b80..4071b8a 100644
|
||||
--- a/t/session_ticket.t
|
||||
+++ b/t/session_ticket.t
|
||||
@@ -27,8 +27,6 @@ my ($server_cert,$server_key) = CERT_create(
|
||||
purpose => { server => 1 }
|
||||
);
|
||||
|
||||
-$SIG{PIPE} = 'IGNORE';
|
||||
-
|
||||
# create two servers with the same session ticket callback
|
||||
my (@server,@saddr);
|
||||
for (1,2) {
|
||||
diff --git a/t/signal-readline.t b/t/signal-readline.t
|
||||
index 6dcd4ae..3e226c0 100644
|
||||
--- a/t/signal-readline.t
|
||||
+++ b/t/signal-readline.t
|
||||
@@ -50,7 +50,6 @@ if ( $pid == 0 ) {
|
||||
|
||||
my $csock = $server->accept;
|
||||
ok("accept");
|
||||
-$SIG{PIPE} = 'IGNORE';
|
||||
|
||||
syswrite($csock,"foo") or print "not ";
|
||||
ok("wrote foo");
|
||||
diff --git a/t/sni.t b/t/sni.t
|
||||
index c6e6510..de0f06e 100644
|
||||
--- a/t/sni.t
|
||||
+++ b/t/sni.t
|
||||
@@ -17,8 +17,6 @@ if ( ! IO::Socket::SSL->can_client_sni() ) {
|
||||
exit;
|
||||
}
|
||||
|
||||
-$SIG{PIPE} = 'IGNORE';
|
||||
-
|
||||
print "1..17\n";
|
||||
my $server = IO::Socket::SSL->new(
|
||||
LocalAddr => '127.0.0.1',
|
||||
diff --git a/t/sni_verify.t b/t/sni_verify.t
|
||||
index 86b5dca..b3b299b 100644
|
||||
--- a/t/sni_verify.t
|
||||
+++ b/t/sni_verify.t
|
||||
@@ -17,8 +17,6 @@ if ( ! IO::Socket::SSL->can_client_sni() ) {
|
||||
exit;
|
||||
}
|
||||
|
||||
-$SIG{PIPE} = 'IGNORE';
|
||||
-
|
||||
print "1..17\n";
|
||||
my $server = IO::Socket::SSL->new(
|
||||
LocalAddr => '127.0.0.1',
|
||||
diff --git a/t/testlib.pl b/t/testlib.pl
|
||||
index 5a99e49..b3f342c 100644
|
||||
--- a/t/testlib.pl
|
||||
+++ b/t/testlib.pl
|
||||
@@ -19,6 +19,8 @@ unless ( $Config::Config{d_fork} || $Config::Config{d_pseudofork} ||
|
||||
exit
|
||||
}
|
||||
|
||||
+# let IO errors result in EPIPE instead of crashing the test
|
||||
+$SIG{PIPE} = 'IGNORE';
|
||||
|
||||
# small implementations if not used from Test::More (09_fdleak.t)
|
||||
if ( ! defined &ok ) {
|
||||
--
|
||||
2.17.1
|
||||
|
@ -0,0 +1,130 @@
|
||||
From 6b05dc28e94e90ab4852c9977d7fbe66fec6cd48 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
|
||||
Date: Fri, 8 Feb 2019 14:50:32 +0100
|
||||
Subject: [PATCH] Test client performs Post-Handshake-Authentication
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
This test uses openssl tool because PHA is not yet supported by
|
||||
IO::Socket::SSL's server implementation. The openssl tool uses a fixed
|
||||
port. So the test can fail.
|
||||
|
||||
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
||||
---
|
||||
MANIFEST | 1 +
|
||||
t/pha_client.t | 90 ++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
2 files changed, 91 insertions(+)
|
||||
create mode 100755 t/pha_client.t
|
||||
|
||||
diff --git a/MANIFEST b/MANIFEST
|
||||
index 20cddb6..2b8328d 100644
|
||||
--- a/MANIFEST
|
||||
+++ b/MANIFEST
|
||||
@@ -57,6 +57,7 @@ t/mitm.t
|
||||
t/multiple-cert-rsa-ecc.t
|
||||
t/nonblock.t
|
||||
t/npn.t
|
||||
+t/pha_client.t
|
||||
t/plain_upgrade_downgrade.t
|
||||
t/protocol_version.t
|
||||
t/public_suffix_lib_encode_idn.t
|
||||
diff --git a/t/pha_client.t b/t/pha_client.t
|
||||
new file mode 100755
|
||||
index 0000000..2413588
|
||||
--- /dev/null
|
||||
+++ b/t/pha_client.t
|
||||
@@ -0,0 +1,90 @@
|
||||
+#!/usr/bin/perl
|
||||
+use strict;
|
||||
+use warnings;
|
||||
+use Test::More;
|
||||
+use IPC::Run ();
|
||||
+use IO::Socket::SSL ();
|
||||
+use Net::SSLeay ();
|
||||
+use IO::Select ();
|
||||
+
|
||||
+if (system('openssl', 'version')) {
|
||||
+ plan skip_all => 'openssl tool is not available';
|
||||
+} elsif (!defined &Net::SSLeay::CTX_set_post_handshake_auth) {
|
||||
+ plan skip_all => 'Net::SSLeay does not expose PHA';
|
||||
+} else {
|
||||
+ plan tests => 5;
|
||||
+}
|
||||
+
|
||||
+my $port = 2000;
|
||||
+my $ca_cert = 'certs/test-ca.pem';
|
||||
+
|
||||
+diag 'Starting a server';
|
||||
+my ($server, $input, $stdout, $stderr);
|
||||
+eval {
|
||||
+ $server = IPC::Run::start(['openssl', 's_server', '-port', $port,
|
||||
+ '-Verify', '1',
|
||||
+ '-cert', 'certs/server-wildcard.pem',
|
||||
+ '-key', 'certs/server-wildcard.pem', '-CAfile', $ca_cert],
|
||||
+ \$input, \$stdout, \$stderr);
|
||||
+ # subsequent \undef does not work
|
||||
+ # <https://github.com/toddr/IPC-Run/issues/124>
|
||||
+};
|
||||
+if (!$server or $@) {
|
||||
+ BAIL_OUT("Could not start a server: $@");
|
||||
+}
|
||||
+# openssl s_server does not return a non-zero exit code in case of bind(2) failure.
|
||||
+while ($server->pumpable && $stdout !~ /\nACCEPT\n/) { $server->pump; }
|
||||
+if ($stderr =~ /unable to bind socket/) {
|
||||
+ $server->kill_kill;
|
||||
+ BAIL_OUT("Could not start a server: $stderr");
|
||||
+}
|
||||
+ok($server, 'Server started');
|
||||
+
|
||||
+my $client = IO::Socket::SSL->new(
|
||||
+ PeerHost => 'localhost',
|
||||
+ PeerPort => $port,
|
||||
+ SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_PEER,
|
||||
+ SSL_verifycn_scheme => 'www',
|
||||
+ SSL_verifycn_name => 'www.server.local',
|
||||
+ SSL_ca_file => $ca_cert,
|
||||
+ SSL_key_file => 'certs/client-key.pem',
|
||||
+ SSL_cert_file => 'certs/client-cert.pem'
|
||||
+);
|
||||
+ok($client, 'Client connected');
|
||||
+
|
||||
+SKIP: {
|
||||
+ skip "Connection failed: errno=$!, SSL errror=$IO::Socket::SSL::SSL_ERROR", 2
|
||||
+ unless $client;
|
||||
+ $client->blocking(0);
|
||||
+
|
||||
+ SKIP: {
|
||||
+ # Ask openssl s_server for PHA request and wait for the result.
|
||||
+ $input .= "c\n";
|
||||
+ while ($server->pumpable &&
|
||||
+ $stderr !~ /SSL_verify_client_post_handshake/ &&
|
||||
+ $stdout !~ /SSL_do_handshake -> 1/
|
||||
+ ) {
|
||||
+ # Push the PHA command to the server and read outputs.
|
||||
+ $server->pump;
|
||||
+
|
||||
+ # Client also must perform I/O to process the PHA request.
|
||||
+ my $select = IO::Select->new($client);
|
||||
+ while ($select->can_read(1)) { # 1 second time-out because of
|
||||
+ # blocking IPC::Run
|
||||
+ my $retval = $client->read(my $buf, 1);
|
||||
+ if (defined $buf and $buf eq 'c') {
|
||||
+ skip 'openssl tool does not support PHA command', 1;
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+ ok($stdout =~ /SSL_do_handshake -> 1/, 'Client performed PHA');
|
||||
+ }
|
||||
+
|
||||
+ ok($client->close, 'Client disconnected');
|
||||
+}
|
||||
+
|
||||
+eval {
|
||||
+ $server->kill_kill;
|
||||
+};
|
||||
+ok(!$@, 'Server terminated');
|
||||
+
|
||||
--
|
||||
2.20.1
|
||||
|
@ -1,6 +1,6 @@
|
||||
--- lib/IO/Socket/SSL.pm
|
||||
+++ lib/IO/Socket/SSL.pm
|
||||
@@ -130,7 +130,7 @@ if ( defined &Net::SSLeay::CTX_set_min_p
|
||||
@@ -164,7 +164,7 @@ if ( defined &Net::SSLeay::CTX_set_min_p
|
||||
# global defaults
|
||||
my %DEFAULT_SSL_ARGS = (
|
||||
SSL_check_crl => 0,
|
||||
@ -9,7 +9,7 @@
|
||||
SSL_verify_callback => undef,
|
||||
SSL_verifycn_scheme => undef, # fallback cn verification
|
||||
SSL_verifycn_publicsuffix => undef, # fallback default list verification
|
||||
@@ -2295,7 +2295,7 @@ sub new {
|
||||
@@ -2335,7 +2335,7 @@ sub new {
|
||||
|
||||
my $ssl_op = $DEFAULT_SSL_OP;
|
||||
|
||||
@ -20,10 +20,10 @@
|
||||
or croak("invalid SSL_version specified");
|
||||
--- lib/IO/Socket/SSL.pod
|
||||
+++ lib/IO/Socket/SSL.pod
|
||||
@@ -1010,11 +1010,12 @@ protocol to the specified version.
|
||||
All values are case-insensitive. Instead of 'TLSv1_1' and 'TLSv1_2' one can
|
||||
also use 'TLSv11' and 'TLSv12'. Support for 'TLSv1_1' and 'TLSv1_2' requires
|
||||
recent versions of Net::SSLeay and openssl.
|
||||
@@ -1028,11 +1028,12 @@ All values are case-insensitive. Instea
|
||||
'TLSv1_3' one can also use 'TLSv11', 'TLSv12', and 'TLSv13'. Support for
|
||||
'TLSv1_1', 'TLSv1_2', and 'TLSv1_3' requires recent versions of Net::SSLeay
|
||||
and openssl.
|
||||
+The default SSL_version is defined by the underlying cryptographic library.
|
||||
|
||||
Independent from the handshake format you can limit to set of accepted SSL
|
@ -1,13 +1,14 @@
|
||||
--- lib/IO/Socket/SSL.pm
|
||||
+++ lib/IO/Socket/SSL.pm
|
||||
@@ -138,10 +138,10 @@ my %DEFAULT_SSL_ARGS = (
|
||||
@@ -172,11 +172,10 @@ my %DEFAULT_SSL_ARGS = (
|
||||
SSL_npn_protocols => undef, # meaning depends whether on server or client side
|
||||
SSL_alpn_protocols => undef, # list of protocols we'll accept/send, for example ['http/1.1','spdy/3.1']
|
||||
|
||||
- # https://wiki.mozilla.org/Security/Server_Side_TLS, 2016/04/20
|
||||
- # https://wiki.mozilla.org/Security/Server_Side_TLS, 2019/03/05
|
||||
- # "Old backward compatibility" for best compatibility
|
||||
- # .. "Most ciphers that are not clearly broken and dangerous to use are supported"
|
||||
- SSL_cipher_list => 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP',
|
||||
- # slightly reordered to prefer AES since it is cheaper when hardware accelerated
|
||||
- SSL_cipher_list => 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP',
|
||||
+ # Use system-wide default cipher list to support use of system-wide
|
||||
+ # crypto policy (#1076390, #1127577, CPAN RT#97816)
|
||||
+ # https://fedoraproject.org/wiki/Changes/CryptoPolicy
|
||||
@ -15,7 +16,7 @@
|
||||
);
|
||||
|
||||
my %DEFAULT_SSL_CLIENT_ARGS = (
|
||||
@@ -151,63 +151,6 @@ my %DEFAULT_SSL_CLIENT_ARGS = (
|
||||
@@ -186,63 +185,6 @@ my %DEFAULT_SSL_CLIENT_ARGS = (
|
||||
SSL_ca_file => undef,
|
||||
SSL_ca_path => undef,
|
||||
|
||||
@ -81,7 +82,7 @@
|
||||
# set values inside _init to work with perlcc, RT#95452
|
||||
--- lib/IO/Socket/SSL.pod
|
||||
+++ lib/IO/Socket/SSL.pod
|
||||
@@ -1036,12 +1036,8 @@ documentation (L<http://www.openssl.org/
|
||||
@@ -1054,12 +1054,8 @@ documentation (L<http://www.openssl.org/
|
||||
for more details.
|
||||
|
||||
Unless you fail to contact your peer because of no shared ciphers it is
|
@ -1,15 +1,15 @@
|
||||
Name: perl-IO-Socket-SSL
|
||||
Version: 2.060
|
||||
Release: 2%{?dist}
|
||||
Version: 2.066
|
||||
Release: 3%{?dist}
|
||||
Summary: Perl library for transparent SSL
|
||||
License: GPL+ or Artistic
|
||||
License: (GPL+ or Artistic) and MPLv2.0
|
||||
URL: https://metacpan.org/release/IO-Socket-SSL
|
||||
Source0: https://cpan.metacpan.org/modules/by-module/IO/IO-Socket-SSL-%{version}.tar.gz
|
||||
Patch0: IO-Socket-SSL-2.060-use-system-default-cipher-list.patch
|
||||
Patch1: IO-Socket-SSL-2.060-use-system-default-SSL-version.patch
|
||||
# Prevent tests from dying on SIGPIPE, bug #1610017, CPAN RT#126899,
|
||||
# in upstream after 2.060
|
||||
Patch2: IO-Socket-SSL-2.060-make-all-tests-which-use-fork-also-ignore-signal-PIP.patch
|
||||
Patch0: IO-Socket-SSL-2.066-use-system-default-cipher-list.patch
|
||||
Patch1: IO-Socket-SSL-2.066-use-system-default-SSL-version.patch
|
||||
# A test for Enable-Post-Handshake-Authentication-TLSv1.3-feature.patch,
|
||||
# bug #1633636, requires openssl tool
|
||||
Patch2: IO-Socket-SSL-2.066-Test-client-performs-Post-Handshake-Authentication.patch
|
||||
BuildArch: noarch
|
||||
# Module Build
|
||||
BuildRequires: coreutils
|
||||
@ -41,6 +41,8 @@ BuildRequires: perl(File::Temp)
|
||||
BuildRequires: perl(FindBin)
|
||||
BuildRequires: perl(IO::Select)
|
||||
BuildRequires: perl(IO::Socket::INET)
|
||||
# IPC::Run for Test-client-performs-Post-Handshake-Authentication.patch
|
||||
BuildRequires: perl(IPC::Run)
|
||||
BuildRequires: perl(Test::More) >= 0.88
|
||||
BuildRequires: perl(utf8)
|
||||
BuildRequires: procps
|
||||
@ -89,7 +91,7 @@ mod_perl.
|
||||
# Use system-default SSL version too
|
||||
%patch1
|
||||
|
||||
# Prevent tests from dying on SIGPIPE (CPAN RT#126899)
|
||||
# Add a test for PHA
|
||||
%patch2 -p1
|
||||
|
||||
%build
|
||||
@ -105,26 +107,44 @@ find %{buildroot} -type f -name .packlist -delete
|
||||
make test
|
||||
|
||||
%files
|
||||
# GPL+ or Artistic
|
||||
%doc BUGS Changes README docs/ certs/ example/
|
||||
%dir %{perl_vendorlib}/IO/
|
||||
%dir %{perl_vendorlib}/IO/Socket/
|
||||
%dir %{perl_vendorlib}/IO/Socket/SSL/
|
||||
%doc %{perl_vendorlib}/IO/Socket/SSL.pod
|
||||
%{perl_vendorlib}/IO/Socket/SSL.pm
|
||||
%{perl_vendorlib}/IO/Socket/SSL/
|
||||
%{perl_vendorlib}/IO/Socket/SSL/Intercept.pm
|
||||
%{perl_vendorlib}/IO/Socket/SSL/Utils.pm
|
||||
%{_mandir}/man3/IO::Socket::SSL.3*
|
||||
%{_mandir}/man3/IO::Socket::SSL::Intercept.3*
|
||||
%{_mandir}/man3/IO::Socket::SSL::PublicSuffix.3*
|
||||
%{_mandir}/man3/IO::Socket::SSL::Utils.3*
|
||||
# MPLv2.0
|
||||
%{perl_vendorlib}/IO/Socket/SSL/PublicSuffix.pm
|
||||
%{_mandir}/man3/IO::Socket::SSL::PublicSuffix.3*
|
||||
|
||||
%changelog
|
||||
* Wed Jun 26 2019 Paul Howarth <paul@city-fan.org> - 2.066-3
|
||||
- PublicSuffix.pm is licensed MPLv2.0 (#1724434)
|
||||
|
||||
* Mon Jun 17 2019 Petr Pisar <ppisar@redhat.com> - 2.066-2
|
||||
- Skip a PHA test if Net::SSLeay does not expose the PHA (bug #1633636)
|
||||
|
||||
* Thu Jun 13 2019 Petr Pisar <ppisar@redhat.com> - 2.066-1
|
||||
- Update to 2.066 (bug #1632600)
|
||||
|
||||
* Thu Feb 07 2019 Petr Pisar <ppisar@redhat.com> - 2.060-3
|
||||
- Client sends a post-handshake-authentication extension if a client key and
|
||||
a certificate are available (bug #1633636)
|
||||
|
||||
* Mon Sep 24 2018 Petr Pisar <ppisar@redhat.com> - 2.060-2
|
||||
- Prevent tests from dying on SIGPIPE (bug #1610017)
|
||||
|
||||
* Mon Sep 17 2018 Paul Howarth <paul@city-fan.org> - 2.060-1
|
||||
- Update to 2.060 (bug #1610017)
|
||||
- Support for TLS 1.3 with OpenSSL 1.1.1 (needs support in Net::SSLeay too);
|
||||
see also CPAN RT#126899
|
||||
- TLS 1.3 support is not complete yet for session resume
|
||||
- Support for TLS 1.3 with OpenSSL 1.1.1 (needs Net::SSLeay ≥ 1.86); see
|
||||
also CPAN RT#126899
|
||||
- TLS 1.3 support is not complete yet for session reuse
|
||||
|
||||
* Tue Aug 21 2018 Petr Pisar <ppisar@redhat.com> - 2.059-2
|
||||
- Adapt to OpenSSL 1.1.1, it requires patched Net-SSLeay (bug #1610017)
|
||||
|
Loading…
Reference in New Issue
Block a user