- New upstream release 1.69 (changes for CPAN RT#76929)
- If no explicit cipher list is given, default to ALL:!LOW instead of the
openssl default, which usually includes weak ciphers like DES
- New config key SSL_honor_cipher_order and document how to use it to fight
BEAST attack
- Fix behavior for empty cipher list (use default)
- Re-added workaround in t/dhe.t
- New upstream release 1.64
- Ignore die from within eval to make tests more stable on Win32
(CPAN RT#76147)
- Clarify some behavior regarding hostname verfication
- Drop patch for t/dhe.t, no longer needed
- New upstream release 1.60
- Don't make blocking readline if socket was set nonblocking, but return as
soon no more data are available (CPAN RT#75910)
- Fix BUG section about threading so that it shows package as thread safe
as long as Net::SSLeay ≥ 1.43 is used (CPAN RT#75749)
- BR: perl(constant), perl(Exporter) and perl(IO::Socket)
- New upstream release 1.59
- If SSLv2 is not supported by Net::SSLeay set SSL_ERROR with useful message
when attempting to use it
- Modify constant declarations so that 5.6.1 should work again
- Drop %defattr, redundant since rpm 4.4
- New upstream release 1.58
- Fix t/dhe.t for openssl 1.0.1 beta by forcing TLSv1, so that it does not
complain about the too small RSA key, which it should not use anyway; this
workaround is not applied for older openssl versions, where it would cause
failures (CPAN RT#75165)
- Add patch to fiddle the openssl version number in the t/dhe.t workaround
because the OPENSSL_VERSION_NUMBER cannot be trusted in Fedora
- One buildreq per line for readability
- Drop redundant buildreq perl(Test::Simple)
- Always run full test suite
- New upstream release 1.56
- Add automatic or explicit (via SSL_hostname) SNI support, needed for
multiple SSL hostnames with the same IP (currently only supported for the
client)
- Use DESTDIR rather than PERL_INSTALL_ROOT
- No need to delete empty directories from buildroot
- New upstream release 1.55:
- Work around IO::Socket's work around for systems returning EISCONN etc. on
connect retry for non-blocking sockets by clearing $! if SUPER::connect
returned true (CPAN RT#75101)
- New upstream release 1.52:
- Fix for t/nonblock.t hangs on AIX (CPAN RT#72305)
- Disable t/memleak_bad_handshake.t on AIX, because it might hang
(CPAN RT#72170)
- Fix syntax error in t/memleak_bad_handshake.t
- New upstream release 1.49:
- Another regression for readline fix: this time it failed to return lines
at EOF that don't end with newline - extended t/readline.t to catch this
case and the fix for 1.48
- New upstream release 1.48:
- Further fix for readline fix in 1.45: if the pending data were false (like
'0'), it failed to read the rest of the line (CPAN RT#71953)
- New upstream release 1.44:
- Fix invalid call to inet_pton in verify_hostname_of_cert when identity
should be verified as ipv6 address because it contains a colon
- New upstream release 1.43:
- Add SSL_create_ctx_callback to have a way to adjust context on creation
(CPAN RT#67799)
- Describe problem of fake memory leak because of big session cache and how
to fix it (CPAN RT#68073)
- Fix t/nonblock.t
- Stability improvements for t/inet6.t
- New upstream release 1.41:
- Fix issue in stop_SSL where it did not issue a shutdown of the SSL
connection if it first received the shutdown from the other side
- Try to make t/nonblock.t more reliable, at least report the real cause of
SSL connection errors
- No longer need to re-code docs to UTF-8
- New upstream release 1.37:
- don't complain about invalid certificate locations if user explicitly set
SSL_ca_path and SSL_ca_file to undef: assume that user knows what they are
doing and will work around the problems themselves (CPAN RT#63741)
- New upstream release 1.35:
- if verify_mode is not VERIFY_NONE and the ca_file/ca_path cannot be
verified as valid, it will no longer fall back to VERIFY_NONE but throw an
error (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606058)
- New upstream release 1.34:
- schema http for certificate verification changed to wildcards_in_cn=1
- if upgrading socket from inet to ssl fails due to handshake problems, the
socket gets downgraded back again but is still open (CPAN RT#61466)
- deprecate kill_socket: just use close()
verify_hostname_of_cert matched only the prefix for the hostname when no
wildcard was given, e.g. www.example.org matched against a certificate
with name www.exam in it
