Commit Graph

74 Commits

Author SHA1 Message Date
Paul Howarth
0c9239ef2c Update to 1.80
- New upstream release 1.80
  - Removed some warnings in test (missing SSL_verify_mode => 0), which caused
    tests to hang on Windows (CPAN RT#81493)
2012-11-30 12:47:19 +00:00
Paul Howarth
4b03cab2e5 Update to 1.79
- New upstream release 1.79
  - Use getnameinfo instead of unpack_sockaddr_in6 to get PeerAddr and PeerPort
    from sockaddr in _update_peer, because this provides scope too
  - Work around systems that don't define AF_INET6 (CPAN RT#81216)
  - Prepare transition to a more secure default for SSL_verify_mode; the use of
    the current default SSL_VERIFY_NONE will cause a big warning for clients,
    unless SSL_verify_mode was explicitly set inside the application to this
    insecure value (in the near future the default will be SSL_VERIFY_PEER, and
    thus causing verification failures in unchanged applications)
2012-11-26 09:30:31 +00:00
Petr Šabata
afe37c043b Added some missing build dependencies 2012-11-15 16:10:08 +01:00
Paul Howarth
aee95ecc7b Update to 1.77
- New upstream release 1.77
  - Support _update_peer for IPv6 too (CPAN RT#79916)
2012-10-05 11:04:28 +01:00
Dennis Gilmore
46462b9f96 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild 2012-07-20 11:13:24 -05:00
Petr Písař
8edacfa03a Perl 5.16 rebuild 2012-06-28 16:30:45 +02:00
Paul Howarth
4146886248 Update to 1.76
- New upstream release 1.76
  - Add support for IO::Socket::IP, which supports inet6 and inet4
    (CPAN RT#75218)
  - Fix documentation errors (CPAN RT#77690)
  - Made it possible to explicitly disable TLSv11 and TLSv12 in SSL_version
  - Use inet_pton from either Socket.pm 1.95 or Socket6.pm
- Use IO::Socket::IP for IPv6 support where available, else IO::Socket::INET6
- Add runtime dependency for appropriate IPv6 support module so that we can
  ensure that we run at runtime what we tested with at build time
2012-06-18 11:12:47 +01:00
Petr Písař
f4074b9cee Perl 5.16 rebuild 2012-06-14 16:18:52 +02:00
Paul Howarth
600d46f55f Update to 1.74
- New upstream release 1.74
  - Accept a version of SSLv2/3 as SSLv23, because older documentation could
    be interpreted like this
2012-05-14 14:10:36 +01:00
Paul Howarth
7a4ecb3637 Update to 1.73
- New upstream release 1.73
  - Set DEFAULT_CIPHER_LIST to ALL:!LOW instead of HIGH:!LOW
  - Make test t/dhe.t hopefully work with more versions of openssl
2012-05-11 21:52:04 +01:00
Paul Howarth
a5c27d9e75 Update to 1.71
- New upstream release 1.71
  - 1.70 done right: don't disable SSLv2 ciphers; SSLv2 support is better
    disabled by the default SSL_version of 'SSLv23:!SSLv2'
2012-05-09 12:30:57 +01:00
Paul Howarth
0151f675ec Update to 1.70
- New upstream release 1.70
  - Make it possible to disable protocols using SSL_version, and make
    SSL_version default to 'SSLv23:!SSLv2'
2012-05-08 15:56:19 +01:00
Paul Howarth
cf5770db64 Update to 1.69
- New upstream release 1.69 (changes for CPAN RT#76929)
  - If no explicit cipher list is given, default to ALL:!LOW instead of the
    openssl default, which usually includes weak ciphers like DES
  - New config key SSL_honor_cipher_order and document how to use it to fight
    BEAST attack
  - Fix behavior for empty cipher list (use default)
  - Re-added workaround in t/dhe.t
2012-05-08 12:30:01 +01:00
Paul Howarth
04cfd057ef Update to 1.66
- New upstream release 1.66
  - Make it thread safer (CPAN RT#76538)
2012-04-16 21:55:37 +01:00
Paul Howarth
f7be3459a3 Update to 1.65
- New upstream release 1.65
  - Added NPN (Next Protocol Negotiation) support (CPAN RT#76223)
2012-04-16 21:13:40 +01:00
Paul Howarth
126ee08d7b Update to 1.64
- New upstream release 1.64
  - Ignore die from within eval to make tests more stable on Win32
    (CPAN RT#76147)
  - Clarify some behavior regarding hostname verfication
- Drop patch for t/dhe.t, no longer needed
2012-04-07 10:40:17 +01:00
Paul Howarth
25ec10130c Update to 1.62
- New upstream release 1.62
  - Small fix to last version
2012-03-28 09:59:55 +01:00
Paul Howarth
c823e4faca Update to 1.61
- New upstream release 1.61
  - Call CTX_set_session_id_context so that server's session caching works with
    client certificates too (CPAN RT#76053)
2012-03-27 21:19:50 +01:00
Paul Howarth
8d029778df Update to 1.60
- New upstream release 1.60
  - Don't make blocking readline if socket was set nonblocking, but return as
    soon no more data are available (CPAN RT#75910)
  - Fix BUG section about threading so that it shows package as thread safe
    as long as Net::SSLeay ≥ 1.43 is used (CPAN RT#75749)
- BR: perl(constant), perl(Exporter) and perl(IO::Socket)
2012-03-20 22:25:09 +00:00
Paul Howarth
3e7b01b807 Update to 1.59
- New upstream release 1.59
  - If SSLv2 is not supported by Net::SSLeay set SSL_ERROR with useful message
    when attempting to use it
  - Modify constant declarations so that 5.6.1 should work again
- Drop %defattr, redundant since rpm 4.4
2012-03-08 15:59:47 +00:00
Paul Howarth
99c05d2f9b Update to 1.58
- New upstream release 1.58
  - Fix t/dhe.t for openssl 1.0.1 beta by forcing TLSv1, so that it does not
    complain about the too small RSA key, which it should not use anyway; this
    workaround is not applied for older openssl versions, where it would cause
    failures (CPAN RT#75165)
- Add patch to fiddle the openssl version number in the t/dhe.t workaround
  because the OPENSSL_VERSION_NUMBER cannot be trusted in Fedora
- One buildreq per line for readability
- Drop redundant buildreq perl(Test::Simple)
- Always run full test suite
2012-02-27 11:09:47 +00:00
Paul Howarth
fa689fe3b8 Update to 1.56
- New upstream release 1.56
  - Add automatic or explicit (via SSL_hostname) SNI support, needed for
    multiple SSL hostnames with the same IP (currently only supported for the
    client)
- Use DESTDIR rather than PERL_INSTALL_ROOT
- No need to delete empty directories from buildroot
2012-02-22 21:22:09 +00:00
Paul Howarth
4ac798649d Update to 1.55
- New upstream release 1.55:
  - Work around IO::Socket's work around for systems returning EISCONN etc. on
    connect retry for non-blocking sockets by clearing $! if SUPER::connect
    returned true (CPAN RT#75101)
2012-02-20 16:50:20 +00:00
Paul Howarth
5ceb5a161a Update to 1.54
- New upstream release 1.54:
  - return 0 instead of undef in SSL_verify_callback to fix uninitialized
    warnings (CPAN RT#73629)
2012-01-11 12:56:03 +00:00
Paul Howarth
f032fb52a6 Update to 1.53
- New upstream release 1.53:
  - Kill child in t/memleak_bad_handshake.t if test fails (CPAN RT#73146)
2011-12-12 10:13:39 +00:00
Paul Howarth
f26c71c8d4 Update to 1.52
- New upstream release 1.52:
  - Fix for t/nonblock.t hangs on AIX (CPAN RT#72305)
  - Disable t/memleak_bad_handshake.t on AIX, because it might hang
    (CPAN RT#72170)
  - Fix syntax error in t/memleak_bad_handshake.t
2011-12-07 11:14:08 +00:00
Paul Howarth
edb47ab0e1 Update to 1.49
- New upstream release 1.49:
  - Another regression for readline fix: this time it failed to return lines
    at EOF that don't end with newline - extended t/readline.t to catch this
    case and the fix for 1.48
2011-10-28 12:38:35 +01:00
Paul Howarth
fa11cf0c50 Update to 1.48
- New upstream release 1.48:
  - Further fix for readline fix in 1.45: if the pending data were false (like
    '0'), it failed to read the rest of the line (CPAN RT#71953)
2011-10-26 19:44:56 +01:00
Paul Howarth
771cc6e21a Update to 1.47
- New upstream release 1.47:
  - Fix for 1.46 - check for mswin32 needs to be /i
2011-10-21 10:42:03 +01:00
Paul Howarth
a5d7b7bddb Update to 1.46
- New upstream release 1.46:
  - Skip signals test on Windows
2011-10-18 12:03:31 +01:00
Paul Howarth
90348cd701 Update to 1.45
- New upstream release 1.45:
  - Fix readline to continue when getting interrupt waiting for more data
- BR: perl(Carp)
2011-10-13 20:16:52 +01:00
Petr Sabata
4a6b2a484b Perl mass rebuild 2011-07-19 15:14:18 +02:00
Paul Howarth
13f80c7e74 Update to 1.44
- New upstream release 1.44:
  - Fix invalid call to inet_pton in verify_hostname_of_cert when identity
    should be verified as ipv6 address because it contains a colon
2011-05-27 16:15:32 +01:00
Paul Howarth
33f897d5a3 Update to 1.43
- New upstream release 1.43:
  - Add SSL_create_ctx_callback to have a way to adjust context on creation
    (CPAN RT#67799)
  - Describe problem of fake memory leak because of big session cache and how
    to fix it (CPAN RT#68073)
  - Fix t/nonblock.t
  - Stability improvements for t/inet6.t
2011-05-11 11:04:32 +01:00
Paul Howarth
546e8d9068 Update to 1.41
- New upstream release 1.41:
  - Fix issue in stop_SSL where it did not issue a shutdown of the SSL
    connection if it first received the shutdown from the other side
  - Try to make t/nonblock.t more reliable, at least report the real cause of
    SSL connection errors
- No longer need to re-code docs to UTF-8
2011-05-10 13:07:39 +01:00
Paul Howarth
5caac13a67 Update to 1.40
- New upstream release 1.40:
  - fix in example/async_https_server
  - get IDN support from URI (CPAN RT#67676)
- Nobody else likes macros for commands
2011-05-02 18:11:28 +01:00
Paul Howarth
099a308b91 Update to 1.39
- New upstream release 1.39:
  - fixed documentation of http verification: wildcards in cn is allowed
2011-03-03 15:27:17 +00:00
Dennis Gilmore
e2b100e5bb - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild 2011-02-08 19:31:06 -06:00
Paul Howarth
e665b6461f Update to 1.38
- New upstream release 1.38:
  - fixed wildcards_in_cn setting for http, wrongly set in 1.34 to 1
    instead of anywhere (CPAN RT#64864)
2011-01-19 10:05:41 +00:00
Paul Howarth
69a39b95e4 Add CVE reference in changelog for CVE-2010-4334 2010-12-17 16:53:16 +00:00
Paul Howarth
f86243aa58 Update to 1.37
- New upstream release 1.37:
  - don't complain about invalid certificate locations if user explicitly set
    SSL_ca_path and SSL_ca_file to undef: assume that user knows what they are
    doing and will work around the problems themselves (CPAN RT#63741)
2010-12-10 14:16:39 +00:00
Paul Howarth
bff48884d1 Update to 1.36
- New upstream release 1.36:
  - update documentation for SSL_verify_callback based on
    CPAN RT#63743 and CPAN RT#63740
2010-12-09 11:32:14 +00:00
Paul Howarth
bd90bedbe3 Update to 1.35
- New upstream release 1.35:
  - if verify_mode is not VERIFY_NONE and the ca_file/ca_path cannot be
    verified as valid, it will no longer fall back to VERIFY_NONE but throw an
    error (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606058)
2010-12-06 12:10:49 +00:00
Paul Howarth
eefbde615f Update to 1.34
- New upstream release 1.34:
  - schema http for certificate verification changed to wildcards_in_cn=1
  - if upgrading socket from inet to ssl fails due to handshake problems, the
    socket gets downgraded back again but is still open (CPAN RT#61466)
  - deprecate kill_socket: just use close()
2010-11-02 13:09:38 +00:00
Marcela Mašláňová
5fc4b441aa - Mass rebuild with perl-5.12.0 2010-05-02 18:02:10 +00:00
Paul Howarth
390ab9855d Update to 1.33 2010-03-17 16:23:40 +00:00
Paul Howarth
a551f76cd2 - Update to 1.32 (die in Makefile.PL if Scalar::Util has no dualvar
support)
- Use %{_fixperms} macro instead of our own %{__chmod} incantation
2010-02-23 13:58:55 +00:00
Štěpán Kasal
3e49d434b7 - rebuild against perl 5.10.1 2009-12-07 10:54:01 +00:00
Paul Howarth
7b32276230 Update to 1.31 2009-09-27 21:01:01 +00:00
Paul Howarth
408353c256 Update to 1.30 (fix memleak when SSL handshake failed) Add buildreq procps
needed for memleak test
2009-08-20 08:37:15 +00:00