- New upstream release 2.085
- Fix test that failed due to behavior changes in OpenSSL 3.2 (GH#147)
- Update PublicSuffix
- Add examples for TLS JA3/JA4 fingerprinting to tls_fingerprint/
- New upstream release 2.084
- Various fixes for edge cases and build: GH#136, GH#141, GH#142, GH#143,
GH#145
- Update documentation to reflect default SSL_version
- New upstream release 2.082
- SSL_version default now TLS 1.2+ since TLS 1.1 and lower are deprecated
(GH#122)
- Fix output of alert string when debugging (GH#132)
- Improve regex for hostname validation (GH#130, (GH#126)
- Add can_ciphersuites subroutine for feature checking (GH#127)
- Utils::CERT_create - die if unexpected arguments are given instead of
ignoring these
- Avoid use of deprecated patch syntax
- New upstream release 2.081
- New function set_msg_callback for user defined callback on each SSL message
- Showcase function in example/ssl_client.pl and example/ssl_server.pl for
computing JA3S/JA3 fingerprints
- Fix tracing added in 2.076 to no longer include SSL3_RT_HEADER (noise)
- New upstream release 2.078
- Revert decision from 2014 to not verify hostname by default if hostname is
IP address but no explicit verification scheme given (GH#121)
- New upstream release 2.075
- Treat SSL_write returning 0 same as previously -1, as suggested by both
OpenSSL and LibreSSL documentation
- Propagate error from SSL_shutdown, unless the shutdown is caused by an outer
SSL error, in which case keep the original error
- Small test fixes
- Use SPDX-format license tag
- New upstream release 2.074
- Add SSL_ciphersuites option for TLS 1.3 ciphers
- No longer use own default for ciphers: instead, use system default but
disable some weak ciphers that might still be enabled on older systems
- New upstream release 2.072
- Add PEM_certs2file and PEM_file2certs in IO::Socket::SSL::Utils based on
idea in GH#101
- certs/*.p12 used for testing should now work with OpenSSL 3.0 too (GH#108)
- Update public suffix database
- Drop patch for building with OpenSSL 1.1.1e
- New upstream release 2.069
- IO::Socket::Utils CERT_asHash and CERT_create now support subject and
issuer with multiple same parts (like multiple OU); in this case an array
ref instead of a scalar is used as hash value (GH#95)
- New upstream release 2.067
- Fix memory leak on incomplete handshake (GH#92)
- Add support for SSL_MODE_RELEASE_BUFFERS via SSL_mode_release_buffers; this
can decrease memory usage at the costs of more allocations (CPAN RT#129463)
- More detailed error messages when loading of certificate file failed (GH#89)
- Fix for ip_in_cn == 6 in verify_hostname scheme (CPAN RT#131384)
- Deal with new MODE_AUTO_RETRY default in OpenSSL 1.1.1
- Fix warning when no ecdh support is available
- Documentation update regarding use of select and TLS 1.3
- Various fixes in documentation (GH#81, GH#87, GH#90, GH#91)
- Stability fix for t/core.t
Because this package run-requires URI::_idna,
IO::Socket:SSL::PublicSuffix library won't use the two modules and
thus testing a code path for them is questionable. The condition
allows to prune a dependency chain somewhat.
- New upstream release 2.066
- Make sure that Net::SSLeay::CTX_get0_param is defined before using
X509_V_FLAG_PARTIAL_CHAIN; Net::SSLeay 1.85 defined only the second with
LibreSSL 2.7.4 but not the first (CPAN RT#=128716)
- Prefer AES for server side cipher default since it is usually
hardware-accelerated
- Fix test t/verify_partial_chain.t by using the newly exposed function
can_partial_chain instead of guessing (wrongly) if the functionality is
available
- New upstream release 2.064
- Make algorithm for fingerprint optional, i.e. detect based on length of
fingerprint (CPAN RT#127773)
- Fix t/sessions.t and improve stability of t/verify_hostname.t on Windows
- Use CTX_set_ecdh_auto when needed (OpenSSL 1.0.2) if explicit curves are
set
- Update fingerprints for live tests
- New upstream release 2.063
- Support for both RSA and ECDSA certificate on same domain
- Update PublicSuffix
- Refuse to build if Net::SSLeay is compiled with one version of OpenSSL but
then linked against another API-incompatible version (i.e. more than just
the patchlevel differs)
- New upstream release 2.062
- Enable X509_V_FLAG_PARTIAL_CHAIN if supported by Net::SSLeay (1.83+) and
OpenSSL (1.1.0+); this makes leaf certificates or intermediate certificates
in the trust store be usable as full trust anchors too
