Commit Graph

201 Commits

Author SHA1 Message Date
Petr Písař
a8625908ab perl dependency renamed to perl-interpreter <https://fedoraproject.org/wiki/Changes/perl_Package_to_Install_Core_Modules> 2017-07-12 15:03:19 +02:00
Paul Howarth
0127aa728a Update to 2.049
- New upstream release 2.049
  - Fixed problem caused by typo in the context of session cache (GH#60)
  - Updated PublicSuffix information from publicsuffix.org
2017-06-12 12:02:37 +01:00
Jitka Plesnikova
90d774a9f6 Perl 5.26 rebuild 2017-06-05 03:44:39 +02:00
Paul Howarth
f6474dbc1b Update to 2.048
- New upstream release 2.048
  - Fixed small memory leaks during destruction of socket and context
    (CPAN RT#120643)
- Drop support for EOL distributions prior to F-13
  - Drop BuildRoot: and Group: tags
  - Drop explicit buildroot cleaning in %install section
  - Drop explicit %clean section
2017-04-17 12:58:53 +01:00
Paul Howarth
d3f2356cc9 Update to 2.047
- New upstream release 2.047
  - Better fix for problem which 2.046 tried to fix but broke LWP that way
- Update patches as needed
2017-02-17 08:17:43 +00:00
Paul Howarth
259846ffa3 Update to 2.046
- New upstream release 2.046
  - Clean up everything in DESTROY and make sure to start with a fresh
    %%{*self} in configure_SSL because it can happen that a GLOB gets used
    again without calling DESTROY
    (https://github.com/noxxi/p5-io-socket-ssl/issues/56)
- Update patches as needed
2017-02-16 18:11:06 +00:00
Paul Howarth
46a5435ffc Update to 2.045
- New upstream release 2.045
  - Fixed memory leak caused by not destroying CREATED_IN_THIS_THREAD for SSL
    objects (GH#55)
  - Optimization: don't track SSL objects and CTX in *CREATED_IN_THIS_THREAD if
    perl is compiled without thread support
  - Small fix in t/protocol_version.t to use older versions of Net::SSLeay with
    openssl build without SSLv3 support
  - When setting SSL_keepSocketOnError to true the socket will not be closed on
    fatal error (GH#53, modified)
- Update patches as needed
2017-02-14 11:52:13 +00:00
Fedora Release Engineering
88d911cebb - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild 2017-02-11 03:37:01 +00:00
Paul Howarth
157e4fc48f Update to 2.044
- New upstream release 2.044
  - Protect various 'eval'-based capability detections at startup with a
    localized __DIE__ handler; this way, dynamically requiring IO::Socket::SSL
    as done by various third party software should cause less problems even if
    there is a global __DIE__ handler that does not properly deal with 'eval'
- Update patches as needed
2017-01-26 15:59:38 +00:00
Paul Howarth
6a30f8ffc4 Update to 2.043
- New upstream release 2.043
  - Enable session ticket callback with Net::SSLeay ≥ 1.80
  - Make t/session_ticket.t work with OpenSSL 1.1.0; with this version the
    session no longer gets reused if it was not properly closed, which is now
    done using an explicit close by the client
- Update patches as needed
2017-01-06 14:34:50 +00:00
Paul Howarth
c290ff8f5b Update to 2.041
- New upstream release 2.041
  - Leave session ticket callback off for now until the needed patch is
    included in Net::SSLeay (see
    https://rt.cpan.org/Ticket/Display.html?id=116118#txn-1696146)
- Update patches as needed
2017-01-04 11:25:36 +00:00
Paul Howarth
a6f663d8ce Update to 2.040
- New upstream release 2.040
  - Fix detection of default CA path for OpenSSL 1.1.x
  - Utils::CERT_asHash now includes the signature algorithm used
  - Utils::CERT_asHash can now deal with large serial numbers
- Update patches as needed
2016-12-18 12:18:04 +00:00
Paul Howarth
94a62556ae Upload IO-Socket-SSL-2.039.tar.gz 2016-11-21 09:47:32 +00:00
Paul Howarth
48b55376ef Update to 2.039
- New upstream release 2.039
  - OpenSSL 1.1.0c changed the behavior of SSL_read so that it now returns -1
    on EOF without proper SSL shutdown; since it looks like that this behavior
    will be kept at least for 1.1.1+, adapt to the changed API by treating
    errno=NOERR on SSL_ERROR_SYSCALL as EOF
- Update patches as needed
2016-11-21 09:38:46 +00:00
Paul Howarth
4b64c34a03 Update to 2.038
- New upstream release 2.038
  - Restrict session ticket callback to Net::SSLeay 1.79+ since version before
    contains bug; add test for session reuse
  - Extend SSL fingerprint to pubkey digest, i.e. 'sha1$pub$xxxxxx....'
  - Fix t/external/ocsp.t to use different server (under my control) to check
    OCSP stapling
- Update patches as needed
2016-09-19 14:32:14 +01:00
Paul Howarth
1c9734277a Update to 2.037
- New upstream release 2.037
  - Disable OCSP support when Net::SSLeay 1.75..1.77 is used (CPAN RT#116795)
  - Fix session cache del_session: it freed the session but did not properly
    remove it from the cache; further reuse caused crash
- Update patches as needed
2016-08-23 09:22:35 +01:00
Paul Howarth
5273482db2 Update to 2.035
- New upstrean release 2.035
  - Fixes for issues introduced in 2.034
    - Return with error in configure_SSL if context creation failed; this
      might otherwise result in an segmentation fault later
    - Apply builtin defaults before any (user configurable) global settings
      (i.e. done with set_defaults, set_default_context...) so that builtins
      don't replace user settings
- Update patches as needed
2016-08-11 19:06:10 +01:00
Paul Howarth
669ae1bebf Update to 2.034
- New upstream release 2.034
  - Move handling of global SSL arguments into creation of context, so that
    these get also applied when creating a context only
- Update patches as needed
2016-08-08 14:32:25 +01:00
Paul Howarth
5c5f120ac9 Update to 2.033
- New upstream release 2.033
  - Support for session ticket reuse over multiple contexts and processes (if
    supported by Net::SSLeay)
  - Small optimizations, like saving various Net::SSLeay constants into
    variables and access variables instead of calling the constant sub all the
    time
  - Make t/dhe.t work with openssl 1.1.0
- Update patches as needed
2016-07-16 13:40:15 +01:00
Paul Howarth
ddc83e4abc Update to 2.032
- New upstream release 2.032
  - Set session id context only on the server side; even if the documentation
    for SSL_CTX_set_session_id_context makes clear that this function is server
    side only, it actually affects handling of session reuse on the client side
    too and can result in error "SSL3_GET_SERVER_HELLO:attempt to reuse session
    in different context" at the client
2016-07-12 16:31:13 +01:00
Paul Howarth
5e25984e43 Update to 2.031
- New upstream release 2.031
  - Utils::CERT_create - don't add given extensions again if they were already
    added; Firefox croaks with sec_error_extension_value_invalid if (specific?)
    extensions are given twice
  - Assume that Net::SSLeay::P_PKCS12_load_file will return the CA certificates
    with the reverse order as in the PKCS12 file, because that's what it does
  - Support for creating ECC keys in Utils once supported by Net::SSLeay
  - Remove internal sub session_cache and access cache directly (faster)
- Update patches as needed
2016-07-08 14:49:19 +01:00
Paul Howarth
1bbcd86cf3 Update to 2.029
- New upstream release 2.029
  - Add del_session method to session cache
  - Use SSL_session_key as the real key for the cache and not some derivate of
    it, so that it works to remove the entry using the same key
2016-06-28 10:37:28 +01:00
Petr Písař
456f4340b9 Mandatory Perl build-requires added <https://fedoraproject.org/wiki/Changes/Build_Root_Without_Perl> 2016-06-24 10:48:12 +02:00
Jitka Plesnikova
409527b2d3 Perl 5.24 rebuild 2016-05-16 03:25:35 +02:00
Paul Howarth
6fc3767106 Update to 2.027
- New upstream release 2.027
  - Updated Changes file for 2.026
2016-04-21 11:51:58 +01:00
Paul Howarth
6ed7f418dd Update to 2.026
- New upstream release 2.026
  - Upstream's default cipher lists updated (we use system default though)
- Update patches as needed
2016-04-20 15:24:10 +01:00
Paul Howarth
16cfe40816 Update to 2.025
- New upstream release 2.025
  - Resolved memleak if SSL_crl_file was used (CPAN RT#113257, CPAN RT#113530)
- Simplify find command using -delete
2016-04-04 14:47:57 +01:00
Paul Howarth
1b3e2576a4 Update to 2.024
- New upstream release 2.024
  - Work around issue where the connect fails on systems having only a loopback
    interface and where IO::Socket::IP is used as super class (default when
    available)
- Update patches as needed
2016-02-07 16:11:20 +00:00
Fedora Release Engineering
5dde526491 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild 2016-02-04 14:09:04 +00:00
Paul Howarth
c1f1b41420 Update to 2.023
- New upstream release 2.023
  - OpenSSL 1.0.2f changed the behavior of SSL shutdown in case the TLS
    connection was not fully established, which somehow resulted in
    Net::SSLeay::shutdown returning 0 (i.e. keep trying) and hence an endless
    loop; it will now ignore this result in case the TLS connection was not
    yet established and consider the TLS connection closed instead
- Update patches as needed
2016-01-30 19:08:57 +00:00
Paul Howarth
5b16a21796 Update to 2.022
- New upstream release 2.022
  - Fix stringification of IPv6 inside subjectAltNames in Utils::CERT_asHash
    (CPAN RT#110253)
2015-12-10 10:51:01 +00:00
Paul Howarth
abe772d8a4 Update to 2.021
- New upstream release 2.021
  - Fixes for documentation and typos
  - Update PublicSuffix with latest version from publicsuffix.org
- Update patches as needed
2015-12-03 13:55:07 +00:00
Paul Howarth
1b76ff56a2 Update to 2.020
- New upstream release 2.020
  - Support multiple directories in SSL_ca_path (CPAN RT#106711); directories
    can be given as array or as string with a path separator
  - Typos fixed (https://github.com/noxxi/p5-io-socket-ssl/pull/34)
- Update patches as needed
2015-09-21 10:56:58 +01:00
Paul Howarth
d23a4091cb Update to 2.019
- New upstream release 2.019
  - Work around different behavior of getnameinfo from Socket and Socket6 by
    using a different wrapper depending on which module is used for IPv6
- Update patches as needed
2015-09-01 20:12:52 +01:00
Paul Howarth
6f9741cacd Update to 2.018
- New upstream release 2.018
  - Checks for readability of files/dirs for certificates and CA no longer use
    -r because this is not safe when ACLs are used (CPAN RT#106295)
  - New method sock_certificate similar to peer_certificate (CPAN RT#105733)
  - get_fingerprint can now take optional certificate as argument and compute
    the fingerprint of it; useful in connection with sock_certificate
  - Check for both EWOULDBLOCK and EAGAIN since these codes are different on
    some platforms (CPAN RT#106573)
  - Enforce default verification scheme if nothing was specified, i.e. no
    longer just warn but accept; if really no verification is wanted, a scheme
    of 'none' must be explicitly specified
  - Support different cipher suites per SNI hosts
  - startssl.t failed on darwin with old openssl since server requested client
    certificate but offered also anon ciphers (CPAN RT#106687)
- Update patches as needed
2015-09-01 09:44:25 +01:00
Dennis Gilmore
ff435e5558 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild 2015-06-18 03:49:28 +00:00
Jitka Plesnikova
db7ab5c711 Perl 5.22 rebuild 2015-06-09 19:45:07 +02:00
Paul Howarth
c60a35205c Update to 2.016
- New upstream release 2.016
  - Add flag X509_V_FLAG_TRUSTED_FIRST by default if available in OpenSSL
    (since 1.02) and available with Net::SSLeay (CPAN RT#104759)
  - Work around hanging prompt() with older perl in Makefile.PL
    (CPAN RT#104731)
  - Make t/memleak_bad_handshake.t work on cygwin and other systems having
    /proc/pid/statm (CPAN RT#104659)
  - Add better debugging
2015-06-07 20:43:19 +01:00
Jitka Plesnikova
73b0e3e90c Perl 5.22 rebuild 2015-06-06 13:36:22 +02:00
Paul Howarth
31561d8aa2 Update to 2.015
- New upstream release 2.015
  - Work around problem with IO::Socket::INET6 on Windows, by explicitly using
    Domain AF_INET in the tests (CPAN RT#104226)
2015-05-14 13:33:34 +01:00
Paul Howarth
de67e57f13 Update to 2.014
- New upstream release 2.014
  - Utils::CERT_create - work around problems with authorityInfoAccess, where
    OpenSSL i2v does not create the same string as v2i expects
  - Intercept - don't clone some specific extensions that only make sense with
    the original certificate
2015-05-05 13:25:45 +01:00
Paul Howarth
c709cc0651 Update to 2.013
- New upstream release 2.013
  - Assign severities to internal error handling and make sure that follow-up
    errors like "configuration failed" or "certificate verify error" don't
    replace more specific "hostname verification failed" when reporting in
    sub errstr/$SSL_ERROR (CPAN RT#103423)
  - Enhanced documentation (https://github.com/noxxi/p5-io-socket-ssl/pull/26)
2015-05-01 22:10:38 +01:00
Paul Howarth
21c4d677e1 Update to 2.012
- New upstream release 2.012
  - Fix t/ocsp.t in case no HTTP::Tiny is installed
2015-02-02 15:06:33 +00:00
Paul Howarth
c4b2055412 Upload sources for 2.011 2015-02-02 08:06:02 +00:00
Paul Howarth
8c3e5b5c0f Update to 2.011
- New upstream release 2.011
  - Fix t/ocsp.t - don't count on revoked.grc.com using OCSP stapling
    (CPAN RT#101855)
  - Added option 'purpose' to Utils::CERT_create to get better control of the
    certificate's purpose; default is 'server,client' for non-CA (contrary to
    only 'server' before)
  - Removed RC4 from default cipher suites on the server side
    (https://github.com/noxxi/p5-io-socket-ssl/issues/22)
  - Refactoring of some tests using Test::More
- Note that this package still uses system-default cipher and SSL versions,
  which may have RC4 enabled
- Update patches as needed
2015-02-01 19:12:03 +00:00
Paul Howarth
98379599a5 Update to 2.010
- New upstream release 2.010
  - New options SSL_client_ca_file and SSL_client_ca to let the server send the
    list of acceptable CAs for the client certificate
  - t/protocol_version.t - fix in case SSLv3 is not supported in Net::SSLeay
    (CPAN RT#101485)
2015-01-15 11:53:15 +00:00
Paul Howarth
cd80fc16ec Update to 2.009
- New upstream release 2.009
  - Remove util/analyze.pl; this tool is now together with other SSL tools at
    https://github.com/noxxi/p5-ssl-tools
  - Added ALPN support (needs OpenSSL1.02, Net::SSLeay 1.56+) (CPAN RT#101452)
2015-01-12 13:28:46 +00:00
Paul Howarth
714f23ebd9 Update to 2.008
- New upstream release 2.008
  - Work around recent OCSP verification errors for revoked.grc.com (badly
    signed OCSP response, Firefox also complains about it) in test
    t/external/ocsp.t
  - util/analyze.pl - report more details about preferred cipher for specific
    TLS versions
2014-12-18 14:48:45 +00:00
Paul Howarth
bc89e90476 Update to 2.007
- New upstream release 2.007
  - Make getline/readline fall back to super class if class is not sslified
    yet, i.e. behave the same as sysread, syswrite etc. (CPAN RT#100529)
2014-11-27 10:52:47 +00:00
Paul Howarth
af52f67378 Update to 2.006
- New upstream release 2.006
  - Make SSLv3 available even if the SSL library disables it by default in
    SSL_CTX_new (like done in LibreSSL); default will stay to disable SSLv3
    so this will be only done when setting SSL_version explicitly
  - Fix possible segmentation fault when trying to use an invalid certificate
  - Use only the ICANN part of the default public suffix list and not the
    private domains; this makes existing exceptions for s3.amazonaws.com and
    googleapis.com obsolete
  - Fix t/protocol_version.t to deal with OpenSSL installations that are
    compiled without SSLv3 support
  - Make (hopefully) non-blocking work on windows by using EWOULDBLOCK instead
    of EAGAIN; while this is the same on UNIX it is different on Windows and
    socket operations return there (WSA)EWOULDBLOCK and not EAGAIN
  - Enable non-blocking tests on Windows too
  - Make PublicSuffix::_default_data thread safe
  - Update PublicSuffix with latest list from publicsuffix.org
- Note that this package still uses system-default cipher and SSL versions,
  which may have SSL3.0 enabled
- Classify buildreqs by usage
2014-11-23 14:55:09 +00:00