Commit Graph

268 Commits

Author SHA1 Message Date
Jitka Plesnikova
f5d631520b Disable optional IO::Socket::INET6 tests on ELN 2023-06-27 08:01:04 +02:00
Paul Howarth
126c8ac3fd Update to 2.083
- New upstream release 2.083
  - Fix t/protocol_version.t for OpenSSL versions that don't support SECLEVEL
    (regression from GH#122)
2023-05-18 12:00:50 +01:00
Paul Howarth
f15bfeb1d6 Update to 2.082
- New upstream release 2.082
  - SSL_version default now TLS 1.2+ since TLS 1.1 and lower are deprecated
    (GH#122)
  - Fix output of alert string when debugging (GH#132)
  - Improve regex for hostname validation (GH#130, (GH#126)
  - Add can_ciphersuites subroutine for feature checking (GH#127)
  - Utils::CERT_create - die if unexpected arguments are given instead of
    ignoring these
- Avoid use of deprecated patch syntax
2023-05-18 11:12:21 +01:00
Paul Howarth
6ed31caa35 Update to 2.081
- New upstream release 2.081
  - New function set_msg_callback for user defined callback on each SSL message
  - Showcase function in example/ssl_client.pl and example/ssl_server.pl for
    computing JA3S/JA3 fingerprints
  - Fix tracing added in 2.076 to no longer include SSL3_RT_HEADER (noise)
2023-01-25 14:13:25 +00:00
Fedora Release Engineering
76c9fdb83d Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-01-20 03:11:12 +00:00
Paul Howarth
3cc6c87f4a Update to 2.080
- New upstream release 2.080
  - Move test certificates into t/ directory where they belong
2023-01-18 17:35:39 +00:00
Paul Howarth
555496a682 Update to 2.079
- New upstream release 2.079
  - Properly extract IPv6 address for verification from PeerAddr if
    not explicitly given as SSL_verifycn_name (GH#123)
2023-01-16 08:45:36 +00:00
Jitka Plesnikova
d3e66e33ba Remove perl(MODULE_COMPAT), it will be replaced by generators 2023-01-13 14:40:54 +01:00
Paul Howarth
68e88f6cf3 Update to 2.078
- New upstream release 2.078
  - Revert decision from 2014 to not verify hostname by default if hostname is
    IP address but no explicit verification scheme given (GH#121)
2022-12-12 12:21:12 +00:00
Paul Howarth
d24b5f1e91 Update to 2.077
- New upstream release 2.077
  - Fix memory leak in session cache (GH#118)
  - More race conditions in tests fixed (GH#97)
2022-11-22 09:20:27 +00:00
Paul Howarth
4b7f89bd90 Update to 2.076
- New upstream release 2.076
 - Added curl like tracing (based on GH#117)
 - Fixed race condition in t/sni_verify.t (GH#97)
2022-11-14 20:40:28 +00:00
Paul Howarth
1d45841005 Update to 2.075
- New upstream release 2.075
  - Treat SSL_write returning 0 same as previously -1, as suggested by both
    OpenSSL and LibreSSL documentation
  - Propagate error from SSL_shutdown, unless the shutdown is caused by an outer
    SSL error, in which case keep the original error
  - Small test fixes
- Use SPDX-format license tag
2022-09-03 13:03:01 +01:00
Fedora Release Engineering
39ae3922eb Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-07-22 07:04:43 +00:00
Jitka Plesnikova
cb126f1051 Perl 5.36 rebuild 2022-06-01 10:51:10 +02:00
Fedora Release Engineering
cda33518b2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-01-21 02:32:01 +00:00
Paul Howarth
7ebecb288d Update to 2.074
- New upstream release 2.074
  - Add SSL_ciphersuites option for TLS 1.3 ciphers
  - No longer use own default for ciphers: instead, use system default but
    disable some weak ciphers that might still be enabled on older systems
2022-01-08 16:39:56 +00:00
Paul Howarth
e9ecdb1099 Update to 2.073
- New upstream release 2.073
  - Fix behavior and tests for OpenSSL 3.0.1
  - Fix GH#110 - prevent internal error warning in some cases
2021-12-23 11:17:39 +00:00
Sahana Prasad
31bb2a32b5 Rebuilt with OpenSSL 3.0.0 2021-09-14 19:11:17 +02:00
Paul Howarth
312d4c4faa Update to 2.072
- New upstream release 2.072
  - Add PEM_certs2file and PEM_file2certs in IO::Socket::SSL::Utils based on
    idea in GH#101
  - certs/*.p12 used for testing should now work with OpenSSL 3.0 too (GH#108)
  - Update public suffix database
- Drop patch for building with OpenSSL 1.1.1e
2021-08-17 10:00:05 +01:00
Fedora Release Engineering
6486fa7870 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-07-22 21:08:54 +00:00
Paul Howarth
f6f659da15 Update to 2.071
- New upstream release 2.071
  - Fix t/nonblock.t race on some systems (fixes GH#102, maybe GH#98 too)
2021-05-25 09:51:56 +01:00
Jitka Plesnikova
b0b4cc3d0b Perl 5.34 rebuild 2021-05-21 23:23:12 +02:00
Petr Písař
f59d611f35 Disable optional libidn tests on ELN 2021-03-19 10:45:52 +01:00
Paul Howarth
fcfa0f088e Update to 2.070
- New upstream release 2.070
  - Changed bugtracker in Makefile.PL to GitHub, away from obsolete rt.cpan.org
2021-02-26 09:21:22 +00:00
Fedora Release Engineering
3b3e46f576 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-01-27 02:06:09 +00:00
Paul Howarth
7db20c4760 Update to 2.069
- New upstream release 2.069
  - IO::Socket::Utils CERT_asHash and CERT_create now support subject and
    issuer with multiple same parts (like multiple OU); in this case an array
    ref instead of a scalar is used as hash value (GH#95)
2021-01-23 16:28:46 +00:00
Fedora Release Engineering
3462c11273 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-07-28 16:23:28 +00:00
Jitka Plesnikova
4c111e1757 Perl 5.32 rebuild 2020-06-23 12:28:59 +02:00
Paul Howarth
9eb8a638a0 Update to 2.068
- New upstream release 2.068
  - Treat OpenSSL 1.1.1e as broken and refuse to build with it in order to
    prevent follow-up problems in tests and user code
    https://github.com/noxxi/p5-io-socket-ssl/issues/93
    https://github.com/openssl/openssl/issues/11388
    https://github.com/openssl/openssl/issues/11378
  - Update PublicSuffix with latest data from publicsuffix.org
- Patch out the refusal to build with OpenSSL 1.1.1e as the OpenSSL package in
  Fedora has had the problematic EOF-handling change reverted
2020-03-31 11:34:02 +01:00
Paul Howarth
ae85d4e223 Fix FTBFS with OpenSSL 1.1.1e
https://github.com/noxxi/p5-io-socket-ssl/issues/93
2020-03-21 18:39:52 +00:00
Paul Howarth
abf3820637 Update to 2.067
- New upstream release 2.067
  - Fix memory leak on incomplete handshake (GH#92)
  - Add support for SSL_MODE_RELEASE_BUFFERS via SSL_mode_release_buffers; this
    can decrease memory usage at the costs of more allocations (CPAN RT#129463)
  - More detailed error messages when loading of certificate file failed (GH#89)
  - Fix for ip_in_cn == 6 in verify_hostname scheme (CPAN RT#131384)
  - Deal with new MODE_AUTO_RETRY default in OpenSSL 1.1.1
  - Fix warning when no ecdh support is available
  - Documentation update regarding use of select and TLS 1.3
  - Various fixes in documentation (GH#81, GH#87, GH#90, GH#91)
  - Stability fix for t/core.t
2020-02-15 15:11:21 +00:00
Petr Písař
ca903e6de7 Conditionalize a test dependency on IO::Socket::INET6 2020-02-13 15:49:10 +01:00
Petr Písař
bac36bfb85 Conditionalize a test dependency on Net::IDN::Encode and Net::LibIDN
Because this package run-requires URI::_idna,
IO::Socket:SSL::PublicSuffix library won't use the two modules and
thus testing a code path for them is questionable.  The condition
allows to prune a dependency chain somewhat.
2020-02-13 15:17:03 +01:00
Paul Howarth
2a35642cbc Don't package certificates used in test suite 2020-01-30 15:22:42 +00:00
Fedora Release Engineering
48cc1a3489 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-01-30 01:13:31 +00:00
Petr Písař
2ad02b78ad Default to PROFILE=SYSTEM cipher list
An OpenSSL identifier for a system-wide cryptopolicy cipher list is
"PROFILE=SYSTEM". "DEFAULT" is a different list.

<https://fedoraproject.org/wiki/Packaging:CryptoPolicies#C.2FC.2B.2B_applications>
2019-11-25 12:18:23 +01:00
Fedora Release Engineering
3932ca2980 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-07-26 03:50:49 +00:00
Paul Howarth
d7c2f49e0f Modernize spec
- Modernize spec using %{make_build} and %{make_install}
- Runtime openssl dependency should be on openssl-libs
- Always require preferred IPv6 back-end: IO::Socket::IP ≥ 0.31
- Always require preferred IDN back-end: URI::_idna
2019-06-27 12:30:15 +01:00
Paul Howarth
030559c4b0 PublicSuffix.pm is licensed MPLv2.0 (#1724169) 2019-06-26 16:05:42 +01:00
Petr Písař
a2fab409c1 Skip a PHA test if Net::SSLeay does not expose the PHA 2019-06-17 09:35:43 +02:00
Jitka Plesnikova
e271cbabf5 Perl 5.30 rebuild 2019-05-31 06:53:21 +02:00
Paul Howarth
6e3c20c758 Update to 2.066
- New upstream release 2.066
  - Make sure that Net::SSLeay::CTX_get0_param is defined before using
    X509_V_FLAG_PARTIAL_CHAIN; Net::SSLeay 1.85 defined only the second with
    LibreSSL 2.7.4 but not the first (CPAN RT#=128716)
  - Prefer AES for server side cipher default since it is usually
    hardware-accelerated
  - Fix test t/verify_partial_chain.t by using the newly exposed function
    can_partial_chain instead of guessing (wrongly) if the functionality is
    available
2019-03-06 19:49:53 +00:00
Paul Howarth
b66fffb029 Update to 2.064
- New upstream release 2.064
  - Make algorithm for fingerprint optional, i.e. detect based on length of
    fingerprint (CPAN RT#127773)
  - Fix t/sessions.t and improve stability of t/verify_hostname.t on Windows
  - Use CTX_set_ecdh_auto when needed (OpenSSL 1.0.2) if explicit curves are
    set
  - Update fingerprints for live tests
2019-03-04 16:28:53 +00:00
Paul Howarth
536e7cbbbc Update to 2.063
- New upstream release 2.063
  - Support for both RSA and ECDSA certificate on same domain
  - Update PublicSuffix
  - Refuse to build if Net::SSLeay is compiled with one version of OpenSSL but
    then linked against another API-incompatible version (i.e. more than just
    the patchlevel differs)
2019-03-02 15:25:22 +00:00
Paul Howarth
ee2bb1ed57 Update to 2.062
- New upstream release 2.062
  - Enable X509_V_FLAG_PARTIAL_CHAIN if supported by Net::SSLeay (1.83+) and
    OpenSSL (1.1.0+); this makes leaf certificates or intermediate certificates
    in the trust store be usable as full trust anchors too
2019-02-25 13:43:35 +00:00
Paul Howarth
62e054c052 Update to 2.061
- New upstream release 2.061
  - Support for TLS 1.3 session reuse (needs Net::SSLeay ≥ 1.86); note that
    the previous (and undocumented) API for the session cache has been changed
  - Support for multiple curves, automatic setting of curves and setting of
    supported curves in client (needs Net::SSLeay ≥ 1.86)
  - Enable Post-Handshake-Authentication (TLSv1.3 feature) client-side when
    client certificates are provided (needs Net::SSLeay ≥ 1.86)
2019-02-23 12:45:00 +00:00
Petr Písař
ddedb553a3 Document Enable-Post-Handshake-Authentication-TLSv1.3-feature.patch was accepted
And correct white spaces in a spec file.
2019-02-22 08:50:38 +01:00
Petr Písař
d0ff533e0b Client sends a post-handshake-authentication extension if a client key and a certificate are available 2019-02-11 08:25:20 +01:00
Fedora Release Engineering
0d52c79ea1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-02-01 21:28:50 +00:00
Petr Písař
84d112eedf Correct white spaces in the spec file 2018-09-24 13:45:57 +02:00