|
|
@ -1,33 +1,26 @@
|
|
|
|
%if 0%{?rhel} >= 9
|
|
|
|
|
|
|
|
%bcond_with perl_IO_Socket_SSL_test_unused_idn
|
|
|
|
|
|
|
|
%else
|
|
|
|
|
|
|
|
%bcond_without perl_IO_Socket_SSL_test_unused_idn
|
|
|
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
%bcond_without perl_IO_Socket_SSL_test_IO_Socket_INET6
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Name: perl-IO-Socket-SSL
|
|
|
|
Name: perl-IO-Socket-SSL
|
|
|
|
Version: 2.073
|
|
|
|
Version: 2.066
|
|
|
|
Release: 2%{?dist}
|
|
|
|
Release: 4%{?dist}
|
|
|
|
Summary: Perl library for transparent SSL
|
|
|
|
Summary: Perl library for transparent SSL
|
|
|
|
License: (GPL+ or Artistic) and MPLv2.0
|
|
|
|
License: (GPL+ or Artistic) and MPLv2.0
|
|
|
|
URL: https://metacpan.org/release/IO-Socket-SSL
|
|
|
|
URL: https://metacpan.org/release/IO-Socket-SSL
|
|
|
|
Source0: https://cpan.metacpan.org/modules/by-module/IO/IO-Socket-SSL-%{version}.tar.gz
|
|
|
|
Source0: https://cpan.metacpan.org/modules/by-module/IO/IO-Socket-SSL-%{version}.tar.gz
|
|
|
|
Patch0: IO-Socket-SSL-2.068-use-system-default-cipher-list.patch
|
|
|
|
# Default to a system-wide crypto-policy, bug #1775167
|
|
|
|
Patch1: IO-Socket-SSL-2.068-use-system-default-SSL-version.patch
|
|
|
|
Patch0: IO-Socket-SSL-2.066-use-system-default-cipher-list.patch
|
|
|
|
|
|
|
|
Patch1: IO-Socket-SSL-2.066-use-system-default-SSL-version.patch
|
|
|
|
# A test for Enable-Post-Handshake-Authentication-TLSv1.3-feature.patch,
|
|
|
|
# A test for Enable-Post-Handshake-Authentication-TLSv1.3-feature.patch,
|
|
|
|
# bug #1632660, requires openssl tool
|
|
|
|
# bug #1633636, requires openssl tool
|
|
|
|
Patch2: IO-Socket-SSL-2.066-Test-client-performs-Post-Handshake-Authentication.patch
|
|
|
|
Patch2: IO-Socket-SSL-2.066-Test-client-performs-Post-Handshake-Authentication.patch
|
|
|
|
Patch3: IO-Socket-SSL-2.068-openssl-1.1.1e.patch
|
|
|
|
|
|
|
|
Patch4: IO-Socket-SSL-2.085-Fixed-test-fail-with-OpenSSL-3.2.patch
|
|
|
|
|
|
|
|
BuildArch: noarch
|
|
|
|
BuildArch: noarch
|
|
|
|
# Module Build
|
|
|
|
# Module Build
|
|
|
|
BuildRequires: coreutils
|
|
|
|
BuildRequires: coreutils
|
|
|
|
|
|
|
|
BuildRequires: findutils
|
|
|
|
BuildRequires: make
|
|
|
|
BuildRequires: make
|
|
|
|
BuildRequires: perl-generators
|
|
|
|
BuildRequires: perl-generators
|
|
|
|
BuildRequires: perl-interpreter
|
|
|
|
BuildRequires: perl-interpreter
|
|
|
|
BuildRequires: perl(ExtUtils::MakeMaker) >= 6.76
|
|
|
|
BuildRequires: perl(ExtUtils::MakeMaker)
|
|
|
|
# Module Runtime
|
|
|
|
# Module Runtime
|
|
|
|
BuildRequires: openssl-libs >= 0.9.8
|
|
|
|
BuildRequires: openssl >= 0.9.8
|
|
|
|
BuildRequires: perl(Carp)
|
|
|
|
BuildRequires: perl(Carp)
|
|
|
|
BuildRequires: perl(Config)
|
|
|
|
BuildRequires: perl(Config)
|
|
|
|
BuildRequires: perl(constant)
|
|
|
|
BuildRequires: perl(constant)
|
|
|
@ -35,43 +28,49 @@ BuildRequires: perl(Errno)
|
|
|
|
BuildRequires: perl(Exporter)
|
|
|
|
BuildRequires: perl(Exporter)
|
|
|
|
BuildRequires: perl(HTTP::Tiny)
|
|
|
|
BuildRequires: perl(HTTP::Tiny)
|
|
|
|
BuildRequires: perl(IO::Socket)
|
|
|
|
BuildRequires: perl(IO::Socket)
|
|
|
|
BuildRequires: perl(IO::Socket::INET)
|
|
|
|
BuildRequires: perl(IO::Socket::INET6) >= 2.62
|
|
|
|
BuildRequires: perl(IO::Socket::IP) >= 0.31
|
|
|
|
|
|
|
|
BuildRequires: perl(Net::SSLeay) >= 1.46
|
|
|
|
BuildRequires: perl(Net::SSLeay) >= 1.46
|
|
|
|
BuildRequires: perl(Scalar::Util)
|
|
|
|
BuildRequires: perl(Scalar::Util)
|
|
|
|
BuildRequires: perl(Socket) >= 1.95
|
|
|
|
BuildRequires: perl(Socket)
|
|
|
|
|
|
|
|
BuildRequires: perl(Socket6)
|
|
|
|
BuildRequires: perl(strict)
|
|
|
|
BuildRequires: perl(strict)
|
|
|
|
BuildRequires: perl(URI::_idna)
|
|
|
|
|
|
|
|
BuildRequires: perl(vars)
|
|
|
|
BuildRequires: perl(vars)
|
|
|
|
BuildRequires: perl(warnings)
|
|
|
|
BuildRequires: perl(warnings)
|
|
|
|
# Test Suite
|
|
|
|
# Test Suite
|
|
|
|
# openssl tool required for Test-client-performs-Post-Handshake-Authentication.patch
|
|
|
|
|
|
|
|
BuildRequires: openssl
|
|
|
|
|
|
|
|
BuildRequires: perl(Data::Dumper)
|
|
|
|
BuildRequires: perl(Data::Dumper)
|
|
|
|
BuildRequires: perl(File::Temp)
|
|
|
|
BuildRequires: perl(File::Temp)
|
|
|
|
BuildRequires: perl(FindBin)
|
|
|
|
BuildRequires: perl(FindBin)
|
|
|
|
BuildRequires: perl(IO::Select)
|
|
|
|
BuildRequires: perl(IO::Select)
|
|
|
|
%if %{with perl_IO_Socket_SSL_test_IO_Socket_INET6}
|
|
|
|
BuildRequires: perl(IO::Socket::INET)
|
|
|
|
BuildRequires: perl(IO::Socket::INET6) >= 2.62
|
|
|
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
# IPC::Run for Test-client-performs-Post-Handshake-Authentication.patch
|
|
|
|
# IPC::Run for Test-client-performs-Post-Handshake-Authentication.patch
|
|
|
|
BuildRequires: perl(IPC::Run)
|
|
|
|
BuildRequires: perl(IPC::Run)
|
|
|
|
%if %{with perl_IO_Socket_SSL_test_unused_idn}
|
|
|
|
|
|
|
|
BuildRequires: perl(Net::IDN::Encode)
|
|
|
|
|
|
|
|
BuildRequires: perl(Net::LibIDN)
|
|
|
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
BuildRequires: perl(Test::More) >= 0.88
|
|
|
|
BuildRequires: perl(Test::More) >= 0.88
|
|
|
|
BuildRequires: perl(utf8)
|
|
|
|
BuildRequires: perl(utf8)
|
|
|
|
BuildRequires: procps
|
|
|
|
BuildRequires: procps
|
|
|
|
# Runtime
|
|
|
|
# Runtime
|
|
|
|
Requires: perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version))
|
|
|
|
Requires: perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version))
|
|
|
|
Requires: openssl-libs >= 0.9.8
|
|
|
|
Requires: openssl >= 0.9.8
|
|
|
|
Requires: perl(Config)
|
|
|
|
Requires: perl(Config)
|
|
|
|
Requires: perl(HTTP::Tiny)
|
|
|
|
Requires: perl(HTTP::Tiny)
|
|
|
|
Requires: perl(IO::Socket::INET)
|
|
|
|
|
|
|
|
Requires: perl(IO::Socket::IP) >= 0.31
|
|
|
|
# Use IO::Socket::IP for IPv6 support where available, else IO::Socket::INET6
|
|
|
|
Requires: perl(Socket) >= 1.95
|
|
|
|
%if 0%{?fedora} > 15 || 0%{?rhel} > 6
|
|
|
|
|
|
|
|
BuildRequires: perl(IO::Socket::IP) >= 0.20, perl(Socket) >= 1.95
|
|
|
|
|
|
|
|
Requires: perl(IO::Socket::IP) >= 0.20, perl(Socket) >= 1.95
|
|
|
|
|
|
|
|
%else
|
|
|
|
|
|
|
|
Requires: perl(IO::Socket::INET6) >= 2.62, perl(Socket6)
|
|
|
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# IDN back-ends: URI::_idna (from URI ≥ 1.50) is preferred
|
|
|
|
|
|
|
|
# but Net::IDN::Encode (next pref) and Net::LibIDN are also tested
|
|
|
|
|
|
|
|
BuildRequires: perl(Net::IDN::Encode)
|
|
|
|
|
|
|
|
BuildRequires: perl(Net::LibIDN)
|
|
|
|
|
|
|
|
%if 0%{?fedora:1} || 0%{?rhel} > 6
|
|
|
|
|
|
|
|
BuildRequires: perl(URI::_idna)
|
|
|
|
Requires: perl(URI::_idna)
|
|
|
|
Requires: perl(URI::_idna)
|
|
|
|
|
|
|
|
%else
|
|
|
|
|
|
|
|
Requires: perl(Net::IDN::Encode)
|
|
|
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
|
|
%description
|
|
|
|
%description
|
|
|
|
This module is a true drop-in replacement for IO::Socket::INET that
|
|
|
|
This module is a true drop-in replacement for IO::Socket::INET that
|
|
|
@ -85,33 +84,24 @@ mod_perl.
|
|
|
|
%prep
|
|
|
|
%prep
|
|
|
|
%setup -q -n IO-Socket-SSL-%{version}
|
|
|
|
%setup -q -n IO-Socket-SSL-%{version}
|
|
|
|
|
|
|
|
|
|
|
|
# Allow building with OpenSSL 1.1.1e as the Fedora package has the
|
|
|
|
|
|
|
|
# problematic EOF handling change reverted
|
|
|
|
|
|
|
|
%patch -P3
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Use system-wide default cipher list to support use of system-wide
|
|
|
|
# Use system-wide default cipher list to support use of system-wide
|
|
|
|
# crypto policy (#1076390, #1127577, CPAN RT#97816)
|
|
|
|
# crypto policy (#1076390, #1127577, CPAN RT#97816)
|
|
|
|
# https://fedoraproject.org/wiki/Changes/CryptoPolicy
|
|
|
|
# https://fedoraproject.org/wiki/Changes/CryptoPolicy
|
|
|
|
%patch -P0
|
|
|
|
%patch0
|
|
|
|
|
|
|
|
|
|
|
|
# Use system-default SSL version too
|
|
|
|
# Use system-default SSL version too
|
|
|
|
%patch -P1
|
|
|
|
%patch1
|
|
|
|
|
|
|
|
|
|
|
|
# Add a test for PHA
|
|
|
|
# Add a test for PHA
|
|
|
|
%patch -P2 -p1
|
|
|
|
%patch2 -p1
|
|
|
|
|
|
|
|
|
|
|
|
# Fixed test fail with OpenSSL 3.2
|
|
|
|
|
|
|
|
%patch -P4 -p1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
%build
|
|
|
|
%build
|
|
|
|
NO_NETWORK_TESTING=1 perl Makefile.PL \
|
|
|
|
NO_NETWORK_TESTING=1 perl Makefile.PL INSTALLDIRS=vendor
|
|
|
|
INSTALLDIRS=vendor \
|
|
|
|
make %{?_smp_mflags}
|
|
|
|
NO_PACKLIST=1 \
|
|
|
|
|
|
|
|
NO_PERLLOCAL=1
|
|
|
|
|
|
|
|
%{make_build}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
%install
|
|
|
|
%install
|
|
|
|
%{make_install}
|
|
|
|
make pure_install DESTDIR=%{buildroot}
|
|
|
|
|
|
|
|
find %{buildroot} -type f -name .packlist -delete
|
|
|
|
%{_fixperms} -c %{buildroot}
|
|
|
|
%{_fixperms} -c %{buildroot}
|
|
|
|
|
|
|
|
|
|
|
|
%check
|
|
|
|
%check
|
|
|
@ -119,7 +109,7 @@ make test
|
|
|
|
|
|
|
|
|
|
|
|
%files
|
|
|
|
%files
|
|
|
|
# GPL+ or Artistic
|
|
|
|
# GPL+ or Artistic
|
|
|
|
%doc BUGS Changes README docs/ example/
|
|
|
|
%doc BUGS Changes README docs/ certs/ example/
|
|
|
|
%dir %{perl_vendorlib}/IO/
|
|
|
|
%dir %{perl_vendorlib}/IO/
|
|
|
|
%dir %{perl_vendorlib}/IO/Socket/
|
|
|
|
%dir %{perl_vendorlib}/IO/Socket/
|
|
|
|
%dir %{perl_vendorlib}/IO/Socket/SSL/
|
|
|
|
%dir %{perl_vendorlib}/IO/Socket/SSL/
|
|
|
@ -135,170 +125,45 @@ make test
|
|
|
|
%{_mandir}/man3/IO::Socket::SSL::PublicSuffix.3*
|
|
|
|
%{_mandir}/man3/IO::Socket::SSL::PublicSuffix.3*
|
|
|
|
|
|
|
|
|
|
|
|
%changelog
|
|
|
|
%changelog
|
|
|
|
* Wed Jun 19 2024 Jitka Plesnikova <jplesnik@redhat.com> - 2.073-2
|
|
|
|
* Mon Nov 25 2019 Petr Pisar <ppisar@redhat.com> - 2.066-4
|
|
|
|
- Resolves: RHEL-40746 - Fixed test fail with OpenSSL 3.2
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Tue Jan 04 2022 Michal Josef Špaček <mspacek@redhat.com> - 2.073-1
|
|
|
|
|
|
|
|
- Update to 2.073, which has official support for OpenSSL 3.0.0
|
|
|
|
|
|
|
|
Related: rhbz#1968046
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.070-6
|
|
|
|
|
|
|
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
|
|
|
|
|
|
|
Related: rhbz#1991688
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.070-5
|
|
|
|
|
|
|
|
- Rebuilt for RHEL 9 BETA for openssl 3.0
|
|
|
|
|
|
|
|
Related: rhbz#1971065
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Tue Jun 08 2021 Michal Josef Špaček <mspacek@redhat.com> - 2.070-4
|
|
|
|
|
|
|
|
- Remove failing tests in openssl 3.0.0-alpha16. Related: rhbz#1968046
|
|
|
|
|
|
|
|
- Provisional for mass rebuild of openssl3.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.070-3
|
|
|
|
|
|
|
|
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Fri Mar 19 2021 Petr Pisar <ppisar@redhat.com> - 2.070-2
|
|
|
|
|
|
|
|
- Disable optional libidn tests on ELN
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Fri Feb 26 2021 Paul Howarth <paul@city-fan.org> - 2.070-1
|
|
|
|
|
|
|
|
- Update to 2.070
|
|
|
|
|
|
|
|
- Changed bugtracker in Makefile.PL to GitHub, away from obsolete rt.cpan.org
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.069-2
|
|
|
|
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Sat Jan 23 2021 Paul Howarth <paul@city-fan.org> - 2.069-1
|
|
|
|
|
|
|
|
- Update to 2.069
|
|
|
|
|
|
|
|
- IO::Socket::Utils CERT_asHash and CERT_create now support subject and
|
|
|
|
|
|
|
|
issuer with multiple same parts (like multiple OU); in this case an array
|
|
|
|
|
|
|
|
ref instead of a scalar is used as hash value (GH#95)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.068-3
|
|
|
|
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Tue Jun 23 2020 Jitka Plesnikova <jplesnik@redhat.com> - 2.068-2
|
|
|
|
|
|
|
|
- Perl 5.32 rebuild
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Tue Mar 31 2020 Paul Howarth <paul@city-fan.org> - 2.068-1
|
|
|
|
|
|
|
|
- Update to 2.068
|
|
|
|
|
|
|
|
- Treat OpenSSL 1.1.1e as broken and refuse to build with it in order to
|
|
|
|
|
|
|
|
prevent follow-up problems in tests and user code
|
|
|
|
|
|
|
|
https://github.com/noxxi/p5-io-socket-ssl/issues/93
|
|
|
|
|
|
|
|
https://github.com/openssl/openssl/issues/11388
|
|
|
|
|
|
|
|
https://github.com/openssl/openssl/issues/11378
|
|
|
|
|
|
|
|
- Update PublicSuffix with latest data from publicsuffix.org
|
|
|
|
|
|
|
|
- Patch out the refusal to build with OpenSSL 1.1.1e as the OpenSSL package in
|
|
|
|
|
|
|
|
Fedora has had the problematic EOF-handling change reverted
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Sat Mar 21 2020 Paul Howarth <paul@city-fan.org> - 2.067-2
|
|
|
|
|
|
|
|
- Fix FTBFS with OpenSSL 1.1.1e
|
|
|
|
|
|
|
|
https://github.com/noxxi/p5-io-socket-ssl/issues/93
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Sat Feb 15 2020 Paul Howarth <paul@city-fan.org> - 2.067-1
|
|
|
|
|
|
|
|
- Update to 2.067
|
|
|
|
|
|
|
|
- Fix memory leak on incomplete handshake (GH#92)
|
|
|
|
|
|
|
|
- Add support for SSL_MODE_RELEASE_BUFFERS via SSL_mode_release_buffers; this
|
|
|
|
|
|
|
|
can decrease memory usage at the costs of more allocations (CPAN RT#129463)
|
|
|
|
|
|
|
|
- More detailed error messages when loading of certificate file failed (GH#89)
|
|
|
|
|
|
|
|
- Fix for ip_in_cn == 6 in verify_hostname scheme (CPAN RT#131384)
|
|
|
|
|
|
|
|
- Deal with new MODE_AUTO_RETRY default in OpenSSL 1.1.1
|
|
|
|
|
|
|
|
- Fix warning when no ecdh support is available
|
|
|
|
|
|
|
|
- Documentation update regarding use of select and TLS 1.3
|
|
|
|
|
|
|
|
- Various fixes in documentation (GH#81, GH#87, GH#90, GH#91)
|
|
|
|
|
|
|
|
- Stability fix for t/core.t
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.066-8
|
|
|
|
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Mon Nov 25 2019 Petr Pisar <ppisar@redhat.com> - 2.066-7
|
|
|
|
|
|
|
|
- Default to PROFILE=SYSTEM cipher list (bug #1775167)
|
|
|
|
- Default to PROFILE=SYSTEM cipher list (bug #1775167)
|
|
|
|
|
|
|
|
|
|
|
|
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.066-6
|
|
|
|
* Wed Jun 26 2019 Paul Howarth <paul@city-fan.org> - 2.066-3
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
|
|
|
- PublicSuffix.pm is licensed MPLv2.0 (#1724434)
|
|
|
|
|
|
|
|
|
|
|
|
* Thu Jun 27 2019 Paul Howarth <paul@city-fan.org> - 2.066-5
|
|
|
|
* Mon Jun 17 2019 Petr Pisar <ppisar@redhat.com> - 2.066-2
|
|
|
|
- Runtime openssl dependency should be on openssl-libs
|
|
|
|
- Skip a PHA test if Net::SSLeay does not expose the PHA (bug #1633636)
|
|
|
|
- Always require preferred IPv6 back-end: IO::Socket::IP ≥ 0.31
|
|
|
|
|
|
|
|
- Always require preferred IDN back-end: URI::_idna
|
|
|
|
|
|
|
|
- Modernize spec using %%{make_build} and %%{make_install}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Wed Jun 26 2019 Paul Howarth <paul@city-fan.org> - 2.066-4
|
|
|
|
* Thu Jun 13 2019 Petr Pisar <ppisar@redhat.com> - 2.066-1
|
|
|
|
- PublicSuffix.pm is licensed MPLv2.0 (#1724169)
|
|
|
|
- Update to 2.066 (bug #1632600)
|
|
|
|
|
|
|
|
|
|
|
|
* Mon Jun 17 2019 Petr Pisar <ppisar@redhat.com> - 2.066-3
|
|
|
|
* Thu Feb 07 2019 Petr Pisar <ppisar@redhat.com> - 2.060-3
|
|
|
|
- Skip a PHA test if Net::SSLeay does not expose the PHA (bug #1632660)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Fri May 31 2019 Jitka Plesnikova <jplesnik@redhat.com> - 2.066-2
|
|
|
|
|
|
|
|
- Perl 5.30 rebuild
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Wed Mar 6 2019 Paul Howarth <paul@city-fan.org> - 2.066-1
|
|
|
|
|
|
|
|
- Update to 2.066
|
|
|
|
|
|
|
|
- Make sure that Net::SSLeay::CTX_get0_param is defined before using
|
|
|
|
|
|
|
|
X509_V_FLAG_PARTIAL_CHAIN; Net::SSLeay 1.85 defined only the second with
|
|
|
|
|
|
|
|
LibreSSL 2.7.4 but not the first (CPAN RT#128716)
|
|
|
|
|
|
|
|
- Prefer AES for server side cipher default since it is usually
|
|
|
|
|
|
|
|
hardware-accelerated
|
|
|
|
|
|
|
|
- Fix test t/verify_partial_chain.t by using the newly exposed function
|
|
|
|
|
|
|
|
can_partial_chain instead of guessing (wrongly) if the functionality is
|
|
|
|
|
|
|
|
available
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Mon Mar 4 2019 Paul Howarth <paul@city-fan.org> - 2.064-1
|
|
|
|
|
|
|
|
- Update to 2.064
|
|
|
|
|
|
|
|
- Make algorithm for fingerprint optional, i.e. detect based on length of
|
|
|
|
|
|
|
|
fingerprint (CPAN RT#127773)
|
|
|
|
|
|
|
|
- Fix t/sessions.t and improve stability of t/verify_hostname.t on Windows
|
|
|
|
|
|
|
|
- Use CTX_set_ecdh_auto when needed (OpenSSL 1.0.2) if explicit curves are
|
|
|
|
|
|
|
|
set
|
|
|
|
|
|
|
|
- Update fingerprints for live tests
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Sat Mar 2 2019 Paul Howarth <paul@city-fan.org> - 2.063-1
|
|
|
|
|
|
|
|
- Update to 2.063
|
|
|
|
|
|
|
|
- Support for both RSA and ECDSA certificate on same domain
|
|
|
|
|
|
|
|
- Update PublicSuffix
|
|
|
|
|
|
|
|
- Refuse to build if Net::SSLeay is compiled with one version of OpenSSL but
|
|
|
|
|
|
|
|
then linked against another API-incompatible version (i.e. more than just
|
|
|
|
|
|
|
|
the patchlevel differs)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Mon Feb 25 2019 Paul Howarth <paul@city-fan.org> - 2.062-1
|
|
|
|
|
|
|
|
- Update to 2.062
|
|
|
|
|
|
|
|
- Enable X509_V_FLAG_PARTIAL_CHAIN if supported by Net::SSLeay (1.83+) and
|
|
|
|
|
|
|
|
OpenSSL (1.1.0+); this makes leaf certificates or intermediate certificates
|
|
|
|
|
|
|
|
in the trust store be usable as full trust anchors too
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Sat Feb 23 2019 Paul Howarth <paul@city-fan.org> - 2.061-1
|
|
|
|
|
|
|
|
- Update to 2.061
|
|
|
|
|
|
|
|
- Support for TLS 1.3 session reuse (needs Net::SSLeay ≥ 1.86); note that
|
|
|
|
|
|
|
|
the previous (and undocumented) API for the session cache has been changed
|
|
|
|
|
|
|
|
- Support for multiple curves, automatic setting of curves and setting of
|
|
|
|
|
|
|
|
supported curves in client (needs Net::SSLeay ≥ 1.86)
|
|
|
|
|
|
|
|
- Enable Post-Handshake-Authentication (TLSv1.3 feature) client-side when
|
|
|
|
|
|
|
|
client certificates are provided (needs Net::SSLeay ≥ 1.86)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Thu Feb 07 2019 Petr Pisar <ppisar@redhat.com> - 2.060-4
|
|
|
|
|
|
|
|
- Client sends a post-handshake-authentication extension if a client key and
|
|
|
|
- Client sends a post-handshake-authentication extension if a client key and
|
|
|
|
a certificate are available (bug #1632660)
|
|
|
|
a certificate are available (bug #1633636)
|
|
|
|
|
|
|
|
|
|
|
|
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.060-3
|
|
|
|
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Mon Sep 24 2018 Petr Pisar <ppisar@redhat.com> - 2.060-2
|
|
|
|
* Mon Sep 24 2018 Petr Pisar <ppisar@redhat.com> - 2.060-2
|
|
|
|
- Prevent tests from dying on SIGPIPE (CPAN RT#126899)
|
|
|
|
- Prevent tests from dying on SIGPIPE (bug #1610017)
|
|
|
|
|
|
|
|
|
|
|
|
* Mon Sep 17 2018 Paul Howarth <paul@city-fan.org> - 2.060-1
|
|
|
|
* Mon Sep 17 2018 Paul Howarth <paul@city-fan.org> - 2.060-1
|
|
|
|
- Update to 2.060
|
|
|
|
- Update to 2.060 (bug #1610017)
|
|
|
|
- Support for TLS 1.3 with OpenSSL 1.1.1 (needs Net::SSLeay ≥ 1.86); see
|
|
|
|
- Support for TLS 1.3 with OpenSSL 1.1.1 (needs Net::SSLeay ≥ 1.86); see
|
|
|
|
also CPAN RT#126899
|
|
|
|
also CPAN RT#126899
|
|
|
|
- TLS 1.3 support is not complete yet for session reuse
|
|
|
|
- TLS 1.3 support is not complete yet for session reuse
|
|
|
|
|
|
|
|
|
|
|
|
* Tue Aug 21 2018 Petr Pisar <ppisar@redhat.com> - 2.059-2
|
|
|
|
* Tue Aug 21 2018 Petr Pisar <ppisar@redhat.com> - 2.059-2
|
|
|
|
- Adapt to OpenSSL 1.1.1, it requires patched Net-SSLeay (bug #1616198)
|
|
|
|
- Adapt to OpenSSL 1.1.1, it requires patched Net-SSLeay (bug #1610017)
|
|
|
|
|
|
|
|
- Enable tests (bug #1610017)
|
|
|
|
|
|
|
|
|
|
|
|
* Thu Aug 16 2018 Paul Howarth <paul@city-fan.org> - 2.059-1
|
|
|
|
* Thu Aug 16 2018 Paul Howarth <paul@city-fan.org> - 2.059-1
|
|
|
|
- Update to 2.059
|
|
|
|
- Update to 2.059 (bug #1610017)
|
|
|
|
- Fix memory leak when CRLs are used (CPAN RT#125867)
|
|
|
|
- Fix memory leak when CRLs are used (CPAN RT#125867)
|
|
|
|
- Fix memory leak when using stop_SSL and threads
|
|
|
|
- Fix memory leak when using stop_SSL and threads
|
|
|
|
(https://rt.cpan.org/Ticket/Display.html?id=125867#txn-1797132)
|
|
|
|
(https://rt.cpan.org/Ticket/Display.html?id=125867#txn-1797132)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Sat Aug 11 2018 Troy Dawson <tdawson@redhat.com>
|
|
|
|
|
|
|
|
- Disable %%check so package will build for Mass Rebuild
|
|
|
|
|
|
|
|
- Related: bug#1614611
|
|
|
|
|
|
|
|
|
|
|
|
* Thu Jul 19 2018 Paul Howarth <paul@city-fan.org> - 2.058-1
|
|
|
|
* Thu Jul 19 2018 Paul Howarth <paul@city-fan.org> - 2.058-1
|
|
|
|
- Update to 2.058
|
|
|
|
- Update to 2.058
|
|
|
|
- Fix memory leak that occurred with explicit stop_SSL in connection with
|
|
|
|
- Fix memory leak that occurred with explicit stop_SSL in connection with
|