Name: perl-IO-Socket-SSL Version: 1.975 Release: 1%{?dist} Summary: Perl library for transparent SSL Group: Development/Libraries License: GPL+ or Artistic URL: http://search.cpan.org/dist/IO-Socket-SSL/ Source0: http://search.cpan.org/CPAN/authors/id/S/SU/SULLR/IO-Socket-SSL-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu) BuildArch: noarch BuildRequires: openssl >= 0.9.8 BuildRequires: perl(Carp) BuildRequires: perl(constant) BuildRequires: perl(Data::Dumper) BuildRequires: perl(Exporter) BuildRequires: perl(ExtUtils::MakeMaker) >= 6.46 BuildRequires: perl(IO::Select) BuildRequires: perl(IO::Socket) BuildRequires: perl(IO::Socket::INET) BuildRequires: perl(IO::Socket::INET6) >= 2.62 BuildRequires: perl(Net::LibIDN) BuildRequires: perl(Net::SSLeay) >= 1.46 BuildRequires: perl(Scalar::Util) BuildRequires: perl(Socket) BuildRequires: perl(Socket6) BuildRequires: perl(Test::More) BuildRequires: procps # Use IO::Socket::IP for IPv6 support where available, else IO::Socket::INET6 %if 0%{?fedora} > 15 || 0%{?rhel} > 6 BuildRequires: perl(IO::Socket::IP) >= 0.20, perl(Socket) >= 1.95 Requires: perl(IO::Socket::IP) >= 0.20, perl(Socket) >= 1.95 %else Requires: perl(IO::Socket::INET6) >= 2.62, perl(Socket6) %endif Requires: perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version)) Requires: perl(Net::LibIDN) Requires: openssl >= 0.9.8 %description This module is a true drop-in replacement for IO::Socket::INET that uses SSL to encrypt data before it is transferred to a remote server or client. IO::Socket::SSL supports all the extra features that one needs to write a full-featured SSL client or server application: multiple SSL contexts, cipher selection, certificate verification, and SSL version selection. As an extra bonus, it works perfectly with mod_perl. %prep %setup -q -n IO-Socket-SSL-%{version} %build echo n | perl Makefile.PL INSTALLDIRS=vendor make %{?_smp_mflags} %install rm -rf %{buildroot} make pure_install DESTDIR=%{buildroot} find %{buildroot} -type f -name .packlist -exec rm -f {} ';' %{_fixperms} %{buildroot} %check make test %clean rm -rf %{buildroot} %files %doc BUGS Changes README docs/ certs/ example/ util/ %{perl_vendorlib}/IO/ %{_mandir}/man3/IO::Socket::SSL.3pm* %{_mandir}/man3/IO::Socket::SSL::Intercept.3pm* %{_mandir}/man3/IO::Socket::SSL::Utils.3pm* %changelog * Wed Apr 2 2014 Paul Howarth - 1.975-1 - Update to 1.975 - BEHAVIOR CHANGE: work around TEA misfeature on OS X built-in openssl, e.g. guarantee that only the explicitly-given CA or the openssl default CA will be used; this means that certificates inside the OS X keyring will no longer be used, because there is no way to control the use by openssl (e.g. certificate pinning etc.) - Make external tests run by default to make sure default CA works on all platforms; it skips automatically on network problems like timeouts or SSL interception, and can also use http(s)_proxy environment variables * Wed Apr 2 2014 Paul Howarth - 1.974-1 - Update to 1.974 - New function peer_certificates to get the whole certificate chain; needs Net::SSLeay ≥ 1.58 - Extended IO::Socket::Utils::CERT_asHash to provide way more information, like issuer information, cert and pubkey digests, all extensions, CRL distribution points and OCSP uri * Wed Mar 26 2014 Paul Howarth - 1.973-1 - Update to 1.973 - With SSL_ca, certificate handles can now be used in addition to SSL_ca_file and SSL_ca_path - No longer complain if SSL_ca_file and SSL_ca_path are both given; instead, add both as options to the CA store - Shortcut 'issuer' to give both issuer_cert and issuer_key in CERT_create * Sun Mar 23 2014 Paul Howarth - 1.972-1 - Update to 1.972 - Make sure t/external/usable_ca.t works also with older openssl without support for SNI (CPAN RT#94117) * Sat Mar 22 2014 Paul Howarth - 1.971-1 - Update to 1.971 - Try to use SSL_hostname for hostname verification if no SSL_verifycn_name is given; this way, hostname for SNI and verification can be specified in one step - New test program example/simulate_proxy.pl * Wed Mar 19 2014 Paul Howarth - 1.970-1 - Update to 1.970 - Make sure sub default_ca uses a local $_ and not a version of an outer scope that might be read-only (CPAN RT#93987) * Sun Mar 16 2014 Paul Howarth - 1.969-1 - Update to 1.969 - Fix set_defaults to match documentation regarding short names - New function set_args_filter_hack to make it possible to override bad SSL settings from other code at the last moment - Determine default_ca on module load (and not on first use in each thread) - Don't try default hostname verification if verify_mode 0 - Fix hostname verification when reusing context * Thu Mar 13 2014 Paul Howarth - 1.968-1 - Update to 1.968 - BEHAVIOR CHANGE: removed implicit defaults of certs/server-{cert,key}.pem for SSL_{cert,key}_file and ca/,certs/my-ca.pem for SSL_ca_file; these defaults were deprecated since 1.951 (July 2013) - Usable CA verification path on Windows etc.: - Do not use Net::SSLeay::CTX_set_default_verify_paths any longer to set system/build dependent default verification path, because there was no way to retrieve these default values and check if they contained usable CA - Instead, re-implement the same algorithm and export the results with public function default_ca() and make it possible to overwrite it - Also check for usable verification path during build; if no usable path is detected, require Mozilla::CA at build and try to use it at runtime * Fri Feb 7 2014 Paul Howarth - 1.967-1 - Update to 1.967 - Verify the hostname inside a certificate by default with a superset of common verification schemes instead of not verifying identity at all; for now it will only complain if name verification failed but in the future it will fail certificate verification, forcing you to set the expected SSL_verifycn_name if you want to accept the certificate - New option SSL_fingerprint and new methods get_fingerprint and get_fingerprint_bin; together they can be used to selectively accept specific certificates that would otherwise fail verification, like self-signed, outdated or from unknown CAs - Utils: - Default RSA key length 2048 - Digest algorithm to sign certificate in CERT_create can be given; defaults to SHA-256 - CERT_create can now issue non-CA self-signed certificate - CERT_create add some more useful constraints to certificate - Spelling fixes * Wed Jan 22 2014 Paul Howarth - 1.966-1 - Update to 1.966 - Fixed bug introduced in 1.964 - disabling TLSv1_2 no longer worked by specifying !TLSv12; only !TLSv1_2 worked - Fixed leak of session objects in SessionCache, if another session replaced an existing session (introduced in 1.965) * Fri Jan 17 2014 Paul Howarth - 1.965-1 - Update to 1.965 - New key SSL_session_key to influence how sessions are inserted and looked up in the client's session cache, which makes it possible to share sessions over different ip:host (as is required with some FTPS servers) - t/core.t - handle case where default loopback source is not 127.0.0.1, like in FreeBSD jails * Wed Jan 15 2014 Paul Howarth - 1.964-1 - Update to 1.964 - Disabling TLSv1_1 did not work, because the constant was wrong; now it gets the constants from calling Net::SSLeay::SSL_OP_NO_TLSv1_1 etc. - The new syntax for the protocols is TLSv1_1 instead of TLSv11, which matches the syntax from OpenSSL (the old syntax continues to work in SSL_version) - New functions get_sslversion and get_sslversion_int, which get the SSL version of the established session as string or int - Disable t/io-socket-inet6.t if Acme::Override::INET is installed * Tue Jan 14 2014 Paul Howarth - 1.963-1 - Update to 1.963 - Fix behavior of stop_SSL: for blocking sockets it now enough to call it once, for non-blocking it should be called again as long as EAGAIN and SSL_ERROR is set to SSL_WANT_(READ|WRITE) - Don't call blocking if start_SSL failed and downgraded socket has no blocking method - Documentation enhancements: - Special section for differences to IO::Socket - Describe problem with blocking accept on non-blocking socket - Describe arguments to new_from_fd and make clear that for upgrading an existing IO::Socket, start_SSL should be used directly * Thu Nov 28 2013 Paul Howarth - 1.962-1 - Update to 1.962 - Work around problems with older F5 BIG-IP by offering fewer ciphers on the client side by default, so that the client hello stays below 255 bytes * Tue Nov 26 2013 Paul Howarth - 1.961-1 - Update to 1.961 - IO::Socket::SSL::Utils::CERT_create can now create CA-certificates that are not self-signed (by giving issuer_*) * Wed Nov 13 2013 Paul Howarth - 1.960-1 - Update to 1.960 - Only documentation enhancements: - Clarify with text and example code, that within event loops not only select/poll should be used, but also pending has to be called - Better introduction into SSL; at least mention anonymous authentication as something you don't want and should take care with the right cipher - Make it more clear that it's better not to change the cipher list unless you really know what you're doing - Adopt upstream's versioning scheme * Tue Nov 12 2013 Paul Howarth - 1.95.9-1 - Update to 1.959 - Fix test t/core.t for Windows * Mon Nov 11 2013 Paul Howarth - 1.95.8-1 - Update to 1.958 Lots of behavior changes for more secure defaults: - BEHAVIOR CHANGE: make default cipher list more secure, especially: - No longer support MD5 by default (broken) - No longer support anonymous authentication by default (vulnerable to man in the middle attacks) - Prefer ECDHE/DHE ciphers and add necessary ECDH curve and DH keys, so that it uses by default forward secrecy, if underlying Net::SSLeay/openssl supports it - Move RC4 to the end, i.e. 3DES is preferred (BEAST attack should hopefully have been fixed and now RC4 is considered less safe than 3DES) - Default SSL_honor_cipher_order to 1, e.g. when used as server it tries to get the best cipher even if the client prefers other ciphers; PLEASE NOTE that this might break connections with older, less secure implementations, in which case revert to 'ALL:!LOW:!EXP:!aNULL' or so - BEHAVIOR CHANGE: SSL_cipher_list now gets set on context, not SSL object, and thus gets reused if context gets reused; PLEASE NOTE that using SSL_cipher_list together with SSL_reuse_ctx no longer has any effect on the ciphers of the context - Rework hostname verification schemes: - Add RFC names as scheme (e.g. 'rfc2818', ...) - Add SIP, SNMP, syslog, netconf, GIST - BEHAVIOR CHANGE: fix SMTP - now accept wildcards in CN and subjectAltName - BEHAVIOR CHANGE: fix IMAP, POP3, ACAP, NNTP - now accept wildcards in CN - BEHAVIOR CHANGE: anywhere wildcards like www* now match only 'www1', 'www2' etc. but not 'www' - Anywhere wildcards like x* are no longer applied to IDNA names (which start with 'xn--') - Fix crash of Utils::CERT_free - Support TLSv11, TLSv12 as handshake protocols - Fixed t/core.t: test used cipher_list of HIGH, which includes anonymous authorization; with the DH param given by default since 1.956, old versions of openssl (like 0.9.8k) used cipher ADH-AES256-SHA (e.g. anonymous authorization) instead of AES256-SHA and thus the check for the peer certificate failed (because ADH does not exchange certificates) - fixed by explicitly specifying HIGH:!aNULL as cipher (CPAN RT#90221) - Cleaned up tests: - Remove ssl_settings.req and 02settings.t, because all tests now create a simple socket at 127.0.0.1 and thus global settings are no longer needed - Some tests did not have use strict(!); fixed it - Removed special handling for older Net::SSLeay versions that are less than our minimum requirement - Some syntax enhancements: removed some SSL_version and SSL_cipher_list options where they were not really needed - Cleanup: remove workaround for old IO::Socket::INET6 but instead require at least version 2.55 which is now 5 years old - Fix t/session.t to work with older openssl versions (CPAN RT#90240) * Fri Oct 11 2013 Paul Howarth - 1.95.5-1 - Update to 1.955 - Support for perfect forward secrecy using ECDH, if the Net::SSLeay version supports it * Sun Sep 15 2013 Paul Howarth - 1.95.4-1 - Update to 1.954 - Accept older versions of ExtUtils::MakeMaker and add meta information like link to repository only for newer versions * Sat Aug 03 2013 Fedora Release Engineering - 1.95.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Mon Jul 22 2013 Petr Pisar - 1.95.3-2 - Perl 5.18 rebuild * Mon Jul 22 2013 Paul Howarth - 1.95.3-1 - Update to 1.953 - Precedence fixes for IO::Socket::SSL::Utils (CPAN RT#87052) * Fri Jul 12 2013 Paul Howarth - 1.95.2-1 - Update to 1.952 - Fix t/acceptSSL-timeout.t on Win32 (CPAN RT#86862) * Wed Jul 3 2013 Paul Howarth - 1.95.1-1 - Update to 1.951 (1.950) - MAJOR BEHAVIOR CHANGE: - ssl_verify_mode now defaults to verify_peer for client - Previously it used verify_none, but loudly complained since 1.79 about it - It will not complain any longer, but the connection will probably fail - Please don't simply disable ssl verification; instead, set SSL_ca_file etc. so that verification succeeds! - MAJOR BEHAVIOR CHANGE: - It will now complain if the built-in defaults of certs/my-ca.pem or ca/ for CA and certs/{server,client}-{key,cert}.pem for cert and key are used, i.e. no certificates are specified explicitly - In the future these insecure (relative path!) defaults will be removed and the CA replaced with the system defaults (1.951) - Use Net::SSLeay::SSL_CTX_set_default_verify_paths to use openssl's built-in defaults for CA unless CA path/file was given (or IO::Socket::SSL built-ins used) * Sat Jun 1 2013 Paul Howarth - 1.94-1 - Update to 1.94 - Makefile.PL reported wrong version of openssl if Net::SSLeay was not installed, instead of reporting a missing dependency of Net::SSLeay * Fri May 31 2013 Paul Howarth - 1.93-1 - Update to 1.93 - Need at least OpenSSL version 0.9.8 now, since last 0.9.7 was released 6 years ago; remove code to work around older releases - Changed AUTHOR in Makefile.PL from array back to string, because the array feature is not available in MakeMaker shipped with 5.8.9 (CPAN RT#85739) - Set openssl version requirement to 0.9.8 - Drop ExtUtils::MakeMaker version requirement back to 6.46 * Thu May 30 2013 Paul Howarth - 1.92-1 - Update to 1.92 - Intercept: use sha1-fingerprint of original cert for id into cache unless otherwise given - Fix pod error in IO::Socket::SSL::Utils (CPAN RT#85733) * Thu May 30 2013 Paul Howarth - 1.91-1 - Update to 1.91 - Added IO::Socket::SSL::Utils for easier manipulation of certificates and keys - Moved SSL interception into IO::Socket::SSL::Intercept and simplified it using IO::Socket::SSL::Utils - Enhance meta information in Makefile.PL - Bump openssl version requirement to 0.9.8a - Need at least version 6.58 of ExtUtils::MakeMaker (CPAN RT#85739) * Wed May 29 2013 Paul Howarth - 1.90-1 - Update to 1.90 - Support more digests, especially SHA-2 (CPAN RT#85290) - Added support for easy SSL interception (man in the middle) based on ideas found in mojo-mitm proxy - Make 1.46 the minimal required version for Net::SSLeay, because it introduced lots of useful functions - BR:/R: openssl ≥ 0.9.7e for P_ASN1_TIME_(get,set)_isotime in Net::SSLeay * Tue May 14 2013 Paul Howarth - 1.89-1 - Update to 1.89 - If IO::Socket::IP is used it should be at least version 0.20; otherwise we get problems with HTTP::Daemon::SSL and maybe others (CPAN RT#81932) - Spelling corrections * Thu May 2 2013 Paul Howarth - 1.88-1 - Update to 1.88 - Consider a value of '' the same as undef for SSL_ca_(path|file), SSL_key* and SSL_cert* - some apps like Net::LDAP use it that way * Wed Apr 24 2013 Paul Howarth - 1.87-1 - Update to 1.87 - Complain if given SSL_(key|cert|ca)_(file|path) do not exist or if they are not readable (CPAN RT#84829) - Fix use of SSL_key|SSL_file objects instead of files, broken with 1.83 * Wed Apr 17 2013 Paul Howarth - 1.86-1 - Update to 1.86 - Don't warn about SSL_verify_mode when re-using an existing SSL context (CPAN RT#84686) * Mon Apr 15 2013 Paul Howarth - 1.85-1 - Update to 1.85 - Probe for available modules with local __DIE__ and __WARN__handlers (CPAN RT#84574) - Fix warning, when IO::Socket::IP is installed and inet6 support gets explicitly requested (CPAN RT#84619) * Sat Feb 16 2013 Paul Howarth - 1.84-1 - Update to 1.84 - Disabled client side SNI for openssl version < 1.0.0 because of CPAN RT#83289 - Added functions can_client_sni, can_server_sni and can_npn to check availability of SNI and NPN features - Added more documentation for SNI and NPN * Thu Feb 14 2013 Paul Howarth - 1.83-2 - Update to 1.831 - Separated documentation of non-blocking I/O from error handling - Changed and documented behavior of readline to return the read data on EAGAIN/EWOULDBLOCK in case of non-blocking socket (see https://github.com/noxxi/p5-io-socket-ssl/issues/1) - Bumped release rather than version number to preserve likely upgrade path and avoid need for epoch or version number ugliness; may revisit this in light of upstream's future version numbering decisions * Mon Feb 4 2013 Paul Howarth - 1.83-1 - Update to 1.83 - Server Name Indication (SNI) support on the server side (CPAN RT#82761) - Reworked part of the documentation, like providing better examples * Mon Jan 28 2013 Paul Howarth - 1.82-1 - Update to 1.82 - sub error sets $SSL_ERROR etc. only if there really is an error; otherwise it will keep the latest error, which allows IO::Socket::SSL->new to report the correct problem, even if the problem is deeper in the code (like in connect) - Correct spelling (CPAN RT#82790) * Thu Dec 6 2012 Paul Howarth - 1.81-1 - Update to 1.81 - Deprecated set_ctx_defaults; new name is set_defaults (the old name is still available) - Changed handling of default path for SSL_(ca|cert|key)* keys: if one of these keys is user defined, don't add defaults for the others, i.e. don't mix user settings and defaults - Cleaner handling of module defaults vs. global settings vs. socket specific settings; global and socket specific settings are both provided by the user, while module defaults are not - Make IO::Socket::INET6 and IO::Socket::IP specific tests both run, even if both modules are installed, by faking a failed load of the other module - BR: perl(IO::Socket::INET6) and perl(Socket6) unconditionally * Fri Nov 30 2012 Paul Howarth - 1.80-1 - Update to 1.80 - Removed some warnings in test (missing SSL_verify_mode => 0), which caused tests to hang on Windows (CPAN RT#81493) * Sun Nov 25 2012 Paul Howarth - 1.79-1 - Update to 1.79 - Use getnameinfo instead of unpack_sockaddr_in6 to get PeerAddr and PeerPort from sockaddr in _update_peer, because this provides scope too - Work around systems that don't define AF_INET6 (CPAN RT#81216) - Prepare transition to a more secure default for SSL_verify_mode; the use of the current default SSL_VERIFY_NONE will cause a big warning for clients, unless SSL_verify_mode was explicitly set inside the application to this insecure value (in the near future the default will be SSL_VERIFY_PEER, and thus causing verification failures in unchanged applications) * Thu Nov 15 2012 Petr Šabata - 1.77-2 - Added some missing build dependencies * Fri Oct 5 2012 Paul Howarth - 1.77-1 - Update to 1.77 - support _update_peer for IPv6 too (CPAN RT#79916) * Fri Jul 20 2012 Fedora Release Engineering - 1.76-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Thu Jun 28 2012 Petr Pisar - 1.76-2 - Perl 5.16 rebuild * Mon Jun 18 2012 Paul Howarth - 1.76-1 - Update to 1.76 - add support for IO::Socket::IP, which supports inet6 and inet4 (CPAN RT#75218) - fix documentation errors (CPAN RT#77690) - made it possible to explicitly disable TLSv11 and TLSv12 in SSL_version - use inet_pton from either Socket.pm 1.95 or Socket6.pm - Use IO::Socket::IP for IPv6 support where available, else IO::Socket::INET6 - Add runtime dependency for appropriate IPv6 support module so that we can ensure that we run at runtime what we tested with at build time * Thu Jun 14 2012 Petr Pisar - 1.74-2 - Perl 5.16 rebuild * Mon May 14 2012 Paul Howarth - 1.74-1 - Update to 1.74 - accept a version of SSLv2/3 as SSLv23, because older documentation could be interpreted like this * Fri May 11 2012 Paul Howarth - 1.73-1 - Update to 1.73 - set DEFAULT_CIPHER_LIST to ALL:!LOW instead of HIGH:!LOW - make test t/dhe.t hopefully work with more versions of openssl * Wed May 9 2012 Paul Howarth - 1.71-1 - Update to 1.71 - 1.70 done right: don't disable SSLv2 ciphers; SSLv2 support is better disabled by the default SSL_version of 'SSLv23:!SSLv2' * Tue May 8 2012 Paul Howarth - 1.70-1 - Update to 1.70 - make it possible to disable protocols using SSL_version, and make SSL_version default to 'SSLv23:!SSLv2' * Tue May 8 2012 Paul Howarth - 1.69-1 - Update to 1.69 (changes for CPAN RT#76929) - if no explicit cipher list is given, default to ALL:!LOW instead of the openssl default, which usually includes weak ciphers like DES - new config key SSL_honor_cipher_order and document how to use it to fight BEAST attack - fix behavior for empty cipher list (use default) - re-added workaround in t/dhe.t * Mon Apr 16 2012 Paul Howarth - 1.66-1 - Update to 1.66 - make it thread safer (CPAN RT#76538) * Mon Apr 16 2012 Paul Howarth - 1.65-1 - Update to 1.65 - added NPN (Next Protocol Negotiation) support (CPAN RT#76223) * Sat Apr 7 2012 Paul Howarth - 1.64-1 - Update to 1.64 - ignore die from within eval to make tests more stable on Win32 (CPAN RT#76147) - clarify some behavior regarding hostname verification - Drop patch for t/dhe.t, no longer needed * Wed Mar 28 2012 Paul Howarth - 1.62-1 - Update to 1.62 - small fix to last version * Tue Mar 27 2012 Paul Howarth - 1.61-1 - Update to 1.61 - call CTX_set_session_id_context so that server's session caching works with client certificates too (CPAN RT#76053) * Tue Mar 20 2012 Paul Howarth - 1.60-1 - Update to 1.60 - don't make blocking readline if socket was set nonblocking, but return as soon no more data are available (CPAN RT#75910) - fix BUG section about threading so that it shows package as thread safe as long as Net::SSLeay ≥ 1.43 is used (CPAN RT#75749) - BR: perl(constant), perl(Exporter) and perl(IO::Socket) * Thu Mar 8 2012 Paul Howarth - 1.59-1 - Update to 1.59 - if SSLv2 is not supported by Net::SSLeay set SSL_ERROR with useful message when attempting to use it - modify constant declarations so that 5.6.1 should work again - Drop %%defattr, redundant since rpm 4.4 * Mon Feb 27 2012 Paul Howarth - 1.58-1 - Update to 1.58 - fix t/dhe.t for openssl 1.0.1 beta by forcing TLSv1, so that it does not complain about the too small RSA key, which it should not use anyway; this workaround is not applied for older openssl versions, where it would cause failures (CPAN RT#75165) - Add patch to fiddle the openssl version number in the t/dhe.t workaround because the OPENSSL_VERSION_NUMBER cannot be trusted in Fedora - One buildreq per line for readability - Drop redundant buildreq perl(Test::Simple) - Always run full test suite * Wed Feb 22 2012 Paul Howarth - 1.56-1 - Update to 1.56 - add automatic or explicit (via SSL_hostname) SNI support, needed for multiple SSL hostnames with the same IP (currently only supported for the client) - Use DESTDIR rather than PERL_INSTALL_ROOT - No need to delete empty directories from buildroot * Mon Feb 20 2012 Paul Howarth - 1.55-1 - Update to 1.55 - work around IO::Socket's work around for systems returning EISCONN etc. on connect retry for non-blocking sockets by clearing $! if SUPER::connect returned true (CPAN RT#75101) * Wed Jan 11 2012 Paul Howarth - 1.54-1 - Update to 1.54 - return 0 instead of undef in SSL_verify_callback to fix uninitialized warnings (CPAN RT#73629) * Mon Dec 12 2011 Paul Howarth - 1.53-1 - Update to 1.53 - kill child in t/memleak_bad_handshake.t if test fails (CPAN RT#73146) * Wed Dec 7 2011 Paul Howarth - 1.52-1 - Update to 1.52 - fix for t/nonblock.t hangs on AIX (CPAN RT#72305) - disable t/memleak_bad_handshake.t on AIX, because it might hang (CPAN RT#72170) - fix syntax error in t/memleak_bad_handshake.t * Fri Oct 28 2011 Paul Howarth - 1.49-1 - Update to 1.49 - another regression for readline fix: this time it failed to return lines at EOF that don't end with newline - extended t/readline.t to catch this case and the fix for 1.48 * Wed Oct 26 2011 Paul Howarth - 1.48-1 - Update to 1.48 - further fix for readline fix in 1.45: if the pending data were false (like '0'), it failed to read the rest of the line (CPAN RT#71953) * Fri Oct 21 2011 Paul Howarth - 1.47-1 - Update to 1.47 - fix for 1.46 - check for mswin32 needs to be /i * Tue Oct 18 2011 Paul Howarth - 1.46-1 - Update to 1.46 - skip signals test on Windows * Thu Oct 13 2011 Paul Howarth - 1.45-1 - Update to 1.45 - fix readline to continue when getting interrupt waiting for more data - BR: perl(Carp) * Tue Jul 19 2011 Petr Sabata - 1.44-2 - Perl mass rebuild * Fri May 27 2011 Paul Howarth - 1.44-1 - Update to 1.44 - fix invalid call to inet_pton in verify_hostname_of_cert when identity should be verified as ipv6 address because it contains a colon * Wed May 11 2011 Paul Howarth - 1.43-1 - Update to 1.43 - add SSL_create_ctx_callback to have a way to adjust context on creation (CPAN RT#67799) - describe problem of fake memory leak because of big session cache and how to fix it (CPAN RT#68073) - fix t/nonblock.t - stability improvements for t/inet6.t * Tue May 10 2011 Paul Howarth - 1.41-1 - Update to 1.41 - fix issue in stop_SSL where it did not issue a shutdown of the SSL connection if it first received the shutdown from the other side - try to make t/nonblock.t more reliable, at least report the real cause of SSL connection errors - No longer need to re-code docs to UTF-8 * Mon May 2 2011 Paul Howarth - 1.40-1 - Update to 1.40 - fix in example/async_https_server - get IDN support from URI (CPAN RT#67676) - Nobody else likes macros for commands * Thu Mar 3 2011 Paul Howarth - 1.39-1 - Update to 1.39 - fixed documentation of http verification: wildcards in cn is allowed * Tue Feb 08 2011 Fedora Release Engineering - 1.38-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Tue Jan 18 2011 Paul Howarth - 1.38-1 - Update to 1.38 - fixed wildcards_in_cn setting for http, wrongly set in 1.34 to 1 instead of anywhere (CPAN RT#64864) * Fri Dec 10 2010 Paul Howarth - 1.37-1 - Update to 1.37 - don't complain about invalid certificate locations if user explicitly set SSL_ca_path and SSL_ca_file to undef: assume that user knows what they are doing and will work around the problems themselves (CPAN RT#63741) * Thu Dec 9 2010 Paul Howarth - 1.36-1 - Update to 1.36 - update documentation for SSL_verify_callback based on CPAN RT#63743 and CPAN RT#63740 * Mon Dec 6 2010 Paul Howarth - 1.35-1 - Update to 1.35 (addresses CVE-2010-4334) - if verify_mode is not VERIFY_NONE and the ca_file/ca_path cannot be verified as valid, it will no longer fall back to VERIFY_NONE but throw an error (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606058) * Tue Nov 2 2010 Paul Howarth - 1.34-1 - Update to 1.34 - schema http for certificate verification changed to wildcards_in_cn=1 - if upgrading socket from inet to ssl fails due to handshake problems, the socket gets downgraded back again but is still open (CPAN RT#61466) - deprecate kill_socket: just use close() * Sun May 02 2010 Marcela Maslanova - 1.33-2 - Mass rebuild with perl-5.12.0 * Wed Mar 17 2010 Paul Howarth - 1.33-1 - Update to 1.33 - attempt to make t/memleak_bad_handshake.t more stable - fix hostname checking: only check an IP against subjectAltName GEN_IPADD * Tue Feb 23 2010 Paul Howarth - 1.32-1 - Update to 1.32 (die in Makefile.PL if Scalar::Util has no dualvar support) - Use %%{_fixperms} macro instead of our own %%{__chmod} incantation * Mon Dec 7 2009 Stepan Kasal - 1.31-2 - Rebuild against perl 5.10.1 * Sun Sep 27 2009 Paul Howarth - 1.31-1 - Update to 1.31 (see Changes for details) * Thu Aug 20 2009 Paul Howarth - 1.30-1 - Update to 1.30 (fix memleak when SSL handshake failed) - Add buildreq procps needed for memleak test * Mon Jul 27 2009 Paul Howarth - 1.27-1 - Update to 1.27 - various regex fixes for i18n and service names - fix warnings from perl -w (CPAN RT#48131) - improve handling of errors from Net::ssl_write_all * Sat Jul 25 2009 Fedora Release Engineering - 1.26-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Sat Jul 4 2009 Paul Howarth - 1.26-1 - Update to 1.26 (verify_hostname_of_cert matched only the prefix for the hostname when no wildcard was given, e.g. www.example.org matched against a certificate with name www.exam in it [#509819]) * Fri Jul 3 2009 Paul Howarth - 1.25-1 - Update to 1.25 (fix t/nonblock.t for OS X 10.5 - CPAN RT#47240) * Thu Apr 2 2009 Paul Howarth - 1.24-1 - Update to 1.24 (add verify hostname scheme ftp, same as http) * Wed Feb 25 2009 Paul Howarth - 1.23-1 - Update to 1.23 (complain when no certificates are provided) * Sat Jan 24 2009 Paul Howarth - 1.22-1 - Update to latest upstream version: 1.22 * Thu Jan 22 2009 Paul Howarth - 1.20-1 - Update to latest upstream version: 1.20 * Tue Nov 18 2008 Paul Howarth - 1.18-1 - Update to latest upstream version: 1.18 - BR: perl(IO::Socket::INET6) for extra test coverage * Mon Oct 13 2008 Paul Howarth - 1.17-1 - Update to latest upstream version: 1.17 * Mon Sep 22 2008 Paul Howarth - 1.16-1 - Update to latest upstream version: 1.16 * Sat Aug 30 2008 Paul Howarth - 1.15-1 - Update to latest upstream version: 1.15 - Add buildreq and req for perl(Net::LibIDN) to avoid croaking when trying to verify an international name against a certificate * Wed Jul 16 2008 Paul Howarth - 1.14-1 - Update to latest upstream version: 1.14 - BuildRequire perl(Net::SSLeay) >= 1.21 * Wed Feb 27 2008 Tom "spot" Callaway - 1.12-4 - Rebuild for perl 5.10 (again) * Thu Jan 31 2008 Tom "spot" Callaway - 1.12-3 - Rebuild for new perl * Wed Nov 28 2007 Paul Howarth - 1.12-2 - Cosmetic spec changes suiting new maintainer's preferences * Fri Oct 26 2007 Robin Norwood - 1.12-1 - Update to latest upstream version: 1.12 - Fix license tag - Add BuildRequires for ExtUtils::MakeMaker and Test::Simple - Fix package review issues: - Source URL - Resolves: bz#226264 * Tue Oct 16 2007 Tom "spot" Callaway - 1.02-1.1 - Correct license tag - Add BR: perl(ExtUtils::MakeMaker) * Sat Dec 02 2006 Robin Norwood - 1.02-1 - Upgrade to latest CPAN version: 1.02 * Mon Sep 18 2006 Warren Togami - 1.01-1 - 1.01 bug fixes (#206782) * Sun Aug 13 2006 Warren Togami - 0.998-1 - 0.998 with more important fixes * Tue Aug 01 2006 Warren Togami - 0.994-1 - 0.994 important bugfixes (#200860) * Tue Jul 18 2006 Warren Togami - 0.991-1 - 0.991 * Wed Jul 12 2006 Warren Togami - 0.97-3 - Import into FC6 * Tue Feb 28 2006 Jose Pedro Oliveira - 0.97-2 - Rebuild for FC5 (perl 5.8.8). - Rebuild switch: "--with sessiontests". * Mon Jul 18 2005 Ville Skyttä - 0.97-1 - 0.97. - Convert docs to UTF-8, drop some unuseful ones. * Wed Apr 6 2005 Michael Schwendt - 0.96-4 - Rebuilt * Tue Oct 12 2004 Ville Skyttä - 0:0.96-3 - Disable session test suite even if Net::SSLeay >= 1.26 is available. * Wed Jul 7 2004 Ville Skyttä - 0:0.96-0.fdr.2 - Bring up to date with current fedora.us Perl spec template. - Include examples in docs. * Sat May 1 2004 Ville Skyttä - 0:0.96-0.fdr.1 - Update to 0.96. - Reduce directory ownership bloat. - Require perl(:MODULE_COMPAT_*). * Fri Oct 17 2003 Ville Skyttä - 0:0.95-0.fdr.1 - First build.