rpms/perl-Net-SSLeay
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import perl-Net-SSLeay-1.85-5.el8+1694+ef8073e1

Browse Source
This commit is contained in:
CentOS Sources 2019-06-11 12:17:24 -04:00 committed by Andrew Lukoshko
commit 0980ae2b6f
10 changed files with 2211 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
SOURCES/Net-SSLeay-1.85.tar.gz

1
.perl-Net-SSLeay.metadata Normal file
View File

@ -0,0 +1 @@
5f1c7b6ccac81efd5b78b1e076c694f96ca5c439 SOURCES/Net-SSLeay-1.85.tar.gz

63
SOURCES/Net-SSLeay-1.85-Adapt-CTX_get_min_proto_version-tests-to-system-wide.patch Normal file
View File

@ -0,0 +1,63 @@
From a00a70b7195438c543191b69382ff20e452548bf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Mon, 13 Aug 2018 12:33:58 +0200
Subject: [PATCH] Adapt CTX_get_min_proto_version tests to system-wide policy
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
In our distribution, /etc/crypto-policies/back-ends/opensslcnf.config
can override default minimal SSL/TLS protocol version. If it does,
t/local/09_ctx_new.t test will fail because OpenSSL will return
different then 0 value.
This patch parses the configuration file and adjusts expect values in
the test.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
t/local/09_ctx_new.t | 22 ++++++++++++++++++++--
1 file changed, 20 insertions(+), 2 deletions(-)
diff --git a/t/local/09_ctx_new.t b/t/local/09_ctx_new.t
index 6d06f21..c584856 100644
--- a/t/local/09_ctx_new.t
+++ b/t/local/09_ctx_new.t
@@ -109,14 +109,32 @@ else
# Having TLS_method() does not necessarily that proto getters are available
if ($ctx_tls && exists &Net::SSLeay::CTX_get_min_proto_version)
{
+ my $min_ver = 0;
+ # Adjust minimal version to system-wide crypto policy
+ if (open(my $f, '<', '/etc/crypto-policies/back-ends/opensslcnf.config')) {
+ while(<$f>) {
+ if (/^MinProtocol = ([\w.]+)\b/) {
+ if ($1 eq 'TLSv1') {
+ $min_ver = 0x0301;
+ } elsif ($1 eq 'TLSv1.1') {
+ $min_ver = 0x0302;
+ } elsif ($1 eq 'TLSv1.2') {
+ $min_ver = 0x0303;
+ } elsif ($1 eq 'TLSv1.3') {
+ $min_ver = 0x0304;
+ }
+ }
+ }
+ close($f);
+ }
my $ver;
$ver = Net::SSLeay::CTX_get_min_proto_version($ctx_tls);
- is($ver, 0, 'TLS_method CTX has automatic minimum version');
+ is($ver, $min_ver, 'TLS_method CTX has automatic minimum version');
$ver = Net::SSLeay::CTX_get_max_proto_version($ctx_tls);
is($ver, 0, 'TLS_method CTX has automatic maximum version');
$ver = Net::SSLeay::get_min_proto_version($ssl_tls);
- is($ver, 0, 'SSL from TLS_method CTX has automatic minimum version');
+ is($ver, $min_ver, 'SSL from TLS_method CTX has automatic minimum version');
$ver = Net::SSLeay::get_max_proto_version($ssl_tls);
is($ver, 0, 'SSL from TLS_method CTX has automatic maximum version');
--
2.14.4

237
SOURCES/Net-SSLeay-1.85-Adapt-to-OpenSSL-1.1.1.patch Normal file
View File

@ -0,0 +1,237 @@
From b01291bf88dd84529c93973da7c275e0ffe5cc1f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Fri, 3 Aug 2018 14:30:22 +0200
Subject: [PATCH] Adapt to OpenSSL 1.1.1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
OpenSSL 1.1.1 defaults to TLS 1.3 that handles session tickets and
session shutdowns differently. This leads to failing various Net-SSLeay
tests that exhibits use cases that are not possible with OpenSSL 1.1.1
anymore or where the library behaves differently.
Since Net-SSLeay is a low-level wrapper, Net-SSLeay will be corrected
in tests. Higher-level code as IO::Socket::SSL and other Net::SSLeay
applications need to be adjusted on case-to-case basis.
This patche changes:
- Retry SSL_read() and SSL_write() (by sebastian [...] breakpoint.cc)
- Disable session tickets in t/local/07_sslecho.t.
- Adaps t/local/36_verify.t to a session end when Net::SSLeay::read()
returns undef.
https://rt.cpan.org/Public/Bug/Display.html?id=125218
https://github.com/openssl/openssl/issues/5637
https://github.com/openssl/openssl/issues/6904
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
SSLeay.xs | 56 ++++++++++++++++++++++++++++++++++++++++++++++++----
lib/Net/SSLeay.pod | 46 ++++++++++++++++++++++++++++++++++++++++++
t/local/07_sslecho.t | 15 ++++++++++++--
t/local/36_verify.t | 2 +-
4 files changed, 112 insertions(+), 7 deletions(-)
diff --git a/SSLeay.xs b/SSLeay.xs
index bf148c0..5aed4d7 100644
--- a/SSLeay.xs
+++ b/SSLeay.xs
@@ -1999,7 +1999,17 @@ SSL_read(s,max=32768)
int got;
PPCODE:
New(0, buf, max, char);
- got = SSL_read(s, buf, max);
+
+ do {
+ int err;
+
+ got = SSL_read(s, buf, max);
+ if (got > 0)
+ break;
+ err = SSL_get_error(s, got);
+ if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE)
+ break;
+ } while (1);
/* If in list context, return 2-item list:
* first return value: data gotten, or undef on error (got<0)
@@ -2051,10 +2061,20 @@ SSL_write(s,buf)
SSL * s
PREINIT:
STRLEN len;
+ int err;
+ int ret;
INPUT:
char * buf = SvPV( ST(1), len);
CODE:
- RETVAL = SSL_write (s, buf, (int)len);
+ do {
+ ret = SSL_write (s, buf, (int)len);
+ if (ret > 0)
+ break;
+ err = SSL_get_error(s, ret);
+ if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE)
+ break;
+ } while (1);
+ RETVAL = ret;
OUTPUT:
RETVAL
@@ -2083,8 +2103,20 @@ SSL_write_partial(s,from,count,buf)
if (len < 0) {
croak("from beyound end of buffer");
RETVAL = -1;
- } else
- RETVAL = SSL_write (s, &(buf[from]), (count<=len)?count:len);
+ } else {
+ int ret;
+ int err;
+
+ do {
+ ret = SSL_write (s, &(buf[from]), (count<=len)?count:len);
+ if (ret > 0)
+ break;
+ err = SSL_get_error(s, ret);
+ if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE)
+ break;
+ } while (1);
+ RETVAL = ret;
+ }
OUTPUT:
RETVAL
@@ -6957,4 +6989,20 @@ SSL_export_keying_material(ssl, outlen, label, p)
#endif
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
+
+int
+SSL_CTX_set_num_tickets(SSL_CTX *ctx,size_t num_tickets)
+
+size_t
+SSL_CTX_get_num_tickets(SSL_CTX *ctx)
+
+int
+SSL_set_num_tickets(SSL *ssl,size_t num_tickets)
+
+size_t
+SSL_get_num_tickets(SSL *ssl)
+
+#endif
+
#define REM_EOF "/* EOF - SSLeay.xs */"
diff --git a/lib/Net/SSLeay.pod b/lib/Net/SSLeay.pod
index 2e1aae3..bca7be4 100644
--- a/lib/Net/SSLeay.pod
+++ b/lib/Net/SSLeay.pod
@@ -4437,6 +4437,52 @@ getticket($ssl,$ticket,$data) -> $return_value
This function is based on the OpenSSL function SSL_set_session_ticket_ext_cb.
+=item * CTX_set_num_tickets
+
+B<COMPATIBILITY:> not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1
+
+Set number of session tickets that will be sent to a client.
+
+ my $rv = Net::SSLeay::CTX_set_num_tickets($ctx, $number_of_tickets);
+ # $ctx - value corresponding to openssl's SSL_CTX structure
+ # $number_of_tickets - number of tickets to send
+ # returns: 1 on success, 0 on failure
+
+Set to zero if you do not no want to support a session resumption.
+
+=item * CTX_get_num_tickets
+
+B<COMPATIBILITY:> not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1
+
+Get number of session tickets that will be sent to a client.
+
+ my $number_of_tickets = Net::SSLeay::CTX_get_num_tickets($ctx);
+ # $ctx - value corresponding to openssl's SSL_CTX structure
+ # returns: number of tickets to send
+
+=item * set_num_tickets
+
+B<COMPATIBILITY:> not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1
+
+Set number of session tickets that will be sent to a client.
+
+ my $rv = Net::SSLeay::set_num_tickets($ssl, $number_of_tickets);
+ # $ssl - value corresponding to openssl's SSL structure
+ # $number_of_tickets - number of tickets to send
+ # returns: 1 on success, 0 on failure
+
+Set to zero if you do not no want to support a session resumption.
+
+=item * get_num_tickets
+
+B<COMPATIBILITY:> not available in Net-SSLeay-1.85 and before; requires at least OpenSSL 1.1.1
+
+Get number of session tickets that will be sent to a client.
+
+ my $number_of_tickets = Net::SSLeay::get_num_tickets($ctx);
+ # $ctx - value corresponding to openssl's SSL structure
+ # returns: number of tickets to send
+
=item * set_shutdown
Sets the shutdown state of $ssl to $mode.
diff --git a/t/local/07_sslecho.t b/t/local/07_sslecho.t
index 5e16b04..5dc946a 100644
--- a/t/local/07_sslecho.t
+++ b/t/local/07_sslecho.t
@@ -13,7 +13,8 @@ BEGIN {
plan skip_all => "fork() not supported on $^O" unless $Config{d_fork};
}
-plan tests => 78;
+plan tests => 79;
+$SIG{'PIPE'} = 'IGNORE';
my $sock;
my $pid;
@@ -61,6 +62,16 @@ Net::SSLeay::library_init();
ok(Net::SSLeay::CTX_set_cipher_list($ctx, 'ALL'), 'CTX_set_cipher_list');
my ($dummy, $errs) = Net::SSLeay::set_cert_and_key($ctx, $cert_pem, $key_pem);
ok($errs eq '', "set_cert_and_key: $errs");
+ SKIP: {
+ skip 'Disabling session tickets requires OpenSSL >= 1.1.1', 1
+ unless (&Net::SSLeay::OPENSSL_VERSION_NUMBER >= 0x1010100f);
+ # TLS 1.3 server sends session tickets after a handhake as part of
+ # the SSL_accept(). If a client finishes all its job including closing
+ # TCP connectino before a server sends the tickets, SSL_accept() fails
+ # with SSL_ERROR_SYSCALL and EPIPE errno and the server receives
+ # SIGPIPE signal. <https://github.com/openssl/openssl/issues/6904>
+ ok(Net::SSLeay::CTX_set_num_tickets($ctx, 0), 'Session tickets disabled');
+ }
$pid = fork();
BAIL_OUT("failed to fork: $!") unless defined $pid;
@@ -351,7 +362,7 @@ waitpid $pid, 0;
push @results, [ $? == 0, 'server exited with 0' ];
END {
- Test::More->builder->current_test(51);
+ Test::More->builder->current_test(52);
for my $t (@results) {
ok( $t->[0], $t->[1] );
}
diff --git a/t/local/36_verify.t b/t/local/36_verify.t
index 92afc52..e55b138 100644
--- a/t/local/36_verify.t
+++ b/t/local/36_verify.t
@@ -282,7 +282,7 @@ sub run_server
# Termination request or other message from client
my $msg = Net::SSLeay::read($ssl);
- if ($msg eq 'end')
+ if (defined $msg and $msg eq 'end')
{
Net::SSLeay::write($ssl, 'end');
exit (0);
--
2.14.4

30
SOURCES/Net-SSLeay-1.85-Add-missing-call-to-va_end-in-TRACE.patch Normal file
View File

@ -0,0 +1,30 @@
From 8d83cf9cb0ff0fea802e522f4980124a8075a63f Mon Sep 17 00:00:00 2001
From: Chris Novakovic <chris@chrisn.me.uk>
Date: Thu, 9 Aug 2018 17:56:26 +0100
Subject: [PATCH] Add missing call to va_end() in TRACE()
In SSLeay.xs, TRACE() makes a call to va_start() without a corresponding
call to va_end() before the function returns. Add the missing call to
va_end().
This closes RT#126028. Thanks to Jitka Plesnikova for the report and
patch.
---
SSLeay.xs | 1 +
1 file changed, 1 insertion(+)
diff --git a/SSLeay.xs b/SSLeay.xs
index 04070d3..630f09e 100644
--- a/SSLeay.xs
+++ b/SSLeay.xs
@@ -222,6 +222,7 @@ static void TRACE(int level,char *msg,...) {
va_start(args,msg);
vsnprintf(buf,4095,msg,args);
warn("%s",buf);
+ va_end(args);
}
}
--
2.14.4

57
SOURCES/Net-SSLeay-1.85-Avoid-SIGPIPE-in-t-local-36_verify.t.patch Normal file
View File

@ -0,0 +1,57 @@
From 173cd9c1340f1f5231625a1dd4ecaea10c207622 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Tue, 14 Aug 2018 16:55:52 +0200
Subject: [PATCH] Avoid SIGPIPE in t/local/36_verify.t
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
t/local/36_verify.t fails randomly with OpenSSL 1.1.1:
# Failed test 'Verify callback result and get_verify_result are equal'
# at t/local/36_verify.t line 111.
# got: '-1'
# expected: '0'
# Failed test 'Verify result is X509_V_ERR_NO_EXPLICIT_POLICY'
# at t/local/36_verify.t line 118.
# got: '-1'
# expected: '43'
Bailout called. Further testing stopped: failed to connect to server: Connection refused
FAILED--Further testing stopped: failed to connect to server: Connection refused
I believe this because TLSv1.3 server can generate SIGPIPE if a client
disconnects too soon.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
t/local/36_verify.t | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/t/local/36_verify.t b/t/local/36_verify.t
index e55b138..2837288 100644
--- a/t/local/36_verify.t
+++ b/t/local/36_verify.t
@@ -266,10 +266,20 @@ sub run_server
return if $pid != 0;
+ $SIG{'PIPE'} = 'IGNORE';
my $ctx = Net::SSLeay::CTX_new();
Net::SSLeay::set_cert_and_key($ctx, $cert_pem, $key_pem);
my $ret = Net::SSLeay::CTX_check_private_key($ctx);
BAIL_OUT("Server: CTX_check_private_key failed: $cert_pem, $key_pem") unless $ret == 1;
+ if (&Net::SSLeay::OPENSSL_VERSION_NUMBER >= 0x1010100f) {
+ # TLS 1.3 server sends session tickets after a handhake as part of
+ # the SSL_accept(). If a client finishes all its job including closing
+ # TCP connectino before a server sends the tickets, SSL_accept() fails
+ # with SSL_ERROR_SYSCALL and EPIPE errno and the server receives
+ # SIGPIPE signal. <https://github.com/openssl/openssl/issues/6904>
+ my $ret = Net::SSLeay::CTX_set_num_tickets($ctx, 0);
+ BAIL_OUT("Session tickets disabled") unless $ret;
+ }
while (1)
{
--
2.14.4

624
SOURCES/Net-SSLeay-1.85-Generate-2048-bit-keys-for-tests.patch Normal file
View File

@ -0,0 +1,624 @@
From cb4a91f8619afbdcba40a513ce1d2e5bd652c511 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Mon, 13 Aug 2018 17:27:13 +0200
Subject: [PATCH] Generate 2048-bit keys for tests
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Distributions are experimenting with OpenSSL configured with security
level 2. That requires at least 2048-bit RSA keys otherwise tests
fail.
This patch regenerates testing keys, certificates and revocation lists
used in tests to meet the security level. The patch also updates
scripts used for generating them.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
MANIFEST | 4 ++++
examples/makecert.pl | 13 +++++-----
examples/req.conf | 2 +-
t/data/cert.pem | 42 ++++++++++++++++----------------
t/data/key.pem | 43 +++++++++++++++++++++------------
t/data/key.pem.e | 47 +++++++++++++++++++++++-------------
t/data/test_CA1.conf | 37 +++++++++++++++++++++++++++++
t/data/test_CA1.crl.der | Bin 389 -> 438 bytes
t/data/test_CA1.crlnumber | 1 +
t/data/test_CA1.crt.der | Bin 550 -> 831 bytes
t/data/test_CA1.crt.pem | 30 +++++++++++++----------
t/data/test_CA1.key.der | Bin 610 -> 1190 bytes
t/data/test_CA1.key.pem | 38 +++++++++++++++++++----------
t/data/test_CA1_index.txt | 2 ++
t/data/test_CA1_index.txt.attr | 0
t/data/testcert_wildcard.crt.pem | 50 +++++++++++++++++++++++----------------
t/local/07_sslecho.t | 2 +-
t/local/50_digest.t | 22 ++++++++---------
18 files changed, 215 insertions(+), 118 deletions(-)
create mode 100644 t/data/test_CA1.conf
create mode 100644 t/data/test_CA1.crlnumber
create mode 100644 t/data/test_CA1_index.txt
create mode 100644 t/data/test_CA1_index.txt.attr
diff --git a/MANIFEST b/MANIFEST
index 2f18a0a..cedca78 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -60,12 +60,16 @@ t/data/key.pem.e
t/data/pkcs12-full.p12
t/data/pkcs12-no-chain.p12
t/data/pkcs12-no-passwd.p12
+t/data/test_CA1.conf
t/data/test_CA1.crl.der
+t/data/test_CA1.crlnumber
t/data/test_CA1.crt.der
t/data/test_CA1.crt.pem
t/data/test_CA1.encrypted_key.pem
t/data/test_CA1.key.der
t/data/test_CA1.key.pem
+t/data/test_CA1_index.txt
+t/data/test_CA1_index.txt.attr
t/data/testcert_extended.crt.pem
t/data/testcert_extended.crt.pem_dump
t/data/testcert_key_2048.pem
diff --git a/examples/makecert.pl b/examples/makecert.pl
index 221f720..3fc26ae 100644
--- a/examples/makecert.pl
+++ b/examples/makecert.pl
@@ -25,18 +25,17 @@ open (REQ, "|$exe_path req -config $conf "
. "-x509 -days 3650 -new -keyout $key $egd >$cert")
or die "cant open req. check your path ($!)";
print REQ <<DISTINGUISHED_NAME;
-XX
+PL
+Peoples Republic of Perl
+Net::
Net::SSLeay
-test land
-Test City
-Net::SSLeay Organization
-Test Unit
+Net::SSLeay developers
127.0.0.1
-sampo\@iki.fi
+rafl\@debian.org
DISTINGUISHED_NAME
;
close REQ;
-system "$exe_path verify $cert"; # Just to check
+system "$exe_path verify -CAfile $cert $cert"; # Just to check
# Generate an encrypted password too
system "$exe_path rsa -in $key -des -passout pass:secret -out $key.e";
diff --git a/examples/req.conf b/examples/req.conf
index 0e102c1..da4510e 100644
--- a/examples/req.conf
+++ b/examples/req.conf
@@ -5,7 +5,7 @@
####################################################################
[ req ]
-default_bits = 1024
+default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attr
diff --git a/t/data/cert.pem b/t/data/cert.pem
index f9ebbf1..2dbc59a 100644
--- a/t/data/cert.pem
+++ b/t/data/cert.pem
@@ -1,23 +1,23 @@
-----BEGIN CERTIFICATE-----
-MIID7DCCA1WgAwIBAgIJAMGt8vPHln6wMA0GCSqGSIb3DQEBBQUAMIGrMQswCQYD
-VQQGEwJQTDEhMB8GA1UECBMYUGVvcGxlcyBSZXB1YmxpYyBvZiBQZXJsMQ4wDAYD
-VQQHEwVOZXQ6OjEUMBIGA1UEChMLTmV0OjpTU0xlYXkxHzAdBgNVBAsTFk5ldDo6
-U1NMZWF5IGRldmVsb3BlcnMxEjAQBgNVBAMTCTEyNy4wLjAuMTEeMBwGCSqGSIb3
-DQEJARYPcmFmbEBkZWJpYW4ub3JnMB4XDTA2MDcxNDAyMjU0OFoXDTE2MDcxMTAy
-MjU0OFowgasxCzAJBgNVBAYTAlBMMSEwHwYDVQQIExhQZW9wbGVzIFJlcHVibGlj
-IG9mIFBlcmwxDjAMBgNVBAcTBU5ldDo6MRQwEgYDVQQKEwtOZXQ6OlNTTGVheTEf
-MB0GA1UECxMWTmV0OjpTU0xlYXkgZGV2ZWxvcGVyczESMBAGA1UEAxMJMTI3LjAu
-MC4xMR4wHAYJKoZIhvcNAQkBFg9yYWZsQGRlYmlhbi5vcmcwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBALmepX0NR6d7PL576bH95Y4QYlMdbIB/AD8j1+Lb4t9s
-xarNhUh1BeloaEktxIKhVIYW7F8NTQC852zULg9bJkKO9DOgr6AO6gBhu2+NCJsq
-8oSUEDfAbUzbxdweMHzHjBrvNRaVyhHYebtok+/a+1rqACHRRjE06D2YLl3lW2uD
-AgMBAAGjggEUMIIBEDAdBgNVHQ4EFgQUYL9/vBs4R9mn8bOgubigAZpN3KAwgeAG
-A1UdIwSB2DCB1YAUYL9/vBs4R9mn8bOgubigAZpN3KChgbGkga4wgasxCzAJBgNV
-BAYTAlBMMSEwHwYDVQQIExhQZW9wbGVzIFJlcHVibGljIG9mIFBlcmwxDjAMBgNV
-BAcTBU5ldDo6MRQwEgYDVQQKEwtOZXQ6OlNTTGVheTEfMB0GA1UECxMWTmV0OjpT
-U0xlYXkgZGV2ZWxvcGVyczESMBAGA1UEAxMJMTI3LjAuMC4xMR4wHAYJKoZIhvcN
-AQkBFg9yYWZsQGRlYmlhbi5vcmeCCQDBrfLzx5Z+sDAMBgNVHRMEBTADAQH/MA0G
-CSqGSIb3DQEBBQUAA4GBABBpVOWkoAuAdcYhd9FCbeXXluZ8eECV5x2tnCVl52F5
-59M9r4C47Hacdx/B62YkrIo5i0Q7Ppjln+Iq4hdzoqAwnlqpm3hYs/W+BSh77P3b
-3Tuzcp4K4nlidow/1/leUf9H/MJIbj0qS8ZNp6SvRt/D+PXl0TWKeQIgw3WkT+ea
+MIID1DCCArwCCQCTdQYIPzlw2TANBgkqhkiG9w0BAQsFADCBqzELMAkGA1UEBhMC
+UEwxITAfBgNVBAgMGFBlb3BsZXMgUmVwdWJsaWMgb2YgUGVybDEOMAwGA1UEBwwF
+TmV0OjoxFDASBgNVBAoMC05ldDo6U1NMZWF5MR8wHQYDVQQLDBZOZXQ6OlNTTGVh
+eSBkZXZlbG9wZXJzMRIwEAYDVQQDDAkxMjcuMC4wLjExHjAcBgkqhkiG9w0BCQEW
+D3JhZmxAZGViaWFuLm9yZzAeFw0xODA4MTMxNTQxMDdaFw0yODA4MTAxNTQxMDda
+MIGrMQswCQYDVQQGEwJQTDEhMB8GA1UECAwYUGVvcGxlcyBSZXB1YmxpYyBvZiBQ
+ZXJsMQ4wDAYDVQQHDAVOZXQ6OjEUMBIGA1UECgwLTmV0OjpTU0xlYXkxHzAdBgNV
+BAsMFk5ldDo6U1NMZWF5IGRldmVsb3BlcnMxEjAQBgNVBAMMCTEyNy4wLjAuMTEe
+MBwGCSqGSIb3DQEJARYPcmFmbEBkZWJpYW4ub3JnMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuObAe3+RV9kcYqaOHq+Re5pTLA781MYVzNfttL2Vmay7
+kIxQIzlBoXyo84hEGXlTgFNcq7gb30h1qEt8+lcddYlB3V/kvRBcP6oH4kEL8KVS
+dkBTCZFo3UN18OEteywi24va1iJn/2yJXtgdQZFkfak5CFWqm9WVABFUtRXhfSYW
+L6QtzfbikNaeXQU7ofQBVoRw4weiNXPC4kNb9ZHR/D8DngJ1Rqn9Ki5zBhRyy1w7
+AIUBasKV9AX0xh7im3ycd4CcpdIE82zunv2nx4gKevJEXZsZB+5eSGqYnVjPpiq9
+G2EDomC53fhLr34t3UUnH3OF+jsvfDn/rzQI0D00EwIDAQABMA0GCSqGSIb3DQEB
+CwUAA4IBAQA26/P5LxK269AUNEVhNyypaDXu9eMVCwxuh1eqVtu6BsCG1BVWz6JX
+jOt3dWRbxHqLjeZkMFGHke/K484/bgdeHDQy7i9+P2J7pEOx2knUEYVkfMfxUHP4
+58kyzIbsK03HrzA27gkO8ANZsdVfvbDBbAYIPtDJixuAG7meqURWQx9lpS0n2Qi5
+naBrXIa2+nM5GVrGcs4DPCLNXcYE4rzJovnNAttWs35XMuWeU7WdIvmmzBGZ3VC1
+mvwV8qf3vNmjsmcBkuoVACJHMEX56VPf3Ouv4GEKtoeQLUA7RvG609QumyR9sgtx
+N8R5wURTonbHZj57d9ZRRUw91907BBJJ
-----END CERTIFICATE-----
diff --git a/t/data/key.pem b/t/data/key.pem
index abc7faa..ec5701b 100644
--- a/t/data/key.pem
+++ b/t/data/key.pem
@@ -1,15 +1,28 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQC5nqV9DUenezy+e+mx/eWOEGJTHWyAfwA/I9fi2+LfbMWqzYVI
-dQXpaGhJLcSCoVSGFuxfDU0AvOds1C4PWyZCjvQzoK+gDuoAYbtvjQibKvKElBA3
-wG1M28XcHjB8x4wa7zUWlcoR2Hm7aJPv2vta6gAh0UYxNOg9mC5d5VtrgwIDAQAB
-AoGBAIl4hoW0BSJz8gv9R5nMOWvalIeL3iTYaj1Y9XWNdlwUedzC83gzOxqfecTg
-wY4hn7DjX1ISTrpCLX97MVWsIwuY4ltmPykoPtVShZvpVF48H8CUqeY9q8zUybpI
-w1MS010A4+mvIJjbOukerKiIIueCEo+WmVaM9wnke4R3CRyJAkEA9tnCKwgm+EON
-LMWdM7ANTWzBbp1K51fgyceGPfTurakXfivz7xFKaXWQwICj1cyvgKoXPYqkb+8C
-vOu/qLbMXQJBAMB/5g5SaBJEbHWKGhB5bmwmota+LgZtRiJcsABCqm3Bvm+qMG12
-U+/22Nv0b49LJGuj/2ZiZFGrG3oNXmjKmV8CQCeACvEF2e6KKLIMYS5fMpG8IGvJ
-4a2JQ2AmfFW3tuW1FBxNfjg4JRchB+u16gGRQlgtX5CqecurjF2cv8uIjMUCQHyp
-FwnFUgIqb3Z61cA/c0P0jVW12UZuM5IDJjM0+PuVEUdtFml8zITE/dELbceFKPPQ
-Q5BBPagpv+R9jdsdAM8CQQDwsZea0tdwI1QevKCu0qoR/+Uu3MtoiyC3GGYoXMFK
-CS+3apsVr26N555UngM+gk18N1wpiBY5L/rlPd6XiQ47
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC45sB7f5FX2Rxi
+po4er5F7mlMsDvzUxhXM1+20vZWZrLuQjFAjOUGhfKjziEQZeVOAU1yruBvfSHWo
+S3z6Vx11iUHdX+S9EFw/qgfiQQvwpVJ2QFMJkWjdQ3Xw4S17LCLbi9rWImf/bIle
+2B1BkWR9qTkIVaqb1ZUAEVS1FeF9JhYvpC3N9uKQ1p5dBTuh9AFWhHDjB6I1c8Li
+Q1v1kdH8PwOeAnVGqf0qLnMGFHLLXDsAhQFqwpX0BfTGHuKbfJx3gJyl0gTzbO6e
+/afHiAp68kRdmxkH7l5IapidWM+mKr0bYQOiYLnd+Euvfi3dRScfc4X6Oy98Of+v
+NAjQPTQTAgMBAAECggEAS1aCEQ/eWav12+A/QhOJNJKh1u7YZ526XjeQ/DbPEMmH
+txLkyCVZL4JKmMfp73M26a+Nr84ZVTYB8qunZZ0/PJfLhXbADaTv4WTXR4H3ansC
+CXqWGuzrjFQjZx1o2aoXHdtzNBLaywEfS8zExuWFy4m62kGFfW9eAaQOHqamtMWx
+jt4x8EIfNOZh74TvGw4LtO6y2lFMRmyXcgKS5yKk3uGCfQqOPs3+cWqAzKzD5Pna
+5X+NOW5f/6uTQXSJGpgwEi9CAkbWFhqtrpcI14QLXh3shOv/Woh2bNtH8dIhuQ61
+Ii6y4p6AkS9jcO5TYeyYRUpf93NM5pwpL0Vi8cKb2QKBgQDiXy3Ah4N8MRRx7WFa
+QW+nSqwuYzeq1q9/zOwxpcZo15+wO+XD7196iwos2pjihnprzEbKM5K38Ed14fZF
+nwLomYvJRDo7+EI5WHHp0UHzS4K9g70jszx6dV1O0Ili3B/2vc3BAP4btVT40SO2
+mchuZsfzENCqXjIfLclDWgvuPwKBgQDRGhBbSSdaEuT04XeVLh30uN2trlsCch1H
+K9TNjSBmG8oFu71sse7qDRq5M6ocvUb408F7khMyu+TkXmJvr8vYwQUS3tGobx0O
+8ItOdezKE3VKwIOjG7FVlHigI5cp4VMbQkhnogiOa4RSuMFyHPA2qoOB8c/LBDtS
+jC/0EmztLQKBgQDFr3i0+aLJgdLo6vRpbVukLIHQwLSMbI82fC6H7M0oIaVCsgwk
+35Xx3ho0sXFx4R5npSzsx70JBLxjJcF7azGPDwgT65Evbc3nZmWUWznMzdSOy80Q
+sCXQi03A1jwkKTeAsqBMPCGs8N4TrBAUFpgCUZ+rlLOlFD2RHNr2Bl0E4QKBgB6g
+YartMQ1ZXR2c9IXuJkcU2Ks6sWvPSQiGm/mrZQZvpYxnbhxAh4zSdIqRzaW992o0
+oc82mwdATAtC48oWBpZt1w9ngW/ZLnlktBK+5PrIFNLpFZ7LTJMLVwulituAfEqu
+z6oWKoipqMzw8KyFHo3zNaXPxC6pJQM3M0LdfATVAoGANlsxozI12NnDxI/Mpo8A
+jWU2usnWvZmzgnwdXvUsTmsX4CMFe5AdOwtmLo7FRHf/Zk7mPtwv/L+25qVNm1Tk
+xwrWe3HDhIB007EQUTbEBLgLC6MFNBrGnTA4aeAqTzzddlElDEl+GugjFTDqu92X
+PRJOiNmYxBriKl5Gtren1a0=
+-----END PRIVATE KEY-----
diff --git a/t/data/key.pem.e b/t/data/key.pem.e
index 04d8745..d64ec53 100644
--- a/t/data/key.pem.e
+++ b/t/data/key.pem.e
@@ -1,17 +1,30 @@
------BEGIN ENCRYPTED PRIVATE KEY-----
-MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIFe4I0QEObHsCAggA
-MBQGCCqGSIb3DQMHBAgHBvJrPU9U8wSCAoCkU4ujuUqqzCPpTCWMjdvohENVjF5p
-bEt31lo+IP/eVCdJLd3sbQhmv0JjTAE2CGnYlapF28WS2ZCCZfSEkNyY4yI/1Cqa
-VdHEJ+7QzVkDQJkYmgvXOFJbEXW7uY5TFsI4MFm1bXwAiU7ZXq1kQt3amMGKdUEG
-uGNf1D3OH2RTRfdPZSZYI0WQjLbj4q2v1winMU4Kf0Y0LNNYEsiReFzyKAxwCZ0q
-01aoNxga7cSWTnwzwXvzgev2rjx2t/0cxK/IrUyVAk97po7jYZ09ug8MRS7mXi0x
-t9zsTK9GRKSazlUdJlHOn0QmC5deDBUmOdYWFSSsKGTTOZeBr29UtcdNzMPNVpOs
-pHVUVZRBfLWUDeXSksTVhOAcf06NzkhTJ9mcKUqao++pTQgeKJke4/9QL+mqMDNL
-4KKn0VQbAbaWupTYVLLG8V4WdSQOoCZQbD86Ss8mFX2oRoB9PBe4hbTrHkCdMuHm
-XjfPAU8Z5ys+IQAcRbVAbOGPoFjGMEwFxl8bn1JTSWhbBDATdbyvstpmlTIsGuBH
-7tRU68UFK8pIPCX9MNQkpdAq6Yzl3H05mKyoJqYrYnX9xlqOVhgkHv35RWkxfnyz
-efnOMzAHn22h2hqCuxqLydyMSKlE0x9jDAgEChTKzwZCg0D461G3aj3b9MG7QvKz
-+sOI5+28g+wpVuv+6DNFgizOlndyY6Y8+lU4k87UeL1Mc/lcZMB60hj4ZkEYoGyK
-s0UHtqaq82XlZf3OL3aouQojGBw9DGo/1KWISuM1I3ZCxlqh1uEG3rMnaSTjI6Ao
-yClYz274wOXPOhvfcoczs9++IXzltKzuFZeLJ0K+gsKTlk+eGhN0lzav
------END ENCRYPTED PRIVATE KEY-----
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-CBC,DE6A2C7184BF2F32
+
+8lCM0W2c5qeihKEHkyx67fid9BP2Mds+Bw3IZrPscojIk8vyIyPtCypmi7c6ABGc
+ovoCMjZiYcLaXksfw53Gkf1hGvWvZsVFU2HF5+aelYEsdZWjad8zzu3fGpCQFzs9
+w4p1S1AX7/BYIWsyNG2O2FeraOkw/rsojKegUXpa2RQl8H/YaTqEWBeP5ZPLn1b+
+eH9VcY2UMxMDq3Q7IUilrWTNDrjEVtxODSfIrxt0gyhkeupLmvVc2HXa5S6ZAECU
+kW3pvppsJwlSlpiBqfhdEa3RenGywpHnPssckcPgSNGIMysDgf97KEEHbxcVLc1Y
+u7IPdK2VWTWUpq+vJVJQWeMwtoI2g+2Kohmnkz9ZIAZPoXEIf5V7WP5NdgD0x9uF
+B8anLXY7NAgC0Ea6G75mH2eDErzOEAdnt8A6lXr8i35ObX4HphRk71PZ9yLh5dkG
+ACp6ISxIRmy4amR4ga4V2H0RNYszthMT1d4QNK1eWK9lCzk078c4ZXRMz9wqGFcG
+nDY3qS77nZZATZiY6pLRcOXB4jX+NmBH2k3zUrN3OqQcEfxnPU2rqmKPQL0xRROZ
+f7/xNul6OIj491OlXCMLY4fOmS2ynMb84UUBqBwYCPb+NFJUjRDWigPenKuoweS3
+3KaVkTff+Jh/OfIr8JV4nYUN/bz7sfKV7wFd+RBwoxuUaOolJ0l4KTX9NR3HJlUc
+71PoQe0LaWit77i/DsfNGs2oDPjOM7KYawlS2o8qYaHjpU2wyWq3Z+dkpPmJs+nw
+eDQgZkLCniu5q0MCCex1AODEF1fq8mLaJiGu03iR12jf1wdlHlsBS9DuzUc8/JxC
+llgaykLoVM0DihtNwlxsvKCo2ySWbzPC7g0YgtcF7AxskJ5K1khsZWCyDjOaD56m
+6JejpU3KqoXWDRLIR+TR6Y4coyEr/LI/uCEuiM9jzmLZtT0/IFg2CXz03eLg3MjO
+7Z1XGKjuZC+2GbY4TNo3BtQNl5dhC8drddWcD1VvkBjTiJ3JRFTrzZwKpaGNUKUU
+86lkqcbVSwJ5CbxnddtTZ1wmUUKybY41O59HNNGtYjnSgqvshXop8+sAgBPYghwc
+YPT/mgpFbXhpbII7rGbepEAckRzBEbGBgAK68ck3EbxpPnwX0zELFCpBZV0mEoUK
+AWhM6+08r9eb2X1ly0ubs81GJ2FyvTXHOrvoS/FcMjnz6uh6AQtl1qJGOneB43u3
+QHQMe9vP5syX5uFkOSVdwz1kk5HJ8ynemrEPNtHY3QnrzjeXuuOEmKmn9u7OXear
+aI4F9kifAl4qrrYGnvMtNQ3ENJwg3bH1gR+oyRG7WE+HYV3JA2bYgunXzUcnE27I
+GeoAcf9QFMqhG8Q7G14sApXHJn9hdMOS7q8XhnTn+rzzWszu0KqHRfpS7OYd6aDQ
+uzjVca9VS/ReLhKv3TvZXUhBY8V5+a1zdWvciyhvJNPci0KZIj9eaPgOQVcHboEd
+23JmLSJzqE2/+ym0O/6p3Llst1EiVJTnDUsf27KWyJvzA7EVdORoXM+Zt2gxMdYx
+lzYtPsSfhVURYUnRsWWO3q4T76JKz67PRkq/Na2FzEW4HnYTGb7uqQ==
+-----END RSA PRIVATE KEY-----
diff --git a/t/data/test_CA1.conf b/t/data/test_CA1.conf
new file mode 100644
index 0000000..f2be31c
--- /dev/null
+++ b/t/data/test_CA1.conf
@@ -0,0 +1,37 @@
+# Generating CA certificate.
+# openssl req -x509 -days 36160 -key test_CA1.key.pem -out test_CA1.crt.pem -config test_CA1.conf
+#
+# Generating CRL in PEM format.
+# First you need to reset serial number in test_CA1.crlnumber to match tests before:
+# echo 02 >test_CA1.crlnumber
+# Then generate CRL in DER format:
+# openssl ca -config test_CA1.conf -gencrl -out test_CA1.crl.pem
+# Finally convert it to DER format into test_CA1.crl.der:
+# openssl crl -inform pem -outform der <test_CA1.crl.pem >test_CA1.crl.der
+#
+[ req ]
+distinguished_name = req_distinguished_name
+prompt = no
+x509_extensions = req_ext
+
+[ req_distinguished_name ]
+C = US
+O = Demo1
+CN = CA1
+
+[ req_ext ]
+basicConstraints=critical,CA:TRUE
+keyUsage=keyCertSign,cRLSign
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+[ ca ]
+default_ca = test_CA1
+
+[ test_CA1 ]
+database = test_CA1_index.txt
+crlnumber = test_CA1.crlnumber
+certificate = test_CA1.crt.pem
+private_key = test_CA1.key.pem
+default_md = sha256
+default_crl_days = 30
diff --git a/t/data/test_CA1.crl.der b/t/data/test_CA1.crl.der
index 5f2cf7cda71eb473f8732060d87718b8be25bf1b..c3948335cddf709f0d88598194ea850b95b64e62 100644
GIT binary patch
literal 438
zcmXqLV%%iVIGc%)(SVnYQ>)FR?K>|cBR4C9fwm#H0Vf-CC<~h~Q)sXup8*eu!^Oku
zlA4=uXvky01>!UFFgrUMit`#;7+4sZ7#bNH7+OYwxt4~;P_BWFfd~_`kVzy^+{nP#
zz|z3bz{1!f3L*+p4G}dkwJ^1eS^%^OY__Zj3o{cV6Pml2n;01xvTf1={1^(`!uN&U
zy1D$z!<Cg6SKXJYe_)m%u2i&hx$w*Mtm7u^0`)bmk)HzAeR^7&sls7f;Sty{)$O>d
zK(NAL+o-QKJDKL{$5%W%Qu_a~6<1Vi_y3ulM^4A+rC2{Xxz3Sk=7bfy^F)@hzK|@D
zIBXx|tdyzu%S1<i<=y2id9HjWYi<6lULrMl-u;&wmX^JJX||x-boPJtBU;Noo@qIs
zAFWz8#q@n#{F{oGe49k3&zt*D&*<varmcCC*4^;C+Gew0*A@A$P}ybb86v@jVZXP}
za=9_x`Et5_YZzl&o=;QT<r5}SZKs&EIO=rQ*tv)b&3(r5d9vNB8@H?FU&q`!Bn$w*
CGn?E1
literal 389
zcmXqLVr(>Me9gqjXu!+HsnzDu_MMlJk(HIfK--YpfRl|ml!Z;0DKyxS&wvNS;Sy$b
zNzKhSG~_Yh0`ZxJnVlUC#d!^l42%sd4Gaw|3=E>cToWJ@!ZoNduwh~rGKoZ1W^55<
zpawQWR+NRAi;>wt0%)GB1dE^qzmWloaS+`QQ$dy(m|B=xqUvVErW>dZ=$HjSmqY9k
zVPR%sWJ2>Nb7LdJ&gZOGTXHu?F8yjC8E|4>4tL(IwIUA6Q%e5DS9)(%=5@V%dy&E=
zSKXJ3wr|=fQak06ZIn{w&XC=a;nwl02@A_^UFh+h^6s&p_s$s0;$jc4!gm(uR;hk)
u(v$Eiu=u;vQ^{mgDnm=ScfrSX`&!d>w`Z+0OaHazVsy4$i0A>|I~f3)J7|*t
diff --git a/t/data/test_CA1.crlnumber b/t/data/test_CA1.crlnumber
new file mode 100644
index 0000000..9e22bcb
--- /dev/null
+++ b/t/data/test_CA1.crlnumber
@@ -0,0 +1 @@
+02
diff --git a/t/data/test_CA1.crt.der b/t/data/test_CA1.crt.der
index 8031955a343260c858d3ad207938f08543809bc4..01e7c745fd99c3233f5c8f0eb92484471f1e6a85 100644
GIT binary patch
literal 831
zcmXqLVzxGDVp3kf%*4pV#L4h!Rc|(n^zzjPylk9WZ60mkc^MhGSs4tp4Y>_C*_cCF
z*o2uvgAMr%ct9L39#)ss+<Zer9s@2ApP7f*+0oEIL7dmn!ob4N#K6+X)W9-Ig5Su{
z&>ScL<bVZ8Gp>nI3E4S}tPIRejQk7+O^jSjO^l2TFU4Y)bsjn9&-i?Hs&q=A15=@=
z>!IHz*TPipFv*?#_mQLg?FFOSz&z8$bK7_>$0fIRaD}fpv*~_bxOZ0cy%0&egJN#}
zKNCM@Ox<%qIaoMK@qxr|xm7W5Y%lt)y1rb@J$vriJwGNiRH$tDSiYiu;hOK!PafU1
zlq<aHe>9kFVb+~F8uRvY&x*OmFzF`O(*s9plJf8Fz9y%jc=nWP#JjsJOs}NF)SK?z
zNUGiO(PP?rFZT)3+dC%tPFbMQ?N#0)%3;^m?lbM@orSCR9z4++IHj({jYGv~-icmc
zfpvf8KCW2g_>)&a=TTf~!bI1kP`MjlUw_`co?pCvPg?%ub5j;dJ8fiQW@KPooL~@V
zzz>WBSz$)T|17Kq%s|S38zjKb!UBw4HUn7@hmS>!MPzaDm*x*!=2i(vU5$O%@%4J~
ziZFizd62X+i-dt#19k<dNdg!Lj0_K$*_eK{C}#azywyl0Ds9eZO`+nsC)+;Fnfj$)
zC}eum<CIDJCRr>g$ts?a!4s2uWUb7RTOM13ub+P~&%i3Ge_C(*xwEf-i|w9$T}<k>
zo?TQ_<RsY#Y|FzZefIk5TK9i~(f$QDzp~0lTrGHUc8B7uXM&&f793a8eCmI1+w|i{
zxb~fjo%PaY@r^%ca(8`aD_yLgSGFPNM<#0)mrKTHfe#%A6q|0T3C&%)R5PW=YNA*f
zXWKQ+{r64yD)oN-VDV6>EX`T*;OXQ)mF+%LbM!lRzT`|ip?rv|%0uzc{hXLA`3a>v
l%Vo_{f4yg3QW-yG+pTNNPH}S6KC2$lyK_)5e5FtFCIFX)M(Y3o
literal 550
zcmXqLVp1|_V(ebP%*4pV#4KbIX28qFsnzDu_MMlJk(HIfK--YpfRl|ml!Z;0DKyxS
z&wvNS;Sy$bNzKhSG~_Yh0`ZxJnVlUC4HU$A4UG&8fe;L$B>0UCfxyTZh)gX_Eu%;?
zu5muHYZzG>m>YW;3>rI`8XFl-$1E`8ZhxQoW%}E^(-)5zuP)O~a+#rP@aTeGoWJ{(
zXgP<YWgi~|#NJtOpK0Hzh+Wf{+fKfqEW=j+()4mz^2V(eDzUqdPiJSjH|3Gcl=Z2J
z6AYd>+1ym_Q+4dv5G%?1N@UH{9~UgOTc3yPDo=c}pQWZ+<K43##@%5(HX?7GHeF?6
zW@KPo9Apq+zz+-nSz$)T|17Kq%s|RO79_yOBE}+eLgv;au9Y4fR%K<P7Azl4Zi-$|
zFyIDB^Ruu3gPhGkkc~5;&4aP+hZ7?sNQi+Q*~`EPU<Uft?J7h3;z&uCdnJF@-dxB%
zU&)qLWwX%VOp&>{f_e+(4r{n*-`?}`mBQ3BKfT4BAKFhfzu$ALtxWyw`TX372cgWX
zDrFZW@R#+3|K8E<cqVkgq20IYzB#IF-uv_Mru}tG*PLD+{3~UB+|q6Fn^Su(-PxY~
TT4H7auk;zVYy%?~W2K7#io&(K
diff --git a/t/data/test_CA1.crt.pem b/t/data/test_CA1.crt.pem
index 20196a8..bf94476 100644
--- a/t/data/test_CA1.crt.pem
+++ b/t/data/test_CA1.crt.pem
@@ -1,14 +1,20 @@
-----BEGIN CERTIFICATE-----
-MIICIjCCAYugAwIBAgIDEjRWMA0GCSqGSIb3DQEBBQUAMCsxCzAJBgNVBAYTAlVT
-MQ4wDAYDVQQKEwVEZW1vMTEMMAoGA1UEAxMDQ0ExMCAXDTEyMDEwMTAwMDAwMFoY
-DzIxMTExMjMxMjM1OTU5WjArMQswCQYDVQQGEwJVUzEOMAwGA1UEChMFRGVtbzEx
-DDAKBgNVBAMTA0NBMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAy1ygNguH
-72n0l+1uy9HEM6t2LWJEmC0w4tAuXk9H1FseQMV28eBQXdyg3wK+yli6l6c9k9Aj
-HAZ/6TXTVmOxtTgkXbvHlwcE3pTiHJSvZWGQMORCPNkjjiVBiLBdGQ3qFKyV+NA5
-K4XnVy0jkeS/BHx7KO7m+DOLVow8FO1CstUCAwEAAaNSMFAwDwYDVR0TAQH/BAUw
-AwEB/zAdBgNVHQ4EFgQUyBzakgqpSAg6dnYVOATxNNkV0CAwCwYDVR0PBAQDAgEG
-MBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQUFAAOBgQBG1QBfo1kZRN50
-/a3ZoQufIj0FJLMS/WkUnW0RLqEewyhEK9u86eoglcz5SxdD4T+VN9+MxoZ2J83P
-b21Y4FUDqnkdoGAPdoxX+7iLQcxVoMK72n72QSSzvfnjsr9+pazLp1P6ZK9epbZf
-s2WM0ty3a+sYmXANG8wGazAyRDMi0Q==
+MIIDOzCCAiOgAwIBAgIJAPKqjWsEG6erMA0GCSqGSIb3DQEBCwUAMCsxCzAJBgNV
+BAYTAlVTMQ4wDAYDVQQKDAVEZW1vMTEMMAoGA1UEAwwDQ0ExMCAXDTE4MDgxNDA5
+MjUwOVoYDzIxMTcwODE1MDkyNTA5WjArMQswCQYDVQQGEwJVUzEOMAwGA1UECgwF
+RGVtbzExDDAKBgNVBAMMA0NBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAOkWXaaJxMZPAeebZRtkUUACcUlFwvt01lYk3AIeyf7xCHft0DJ9UW41Yc62
+DNNeY4WICleozLLfbldLalveVBk+wRZGT/lh8WiVvNAjUxNaIeAY+x6qXOw90U6q
+16cWR2udzbz4kIB4JLDxd6h/oaz3W+Ti3TkecdlPxVMGoWrcnCievQuaXNYAktkK
+5cDEfGJv3bvWHiAhzcolWO7dBALqG1Yngt7YYn248UiWr0pHkBu3iJJNlKAoi0p3
+hBUIPoaHTJb53KGqvcHIhVGUfnRGCCQynsiNTRCu/J3jeKJB+Q0QLOJedWCRRWJV
+Htj16/O7rw8Xf7xmb5POlKEbQrECAwEAAaNgMF4wDwYDVR0TAQH/BAUwAwEB/zAL
+BgNVHQ8EBAMCAQYwHQYDVR0OBBYEFKNz9IPwtJ16EBrVXeGI9ddzqFZPMB8GA1Ud
+IwQYMBaAFKNz9IPwtJ16EBrVXeGI9ddzqFZPMA0GCSqGSIb3DQEBCwUAA4IBAQDg
+AwYC+oQhav6jtTIkWmac8ykSc53JhvKclfSPElSXguNkkr6SOKR0anOYaAxcZcSt
+HMTaSLVT18/gnjA6Wo+WjYfOzev7Frub1xYa2y4+WlpZkh3gBqdXkvNK9UV+/5Ay
+v6DZ9QUfWNVw6M24IZrmEfIuoMcmKeVP3raXx8QKvspdmuk8o9j8zG269wZ1oy9u
+drBs+GkFagpEaPMQ8IjAIYLaJhKdpaUpZIw6kRZ2CYbWKb/fNA55Lvr4BEggeXVs
+qODlk/x5h0yVbC+JuekJYcgjwgp6SCHC32xcah+Qdbl3HTZl+u8DpHlflLba1gNC
+Xh6W8yXELtzBEVepTGOy
-----END CERTIFICATE-----
diff --git a/t/data/test_CA1.key.der b/t/data/test_CA1.key.der
index f47e283ca3590063a86aa5297bf1ef0c1981b945..59d9ea111028173c4c6e1e720d8c21d216b0fb55 100644
GIT binary patch
literal 1190
zcmV;X1X=qqf&`)h0RRGm0RaH%7G0)^#Kunn=bL34WKlo@aY;qO`*hY;B-{cX$^P*O
zckR$JeNk>TVa~P;(_UkRhzeJz%(CBZS4(PJ-c%Vr!4^hO`C;*BmAud+QxjSt;28TJ
zs$A?n(N3z@rxr(Roz1-Xkbrn3u<>`Of1#}RTjb*1IUaG@PsLLPp=#WmD4x9wnq1ZZ
zlGzI7z{GrFZ{54r9v~sj$|YFt-2?*a8&)TR-q>P&xbaAquS!Rd8@Gs(O_ZQ0i%NHd
z6$n0thfJ3F+@Y$y!N`SClzwzZ2qZF|$c;@9uKb<jc%ni14G=8iUUguRMPgMR*!Ao4
zyRQ!yf4pXIlg^Z(8$z)H0|5X50)hbmZusd5dm1KKLrvqH6_|rwcuPB3ZDo$o<sOr0
zrvw1b{QE3SEnT3&S;YZIhkvrRt3rdi3~{*6%a-6C`7$=s_8zm|G66?&N*d5qKpit*
zd^J~ZXTUI#fi(ZYGXE$FMBq}bpQ0S77QgS7%CJdiGBunTuDzWT6D4_y_v0=eh0|-F
z4LTW^i0x}hP6sZXZM0qYyS4Chmt@{SrVE0;CrezwV7nv-o7#*FVrySyvn;<m9=-j%
zKdIWZ!;vary&01xX$CvipiQ{j_d&otAm~-blKpK?3^#Rd%wr)Q`6(Jtor7p<`D~tu
zn={#4m5Sr>r8o_`bK_}^-kRm%0)c@5_lO}qDXFA+69pqis@XK5Zt9P6>eWhsat4Mw
z>-Jh8^bgLA1c+!a4(9g96RrOhEyK@nA0jc$=LmS|_FvW_dn?7JcZ*ml8dXDWJK^47
zF!D1T&av8Xuu)7_*zK~S!`*S}7=DN6gKQQ0<)rt2qobj~XlLA)Zw}ZZbfwB20)c@5
z@ejL}jhdZAB~SViby=b*wtDO2`6nq>X9$yQ{J|wmjuegURG7J_r4d>PTh^I4)C?Q*
z9)Veux$pD=*W~t~fc3D2LC(V9)3%*NbWD_@PSuC5aq5mV{dADtK;!->+`VD6eMs3r
z>tv8Zly{`|`pbq6?6z3BPwceJbg!1B0)c>OnzB=!%DPz1Jd5Z;OPHXh>3ez8rdzt8
z>ldlW>A6}3#u%Wp?p{Q7UnDu2v&i@eCRzc*#+vB$fG^eIKGEc~7vQ5jtv*+Z+=YL<
z<cKp7uEP(nKS8R34y`)?A*k%Q6KUQp#SO+k(}gV^d|Ue<omUL^ei$aBLiz&vF(M%X
zfq*;V#Gk31cH^$WCq>?n-H)#v>Fj@46BN6Xjmym)&Au+JJalkJU>97e>dTnKzFRku
zs(-><FMOJl*ztTw3|r!@C8Tt$fDDO?8<rid$X;n?@x_bQ&}^w`gL5)_aBqetC09tO
z2oLaSlFWBSAzhgNW!2wDjMBT``6;mS&0zw8fCO%29Nhc7wI$JrU0>U-3ulc3C-6jZ
z@Xa5J4~-GMFDGKVjdT%l6+scKi(o>4^t-B*j_mPRlXLiWs^#?&amp{}6`gNSrD!Fs
z6Q1~>kmz>A=cmsy`o;aNZ|s@8XEs$`9qUEZ`V1-=dlq~O$gm&Y!T7wdiWgQ#Jr<?O
EJ2kXXod5s;
literal 610
zcmV-o0-gOZf&yLw0RRGlfdI=~pf(GK?`iax?QYA_#51dQEn-BNEimHHE?!SZ)LR}v
z#dh)FP+i=h-vYkMSh|;|J(JKQ90q^sHPcpOv9&lPUAxDZ2L#@f;vAH(Wnqvo<U%~z
zBaS6Oh_GE54eAuEmH5y(D~0D*EhCZSzXW`HDDLL?GmBP?JQVFhveg0u0RRC4fq*)^
zp(UFI12~pN|8*VrlXTq_KplScc`*Wk;IgW*b9-^@fm}|OT!0V8gF`mD84#n^(J4(=
zrn8mgRREfnCh$#Inpqu<xfA@50NeXGgpv1WkZJ0<;6pl_)ylBxXCH&P`NO2u0e%US
zW_7`Vb_B#w%86AetP(}7f#rgDg$)8h0Qp?AsUgVO$H98kPEyeRi{hsD#@mP966F~Q
zh9>xazG-J6cx0ZM|Fn$ONT|>~UES-}LGo_SzNV{ytC(g?*8)KR(8hC!krOVdrh*Ks
zd`0U%Xz1ZNDdpp(Q-ZHDAc~L2!3|vwNCvtUWL8u7>(Z4GjRs)xCH|#FF!a58{W&}{
z0zm+n1A9Wx<*{9*1xyFCRMgl~1D9zM%W(zs!=IYCha^1D<eu`?<QjQrhqKxDk9ygT
zKnD$s%^(~3Uh~1H)-_=QK>*1?1kQO&Oo%Q5-^0(KcMVE}bJ%YaHAjLWP*J)Z*iCOl
zI+!uWic4hG^Gw;tz5A6uxa7VAqrLZAb?m`@6A=PI0MW|-r=v@lMzw7_Wv4G)sakMm
w4XEt$gdSh2A*|=jsV7%bB;&F&mlQ=Y8`dPBSMURc#tTr?jsQ)2o|)<zV1+>_GXMYp
diff --git a/t/data/test_CA1.key.pem b/t/data/test_CA1.key.pem
index 78f0c3b..f3bd4a0 100644
--- a/t/data/test_CA1.key.pem
+++ b/t/data/test_CA1.key.pem
@@ -1,15 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQDLXKA2C4fvafSX7W7L0cQzq3YtYkSYLTDi0C5eT0fUWx5AxXbx
-4FBd3KDfAr7KWLqXpz2T0CMcBn/pNdNWY7G1OCRdu8eXBwTelOIclK9lYZAw5EI8
-2SOOJUGIsF0ZDeoUrJX40DkrhedXLSOR5L8EfHso7ub4M4tWjDwU7UKy1QIDAQAB
-AoGAOryhJZsFAziWRf91HfeTdN0UQB1+9HkxAoHgsqqxc3tx7IFcTpZcgA/Gg0M2
-uhkQo9bRKU1XprOV5FUAmpYm8E1YmlkdjbkT/JAA2/s4hJH3Z5Bp6rngQzqb1cqw
-6Wcfg7n5w6TVAX4Jk2Z1wYF2BMRQyolVKawSRa2B5YJ4hQ0CQQD5XLOpIcjZx8F6
-1E5S0P6L4qb3xtuH3hLlGQmGJvh+vmlnIXhknpr/tIzWSKjQPV3d69ZB8m7Ovqar
-gKuYZkzXAkEA0MZziJETLqmmggyrfEXrPmjo4Tkp5eOlU4KvMiCKj8fBDV0OSAa6
-FWRWU/jr0pURjQZg8SX+pUUw9L16/Tk8MwJBAJgDe0LP5bFdpQVMB7NU1NhSA5dp
-EstxBfPDn5q4hyQ8z+Se8tXkGnlnh7PZ94962Y5ABw2MzSAb+V7zwafWNWECQQDJ
-QQTOeUtMiC4C38PPoHcNSoRz2G8TNUeCIVBRuhzYTW9EOpgxxopLZNXzTNnHvfuV
-PrjkvgOjvfdbdezBfhMRAkEA0cr/p6NLmEa1bTtlpy9dqVpwZg2o7PKEHl+qIazn
-zKknV1Ik47IylxRFMRvWJJ9X8AOFxgtQ1I4ATXuemeoaYA==
+MIIEogIBAAKCAQEA6RZdponExk8B55tlG2RRQAJxSUXC+3TWViTcAh7J/vEId+3Q
+Mn1RbjVhzrYM015jhYgKV6jMst9uV0tqW95UGT7BFkZP+WHxaJW80CNTE1oh4Bj7
+Hqpc7D3RTqrXpxZHa53NvPiQgHgksPF3qH+hrPdb5OLdOR5x2U/FUwahatycKJ69
+C5pc1gCS2QrlwMR8Ym/du9YeICHNyiVY7t0EAuobVieC3thifbjxSJavSkeQG7eI
+kk2UoCiLSneEFQg+hodMlvncoaq9wciFUZR+dEYIJDKeyI1NEK78neN4okH5DRAs
+4l51YJFFYlUe2PXr87uvDxd/vGZvk86UoRtCsQIDAQABAoIBAG746Ql7GiZYQ03j
+nBWYg154SztZbWWO0OUek2inBADO/PssTC1doMFZxQFHh3+ytqtCg7oMcbjPy5bg
+HvkyNtP2HrPeMgFHckoa0FRAHTNffDVXb2fAMJGBNP/BMv8oCkTgUq2fohyoFr/v
+lsqwSWcyNZwZrr2dExMleYr34y4ehdNrnw06GZiI7WtJTgcunW20Xfe7tfBzl2Te
+QaYLgr4nS1zAYLskB5vajAxia19ksyy/Ox69/bw/qdq0w5EqYL0ZkyZpBjvWoE24
+2/dBwD0g6FXGkv1tTgw3dW7MYyEe+SkaT52DaGr5bJ6ImzPZW5WK4/GlOA26c+Np
+jd6a5eECgYEA94ghPSmppHkTBSNGqtk0oW7qj3Lq1UqAcgaGO+v2WiD0D86MBIho
+Lw7m9scTrf8VLcPPcB8iMc3nCHjp9l/WInsrxaZ3i1gpGlVDbTvh3mAw8jMczrHa
+cLBRTFbY7bKiw91x6hh+h+eDbBX65aT3f6OjocBoZ9yXbw7YInSlyh0CgYEA8Q+7
+lo2anUQlT/oSdVmiKbZ66+T5JylWZwiTbPzBJUyOFI3tVJi5qKURWghb1pk41Awb
+8x6BWZS57/QB1+T2oID1sIVBzsLg07adRHRMlKJO1YeuceqONP10kN5A4/4o3L1h
+tH1I2UDrZJBClHek9vrLhg7stli5T+y0zHSvlqUCgYBpmrJTncq6WM08i+hCS5ig
+pul7edOmW7qg6xepyOm5WgXGGKCz7l5EdV8kOZqzyPgIJloBw8aa6PWAL9XhPtHk
+tBfgozytPleK3IV/vOSIMxGuww+vP0Gqgg6tOwAhqOy4E2neLcUNxj/ThS0dfFv7
+IJ1XDPd+GCajQvoC+TEiIQKBgDvhxJ+pnXbjrsEnRd6Q3Y+vHOnsf1gTFLuTjcvN
+Hc2+Lq08dHBHYBdcqerLmMS+WzeRqn/CXC98mpPY8XxIDFvirSWkdKyADImLG5Yd
+rcheaWbxxYvW0GypaYNzMntwb4YmJVdIqAgP8GmSzHdFIV2Y/2XV30eM0rvf+Smw
+8s1hAoGABG5kHNz7vLUl0YhdX9uuC2eNAyfwRHHwzR+KD40RvS8nYruNdBFxFUER
+rItgQoD0u6qUjuzxWJNz+HWq5fURccov5xWdb0+laCWtE574oJDodsTnp88y+sX9
+rW/smbxnNlVdHetF1PoMKhl7FnwKyLAf3sH4vK+KF1ZHPRalyTs=
-----END RSA PRIVATE KEY-----
diff --git a/t/data/test_CA1_index.txt b/t/data/test_CA1_index.txt
new file mode 100644
index 0000000..2a43cd5
--- /dev/null
+++ b/t/data/test_CA1_index.txt
@@ -0,0 +1,2 @@
+R 120309010800Z 120309010838Z 123459 unknown /C=US/O=Demo1/CN=foo
+R 120309005800Z 120309005859Z 12345A unknown /C=US/O=Demo1/CN=bar
diff --git a/t/data/test_CA1_index.txt.attr b/t/data/test_CA1_index.txt.attr
new file mode 100644
index 0000000..e69de29
diff --git a/t/data/testcert_wildcard.crt.pem b/t/data/testcert_wildcard.crt.pem
index 7270c0c..4ca418d 100644
--- a/t/data/testcert_wildcard.crt.pem
+++ b/t/data/testcert_wildcard.crt.pem
@@ -2,15 +2,15 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number: 137826015233 (0x2017121801)
- Signature Algorithm: sha256WithRSAEncryption
+ Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = Demo1, CN = CA1
Validity
- Not Before: Dec 18 17:15:18 2017 GMT
- Not After : Dec 19 17:15:18 2032 GMT
+ Not Before: Aug 14 10:19:01 2018 GMT
+ Not After : Aug 15 10:19:01 2033 GMT
Subject: C = US, ST = State, L = City, O = Company, OU = Unit, CN = *.example.com, emailAddress = wildcard@example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
+ Public-Key: (2048 bit)
Modulus:
00:bd:5e:c6:d8:01:f5:cf:85:fe:eb:9b:60:dd:e8:
8a:98:09:59:5a:71:fc:a2:ad:38:73:0a:cd:d9:5e:
@@ -45,21 +45,28 @@ Certificate:
X509v3 Subject Key Identifier:
4B:42:86:BA:E2:BE:3D:40:0D:11:1D:66:E7:BE:94:39:B2:84:D3:06
X509v3 Authority Key Identifier:
- keyid:C8:1C:DA:92:0A:A9:48:08:3A:76:76:15:38:04:F1:34:D9:15:D0:20
+ keyid:A3:73:F4:83:F0:B4:9D:7A:10:1A:D5:5D:E1:88:F5:D7:73:A8:56:4F
Signature Algorithm: sha256WithRSAEncryption
- 20:cb:ec:9d:8b:e8:2d:61:74:5e:30:b0:95:88:4e:80:09:df:
- c9:7f:b0:c9:d2:19:4e:2c:5a:eb:02:0f:ce:e8:8a:52:fa:22:
- 59:b1:c3:7b:39:db:f0:7d:9a:91:19:ef:d5:f7:73:5b:6b:47:
- 3d:48:c3:c7:4a:2e:7b:7f:3d:ff:65:53:11:21:95:2c:00:fd:
- 39:76:25:8e:05:68:c4:b9:cc:bd:ca:28:60:bf:6d:4c:00:d0:
- 4e:b4:4c:62:6b:34:48:2c:60:b9:33:76:3f:3b:72:57:11:ec:
- f4:2d:5f:b3:f1:a1:c8:d4:5b:5f:23:6b:b0:ec:28:5a:0b:43:
- 7f:e3
+ 07:43:9b:e0:21:e6:e1:40:35:09:f3:d6:62:0d:7c:d2:6d:78:
+ 75:6e:59:57:00:d9:4a:b2:cd:9f:9c:d2:38:85:bc:f4:d0:bd:
+ b5:20:06:af:ed:ae:0a:19:2a:01:af:25:4b:e3:3a:c7:58:a9:
+ 5f:bc:86:6a:24:30:2d:0d:bb:1d:3f:dd:98:75:9a:4c:1d:d0:
+ a1:8e:43:11:b9:3a:ba:c5:e4:ec:0c:6c:da:b5:34:2a:ab:3f:
+ fb:87:27:d2:32:ca:f9:65:1f:f2:ed:e7:7e:c0:11:30:5e:3a:
+ f7:97:58:52:ff:e1:be:93:cd:96:03:48:53:bf:58:65:a5:20:
+ 09:d9:9b:7c:03:f0:39:61:28:01:92:3e:27:ed:bd:0d:94:06:
+ cd:dc:d2:34:04:99:29:fa:5e:1b:bd:70:0f:86:5e:30:df:33:
+ fc:4c:89:b5:56:a1:f6:24:c9:1f:aa:86:ef:51:62:39:22:a9:
+ a1:ed:d2:42:f6:c0:c9:45:7f:d7:ce:3a:18:ec:5a:8e:57:2e:
+ 48:c7:d8:90:1b:a6:2d:30:4b:ad:3a:f4:a7:90:ed:da:37:2f:
+ b9:9c:ba:3c:08:b6:d7:53:d9:ae:34:5f:9a:02:8a:65:20:93:
+ 17:be:e5:7e:3a:11:10:8e:d2:0c:58:bf:20:32:02:f8:05:de:
+ cd:2e:82:f1
-----BEGIN CERTIFICATE-----
-MIIDhjCCAu+gAwIBAgIFIBcSGAEwDQYJKoZIhvcNAQELBQAwKzELMAkGA1UEBhMC
-VVMxDjAMBgNVBAoTBURlbW8xMQwwCgYDVQQDEwNDQTEwHhcNMTcxMjE4MTcxNTE4
-WhcNMzIxMjE5MTcxNTE4WjCBijELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVN0YXRl
+MIIEBzCCAu+gAwIBAgIFIBcSGAEwDQYJKoZIhvcNAQELBQAwKzELMAkGA1UEBhMC
+VVMxDjAMBgNVBAoMBURlbW8xMQwwCgYDVQQDDANDQTEwHhcNMTgwODE0MTAxOTAx
+WhcNMzMwODE1MTAxOTAxWjCBijELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVN0YXRl
MQ0wCwYDVQQHDARDaXR5MRAwDgYDVQQKDAdDb21wYW55MQ0wCwYDVQQLDARVbml0
MRYwFAYDVQQDDA0qLmV4YW1wbGUuY29tMSMwIQYJKoZIhvcNAQkBFhR3aWxkY2Fy
ZEBleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL1e
@@ -72,8 +79,11 @@ LU5cgpUvoGJ4WWUGAbcCAwEAAaOB0TCBzjAMBgNVHRMBAf8EAjAAMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAXBgNVHSAEEDAOMAUGAyoEBTAFBgMpAwQw
RgYDVR0RBD8wPYINKi5leGFtcGxlLmNvbYEUd2lsZGNhcmRAZXhhbXBsZS5jb22H
BAoUHiiHECABDbgBSAEAAAAAAAAAADEwHQYDVR0OBBYEFEtChrrivj1ADREdZue+
-lDmyhNMGMB8GA1UdIwQYMBaAFMgc2pIKqUgIOnZ2FTgE8TTZFdAgMA0GCSqGSIb3
-DQEBCwUAA4GBACDL7J2L6C1hdF4wsJWIToAJ38l/sMnSGU4sWusCD87oilL6Ilmx
-w3s52/B9mpEZ79X3c1trRz1Iw8dKLnt/Pf9lUxEhlSwA/Tl2JY4FaMS5zL3KKGC/
-bUwA0E60TGJrNEgsYLkzdj87clcR7PQtX7PxocjUW18ja7DsKFoLQ3/j
+lDmyhNMGMB8GA1UdIwQYMBaAFKNz9IPwtJ16EBrVXeGI9ddzqFZPMA0GCSqGSIb3
+DQEBCwUAA4IBAQAHQ5vgIebhQDUJ89ZiDXzSbXh1bllXANlKss2fnNI4hbz00L21
+IAav7a4KGSoBryVL4zrHWKlfvIZqJDAtDbsdP92YdZpMHdChjkMRuTq6xeTsDGza
+tTQqqz/7hyfSMsr5ZR/y7ed+wBEwXjr3l1hS/+G+k82WA0hTv1hlpSAJ2Zt8A/A5
+YSgBkj4n7b0NlAbN3NI0BJkp+l4bvXAPhl4w3zP8TIm1VqH2JMkfqobvUWI5Iqmh
+7dJC9sDJRX/XzjoY7FqOVy5Ix9iQG6YtMEutOvSnkO3aNy+5nLo8CLbXU9muNF+a
+AoplIJMXvuV+OhEQjtIMWL8gMgL4Bd7NLoLx
-----END CERTIFICATE-----
diff --git a/t/local/07_sslecho.t b/t/local/07_sslecho.t
index 5dc946a..74e317a 100644
--- a/t/local/07_sslecho.t
+++ b/t/local/07_sslecho.t
@@ -285,7 +285,7 @@ my @results;
push @results, [ $issuer eq $cert_name, 'cert issuer' ];
push @results, [ $subject eq $cert_name, 'cert subject' ];
push @results, [ substr($cn, length($cn) - 1, 1) ne "\0", 'tailing 0 character is not returned from get_text_by_NID' ];
- push @results, [ $fingerprint eq '96:9F:25:FD:42:A7:FC:4D:8B:FF:14:76:7F:2E:07:AF:F6:A4:10:96', 'SHA-1 fingerprint' ];
+ push @results, [ $fingerprint eq 'C7:BC:62:F8:50:40:4D:0B:1D:9A:A1:16:39:8D:91:67:91:A4:1D:9D', 'SHA-1 fingerprint' ];
return 1;
}
diff --git a/t/local/50_digest.t b/t/local/50_digest.t
index c181837..b2de4dc 100644
--- a/t/local/50_digest.t
+++ b/t/local/50_digest.t
@@ -179,17 +179,17 @@ SKIP: {
my $file1 = File::Spec->catfile('t', 'data', 'cert.pem');
my $results1 = {
- md2 => '6d89cda9599a54d03652f9464e8b6e51',
- md4 => 'ada352f40f1ca64f4168a8aae7c1a281',
- md5 => 'e060f11c6afa9e1f59a8e7c873aa3423',
- mdc2 => 'e9ca1fd1cfccfb450b402a0dd446db28',
- ripemd160 => 'cbd50056558b01b5e9ec67901b518462b5393e5b',
- sha => '79de0d0cc736d98b65f5d6b3ac89e65ca8d3b2a7',
- sha1 => '0267dd25bbd8930c537716d972dd9ba128846428',
- sha224 => '5b42d5a3b16a6cee821b03c41f0428b09b70695becb0aaafbc7d6419',
- sha256 => '764633a51af4ef374cabb1ea859cc324680cfeff694797e90562e19ffb71ab26',
- sha512 => '37e3a2e84aec822922c51d4d8d37bf003e1d85f55a4bf2fae2940a5aab5b32f7601c2a9cde5b9c6391aaa4ffef1e845f11d2f0b6a37a9b2f48fb7f6469f0a51c',
- whirlpool => 'b2dc90dbbc60e5e2dc28de3bdeab45fb2fa6d13d86ff14908130624a242e38ecc195b3b11a7ef137b77a24e9a0ba5be061ac1baa11892369286d613569199458',
+ md2 => '99c30267cbf14bc2841a5b7749ba1cc2',
+ md4 => 'd7dc371997d08d4da70501ecdfe6e09e',
+ md5 => 'e3fdc3024e8380af1d8dd3a2705ad5c9',
+ mdc2 => '44c546567b06aba23e6a808ad2210ad6',
+ ripemd160 => 'a8f3023b46590fff58733db0993fb0e66a7c2e33',
+ sha => '72bd01553288bc5e4ba558a85970d12a7c296e28',
+ sha1 => '9af9b8d6efc1efce1957944b6041fb3e299834b0',
+ sha224 => 'fc1ef172129181a1c104467a01300f6b12c472df93f65c545acd0b3b',
+ sha256 => 'c49f7c37cfb711b1e660da7567608f9433d1faf6cc903793aedbf61b6c66cfcd',
+ sha512 => 'de0fb6197c8e586bc16faf19eb53336ddc2971c2fb0c8ad24accf8bc1fd483357e98b6fc38efcd09c574ecb4ba82bf8f1451e29ba758dc8537a27f57bdc19d44',
+ whirlpool => 'f775be3610857166dd466ce9ae481c65d3938f6794b0b17294cb533b0a721b42de3726dbc15f22156778f333ddafb6db8997765a3e30ed436f6cab561ffab5de',
};
my $file2 = File::Spec->catfile('t', 'data', 'binary-test.file');
--
2.14.4

225
SOURCES/Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-.patch Normal file
View File

@ -0,0 +1,225 @@
From e0b42b0120b941b5675e4071445424dc8a1230e1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Wed, 15 Aug 2018 14:46:52 +0200
Subject: [PATCH] Move SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE retry from
read()/write() up
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Original OpenSSL 1.1.1 fix broke IO-Socket-SSL-2.058's t/core.t test
because it tests non-blocking socket operations and expects to see
SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE errors and to handle them
byt itself.
This patch purifies Net::SSLeay::{read,write}() to behave exactly as
underlying OpenSSL functions. The retry is moved to
Net::SSLeay::ssl_read_all. All relevant Net::SSLeay::{read,write}() calls in
tests are changed into Net::SSLea::ssl_{read,write}_all().
All applications should implement the retry themsleves or use
ssl_*_all() instead.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
SSLeay.xs | 28 +++++++---------------------
lib/Net/SSLeay.pm | 22 +++++++++++++++-------
t/local/07_sslecho.t | 12 ++++++------
t/local/36_verify.t | 9 +++++----
4 files changed, 33 insertions(+), 38 deletions(-)
diff --git a/SSLeay.xs b/SSLeay.xs
index 5aed4d7..7cb6eab 100644
--- a/SSLeay.xs
+++ b/SSLeay.xs
@@ -1997,19 +1997,13 @@ SSL_read(s,max=32768)
PREINIT:
char *buf;
int got;
+ int succeeded = 1;
PPCODE:
New(0, buf, max, char);
- do {
- int err;
-
- got = SSL_read(s, buf, max);
- if (got > 0)
- break;
- err = SSL_get_error(s, got);
- if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE)
- break;
- } while (1);
+ got = SSL_read(s, buf, max);
+ if (got <= 0 && SSL_ERROR_ZERO_RETURN != SSL_get_error(s, got))
+ succeeded = 0;
/* If in list context, return 2-item list:
* first return value: data gotten, or undef on error (got<0)
@@ -2017,13 +2011,13 @@ SSL_read(s,max=32768)
*/
if (GIMME_V==G_ARRAY) {
EXTEND(SP, 2);
- PUSHs(sv_2mortal(got>=0 ? newSVpvn(buf, got) : newSV(0)));
+ PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, got) : newSV(0)));
PUSHs(sv_2mortal(newSViv(got)));
/* If in scalar or void context, return data gotten, or undef on error. */
} else {
EXTEND(SP, 1);
- PUSHs(sv_2mortal(got>=0 ? newSVpvn(buf, got) : newSV(0)));
+ PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, got) : newSV(0)));
}
Safefree(buf);
@@ -2066,15 +2060,7 @@ SSL_write(s,buf)
INPUT:
char * buf = SvPV( ST(1), len);
CODE:
- do {
- ret = SSL_write (s, buf, (int)len);
- if (ret > 0)
- break;
- err = SSL_get_error(s, ret);
- if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE)
- break;
- } while (1);
- RETVAL = ret;
+ RETVAL = SSL_write (s, buf, (int)len);
OUTPUT:
RETVAL
diff --git a/lib/Net/SSLeay.pm b/lib/Net/SSLeay.pm
index 3adf12c..afc6c8f 100644
--- a/lib/Net/SSLeay.pm
+++ b/lib/Net/SSLeay.pm
@@ -579,14 +579,22 @@ sub debug_read {
sub ssl_read_all {
my ($ssl,$how_much) = @_;
$how_much = 2000000000 unless $how_much;
- my ($got, $errs);
+ my ($got, $rv, $errs);
my $reply = '';
while ($how_much > 0) {
- $got = Net::SSLeay::read($ssl,
+ ($got, $rv) = Net::SSLeay::read($ssl,
($how_much > 32768) ? 32768 : $how_much
);
- last if $errs = print_errs('SSL_read');
+ if (! defined $got) {
+ my $err = Net::SSLeay::get_error($ssl, $rv);
+ if ($err != Net::SSLeay::ERROR_WANT_READ() and
+ $err != Net::SSLeay::ERROR_WANT_WRITE()) {
+ $errs = print_errs('SSL_read');
+ last;
+ }
+ next;
+ }
$how_much -= blength($got);
debug_read(\$reply, \$got) if $trace>1;
last if $got eq ''; # EOF
@@ -839,14 +847,14 @@ sub ssl_read_until ($;$$) {
$found = index($match, $delim);
if ($found > -1) {
- #$got = Net::SSLeay::read($ssl, $found+$len_delim);
+ #$got = Net::SSLeay::ssl_read_all($ssl, $found+$len_delim);
#read up to the end of the delimiter
- $got = Net::SSLeay::read($ssl,
+ $got = Net::SSLeay::ssl_read_all($ssl,
$found + $len_delim
- ((blength($match)) - (blength($got))));
$done = 1;
} else {
- $got = Net::SSLeay::read($ssl, $peek_length);
+ $got = Net::SSLeay::ssl_read_all($ssl, $peek_length);
$done = 1 if ($peek_length == $max_length - blength($reply));
}
@@ -857,7 +865,7 @@ sub ssl_read_until ($;$$) {
}
} else {
while (!defined $max_length || length $reply < $max_length) {
- $got = Net::SSLeay::read($ssl,1); # one by one
+ $got = Net::SSLeay::ssl_read_all($ssl,1); # one by one
last if print_errs('SSL_read');
debug_read(\$reply, \$got) if $trace>1;
last if $got eq '';
diff --git a/t/local/07_sslecho.t b/t/local/07_sslecho.t
index 74e317a..7f19027 100644
--- a/t/local/07_sslecho.t
+++ b/t/local/07_sslecho.t
@@ -134,10 +134,10 @@ my @results;
push @results, [ Net::SSLeay::get_cipher($ssl), 'get_cipher' ];
- push @results, [ Net::SSLeay::write($ssl, $msg), 'write' ];
+ push @results, [ Net::SSLeay::ssl_write_all($ssl, $msg), 'write' ];
shutdown($s, 1);
- my ($got) = Net::SSLeay::read($ssl);
+ my $got = Net::SSLeay::ssl_read_all($ssl);
push @results, [ $got eq uc($msg), 'read' ];
Net::SSLeay::free($ssl);
@@ -177,7 +177,7 @@ my @results;
Net::SSLeay::set_fd($ssl, fileno($s));
Net::SSLeay::connect($ssl);
- Net::SSLeay::write($ssl, $msg);
+ Net::SSLeay::ssl_write_all($ssl, $msg);
shutdown $s, 2;
close $s;
@@ -231,15 +231,15 @@ my @results;
Net::SSLeay::set_fd($ssl3, $s3);
Net::SSLeay::connect($ssl1);
- Net::SSLeay::write($ssl1, $msg);
+ Net::SSLeay::ssl_write_all($ssl1, $msg);
shutdown $s1, 2;
Net::SSLeay::connect($ssl2);
- Net::SSLeay::write($ssl2, $msg);
+ Net::SSLeay::ssl_write_all($ssl2, $msg);
shutdown $s2, 2;
Net::SSLeay::connect($ssl3);
- Net::SSLeay::write($ssl3, $msg);
+ Net::SSLeay::ssl_write_all($ssl3, $msg);
shutdown $s3, 2;
close $s1;
diff --git a/t/local/36_verify.t b/t/local/36_verify.t
index 2837288..b04be13 100644
--- a/t/local/36_verify.t
+++ b/t/local/36_verify.t
@@ -252,8 +252,9 @@ sub client {
Net::SSLeay::set_fd($ssl, $cl);
Net::SSLeay::connect($ssl);
my $end = "end";
- Net::SSLeay::write($ssl, $end);
- ok($end eq Net::SSLeay::read($ssl), 'Successful termination');
+ Net::SSLeay::ssl_write_all($ssl, $end);
+ Net::SSLeay::shutdown($ssl);
+ ok($end eq Net::SSLeay::ssl_read_all($ssl), 'Successful termination');
return;
}
@@ -291,10 +292,10 @@ sub run_server
next unless $ret == 1;
# Termination request or other message from client
- my $msg = Net::SSLeay::read($ssl);
+ my $msg = Net::SSLeay::ssl_read_all($ssl);
if (defined $msg and $msg eq 'end')
{
- Net::SSLeay::write($ssl, 'end');
+ Net::SSLeay::ssl_write_all($ssl, 'end');
exit (0);
}
}
--
2.14.4

70
SOURCES/Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-from_write_partial.patch Normal file
View File

@ -0,0 +1,70 @@
From 122c80853a9bd66f21699fc79a689b3028d00d3b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Fri, 17 Aug 2018 13:08:44 +0200
Subject: [PATCH] Move SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE retry from
write_partial()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Original OpenSSL 1.1.1 fix broke IO-Socket-SSL-2.058's t/nonblock.t test
because it tests non-blocking socket operations and expects to see
SSL_ERROR_WANT_WRITE errors and to handle them byt itself.
This patch purifies Net::SSLeay::write_partial() to behave exactly as
underlying OpenSSL SSL_write() function. The retry is already
presented in Net::SSLeay::ssl_write_all().
All applications should implement the retry themsleves or use
ssl_*_all() instead.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
SSLeay.xs | 16 ++--------------
lib/Net/SSLeay.pod | 3 ++-
2 files changed, 4 insertions(+), 15 deletions(-)
diff --git a/SSLeay.xs b/SSLeay.xs
index 7cb6eab..fc7677f 100644
--- a/SSLeay.xs
+++ b/SSLeay.xs
@@ -2089,20 +2089,8 @@ SSL_write_partial(s,from,count,buf)
if (len < 0) {
croak("from beyound end of buffer");
RETVAL = -1;
- } else {
- int ret;
- int err;
-
- do {
- ret = SSL_write (s, &(buf[from]), (count<=len)?count:len);
- if (ret > 0)
- break;
- err = SSL_get_error(s, ret);
- if (err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_WRITE)
- break;
- } while (1);
- RETVAL = ret;
- }
+ } else
+ RETVAL = SSL_write (s, &(buf[from]), (count<=len)?count:len);
OUTPUT:
RETVAL
diff --git a/lib/Net/SSLeay.pod b/lib/Net/SSLeay.pod
index bca7be4..8b5f738 100644
--- a/lib/Net/SSLeay.pod
+++ b/lib/Net/SSLeay.pod
@@ -4819,7 +4819,8 @@ Check openssl doc L<http://www.openssl.org/docs/ssl/SSL_write.html|http://www.op
B<NOTE:> Does not exactly correspond to any low level API function
-Writes a fragment of data in $data from the buffer $data into the specified $ssl connection.
+Writes a fragment of data in $data from the buffer $data into the specified
+$ssl connection. This is a non-blocking function like L<Net::SSLeay::write()>.
my $rv = Net::SSLeay::write_partial($ssl, $from, $count, $data);
# $ssl - value corresponding to openssl's SSL structure
--
2.14.4

903
SPECS/perl-Net-SSLeay.spec Normal file
View File

@ -0,0 +1,903 @@
%if ! (0%{?rhel})
%{bcond_without perl_Net_SSLeay_enables_optional_test}
%else
%{bcond_with perl_Net_SSLeay_enables_optional_test}
%endif
# Provides/Requires filtering is different from rpm 4.9 onwards
%global rpm49 %(rpm --version | perl -p -e 's/^.* (\\d+)\\.(\\d+).*/sprintf("%d.%03d",$1,$2) ge 4.009 ? 1 : 0/e' 2>/dev/null || echo 0)
Name: perl-Net-SSLeay
Version: 1.85
Release: 5%{?dist}
Summary: Perl extension for using OpenSSL
License: Artistic 2.0
URL: http://search.cpan.org/dist/Net-SSLeay/
Source0: http://search.cpan.org/CPAN/authors/id/M/MI/MIKEM/Net-SSLeay-%{version}.tar.gz
# Add missing call to va_end() in TRACE() (CPAN RT# 126028)
Patch0: Net-SSLeay-1.85-Add-missing-call-to-va_end-in-TRACE.patch
# Adapt to OpenSSL 1.1.1, bug #1610376, CPAN RT#125218
Patch1: Net-SSLeay-1.85-Adapt-to-OpenSSL-1.1.1.patch
# Adapt tests to system-wide crypto policy, bug #1610376
Patch2: Net-SSLeay-1.85-Adapt-CTX_get_min_proto_version-tests-to-system-wide.patch
# Adapt tests to security level 2 system-wide crypt policy, bug #1610376,
# CPAN RT#126270
Patch3: Net-SSLeay-1.85-Generate-2048-bit-keys-for-tests.patch
# Avoid SIGPIPE in t/local/36_verify.t, bug #1610376, CPAN RT#125218
Patch4: Net-SSLeay-1.85-Avoid-SIGPIPE-in-t-local-36_verify.t.patch
# Revert retry in Net::SSLeay::{read,write}(), bug #1610376, CPAN RT#125218
Patch5: Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-.patch
# Revert retry in Net::SSLeay::write_partial(), bug #1610376, CPAN RT#125218
Patch6: Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-from_write_partial.patch
# =========== Module Build ===========================
BuildRequires: coreutils
BuildRequires: findutils
BuildRequires: gcc
# git-core for Generate-2048-bit-keys-for-tests.patch binary patch
BuildRequires: git-core
BuildRequires: make
BuildRequires: openssl
BuildRequires: openssl-devel
BuildRequires: perl-devel
BuildRequires: perl-generators
BuildRequires: perl-interpreter
BuildRequires: perl(Cwd)
BuildRequires: perl(ExtUtils::MakeMaker)
BuildRequires: perl(File::Path)
BuildRequires: perl(lib)
# =========== Module Runtime =========================
BuildRequires: perl(AutoLoader)
BuildRequires: perl(Carp)
BuildRequires: perl(Exporter)
BuildRequires: perl(MIME::Base64)
BuildRequires: perl(Socket)
BuildRequires: perl(XSLoader)
# =========== Test Suite =============================
BuildRequires: perl(Config)
BuildRequires: perl(File::Spec)
BuildRequires: perl(HTTP::Tiny)
BuildRequires: perl(IO::Handle)
BuildRequires: perl(IO::Socket::INET)
BuildRequires: perl(strict)
BuildRequires: perl(Test::More) >= 0.61
BuildRequires: perl(threads)
BuildRequires: perl(warnings)
# =========== Optional Test Suite ====================
%if %{with perl_Net_SSLeay_enables_optional_test}
BuildRequires: perl(Test::Exception)
BuildRequires: perl(Test::NoWarnings)
BuildRequires: perl(Test::Pod) >= 1.0
BuildRequires: perl(Test::Warn)
%endif
# =========== Module Runtime =========================
Requires: perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version))
Requires: perl(MIME::Base64)
Requires: perl(XSLoader)
# Don't "provide" private Perl libs or the redundant unversioned perl(Net::SSLeay) provide
%global __provides_exclude ^(perl\\(Net::SSLeay\\)$|SSLeay\\.so)
%description
This module offers some high level convenience functions for accessing
web pages on SSL servers (for symmetry, same API is offered for
accessing http servers, too), a sslcat() function for writing your own
clients, and finally access to the SSL API of SSLeay/OpenSSL package
so you can write servers or clients for more complicated applications.
%prep
%autosetup -S git -n Net-SSLeay-%{version}
# Fix permissions in examples to avoid bogus doc-file dependencies
chmod -c 644 examples/*
# Remove redundant unversioned provide if we don't have rpm 4.9 or later
%if ! %{rpm49}
%global provfilt /bin/sh -c "%{__perl_provides} | grep -Fvx 'perl(Net::SSLeay)'"
%global __perl_provides %{provfilt}
%endif
%build
PERL_MM_USE_DEFAULT=1 perl Makefile.PL \
INSTALLDIRS=vendor \
OPTIMIZE="%{optflags}"
make %{?_smp_mflags}
%install
make pure_install DESTDIR=%{buildroot}
find %{buildroot} -type f -name .packlist -delete
find %{buildroot} -type f -name '*.bs' -empty -delete
%{_fixperms} -c %{buildroot}
# Remove script we don't want packaged
rm -f %{buildroot}%{perl_vendorarch}/Net/ptrtstrun.pl
%check
make test
# Check for https://bugzilla.redhat.com/show_bug.cgi?id=1222521
perl -Iblib/{arch,lib} -MNet::SSLeay -e 'Net::SSLeay::CTX_v3_new()'
%files
%if 0%{?_licensedir:1}
%license LICENSE
%else
%doc LICENSE
%endif
%doc Changes Credits QuickRef README examples/
%{perl_vendorarch}/auto/Net/
%dir %{perl_vendorarch}/Net/
%{perl_vendorarch}/Net/SSLeay/
%{perl_vendorarch}/Net/SSLeay.pm
%doc %{perl_vendorarch}/Net/SSLeay.pod
%{_mandir}/man3/Net::SSLeay.3*
%{_mandir}/man3/Net::SSLeay::Handle.3*
%changelog
* Wed Aug 15 2018 Petr Pisar <ppisar@redhat.com> - 1.85-5
- Revert retry in Net::SSLeay::{read,write}() (bug #1610376)
- Revert retry in Net::SSLeay::write_partial() (bug #1610376)
* Tue Aug 14 2018 Petr Pisar <ppisar@redhat.com> - 1.85-4
- Avoid SIGPIPE in t/local/36_verify.t (bug #1610376)
* Mon Aug 13 2018 Petr Pisar <ppisar@redhat.com> - 1.85-3
- Adapt to OpenSSL 1.1.1 (bug #1610376)
- Adapt tests to system-wide crypto policy (bug #1610376)
- Adapt tests to security level 2 system-wide crypt policy (bug #1610376)
* Mon Aug 13 2018 Jitka Plesnikova <jplesnik@redhat.com> - 1.85-2
- Add missing call to va_end() in TRACE() (bug #1607018)
* Wed Mar 14 2018 Paul Howarth <paul@city-fan.org> - 1.85-1
- Update to 1.85
- Preparations for transferring maintenace to a new maintainer
- Fixed test failure in t/local/33_x509_create_cert.t for some versions of
OpenSSL
- Fixed free() error that causes "Free to wrong pool ..." message on Windows
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.84-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Jan 17 2018 Paul Howarth <paul@city-fan.org> - 1.84-1
- Update to 1.84
- Fixed an error in t/local/04_basic.t causing a test failure if
Test::Exception not installed
* Tue Jan 16 2018 Paul Howarth <paul@city-fan.org> - 1.83-1
- Update to 1.83
- Fixed a problem with exporting OPENSSL_NO_NEXTPROTONEG even though they
are not available on LibreSSL
- Add support for SSL_set_default_passwd_cb* for OpenSSL 1.1.0f and later;
LibreSSL does not support these functions, at least yet
- Add new functions related to SSL_CTX_new
- Add two new functions introduced in OpenSSL 1.1.0, a number of constants
and a couple of const qualifiers to SSLeay.xs; tests and documentation .pod
were also updated
- Added support for SSL_use_certificate_chain_file function introduced in
OpenSSL 1.1.0
- Fixed LibreSSL version detection to correctly parse LibreSSL minor version
- Fix memory leaks in OCSP handling
- Add new functions for certificate verification introduced in OpenSSL 1.02,
a number of constants, new test data files, new tests and updates to .pod
documentation; the new functions provide access to the built-in wildcard
check functionality available in OpenSSL 1.0.2 and later
- Added X509_STORE_CTX_new and X509_verify_cert
- SSL_OCSP_response_verify now clears the error queue if OCSP_basic_verify
fails but the intermediate certificate succeeds
* Tue Oct 31 2017 Paul Howarth <paul@city-fan.org> - 1.82-1
- Update to 1.82
- Added support for building under Linuxbrew (a linuxbrew version of MacOS
Homebrew)
- Implement SSL_CTX_set_psk_client_callback() and
SSL_set_psk_client_callback()
- Skip the NPN test if the SSL library is LibreSSL
- Fixed a problem with a variable declaration in
ssleay_session_secret_cb_invoke
- Bugfix: tlsext_status_cb_invoke(...): free ocsp_response only when
allocated; the same callback is used on a server side for OCSP stapling
and in that case ocsp_response is NULL and not used
- New feature: Added a binding
SSL_set_session_ticket_ext_cb(ssl, callback, data); a callback used by
EAP-FAST/EAP-TEAT to parse and process TLS session ticket
- New feature: Added a binding SSL_set_session_ticket_ext(ssl, ticket); used
by EAP-FAST/EAP-TEAP to define TLS session ticket value
- Bugfix: tlsext_ticket_key_cb_invoke(...): allow SHA256 HMAC key to be 32
bytes instead of 16 bytes (which OpenSSL will pad with zeros up to 32
bytes)
- New feature: Added following bindings:
- X509_get_ex_data(cert, idx)
- X509_get_ex_new_index(argl, argp, new_func, dup_func, free_func)
- X509_get_app_data(cert)
- X509_set_ex_data(cert, idx, data)
- X509_set_app_data(cert, arg)
- X509_STORE_CTX_get_ex_new_index(argl, argp, new_func, dup_func, free_func)
- X509_STORE_CTX_get_app_data(x509_store_ctx)
- X509_STORE_CTX_set_app_data(x509_store_ctx, arg)
- New feature: Added an implementation for
SSL_get_finished(ssl, buf, count=2*EVP_MAX_MD_SIZE)
- New feature: Added an implementation for
SSL_get_peer_finished(ssl, buf, count=2*EVP_MAX_MD_SIZE)
- Bugfix: SSL_get_keyblock_size(s): Calculate key block size correctly also
with AEAD ciphers, which dont use digest functions
- New feature: Added a binding SSL_set_tlsext_status_ocsp_resp(ssl, staple);
used by a server side to include OCSP staple in ServerHello
- Bugfix: SSL_OCSP_response_verify(ssl, rsp, svreq, flags): check that chain
and last are not NULL before trying to use them
- Bugfix: inc/Module/Install/PRIVATE/Net/SSLeay.pm: Dont quote include and
lib paths
- Drop EL-5 support
- Drop BuildRoot: and Group: tags
- Drop explicit buildroot cleaning in %%install section
- Drop explicit %%clean section
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.81-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.81-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sun Jun 04 2017 Jitka Plesnikova <jplesnik@redhat.com> - 1.81-2
- Perl 5.26 rebuild
* Tue Mar 28 2017 Paul Howarth <paul@city-fan.org> - 1.81-1
- Update to 1.81
- Enable RSA_get_key_parameters with LibreSSL - again
- Fixed memory leak in X509_get_subjectAltNames
- Added . to lib path in Makefile.PL to accommodate people who are using a
perl with -Ddefault_inc_excludes_dot
- Fixed build failure if engine support not present
- Improvements to get_my_thread_id to work around possibility of ERRSV not
being defined, e.g. on OpenWRT
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.80-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Thu Jan 5 2017 Paul Howarth <paul@city-fan.org> - 1.80-1
- Update to 1.80
- Fix unexpected changes in the control flow of the Perl program that seemed
to be triggered by the ticket key callback
* Tue Jan 3 2017 Paul Howarth <paul@city-fan.org> - 1.79-1
- Update to 1.79
- Patch to fix a few inline variable declarations that cause errors for older
compilers
- Patch: Generated C code is not compatible with MSVC, AIX cc, probably
others; added some PREINIT blocks and replaced 2 cases of INIT with PREINIT
- Fix compile failure if the OpenSSL library it's built against has
compression support compiled out
- Added RSA_get_key_parameters() to return a list of pointers to RSA key
internals (only available prior to OpenSSL 1.1)
- Fix some documentation typos
- Testing with openssl-1.1.0b
* Wed Oct 12 2016 Paul Howarth <paul@city-fan.org> - 1.78-2
- Rebuild for OpenSSL 1.1.0 in Fedora 26
* Sun Aug 14 2016 Paul Howarth <paul@city-fan.org> - 1.78-1
- Update to 1.78
- Fixed broken (since 1.75) OCSP code and tests
* Thu Aug 11 2016 Paul Howarth <paul@city-fan.org> - 1.77-2
- Fix OCSP (CPAN RT#116795)
* Mon Aug 1 2016 Paul Howarth <paul@city-fan.org> - 1.77-1
- Update to 1.77
- Fixed incorrect size to memset in tlsext_ticket_key_cb_invoke
* Sun Jul 31 2016 Paul Howarth <paul@city-fan.org> - 1.76-1
- Update to 1.76
- Compatibility with OpenSSL 1.1, tested with openssl-1.1.0-pre5:
- Conditionally remove threading locking code, not needed in 1.1
- Rewrite code that accesses inside X509_ATTRIBUTE struct
- SSL_CTX_need_tmp_RSA, SSL_CTX_set_tmp_rsa, SSL_CTX_set_tmp_rsa_callback,
SSL_set_tmp_rsa_callback support not available in 1.1
- SSL_session_reused is now native
- SSL_get_keyblock_size modifed to use new API
- OCSP functions modified to use new API under 1.1
- SSL_set_state removed with 1.1
- SSL_get_state and SSL_state are now equivalent and available in all
versions
- SSL_CTX_v2_new removed
- SESSION_set_master_key removed with 1.1; code that previously used
SESSION_set_master_key must now set $secret in the session_secret
callback set with SSL_set_session_secret_cb
- With 1.1, $secret in the session_secret callback set with
SSL_set_session_secret_cb can be changed to alter the master key
(required by EAP-FAST)
- Added a function EC_KEY_generate_key similar to RSA_generate_key and a
function EVP_PKEY_assign_EC_KEY similar to EVP_PKEY_assign_RSA; using
these functions it is easy to create and use EC keys in the same way as RSA
keys
- Testing with LibreSSL 2.4.1
- Provide support for cross context (and cross process) session sharing using
the stateless TLS session tickets
- Added documentation about downloading latest version from SVN
- Added missing Module/install files to SVN
* Thu Jul 21 2016 Paul Howarth <paul@city-fan.org> - 1.74-3
- Fix FTBFS when perl isn't in the SRPM build root
* Sun May 15 2016 Jitka Plesnikova <jplesnik@redhat.com> - 1.74-2
- Perl 5.24 rebuild
* Tue Apr 12 2016 Paul Howarth <paul@city-fan.org> - 1.74-1
- Update to 1.74
- README.OSX was missing from the distribution
* Mon Apr 11 2016 Paul Howarth <paul@city-fan.org> - 1.73-1
- Update to 1.73
- Added X509_get_X509_PUBKEY
- Added README.OSX with instructions on how to build for recent OS X
- Added info about using OPENSSL_PREFIX to README.Win32
- Added comments in POD about installation documentation
- Added '/usr/local/opt/openssl/bin/openssl' to Openssl search path for
latest version of OSX homebrew openssl
- Simplify find commands using -delete
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.72-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Fri Jan 15 2016 Paul Howarth <paul@city-fan.org> - 1.72-2
- Prefer %%global over %%define
* Tue Sep 22 2015 Paul Howarth <paul@city-fan.org> - 1.72-1
- Update to 1.72
- Fixed a problem where SvPVx_nolen was undefined in some versions of perl;
replaced with SvPV_nolen
- Fixed a cast warning on Darwin
* Fri Sep 18 2015 Paul Howarth <paul@city-fan.org> - 1.71-1
- Update to 1.71
- Conditionalize support for MD4, MD5
- Added support for linking libraries in /usr/local/lib64 for some flavours
of Linux like RH Tikanga
- Fixes to X509_check_host, X509_check_ip, SSL_CTX_set_alpn_protos, and
SSL_set_alpn_protos so they will compile on MSVC and AIX cc
- Fixed typos in documentation for X509_NAME_new and X509_NAME_hash
- Version number in META.yml is now quoted
- Explicitly BR: perl-devel, needed for EXTERN.h
* Fri Jun 26 2015 Paul Howarth <paul@city-fan.org> - 1.70-1
- Update to 1.70
- The new OpenSSL 1.0.2 X509_check_* functions are not available in current
LibreSSL, so disable them in SSLeay.xs
- Fixed a problem with building against OSX homebrew's openssl
- Removed a test in t/local/33_x509_create_cert.t that fails due to changes
in 1.0.1n and later
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.69-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Tue Jun 09 2015 Jitka Plesnikova <jplesnik@redhat.com> - 1.69-2
- Perl 5.22 rebuild
* Sun Jun 7 2015 Paul Howarth <paul@city-fan.org> - 1.69-1
- Update to 1.69
- Testing with OpenSSL 1.0.2, 1.0.2a OK
- Completed LibreSSL compatibility
- Improved compatibility with OpenSSL 1.0.2a
- Added the X509_check_* functions introduced in OpenSSL 1.0.2
- Added support for X509_V_FLAG_TRUSTED_FIRST constant
- Allow get_keyblock_size to work correctly with OpenSSL 1.0.1 onwards
* Fri Jun 05 2015 Jitka Plesnikova <jplesnik@redhat.com> - 1.68-3
- Perl 5.22 rebuild
* Mon May 18 2015 Paul Howarth <paul@city-fan.org> - 1.68-2
- SSLv3_method not dropped in OpenSSL 1.0.2, so revert that change (#1222521)
* Fri Jan 30 2015 Paul Howarth <paul@city-fan.org> - 1.68-1
- Update to 1.68
- Improvements to inc/Module/Install/PRIVATE/Net/SSLeay.pm to handle the case
where there are muliple OPENSSLs installed
- Fixed a documentation error in get_peer_cert_chain
- Fixed a problem with building on Windows that prevented correct OpenSSL
directory detection with version 1.0.1j as delivered with Shining Light
OpenSSL
- Fixed a problem with building on Windows that prevented finding MT or MD
versions of SSL libraries
- Updated doc in README.Win32 to build with Microsoft Visual Studio 2010
Express
- Added Windows crypt32 library to Windows linking as some
compilers/platforms seem to require it and it is innocuous otherwise
- Fixed a failure in t/external/20_cert_chain.t where some platforms do not
have HTTPS in /etc/services
- Recent 1.0.2 betas have dropped the SSLv3_method function; we leave out
the function on newer versions, much the same as the SSLv2 deprecation is
handled
- Fix the ALPN test, which was incorrectly failing on OpenSSL due to the
LibreSSL check (earlier versions bailed out before that line)
- Fixed a problem on OSX when macports openssl 1.x is installed: headers from
macport were found but older OSX openssl libraries were linked, resulting
in "Symbol not found: _EVP_MD_do_all_sorted"
- Added notes about runtime error "no OPENSSL_Applink", when calling
Net::SSLeay::P_PKCS12_load_file
- Don't change %%{__perl_provides} unless we need to
* Tue Sep 09 2014 Jitka Plesnikova <jplesnik@redhat.com> - 1.66-2
- Perl 5.20 mass
* Mon Sep 8 2014 Paul Howarth <paul@city-fan.org> - 1.66-1
- Update to 1.66
- Fixed compile problem with perl prior to 5.8.8, similar to CPAN RT#76267
- Fixed a problem with Socket::IPPROTO_TCP on early perls
- After discussions with the community and the original author Sampo
Kellomaki, the license conditions have been changed to "Perl Artistic
License 2.0"
- License changed to Artistic 2.0
- Use %%license where possible
* Thu Aug 28 2014 Jitka Plesnikova <jplesnik@redhat.com> - 1.65-3
- Perl 5.20 rebuild
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.65-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Tue Jul 15 2014 Paul Howarth <paul@city-fan.org> - 1.65-1
- Update to 1.65
- Added note to docs to make it clear that X509_get_subjectAltNames returns a
packed binary IP address for type 7 - GEN_IPADD
- Improvements to SSL_OCSP_response_verify to compile under non-c99 compilers
- Port to Android, includes Android-specific version of RSA_generate_key
- Added LibreSSL support
- Patch that fixes the support for SSL_set_info_callback and adds
SSL_CTX_set_info_callback and SSL_set_state; support for these functions is
necessary to either detect renegotiation or to enforce renegotiation
- Fixed a problem with SSL_set_state not available on some early OpenSSLs
- Removed arbitrary size limits from calls to tcp_read_all in tcpcat() and
http_cat()
- Removed unnecessary Debian_CPANTS.txt from MANIFEST - again
* Wed Jun 11 2014 Paul Howarth <paul@city-fan.org> - 1.64-1
- Update to 1.64
- Test ocsp.t now does not fail if HTTP::Tiny is not installed
- Fixed repository in META.yml
- Fixed a problem with SSL_get_peer_cert_chain: if the SSL handshake results
in an anonymous authentication, like ADH-DES-CBC3-SHA, get_peer_cert_chain
will not return an empty list, but instead return the SSL object
- Fixed a problem where patch
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=3009244d
caused a failed test in t/local/33_x509_create_cert.t
* Sun Jun 8 2014 Paul Howarth <paul@city-fan.org> - 1.63-3
- Fix failing test with openssl-1.0.1h (upstream commit 414, CPAN RT#96256)
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.63-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Mon May 19 2014 Paul Howarth <paul@city-fan.org> - 1.63-1
- Update to 1.63
- Improvements to OCSP support: it turns out that some CAs (like Verisign)
sign the OCSP response with the CA we have in the trust store and don't
attach this certifcate in the response, but OpenSSL by itself only
considers the certificates included in the response and
SSL_OCSP_response_verify added the certificates in the chain too, so now
we also add the trusted CA from the store which signed the lowest chain
certificate, at least if we could not verify the OCSP response without
doing it
- Fixed some compiler warnings
- BR: perl(HTTP::Tiny) for test suite
* Mon May 12 2014 Paul Howarth <paul@city-fan.org> - 1.61-1
- Update to 1.61
- Fixed a typo in an error message
- Fixed a problem with building with openssl that does not support OCSP
- Fixed some newly introduced warnings if compiled with -Wall
- Fixed format string issue causing build failures
- Changed calloc to Newx and free to Safefree, otherwise there might be
problems because calloc is done from a different memory pool than free
(depends on the build options for perl, but seen on Windows)
* Sat May 10 2014 Paul Howarth <paul@city-fan.org> - 1.59-1
- Update to 1.59
- Fixed local/30_error.t so that tests do not fail if diagnostics are enabled
- Fixed error messages about undefined strings used with length or split
- Improvements to configuration of OPTIMIZE flags, to prevent overriding of
perl's expected optimization flags
- SSL_peek() now returns openssl error code as second item when called in
array context, same as SSL_read
- Fixed some warnings
- Added support for tlsv1.1 tlsv1.2 via $Net::SSLeay::ssl_version
- Improve examples in 'Using other perl modules based on Net::SSLeay'
- Added support for OCSP
- Added missing t/external/ocsp.t
- Add patch to stop gcc complaining about format string usage
* Wed Jan 15 2014 Paul Howarth <paul@city-fan.org> - 1.58-1
- Update to 1.58
- Always use size_t for strlen() return value
- t/external/20_cert_chain.t was missing from dist
- Version number in META.yml was incorrect
- Improvements to test t/external/20_cert_chain.t to provoke following bug:
fixed crash due to SSL_get_peer_cert_chain incorrectly free'ing the chain
after use
- Fixed a problem when compiling against openssl where OPENSSL_NO_EC is set
- Drop Fedora/EL ECC support patch, no longer needed
* Sun Jan 12 2014 Paul Howarth <paul@city-fan.org> - 1.57-1
- Update to 1.57
- Fixed remaining problems with test suite: pod coverage and kwalitee tests
are only enabled with RELEASE_TESTING=1
* Wed Jan 8 2014 Paul Howarth <paul@city-fan.org> - 1.56-1
- Update to 1.56
- Fixed a typo in documentation of BEAST Attack
- Added LICENSE file copied from OpenSSL distribution to prevent complaints
from various versions of kwalitee
- Adjusted license: in META.yml to be 'openssl'
- Adds support for the basic operations necessary to support ECDH for PFS,
e.g. EC_KEY_new_by_curve_name, EC_KEY_free and SSL_CTX_set_tmp_ecdh
- Improvements to t/handle/external/50_external.t to handle the case when a
test connection was not possible
- Added support for ALPN TLS extension
- Fixed a use-after-free error
- Fixed a problem with invalid comparison on OBJ_cmp result in
t/local/36_verify.t
- Added support for get_peer_cert_chain()
- Fixed a bug that could cause stack faults: mixed up PUTBACK with SPAGAIN in
ssleay_RSA_generate_key_cb_invoke(); a final PUTBACK is needed here
- Fixed cb->data checks and wrong refcounts on &PL_sv_undef
- Deleted support for SSL_get_tlsa_record_byname: it is not included in
OpenSSL git master
- Drop upstreamed patch for CPAN RT#91215
- Skip the Pod Coverage test, as there are naked subroutines in this release
- ECC support not available in Fedora/EL until OpenSSL 1.0.1e, so patch the
source accordingly to fix builds for F-12 .. F-17
* Fri Dec 6 2013 Paul Howarth <paul@city-fan.org> - 1.55-6
- Fix usage of OBJ_cmp in the test suite (CPAN RT#91215)
* Sun Dec 1 2013 Paul Howarth <paul@city-fan.org> - 1.55-5
- Drop the kwalitee test for now as it's too fussy for the current code
* Wed Aug 14 2013 Jitka Plesnikova <jplesnik@redhat.com> - 1.55-4
- Perl 5.18 re-rebuild of bootstrapped packages
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.55-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Mon Jul 22 2013 Petr Pisar <ppisar@redhat.com> - 1.55-2
- Perl 5.18 rebuild
* Sat Jun 8 2013 Paul Howarth <paul@city-fan.org> - 1.55-1
- update to 1.55
- added support for TLSV1_1 and TLSV1_2 methods with SSL_CTX_tlsv1_1_new(),
SSL_CTX_tlsv1_2_new(), TLSv1_1_method() and TLSv1_2_method(), where
available in the underlying openssl
- added CRL support functions X509_CRL_get_ext(), X509_CRL_get_ext_by_NID(),
X509_CRL_get_ext_count()
- fixed a problem that could cause content with a value of '0' to be
incorrectly encoded by do_httpx3 and friends (CPAN RT#85417)
- added support for SSL_get_tlsa_record_byname() required for DANE support in
openssl-1.0.2 and later
- testing with openssl-1.0.2-stable-SNAP-20130521
- added X509_NAME_new and X509_NAME_hash
* Sat Mar 23 2013 Paul Howarth <paul@city-fan.org> - 1.54-1
- update to 1.54
- added support for SSL_export_keying_material where present (i.e. in OpenSSL
1.0.1 and later)
- changed t/handle/external/50_external.t to use www.airspayce.com instead of
perldition.org, who no longer have an https server
- patch to fix a crash: P_X509_get_crl_distribution_points on an X509
certificate with values in the CDP extension that do not have an ia5 string
would cause a segmentation fault when accessed
- change in t/local/32_x509_get_cert_info.t to not use
Net::SSLeay::ASN1_INTEGER_get, since it works differently on 32 and 64 bit
platforms
- updated author and distribution location details to airspayce.com
- improvement to test 07_sslecho.t so that if set_cert_and_key fails we can
tell why
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.52-2
- rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Wed Jan 9 2013 Paul Howarth <paul@city-fan.org> - 1.52-1
- update to 1.52
- rebuild package with gnu format tar, to prevent problems with unpacking on
other systems such as old Solaris
* Fri Dec 14 2012 Paul Howarth <paul@city-fan.org> - 1.51-1
- update to 1.51
- fixed a problem where SSL_set_SSL_CTX is not available with
OpenSSL < 0.9.8f (CPAN RT#81940)
- fix bogus date in spec changelog
* Thu Dec 13 2012 Paul Howarth <paul@city-fan.org> - 1.50-1
- update to 1.50
- fixed a problem where t/handle/external/50_external.t would crash if any of
the test sites were not contactable
- now builds on VMS, added README.VMS
- fixed a few compiler warnings in SSLeay.xs; most of them are just
signed/unsigned pointer mismatches but there is one that actually fixes
returning what would be an arbitrary value off the stack from
get_my_thread_id if it happened to be called in a non-threaded build
- added SSL_set_tlsext_host_name, SSL_get_servername, SSL_get_servername_type,
SSL_CTX_set_tlsext_servername_callback for server side Server Name
Indication (SNI) support
- fixed a problem with C++ comments preventing builds on AIX and HPUX
- perdition.org not available for tests, changed to www.open.com.au
- added SSL_FIPS_mode_set
- improvements to test suite so it succeeds with and without FIPS mode
enabled
- added documentation, warning not to pass UTF-8 data in the content
argument to post_https
* Tue Sep 25 2012 Paul Howarth <paul@city-fan.org> - 1.49-1
- update to 1.49
- fixed problem where on some platforms test t/local/07_tcpecho.t would bail
out if it could not bind port 1212; it now tries a number of ports to bind
to until successful
- improvements to unsigned casting
- improvements to Net::SSLeay::read to make it easier to use with
non-blocking IO: it modifies Net::SSLeay::read() to return the result from
SSL_read() as the second return value, if Net::SSLeay::read() is called in
list context (its behavior should be unchanged if called in scalar or void
context)
- fixed a problem where t/local/kwalitee.t fails with
Module::CPANTS::Analyse 0.86
- fixed a number of typos
- fixed a compiler warning from Compiling with gcc-4.4 and -Wall
- Fixed problems with get_https4: documentation was wrong, $header_ref was
not correctly set and $server_cert was not returned
- fixed a problem that could cause a Perl exception about no blength method
on undef (CPAN RT#79309)
- added documentation about how to mitigate various SSL/TLS vulnerabilities
- SSL_MODE_* are now available as constants
- drop upstreamed pod encoding patch
* Mon Aug 20 2012 Paul Howarth <paul@city-fan.org> - 1.48-6
- fix POD encoding (CPAN RT#78281)
- classify buildreqs by usage
- BR:/R: perl(XSLoader)
* Mon Aug 13 2012 Petr Pisar <ppisar@redhat.com> - 1.48-5
- specify all dependencies
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.48-4
- rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Tue Jul 10 2012 Petr Pisar <ppisar@redhat.com> - 1.48-3
- perl 5.16 re-rebuild of bootstrapped packages
* Wed Jun 13 2012 Petr Pisar <ppisar@redhat.com> - 1.48-2
- perl 5.16 rebuild
* Wed Apr 25 2012 Paul Howarth <paul@city-fan.org> - 1.48-1
- update to 1.48
- removed unneeded Debian_CPANTS.txt from MANIFEST
- fixed incorrect documentation about the best way to call CTX_set_options
- fixed problem that caused "Undefined subroutine utf8::encode" in
t/local/33_x509_create_cert.t (on perl 5.6.2)
- in examples and pod documentation, changed #!/usr/local/bin/perl
to #!/usr/bin/perl
- t/local/06_tcpecho.t now tries a number of ports to bind to until
successful
- no longer need to fix shellbangs in examples
* Thu Apr 19 2012 Paul Howarth <paul@city-fan.org> - 1.47-3
- simplify Test::Kwalitee conditional
* Thu Apr 19 2012 Marcela Mašláňová <mmaslano@redhat.com> - 1.47-2
- make module Kwalitee conditional
* Wed Apr 4 2012 Paul Howarth <paul@city-fan.org> - 1.47-1
- update to 1.47
- fixed overlong lines and spelling errors in pod
- fixed extra "garbage" files in 1.46 tarball
- fixed incorrect fail reports on some 64 bit platforms
- fix to avoid FAIL reports from cpantesters with missing openssl
- use my_snprintf from ppport.h to prevent link failures with perl 5.8 and
earlier when compiled with MSVC
* Tue Apr 3 2012 Paul Howarth <paul@city-fan.org> - 1.46-1
- update to 1.46 (see Changes file for details)
- BR: openssl as well as openssl-devel, needed for building
- no longer need help to find openssl
- upstream no longer shipping TODO
- drop %%defattr, redundant since rpm 4.4
* Sat Feb 25 2012 Paul Howarth <paul@city-fan.org> - 1.45-1
- update to 1.45 (see Changes file for full details)
- added thread safety and dynamic locking, which should complete thread
safety work, making Net::SSLeay completely thread-safe
- lots of improved documentation
- BR: perl(Test::Pod::Coverage)
- install Net/SSLeay.pod as %%doc
* Thu Jan 12 2012 Paul Howarth <paul@city-fan.org> - 1.42-2
- use DESTDIR rather than PERL_INSTALL_ROOT
- use %%{_fixperms} macro rather than our own chmod incantation
- BR: perl(AutoLoader), perl(Exporter), perl(Socket)
* Mon Oct 3 2011 Paul Howarth <paul@city-fan.org> - 1.42-1
- update to 1.42
- fixed incorrect documentation of how to enable CRL checking
- fixed incorrect letter in Sebastien in Credits
- changed order of the Changes file to be reverse chronological
- fixed a compile error when building on Windows with MSVC6
- drop UTF8 patch, no longer needed
* Sun Sep 25 2011 Paul Howarth <paul@city-fan.org> - 1.41-1
- update to 1.41
- fixed incorrect const signatures for 1.0 that were causing warnings; now
have clean compile with 0.9.8a through 1.0.0
- BR: perl(Carp)
* Fri Sep 23 2011 Paul Howarth <paul@city-fan.org> - 1.40-1
- update to 1.40
- fixed incorrect argument type in call to SSL_set1_param
- fixed a number of issues with pointer sizes; removed redundant pointer cast
tests from t/
- added Perl version requirements to SSLeay.pm
* Wed Sep 21 2011 Paul Howarth <paul@city-fan.org> - 1.39-1
- update to 1.39
- downgraded Module::Install to 0.93 since 1.01 was causing problems in the
Makefile
* Fri Sep 16 2011 Paul Howarth <paul@city-fan.org> - 1.38-1
- update to 1.38
- fixed a problem with various symbols that only became available in OpenSSL
0.9.8 such as X509_VERIFY_PARAM and X509_POLICY_NODE, causing build
failures with older versions of OpenSSL (CPAN RT#71013)
* Fri Sep 16 2011 Paul Howarth <paul@city-fan.org> - 1.37-1
- update to 1.37
- added X509_get_fingerprint
- added support for SSL_CTX_set1_param, SSL_set1_param and selected
X509_VERIFY_PARAM_* OBJ_* functions
- fixed the prototype for randomize()
- fixed an uninitialized value warning in $Net::SSLeay::proxyauth
- allow net-ssleay to compile if SSLV2 is not present
- fixed a problem where sslcat (and possibly other functions) expect RSA
keys and will not load DSA keys for client certificates
- removed SSL_CTX_v2_new and SSLv2_method() for OpenSSL 1.0 and later
- added CTX_use_PKCS12_file
- this release by MIKEM => update source URL
* Tue Jul 19 2011 Petr Sabata <contyk@redhat.com> - 1.36-7
- Perl mass rebuild
* Thu Jul 14 2011 Paul Howarth <paul@city-fan.org> - 1.36-6
- BR: perl(Test::Kwalitee) if we're not bootstrapping
- explicitly BR: pkgconfig
- use a patch rather than a scripted iconv to fix the character encoding
- modernize provides filter
- stop running the tests in verbose mode
- nobody else likes macros for commands
* Wed Jul 13 2011 Iain Arnell <iarnell@gmail.com> - 1.36-5
- drop obsolete BRs Array::Compare, Sub::Uplevel, Tree::DAG_Node
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.36-4
- rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Tue Dec 21 2010 Marcela Maslanova <mmaslano@redhat.com> - 1.36-3
- rebuild to fix problems with vendorarch/lib (#661697)
* Tue May 04 2010 Marcela Maslanova <mmaslano@redhat.com> - 1.36-2
- mass rebuild with perl-5.12.0
* Sun Jan 31 2010 Paul Howarth <paul@city-fan.org> - 1.36-1
- update to 1.36 (see Changes for details)
- drop svn patches
* Mon Dec 7 2009 Stepan Kasal <skasal@redhat.com> - 1.35-8
- rebuild against perl 5.10.1
* Sat Aug 22 2009 Paul Howarth <paul@city-fan.org> - 1.35-7
- update to svn trunk (rev 252), needed due to omission of MD2 functionality
from OpenSSL 1.0.0 (CPAN RT#48916)
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 1.35-6
- rebuilt with new openssl
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.35-5
- rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Sun Mar 8 2009 Paul Howarth <paul@city-fan.org> - 1.35-4
- filter out unwanted provides for perl shared objects
- run tests in verbose mode
* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.35-3
- rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Sat Jan 17 2009 Tomas Mraz <tmraz@redhat.com> - 1.35-2
- rebuild with new openssl
* Mon Jul 28 2008 Paul Howarth <paul@city-fan.org> - 1.35-1
- update to 1.35
- drop flag and patch for enabling/disabling external tests - patch now upstream
- external hosts patch no longer needed as we don't do external tests
- filter out unversioned provide for perl(Net::SSLeay)
- use the distro openssl flags rather than guessing them
* Wed Feb 27 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 1.32-5
- rebuild for perl 5.10 (again)
* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1.32-4
- autorebuild for GCC 4.3
* Thu Jan 31 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 1.32-3
- rebuild for new perl
* Wed Dec 5 2007 Paul Howarth <paul@city-fan.org> - 1.32-2
- rebuild with new openssl
* Wed Nov 28 2007 Paul Howarth <paul@city-fan.org> - 1.32-1
- update to 1.32, incorporate new upstream URLs
- cosmetic spec changes suiting new maintainer's preferences
- fix argument order for find with -depth
- remove patch for CVE-2005-0106, fixed upstream in 1.30 (#191351)
(http://rt.cpan.org/Public/Bug/Display.html?id=19218)
- remove test patch, no longer needed
- re-encode Credits as UTF-8
- include TODO as %%doc
- add buildreqs perl(Array::Compare), perl(MIME::Base64), perl(Sub::Uplevel),
perl(Test::Exception), perl(Test::NoWarnings), perl(Test::Pod),
perl(Test::Warn), perl(Tree::DAG_Node)
- add patch needed to disable testsuite non-interactively
- run test suite but disable external tests by default; external tests can be
enabled by using rpmbuild --with externaltests
- add patch to change hosts connected to in external tests
* Fri Nov 16 2007 Parag Nemade <panemade@gmail.com> - 1.30-7
- Merge Review (#226272) Spec cleanup
* Tue Nov 6 2007 Stepan Kasal <skasal@redhat.com> - 1.30-6
- fix a typo in description (#231756, #231757)
* Tue Oct 16 2007 Tom "spot" Callaway <tcallawa@redhat.com> - 1.30-5.1
- correct license tag
- add BR: perl(ExtUtils::MakeMaker)
* Tue Aug 21 2007 Warren Togami <wtogami@redhat.com> - 1.30-5
- rebuild
* Fri Jul 14 2006 Warren Togami <wtogami@redhat.com> - 1.30-4
- import into FC6
* Tue Feb 28 2006 Jose Pedro Oliveira <jpo at di.uminho.pt> - 1.30-3
- Rebuild for FC5 (perl 5.8.8).
* Fri Jan 27 2006 Jose Pedro Oliveira <jpo at di.uminho.pt> - 1.30-2
- CVE-2005-0106: patch from Mandriva
http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:023
* Sun Jan 15 2006 Ville Skyttä <ville.skytta at iki.fi> - 1.30-1
- 1.30.
- Optionally run the test suite during build with "--with tests".
* Wed Nov 9 2005 Ville Skyttä <ville.skytta at iki.fi> - 1.26-3
- Rebuild for new OpenSSL.
- Cosmetic cleanups.
* Wed Apr 6 2005 Michael Schwendt <mschwendt[AT]users.sf.net> - 1.26-2
- rebuilt
* Mon Dec 20 2004 Ville Skyttä <ville.skytta at iki.fi> - 0:1.26-1
- Drop fedora.us release prefix and suffix.
* Mon Oct 25 2004 Ville Skyttä <ville.skytta at iki.fi> - 0:1.26-0.fdr.2
- Convert manual page to UTF-8.
* Tue Oct 12 2004 Ville Skyttä <ville.skytta at iki.fi> - 0:1.26-0.fdr.1
- Update to unofficial 1.26 from Peter Behroozi, adds get1_session(),
enables session caching with IO::Socket::SSL (bug 1859, bug 1860).
- Bring outdated test14 up to date (bug 1859, test suite still not enabled).
* Sun Jul 11 2004 Ville Skyttä <ville.skytta at iki.fi> - 0:1.25-0.fdr.4
- Rename to perl-Net-SSLeay, provide perl-Net_SSLeay for compatibility
with the rest of the world.
* Wed Jul 7 2004 Ville Skyttä <ville.skytta at iki.fi> - 0:1.25-0.fdr.3
- Bring up to date with current fedora.us Perl spec template.
- Include examples in docs.
* Sun Feb 8 2004 Ville Skyttä <ville.skytta at iki.fi> - 0:1.25-0.fdr.2
- Reduce directory ownership bloat.
* Fri Oct 17 2003 Ville Skyttä <ville.skytta at iki.fi> - 0:1.25-0.fdr.1
- First build.