openssl-1:1.1.1-0.pre8.2.fc29 started to obey to a system-wide crypto
policy. This affected Net-SSLeay tests. Please note that
openssl-1.1.1-0.pre8.3.fc29 fixed some regressions affecting
Net-SSLeay tests.
- New upstream release 1.85
- Preparations for transferring maintenace to a new maintainer
- Fixed test failure in t/local/33_x509_create_cert.t for some versions of
OpenSSL
- Fixed free() error that causes "Free to wrong pool ..." message on Windows
- New upstream release 1.83
- Fixed a problem with exporting OPENSSL_NO_NEXTPROTONEG even though they
are not availble on LibreSSL
- Add support for SSL_set_default_passwd_cb* for OpenSSL 1.1.0f and later;
LibreSSL does not support these functions, at least yet
- Add new functions related to SSL_CTX_new
- Add two new functions introduced in OpenSSL 1.1.0, a number of constants
and a couple of const qualifiers to SSLeay.xs; tests and documentation .pod
were also updated
- Added support for SSL_use_certificate_chain_file function introduced in
OpenSSL 1.1.0
- Fixed LibreSSL version detection to correctly parse LibreSSL minor version
- Fix memory leaks in OCSP handling
- Add new functions for certificate verification introduced in OpenSSL 1.02,
a number of constants, new test data files, new tests and updates to .pod
documentation; the new functions provide access to the built-in wildcard
check functionality available in OpenSSL 1.0.2 and later
- Added X509_STORE_CTX_new and X509_verify_cert
- SSL_OCSP_response_verify now clears the error queue if OCSP_basic_verify
fails but the intermediate certificate succeeds
- New upstream release 1.82
- Added support for building under Linuxbrew (a linuxbrew version of MacOS
Homebrew)
- Implement SSL_CTX_set_psk_client_callback() and
SSL_set_psk_client_callback()
- Skip the NPN test if the SSL library is LibreSSL
- Fixed a problem with a variable declaration in
ssleay_session_secret_cb_invoke
- Bugfix: tlsext_status_cb_invoke(...): free ocsp_response only when
allocated; the same callback is used on a server side for OCSP stapling
and in that case ocsp_response is NULL and not used
- New feature: Added a binding
SSL_set_session_ticket_ext_cb(ssl, callback, data); a callback used by
EAP-FAST/EAP-TEAT to parse and process TLS session ticket
- New feature: Added a binding SSL_set_session_ticket_ext(ssl, ticket); used
by EAP-FAST/EAP-TEAP to define TLS session ticket value
- Bugfix: tlsext_ticket_key_cb_invoke(...): allow SHA256 HMAC key to be 32
bytes instead of 16 bytes (which OpenSSL will pad with zeros up to 32
bytes)
- New feature: Added following bindings:
- X509_get_ex_data(cert, idx)
- X509_get_ex_new_index(argl, argp, new_func, dup_func, free_func)
- X509_get_app_data(cert)
- X509_set_ex_data(cert, idx, data)
- X509_set_app_data(cert, arg)
- X509_STORE_CTX_get_ex_new_index(argl, argp, new_func, dup_func, free_func)
- X509_STORE_CTX_get_app_data(x509_store_ctx)
- X509_STORE_CTX_set_app_data(x509_store_ctx, arg)
- New feature: Added an implementation for
SSL_get_finished(ssl, buf, count=2*EVP_MAX_MD_SIZE)
- New feature: Added an implementation for
SSL_get_peer_finished(ssl, buf, count=2*EVP_MAX_MD_SIZE)
- Bugfix: SSL_get_keyblock_size(s): Calculate key block size correctly also
with AEAD ciphers, which don’t use digest functions
- New feature: Added a binding SSL_set_tlsext_status_ocsp_resp(ssl, staple);
used by a server side to include OCSP staple in ServerHello
- Bugfix: SSL_OCSP_response_verify(ssl, rsp, svreq, flags): check that chain
and last are not NULL before trying to use them
- Bugfix: inc/Module/Install/PRIVATE/Net/SSLeay.pm: Don’t quote include and
lib paths
- Drop EL-5 support
- Drop BuildRoot: and Group: tags
- Drop explicit buildroot cleaning in %install section
- Drop explicit %clean section
- New upstream release 1.81
- Enable RSA_get_key_parameters with LibreSSL - again
- Fixed memory leak in X509_get_subjectAltNames
- Added . to lib path in Makefile.PL to accommodate people who are using a
perl with -Ddefault_inc_excludes_dot
- Fixed build failure if engine support not present
- Improvements to get_my_thread_id to work around possibility of ERRSV not
being defined, e.g. on OpenWRT
- New upstream release 1.79
- Patch to fix a few inline variable declarations that cause errors for older
compilers
- Patch: Generated C code is not compatible with MSVC, AIX cc, probably
others; added some PREINIT blocks and replaced 2 cases of INIT with PREINIT
- Fix compile failure if the OpenSSL library it's built against has
compression support compiled out
- Added RSA_get_key_parameters() to return a list of pointers to RSA key
internals (only available prior to OpenSSL 1.1)
- Fix some documentation typos
- Testing with openssl-1.1.0b
- New upstream release 1.76
- Compatibility with OpenSSL 1.1, tested with openssl-1.1.0-pre5:
- Conditionally remove threading locking code, not needed in 1.1
- Rewrite code that accesses inside X509_ATTRIBUTE struct
- SSL_CTX_need_tmp_RSA, SSL_CTX_set_tmp_rsa, SSL_CTX_set_tmp_rsa_callback,
SSL_set_tmp_rsa_callback support not available in 1.1
- SSL_session_reused is now native
- SSL_get_keyblock_size modifed to use new API
- OCSP functions modified to use new API under 1.1
- SSL_set_state removed with 1.1
- SSL_get_state and SSL_state are now equivalent and available in all
versions
- SSL_CTX_v2_new removed
- SESSION_set_master_key removed with 1.1; code that previously used
SESSION_set_master_key must now set $secret in the session_secret
callback set with SSL_set_session_secret_cb
- With 1.1, $secret in the session_secret callback set with
SSL_set_session_secret_cb can be changed to alter the master key
(required by EAP-FAST)
- Added a function EC_KEY_generate_key similar to RSA_generate_key and a
function EVP_PKEY_assign_EC_KEY similar to EVP_PKEY_assign_RSA; using
these functions it is easy to create and use EC keys in the same way as RSA
keys
- Testing with LibreSSL 2.4.1
- Provide support for cross context (and cross process) session sharing using
the stateless TLS session tickets
- Added documentation about downloading latest version from SVN
- Added missing Module/install files to SVN
- New upstream release 1.73
- Added X509_get_X509_PUBKEY
- Added README.OSX with instructions on how to build for recent OS X
- Added info about using OPENSSL_PREFIX to README.Win32
- Added comments in POD about installation documentation
- Added '/usr/local/opt/openssl/bin/openssl' to Openssl search path for
latest version of OSX homebrew openssl
- Simplify find commands using -delete
- New upstream release 1.72
- Fixed a problem where SvPVx_nolen was undefined in some versions of perl;
replaced with SvPV_nolen
- Fixed a cast warning on Darwin
- New upstream release 1.71
- Conditionalize support for MD4, MD5
- Added support for linking libraries in /usr/local/lib64 for some flavours
of Linux like RH Tikanga
- Fixes to X509_check_host, X509_check_ip, SSL_CTX_set_alpn_protos, and
SSL_set_alpn_protos so they will compile on MSVC and AIX cc
- Fixed typos in documentation for X509_NAME_new and X509_NAME_hash
- Version number in META.yml is now quoted
- Explicitly BR: perl-devel, needed for EXTERN.h
- New upstream release 1.70
- The new OpenSSL 1.0.2 X509_check_* functions are not available in current
LibreSSL, so disable them in SSLeay.xs
- Fixed a problem with building against OSX homebrew's openssl
- Removed a test in t/local/33_x509_create_cert.t that fails due to changes
in 1.0.1n and later
- New upstream release 1.69
- Testing with OpenSSL 1.0.2, 1.0.2a OK
- Completed LibreSSL compatibility
- Improved compatibility with OpenSSL 1.0.2a
- Added the X509_check_* functions introduced in OpenSSL 1.0.2
- Added support for X509_V_FLAG_TRUSTED_FIRST constant
- Allow get_keyblock_size to work correctly with OpenSSL 1.0.1 onwards
- New upstream release 1.68
- Improvements to inc/Module/Install/PRIVATE/Net/SSLeay.pm to handle the case
where there are muliple OPENSSLs installed
- Fixed a documentation error in get_peer_cert_chain
- Fixed a problem with building on Windows that prevented correct OpenSSL
directory detection with version 1.0.1j as delivered with Shining Light
OpenSSL
- Fixed a problem with building on Windows that prevented finding MT or MD
versions of SSL libraries
- Updated doc in README.Win32 to build with Microsoft Visual Studio 2010
Express
- Added Windows crypt32 library to Windows linking as some
compilers/platforms seem to require it and it is innocuous otherwise
- Fixed a failure in t/external/20_cert_chain.t where some platforms do not
have HTTPS in /etc/services
- Recent 1.0.2 betas have dropped the SSLv3_method function; we leave out
the function on newer versions, much the same as the SSLv2 deprecation is
handled
- Fix the ALPN test, which was incorrectly failing on OpenSSL due to the
LibreSSL check (earlier versions bailed out before that line)
- Fixed a problem on OSX when macports openssl 1.x is installed: headers from
macport were found but older OSX openssl libraries were linked, resulting
in "Symbol not found: _EVP_MD_do_all_sorted"
- Added notes about runtime error "no OPENSSL_Applink", when calling
Net::SSLeay::P_PKCS12_load_file
- Don't change %{__perl_provides} unless we need to
