- New upstream release 1.83
- Fixed a problem with exporting OPENSSL_NO_NEXTPROTONEG even though they
are not availble on LibreSSL
- Add support for SSL_set_default_passwd_cb* for OpenSSL 1.1.0f and later;
LibreSSL does not support these functions, at least yet
- Add new functions related to SSL_CTX_new
- Add two new functions introduced in OpenSSL 1.1.0, a number of constants
and a couple of const qualifiers to SSLeay.xs; tests and documentation .pod
were also updated
- Added support for SSL_use_certificate_chain_file function introduced in
OpenSSL 1.1.0
- Fixed LibreSSL version detection to correctly parse LibreSSL minor version
- Fix memory leaks in OCSP handling
- Add new functions for certificate verification introduced in OpenSSL 1.02,
a number of constants, new test data files, new tests and updates to .pod
documentation; the new functions provide access to the built-in wildcard
check functionality available in OpenSSL 1.0.2 and later
- Added X509_STORE_CTX_new and X509_verify_cert
- SSL_OCSP_response_verify now clears the error queue if OCSP_basic_verify
fails but the intermediate certificate succeeds
- New upstream release 1.82
- Added support for building under Linuxbrew (a linuxbrew version of MacOS
Homebrew)
- Implement SSL_CTX_set_psk_client_callback() and
SSL_set_psk_client_callback()
- Skip the NPN test if the SSL library is LibreSSL
- Fixed a problem with a variable declaration in
ssleay_session_secret_cb_invoke
- Bugfix: tlsext_status_cb_invoke(...): free ocsp_response only when
allocated; the same callback is used on a server side for OCSP stapling
and in that case ocsp_response is NULL and not used
- New feature: Added a binding
SSL_set_session_ticket_ext_cb(ssl, callback, data); a callback used by
EAP-FAST/EAP-TEAT to parse and process TLS session ticket
- New feature: Added a binding SSL_set_session_ticket_ext(ssl, ticket); used
by EAP-FAST/EAP-TEAP to define TLS session ticket value
- Bugfix: tlsext_ticket_key_cb_invoke(...): allow SHA256 HMAC key to be 32
bytes instead of 16 bytes (which OpenSSL will pad with zeros up to 32
bytes)
- New feature: Added following bindings:
- X509_get_ex_data(cert, idx)
- X509_get_ex_new_index(argl, argp, new_func, dup_func, free_func)
- X509_get_app_data(cert)
- X509_set_ex_data(cert, idx, data)
- X509_set_app_data(cert, arg)
- X509_STORE_CTX_get_ex_new_index(argl, argp, new_func, dup_func, free_func)
- X509_STORE_CTX_get_app_data(x509_store_ctx)
- X509_STORE_CTX_set_app_data(x509_store_ctx, arg)
- New feature: Added an implementation for
SSL_get_finished(ssl, buf, count=2*EVP_MAX_MD_SIZE)
- New feature: Added an implementation for
SSL_get_peer_finished(ssl, buf, count=2*EVP_MAX_MD_SIZE)
- Bugfix: SSL_get_keyblock_size(s): Calculate key block size correctly also
with AEAD ciphers, which don’t use digest functions
- New feature: Added a binding SSL_set_tlsext_status_ocsp_resp(ssl, staple);
used by a server side to include OCSP staple in ServerHello
- Bugfix: SSL_OCSP_response_verify(ssl, rsp, svreq, flags): check that chain
and last are not NULL before trying to use them
- Bugfix: inc/Module/Install/PRIVATE/Net/SSLeay.pm: Don’t quote include and
lib paths
- Drop EL-5 support
- Drop BuildRoot: and Group: tags
- Drop explicit buildroot cleaning in %install section
- Drop explicit %clean section
- New upstream release 1.81
- Enable RSA_get_key_parameters with LibreSSL - again
- Fixed memory leak in X509_get_subjectAltNames
- Added . to lib path in Makefile.PL to accommodate people who are using a
perl with -Ddefault_inc_excludes_dot
- Fixed build failure if engine support not present
- Improvements to get_my_thread_id to work around possibility of ERRSV not
being defined, e.g. on OpenWRT
- New upstream release 1.79
- Patch to fix a few inline variable declarations that cause errors for older
compilers
- Patch: Generated C code is not compatible with MSVC, AIX cc, probably
others; added some PREINIT blocks and replaced 2 cases of INIT with PREINIT
- Fix compile failure if the OpenSSL library it's built against has
compression support compiled out
- Added RSA_get_key_parameters() to return a list of pointers to RSA key
internals (only available prior to OpenSSL 1.1)
- Fix some documentation typos
- Testing with openssl-1.1.0b
- New upstream release 1.76
- Compatibility with OpenSSL 1.1, tested with openssl-1.1.0-pre5:
- Conditionally remove threading locking code, not needed in 1.1
- Rewrite code that accesses inside X509_ATTRIBUTE struct
- SSL_CTX_need_tmp_RSA, SSL_CTX_set_tmp_rsa, SSL_CTX_set_tmp_rsa_callback,
SSL_set_tmp_rsa_callback support not available in 1.1
- SSL_session_reused is now native
- SSL_get_keyblock_size modifed to use new API
- OCSP functions modified to use new API under 1.1
- SSL_set_state removed with 1.1
- SSL_get_state and SSL_state are now equivalent and available in all
versions
- SSL_CTX_v2_new removed
- SESSION_set_master_key removed with 1.1; code that previously used
SESSION_set_master_key must now set $secret in the session_secret
callback set with SSL_set_session_secret_cb
- With 1.1, $secret in the session_secret callback set with
SSL_set_session_secret_cb can be changed to alter the master key
(required by EAP-FAST)
- Added a function EC_KEY_generate_key similar to RSA_generate_key and a
function EVP_PKEY_assign_EC_KEY similar to EVP_PKEY_assign_RSA; using
these functions it is easy to create and use EC keys in the same way as RSA
keys
- Testing with LibreSSL 2.4.1
- Provide support for cross context (and cross process) session sharing using
the stateless TLS session tickets
- Added documentation about downloading latest version from SVN
- Added missing Module/install files to SVN
- New upstream release 1.73
- Added X509_get_X509_PUBKEY
- Added README.OSX with instructions on how to build for recent OS X
- Added info about using OPENSSL_PREFIX to README.Win32
- Added comments in POD about installation documentation
- Added '/usr/local/opt/openssl/bin/openssl' to Openssl search path for
latest version of OSX homebrew openssl
- Simplify find commands using -delete
- New upstream release 1.72
- Fixed a problem where SvPVx_nolen was undefined in some versions of perl;
replaced with SvPV_nolen
- Fixed a cast warning on Darwin
- New upstream release 1.71
- Conditionalize support for MD4, MD5
- Added support for linking libraries in /usr/local/lib64 for some flavours
of Linux like RH Tikanga
- Fixes to X509_check_host, X509_check_ip, SSL_CTX_set_alpn_protos, and
SSL_set_alpn_protos so they will compile on MSVC and AIX cc
- Fixed typos in documentation for X509_NAME_new and X509_NAME_hash
- Version number in META.yml is now quoted
- Explicitly BR: perl-devel, needed for EXTERN.h
- New upstream release 1.70
- The new OpenSSL 1.0.2 X509_check_* functions are not available in current
LibreSSL, so disable them in SSLeay.xs
- Fixed a problem with building against OSX homebrew's openssl
- Removed a test in t/local/33_x509_create_cert.t that fails due to changes
in 1.0.1n and later
- New upstream release 1.69
- Testing with OpenSSL 1.0.2, 1.0.2a OK
- Completed LibreSSL compatibility
- Improved compatibility with OpenSSL 1.0.2a
- Added the X509_check_* functions introduced in OpenSSL 1.0.2
- Added support for X509_V_FLAG_TRUSTED_FIRST constant
- Allow get_keyblock_size to work correctly with OpenSSL 1.0.1 onwards
- New upstream release 1.68
- Improvements to inc/Module/Install/PRIVATE/Net/SSLeay.pm to handle the case
where there are muliple OPENSSLs installed
- Fixed a documentation error in get_peer_cert_chain
- Fixed a problem with building on Windows that prevented correct OpenSSL
directory detection with version 1.0.1j as delivered with Shining Light
OpenSSL
- Fixed a problem with building on Windows that prevented finding MT or MD
versions of SSL libraries
- Updated doc in README.Win32 to build with Microsoft Visual Studio 2010
Express
- Added Windows crypt32 library to Windows linking as some
compilers/platforms seem to require it and it is innocuous otherwise
- Fixed a failure in t/external/20_cert_chain.t where some platforms do not
have HTTPS in /etc/services
- Recent 1.0.2 betas have dropped the SSLv3_method function; we leave out
the function on newer versions, much the same as the SSLv2 deprecation is
handled
- Fix the ALPN test, which was incorrectly failing on OpenSSL due to the
LibreSSL check (earlier versions bailed out before that line)
- Fixed a problem on OSX when macports openssl 1.x is installed: headers from
macport were found but older OSX openssl libraries were linked, resulting
in "Symbol not found: _EVP_MD_do_all_sorted"
- Added notes about runtime error "no OPENSSL_Applink", when calling
Net::SSLeay::P_PKCS12_load_file
- Don't change %{__perl_provides} unless we need to
- New upstream release 1.66
- Fixed compile problem with perl prior to 5.8.8, similar to CPAN RT#76267
- Fixed a problem with Socket::IPPROTO_TCP on early perls
- After discussions with the community and the original author Sampo
Kellomaki, the license conditions have been changed to "Perl Artistic
License 2.0"
- License changed to Artistic 2.0
- Use %license where possible
- New upstream release 1.65
- Added note to docs to make it clear that X509_get_subjectAltNames returns a
packed binary IP address for type 7 - GEN_IPADD
- Improvements to SSL_OCSP_response_verify to compile under non-c99 compilers
- Port to Android, includes Android-specific version of RSA_generate_key
- Added LibreSSL support
- Patch that fixes the support for SSL_set_info_callback and adds
SSL_CTX_set_info_callback and SSL_set_state; support for these functions is
necessary to either detect renegotiation or to enforce renegotiation
- Fixed a problem with SSL_set_state not available on some early OpenSSLs
- Removed arbitrary size limits from calls to tcp_read_all in tcpcat() and
http_cat()
- Removed unnecessary Debian_CPANTS.txt from MANIFEST - again
- New upstream release 1.64
- Test ocsp.t now does not fail if HTTP::Tiny is not installed
- Fixed repository in META.yml
- Fixed a problem with SSL_get_peer_cert_chain: if the SSL handshake results
in an anonymous authentication, like ADH-DES-CBC3-SHA, get_peer_cert_chain
will not return an empty list, but instead return the SSL object
- Fixed a problem where patch
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=3009244d
caused a failed test in t/local/33_x509_create_cert.t
- New upstream release 1.63
- Improvements to OCSP support: it turns out that some CAs (like Verisign)
sign the OCSP response with the CA we have in the trust store and don't
attach this certifcate in the response, but OpenSSL by itself only
considers the certificates included in the response and
SSL_OCSP_response_verify added the certificates in the chain too, so now
we also add the trusted CA from the store which signed the lowest chain
certificate, at least if we could not verify the OCSP response without
doing it
- Fixed some compiler warnings
- BR: perl(HTTP::Tiny) for test suite
- New upstream release 1.61
- Fixed a typo in an error message
- Fixed a problem with building with openssl that does not support OCSP
- Fixed some newly introduced warnings if compiled with -Wall
- Fixed format string issue causing build failures
- Changed calloc to Newx and free to Safefree, otherwise there might be
problems because calloc is done from a different memory pool than free
(depends on the build options for perl, but seen on Windows)
- New upstream release 1.59
- Fixed local/30_error.t so that tests do not fail if diagnostics are enabled
- Fixed error messages about undefined strings used with length or split
- Improvements to configuration of OPTIMIZE flags, to prevent overriding of
perl's expected optimization flags
- SSL_peek() now returns openssl error code as second item when called in
array context, same as SSL_read
- Fixed some warnings
- Added support for tlsv1.1 tlsv1.2 via $Net::SSLeay::ssl_version
- Improve examples in 'Using other perl modules based on Net::SSLeay'
- Added support for OCSP
- Added missing t/external/ocsp.t
- Add patch to stop gcc complaining about format string usage
- New upstream release 1.58
- always use size_t for strlen() return value
- t/external/20_cert_chain.t was missing from dist
- version number in META.yml was incorrect
- improvements to test t/external/20_cert_chain.t to provoke following bug:
fixed crash due to SSL_get_peer_cert_chain incorrectly free'ing the chain
after use
- fixed a problem when compiling against openssl where OPENSSL_NO_EC is set
- Drop Fedora/EL ECC support patch, no longer needed
- New upstream release 1.56
- fixed a typo in documentation of BEAST Attack
- added LICENSE file copied from OpenSSL distribution to prevent complaints
from various versions of kwalitee
- adjusted license: in META.yml to be 'openssl'
- adds support for the basic operations necessary to support ECDH for PFS,
e.g. EC_KEY_new_by_curve_name, EC_KEY_free and SSL_CTX_set_tmp_ecdh
- improvements to t/handle/external/50_external.t to handle the case when a
test connection was not possible
- added support for ALPN TLS extension
- fixed a use-after-free error
- fixed a problem with invalid comparison on OBJ_cmp result in
t/local/36_verify.t
- added support for get_peer_cert_chain()
- fixed a bug that could cause stack faults: mixed up PUTBACK with SPAGAIN in
ssleay_RSA_generate_key_cb_invoke(); a final PUTBACK is needed here
- fixed cb->data checks and wrong refcounts on &PL_sv_undef
- deleted support for SSL_get_tlsa_record_byname: it is not included in
OpenSSL git master
- Drop upstreamed patch for CPAN RT#91215
- Skip the Pod Coverage test, as there are naked subroutines in this release
- ECC support not available in Fedora/EL until OpenSSL 1.0.1e, so patch the
source accordingly to fix builds for F-12 .. F-17
