- New upstream release 1.66
- Fixed compile problem with perl prior to 5.8.8, similar to CPAN RT#76267
- Fixed a problem with Socket::IPPROTO_TCP on early perls
- After discussions with the community and the original author Sampo
Kellomaki, the license conditions have been changed to "Perl Artistic
License 2.0"
- License changed to Artistic 2.0
- Use %license where possible
- New upstream release 1.65
- Added note to docs to make it clear that X509_get_subjectAltNames returns a
packed binary IP address for type 7 - GEN_IPADD
- Improvements to SSL_OCSP_response_verify to compile under non-c99 compilers
- Port to Android, includes Android-specific version of RSA_generate_key
- Added LibreSSL support
- Patch that fixes the support for SSL_set_info_callback and adds
SSL_CTX_set_info_callback and SSL_set_state; support for these functions is
necessary to either detect renegotiation or to enforce renegotiation
- Fixed a problem with SSL_set_state not available on some early OpenSSLs
- Removed arbitrary size limits from calls to tcp_read_all in tcpcat() and
http_cat()
- Removed unnecessary Debian_CPANTS.txt from MANIFEST - again
- New upstream release 1.64
- Test ocsp.t now does not fail if HTTP::Tiny is not installed
- Fixed repository in META.yml
- Fixed a problem with SSL_get_peer_cert_chain: if the SSL handshake results
in an anonymous authentication, like ADH-DES-CBC3-SHA, get_peer_cert_chain
will not return an empty list, but instead return the SSL object
- Fixed a problem where patch
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=3009244d
caused a failed test in t/local/33_x509_create_cert.t
- New upstream release 1.63
- Improvements to OCSP support: it turns out that some CAs (like Verisign)
sign the OCSP response with the CA we have in the trust store and don't
attach this certifcate in the response, but OpenSSL by itself only
considers the certificates included in the response and
SSL_OCSP_response_verify added the certificates in the chain too, so now
we also add the trusted CA from the store which signed the lowest chain
certificate, at least if we could not verify the OCSP response without
doing it
- Fixed some compiler warnings
- BR: perl(HTTP::Tiny) for test suite
- New upstream release 1.61
- Fixed a typo in an error message
- Fixed a problem with building with openssl that does not support OCSP
- Fixed some newly introduced warnings if compiled with -Wall
- Fixed format string issue causing build failures
- Changed calloc to Newx and free to Safefree, otherwise there might be
problems because calloc is done from a different memory pool than free
(depends on the build options for perl, but seen on Windows)
- New upstream release 1.59
- Fixed local/30_error.t so that tests do not fail if diagnostics are enabled
- Fixed error messages about undefined strings used with length or split
- Improvements to configuration of OPTIMIZE flags, to prevent overriding of
perl's expected optimization flags
- SSL_peek() now returns openssl error code as second item when called in
array context, same as SSL_read
- Fixed some warnings
- Added support for tlsv1.1 tlsv1.2 via $Net::SSLeay::ssl_version
- Improve examples in 'Using other perl modules based on Net::SSLeay'
- Added support for OCSP
- Added missing t/external/ocsp.t
- Add patch to stop gcc complaining about format string usage
- New upstream release 1.58
- always use size_t for strlen() return value
- t/external/20_cert_chain.t was missing from dist
- version number in META.yml was incorrect
- improvements to test t/external/20_cert_chain.t to provoke following bug:
fixed crash due to SSL_get_peer_cert_chain incorrectly free'ing the chain
after use
- fixed a problem when compiling against openssl where OPENSSL_NO_EC is set
- Drop Fedora/EL ECC support patch, no longer needed
- New upstream release 1.56
- fixed a typo in documentation of BEAST Attack
- added LICENSE file copied from OpenSSL distribution to prevent complaints
from various versions of kwalitee
- adjusted license: in META.yml to be 'openssl'
- adds support for the basic operations necessary to support ECDH for PFS,
e.g. EC_KEY_new_by_curve_name, EC_KEY_free and SSL_CTX_set_tmp_ecdh
- improvements to t/handle/external/50_external.t to handle the case when a
test connection was not possible
- added support for ALPN TLS extension
- fixed a use-after-free error
- fixed a problem with invalid comparison on OBJ_cmp result in
t/local/36_verify.t
- added support for get_peer_cert_chain()
- fixed a bug that could cause stack faults: mixed up PUTBACK with SPAGAIN in
ssleay_RSA_generate_key_cb_invoke(); a final PUTBACK is needed here
- fixed cb->data checks and wrong refcounts on &PL_sv_undef
- deleted support for SSL_get_tlsa_record_byname: it is not included in
OpenSSL git master
- Drop upstreamed patch for CPAN RT#91215
- Skip the Pod Coverage test, as there are naked subroutines in this release
- ECC support not available in Fedora/EL until OpenSSL 1.0.1e, so patch the
source accordingly to fix builds for F-12 .. F-17
- New upstream release 1.55
- added support for TLSV1_1 and TLSV1_2 methods with SSL_CTX_tlsv1_1_new(),
SSL_CTX_tlsv1_2_new(), TLSv1_1_method() and TLSv1_2_method(), where
available in the underlying openssl
- added CRL support functions X509_CRL_get_ext(), X509_CRL_get_ext_by_NID(),
X509_CRL_get_ext_count()
- fixed a problem that could cause content with a value of '0' to be
incorrectly encoded by do_httpx3 and friends (CPAN RT#85417)
- added support for SSL_get_tlsa_record_byname() required for DANE support in
openssl-1.0.2 and later
- testing with openssl-1.0.2-stable-SNAP-20130521
- added X509_NAME_new and X509_NAME_hash
- New upstream release 1.54
- added support for SSL_export_keying_material where present (i.e. in OpenSSL
1.0.1 and later)
- changed t/handle/external/50_external.t to use www.airspayce.com instead of
perldition.org, who no longer have an https server
- patch to fix a crash: P_X509_get_crl_distribution_points on an X509
certificate with values in the CDP extension that do not have an ia5 string
would cause a segmentation fault when accessed
- change in t/local/32_x509_get_cert_info.t to not use
Net::SSLeay::ASN1_INTEGER_get, since it works differently on 32 and 64 bit
platforms
- updated author and distribution location details to airspayce.com
- improvement to test 07_sslecho.t so that if set_cert_and_key fails we can
tell why
- New upstream release 1.50
- fixed a problem where t/handle/external/50_external.t would crash if any of
the test sites were not contactable
- now builds on VMS, added README.VMS
- fixed a few compiler warnings in SSLeay.xs; most of them are just
signed/unsigned pointer mismatches but there is one that actually fixes
returning what would be an arbitrary value off the stack from
get_my_thread_id if it happened to be called in a non-threaded build
- added SSL_set_tlsext_host_name, SSL_get_servername, SSL_get_servername_type,
SSL_CTX_set_tlsext_servername_callback for server side Server Name
Indication (SNI) support
- fixed a problem with C++ comments preventing builds on AIX and HPUX
- perdition.org not available for tests, changed to www.open.com.au
- added SSL_FIPS_mode_set
- improvements to test suite so it succeeds with and without FIPS mode
enabled
- added documentation, warning not to pass UTF-8 data in the content
argument to post_https
- New upstream release 1.49
- fixed problem where on some platforms test t/local/07_tcpecho.t would bail
out if it could not bind port 1212; it now tries a number of ports to bind
to until successful
- improvements to unsigned casting
- improvements to Net::SSLeay::read to make it easier to use with
non-blocking IO: it modifies Net::SSLeay::read() to return the result from
SSL_read() as the second return value, if Net::SSLeay::read() is called in
list context (its behavior should be unchanged if called in scalar or void
context)
- fixed a problem where t/local/kwalitee.t fails with
Module::CPANTS::Analyse 0.86
- fixed a number of typos
- fixed a compiler warning from Compiling with gcc-4.4 and -Wall
- Fixed problems with get_https4: documentation was wrong, $header_ref was
not correctly set and $server_cert was not returned
- fixed a problem that could cause a Perl exception about no blength method
on undef (CPAN RT#79309)
- added documentation about how to mitigate various SSL/TLS vulnerabilities
- SSL_MODE_* are now available as constants
- Drop upstreamed pod encoding patch
- New upstream release 1.48
- removed unneeded Debian_CPANTS.txt from MANIFEST
- fixed incorrect documentation about the best way to call CTX_set_options
- fixed problem that caused "Undefined subroutine utf8::encode" in
t/local/33_x509_create_cert.t (on perl 5.6.2)
- in examples and pod documentation, changed #!/usr/local/bin/perl to
#!/usr/bin/perl
- t/local/06_tcpecho.t now tries a number of ports to bind to until
successful
- No longer need to fix shellbangs in examples
- New upstream release 1.47
- fixed overlong lines and spelling errors in pod
- fixed extra "garbage" files in 1.46 tarball
- fixed incorrect fail reports on some 64 bit platforms
- fix to avoid FAIL reports from cpantesters with missing openssl
- use my_snprintf from ppport.h to prevent link failures with perl 5.8 and
earlier when compiled with MSVC
- New upstream release 1.46 (see Changes file for details)
- BR: openssl as well as openssl-devel, needed for building
- No longer need help to find openssl
- Upstream no longer shipping TODO
- Drop %defattr, redundant since rpm 4.4
- New upstream release 1.45 (see Changes file for full details)
- added thread safety and dynamic locking, which should complete thread
safety work, making Net::SSLeay completely thread-safe
- lots of improved documentation
- BR: perl(Test::Pod::Coverage)
- Install Net/SSLeay.pod as %doc
- Use DESTDIR rather than PERL_INSTALL_ROOT
- Use %{_fixperms} macro rather than our own chmod incantation
- BR: perl(AutoLoader), perl(Exporter), perl(Socket)
- New upstream release 1.42
- fixed incorrect documentation of how to enable CRL checking
- fixed incorrect letter in Sebastien in Credits
- changed order of the Changes file to be reverse chronological
- fixed a compile error when building on Windows with MSVC6
- Drop UTF8 patch, no longer needed
- New upstream release 1.41
- fixed incorrect const signatures for 1.0 that were causing warnings; now
have clean compile with 0.9.8a through 1.0.0
- BR: perl(Carp)
- New upstream release 1.40
- fixed incorrect argument type in call to SSL_set1_param
- fixed a number of issues with pointer sizes; removed redundant pointer cast
tests from t/
- added Perl version requirements to SSLeay.pm
- New upstream release 1.38
- fixed a problem with various symbols that only became available in OpenSSL
0.9.8 such as X509_VERIFY_PARAM and X509_POLICY_NODE, causing build
failures with older versions of OpenSSL (CPAN RT#71013)
- New upstream release 1.37
- added X509_get_fingerprint
- added support for SSL_CTX_set1_param, SSL_set1_param and selected
X509_VERIFY_PARAM_* OBJ_* functions
- fixed the prototype for randomize()
- fixed an uninitialized value warning in $Net::SSLeay::proxyauth
- allow net-ssleay to compile if SSLV2 is not present
- fixed a problem where sslcat (and possibly other functions) expect RSA
keys and will not load DSA keys for client certificates
- removed SSL_CTX_v2_new and SSLv2_method() for OpenSSL 1.0 and later
- added CTX_use_PKCS12_file
- This release by MIKEM => update source URL
