- New upstream release 1.79
- Patch to fix a few inline variable declarations that cause errors for older
compilers
- Patch: Generated C code is not compatible with MSVC, AIX cc, probably
others; added some PREINIT blocks and replaced 2 cases of INIT with PREINIT
- Fix compile failure if the OpenSSL library it's built against has
compression support compiled out
- Added RSA_get_key_parameters() to return a list of pointers to RSA key
internals (only available prior to OpenSSL 1.1)
- Fix some documentation typos
- Testing with openssl-1.1.0b
- New upstream release 1.76
- Compatibility with OpenSSL 1.1, tested with openssl-1.1.0-pre5:
- Conditionally remove threading locking code, not needed in 1.1
- Rewrite code that accesses inside X509_ATTRIBUTE struct
- SSL_CTX_need_tmp_RSA, SSL_CTX_set_tmp_rsa, SSL_CTX_set_tmp_rsa_callback,
SSL_set_tmp_rsa_callback support not available in 1.1
- SSL_session_reused is now native
- SSL_get_keyblock_size modifed to use new API
- OCSP functions modified to use new API under 1.1
- SSL_set_state removed with 1.1
- SSL_get_state and SSL_state are now equivalent and available in all
versions
- SSL_CTX_v2_new removed
- SESSION_set_master_key removed with 1.1; code that previously used
SESSION_set_master_key must now set $secret in the session_secret
callback set with SSL_set_session_secret_cb
- With 1.1, $secret in the session_secret callback set with
SSL_set_session_secret_cb can be changed to alter the master key
(required by EAP-FAST)
- Added a function EC_KEY_generate_key similar to RSA_generate_key and a
function EVP_PKEY_assign_EC_KEY similar to EVP_PKEY_assign_RSA; using
these functions it is easy to create and use EC keys in the same way as RSA
keys
- Testing with LibreSSL 2.4.1
- Provide support for cross context (and cross process) session sharing using
the stateless TLS session tickets
- Added documentation about downloading latest version from SVN
- Added missing Module/install files to SVN
- New upstream release 1.73
- Added X509_get_X509_PUBKEY
- Added README.OSX with instructions on how to build for recent OS X
- Added info about using OPENSSL_PREFIX to README.Win32
- Added comments in POD about installation documentation
- Added '/usr/local/opt/openssl/bin/openssl' to Openssl search path for
latest version of OSX homebrew openssl
- Simplify find commands using -delete
- New upstream release 1.72
- Fixed a problem where SvPVx_nolen was undefined in some versions of perl;
replaced with SvPV_nolen
- Fixed a cast warning on Darwin
- New upstream release 1.71
- Conditionalize support for MD4, MD5
- Added support for linking libraries in /usr/local/lib64 for some flavours
of Linux like RH Tikanga
- Fixes to X509_check_host, X509_check_ip, SSL_CTX_set_alpn_protos, and
SSL_set_alpn_protos so they will compile on MSVC and AIX cc
- Fixed typos in documentation for X509_NAME_new and X509_NAME_hash
- Version number in META.yml is now quoted
- Explicitly BR: perl-devel, needed for EXTERN.h
- New upstream release 1.70
- The new OpenSSL 1.0.2 X509_check_* functions are not available in current
LibreSSL, so disable them in SSLeay.xs
- Fixed a problem with building against OSX homebrew's openssl
- Removed a test in t/local/33_x509_create_cert.t that fails due to changes
in 1.0.1n and later
- New upstream release 1.69
- Testing with OpenSSL 1.0.2, 1.0.2a OK
- Completed LibreSSL compatibility
- Improved compatibility with OpenSSL 1.0.2a
- Added the X509_check_* functions introduced in OpenSSL 1.0.2
- Added support for X509_V_FLAG_TRUSTED_FIRST constant
- Allow get_keyblock_size to work correctly with OpenSSL 1.0.1 onwards
- New upstream release 1.68
- Improvements to inc/Module/Install/PRIVATE/Net/SSLeay.pm to handle the case
where there are muliple OPENSSLs installed
- Fixed a documentation error in get_peer_cert_chain
- Fixed a problem with building on Windows that prevented correct OpenSSL
directory detection with version 1.0.1j as delivered with Shining Light
OpenSSL
- Fixed a problem with building on Windows that prevented finding MT or MD
versions of SSL libraries
- Updated doc in README.Win32 to build with Microsoft Visual Studio 2010
Express
- Added Windows crypt32 library to Windows linking as some
compilers/platforms seem to require it and it is innocuous otherwise
- Fixed a failure in t/external/20_cert_chain.t where some platforms do not
have HTTPS in /etc/services
- Recent 1.0.2 betas have dropped the SSLv3_method function; we leave out
the function on newer versions, much the same as the SSLv2 deprecation is
handled
- Fix the ALPN test, which was incorrectly failing on OpenSSL due to the
LibreSSL check (earlier versions bailed out before that line)
- Fixed a problem on OSX when macports openssl 1.x is installed: headers from
macport were found but older OSX openssl libraries were linked, resulting
in "Symbol not found: _EVP_MD_do_all_sorted"
- Added notes about runtime error "no OPENSSL_Applink", when calling
Net::SSLeay::P_PKCS12_load_file
- Don't change %{__perl_provides} unless we need to
- New upstream release 1.66
- Fixed compile problem with perl prior to 5.8.8, similar to CPAN RT#76267
- Fixed a problem with Socket::IPPROTO_TCP on early perls
- After discussions with the community and the original author Sampo
Kellomaki, the license conditions have been changed to "Perl Artistic
License 2.0"
- License changed to Artistic 2.0
- Use %license where possible
- New upstream release 1.65
- Added note to docs to make it clear that X509_get_subjectAltNames returns a
packed binary IP address for type 7 - GEN_IPADD
- Improvements to SSL_OCSP_response_verify to compile under non-c99 compilers
- Port to Android, includes Android-specific version of RSA_generate_key
- Added LibreSSL support
- Patch that fixes the support for SSL_set_info_callback and adds
SSL_CTX_set_info_callback and SSL_set_state; support for these functions is
necessary to either detect renegotiation or to enforce renegotiation
- Fixed a problem with SSL_set_state not available on some early OpenSSLs
- Removed arbitrary size limits from calls to tcp_read_all in tcpcat() and
http_cat()
- Removed unnecessary Debian_CPANTS.txt from MANIFEST - again
- New upstream release 1.64
- Test ocsp.t now does not fail if HTTP::Tiny is not installed
- Fixed repository in META.yml
- Fixed a problem with SSL_get_peer_cert_chain: if the SSL handshake results
in an anonymous authentication, like ADH-DES-CBC3-SHA, get_peer_cert_chain
will not return an empty list, but instead return the SSL object
- Fixed a problem where patch
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=3009244d
caused a failed test in t/local/33_x509_create_cert.t
- New upstream release 1.63
- Improvements to OCSP support: it turns out that some CAs (like Verisign)
sign the OCSP response with the CA we have in the trust store and don't
attach this certifcate in the response, but OpenSSL by itself only
considers the certificates included in the response and
SSL_OCSP_response_verify added the certificates in the chain too, so now
we also add the trusted CA from the store which signed the lowest chain
certificate, at least if we could not verify the OCSP response without
doing it
- Fixed some compiler warnings
- BR: perl(HTTP::Tiny) for test suite
- New upstream release 1.61
- Fixed a typo in an error message
- Fixed a problem with building with openssl that does not support OCSP
- Fixed some newly introduced warnings if compiled with -Wall
- Fixed format string issue causing build failures
- Changed calloc to Newx and free to Safefree, otherwise there might be
problems because calloc is done from a different memory pool than free
(depends on the build options for perl, but seen on Windows)
- New upstream release 1.59
- Fixed local/30_error.t so that tests do not fail if diagnostics are enabled
- Fixed error messages about undefined strings used with length or split
- Improvements to configuration of OPTIMIZE flags, to prevent overriding of
perl's expected optimization flags
- SSL_peek() now returns openssl error code as second item when called in
array context, same as SSL_read
- Fixed some warnings
- Added support for tlsv1.1 tlsv1.2 via $Net::SSLeay::ssl_version
- Improve examples in 'Using other perl modules based on Net::SSLeay'
- Added support for OCSP
- Added missing t/external/ocsp.t
- Add patch to stop gcc complaining about format string usage
- New upstream release 1.58
- always use size_t for strlen() return value
- t/external/20_cert_chain.t was missing from dist
- version number in META.yml was incorrect
- improvements to test t/external/20_cert_chain.t to provoke following bug:
fixed crash due to SSL_get_peer_cert_chain incorrectly free'ing the chain
after use
- fixed a problem when compiling against openssl where OPENSSL_NO_EC is set
- Drop Fedora/EL ECC support patch, no longer needed
- New upstream release 1.56
- fixed a typo in documentation of BEAST Attack
- added LICENSE file copied from OpenSSL distribution to prevent complaints
from various versions of kwalitee
- adjusted license: in META.yml to be 'openssl'
- adds support for the basic operations necessary to support ECDH for PFS,
e.g. EC_KEY_new_by_curve_name, EC_KEY_free and SSL_CTX_set_tmp_ecdh
- improvements to t/handle/external/50_external.t to handle the case when a
test connection was not possible
- added support for ALPN TLS extension
- fixed a use-after-free error
- fixed a problem with invalid comparison on OBJ_cmp result in
t/local/36_verify.t
- added support for get_peer_cert_chain()
- fixed a bug that could cause stack faults: mixed up PUTBACK with SPAGAIN in
ssleay_RSA_generate_key_cb_invoke(); a final PUTBACK is needed here
- fixed cb->data checks and wrong refcounts on &PL_sv_undef
- deleted support for SSL_get_tlsa_record_byname: it is not included in
OpenSSL git master
- Drop upstreamed patch for CPAN RT#91215
- Skip the Pod Coverage test, as there are naked subroutines in this release
- ECC support not available in Fedora/EL until OpenSSL 1.0.1e, so patch the
source accordingly to fix builds for F-12 .. F-17
- New upstream release 1.55
- added support for TLSV1_1 and TLSV1_2 methods with SSL_CTX_tlsv1_1_new(),
SSL_CTX_tlsv1_2_new(), TLSv1_1_method() and TLSv1_2_method(), where
available in the underlying openssl
- added CRL support functions X509_CRL_get_ext(), X509_CRL_get_ext_by_NID(),
X509_CRL_get_ext_count()
- fixed a problem that could cause content with a value of '0' to be
incorrectly encoded by do_httpx3 and friends (CPAN RT#85417)
- added support for SSL_get_tlsa_record_byname() required for DANE support in
openssl-1.0.2 and later
- testing with openssl-1.0.2-stable-SNAP-20130521
- added X509_NAME_new and X509_NAME_hash
- New upstream release 1.54
- added support for SSL_export_keying_material where present (i.e. in OpenSSL
1.0.1 and later)
- changed t/handle/external/50_external.t to use www.airspayce.com instead of
perldition.org, who no longer have an https server
- patch to fix a crash: P_X509_get_crl_distribution_points on an X509
certificate with values in the CDP extension that do not have an ia5 string
would cause a segmentation fault when accessed
- change in t/local/32_x509_get_cert_info.t to not use
Net::SSLeay::ASN1_INTEGER_get, since it works differently on 32 and 64 bit
platforms
- updated author and distribution location details to airspayce.com
- improvement to test 07_sslecho.t so that if set_cert_and_key fails we can
tell why
