| Changelog |
* Sat Mar 21 2020 Paul Howarth <paul@city-fan.org> - 2.067-2
- Fix FTBFS with OpenSSL 1.1.1e
https://github.com/noxxi/p5-io-socket-ssl/issues/93
* Sat Feb 15 2020 Paul Howarth <paul@city-fan.org> - 2.067-1
- Update to 2.067
- Fix memory leak on incomplete handshake (GH#92)
- Add support for SSL_MODE_RELEASE_BUFFERS via SSL_mode_release_buffers; this
can decrease memory usage at the costs of more allocations (CPAN RT#129463)
- More detailed error messages when loading of certificate file failed (GH#89)
- Fix for ip_in_cn == 6 in verify_hostname scheme (CPAN RT#131384)
- Deal with new MODE_AUTO_RETRY default in OpenSSL 1.1.1
- Fix warning when no ecdh support is available
- Documentation update regarding use of select and TLS 1.3
- Various fixes in documentation (GH#81, GH#87, GH#90, GH#91)
- Stability fix for t/core.t
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.066-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Nov 25 2019 Petr Pisar <ppisar@redhat.com> - 2.066-7
- Default to PROFILE=SYSTEM cipher list (bug #1775167)
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.066-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Jun 27 2019 Paul Howarth <paul@city-fan.org> - 2.066-5
- Runtime openssl dependency should be on openssl-libs
- Always require preferred IPv6 back-end: IO::Socket::IP ≥ 0.31
- Always require preferred IDN back-end: URI::_idna
- Modernize spec using %{make_build} and %{make_install}
* Wed Jun 26 2019 Paul Howarth <paul@city-fan.org> - 2.066-4
- PublicSuffix.pm is licensed MPLv2.0 (#1724169)
* Mon Jun 17 2019 Petr Pisar <ppisar@redhat.com> - 2.066-3
- Skip a PHA test if Net::SSLeay does not expose the PHA (bug #1632660)
* Fri May 31 2019 Jitka Plesnikova <jplesnik@redhat.com> - 2.066-2
- Perl 5.30 rebuild
* Wed Mar 06 2019 Paul Howarth <paul@city-fan.org> - 2.066-1
- Update to 2.066
- Make sure that Net::SSLeay::CTX_get0_param is defined before using
X509_V_FLAG_PARTIAL_CHAIN; Net::SSLeay 1.85 defined only the second with
LibreSSL 2.7.4 but not the first (CPAN RT#128716)
- Prefer AES for server side cipher default since it is usually
hardware-accelerated
- Fix test t/verify_partial_chain.t by using the newly exposed function
can_partial_chain instead of guessing (wrongly) if the functionality is
available
* Mon Mar 04 2019 Paul Howarth <paul@city-fan.org> - 2.064-1
- Update to 2.064
- Make algorithm for fingerprint optional, i.e. detect based on length of
fingerprint (CPAN RT#127773)
- Fix t/sessions.t and improve stability of t/verify_hostname.t on Windows
- Use CTX_set_ecdh_auto when needed (OpenSSL 1.0.2) if explicit curves are
set
- Update fingerprints for live tests
* Sat Mar 02 2019 Paul Howarth <paul@city-fan.org> - 2.063-1
- Update to 2.063
- Support for both RSA and ECDSA certificate on same domain
- Update PublicSuffix
- Refuse to build if Net::SSLeay is compiled with one version of OpenSSL but
then linked against another API-incompatible version (i.e. more than just
the patchlevel differs)
* Mon Feb 25 2019 Paul Howarth <paul@city-fan.org> - 2.062-1
- Update to 2.062
- Enable X509_V_FLAG_PARTIAL_CHAIN if supported by Net::SSLeay (1.83+) and
OpenSSL (1.1.0+); this makes leaf certificates or intermediate certificates
in the trust store be usable as full trust anchors too
* Sat Feb 23 2019 Paul Howarth <paul@city-fan.org> - 2.061-1
- Update to 2.061
- Support for TLS 1.3 session reuse (needs Net::SSLeay ≥ 1.86); note that
the previous (and undocumented) API for the session cache has been changed
- Support for multiple curves, automatic setting of curves and setting of
supported curves in client (needs Net::SSLeay ≥ 1.86)
- Enable Post-Handshake-Authentication (TLSv1.3 feature) client-side when
client certificates are provided (needs Net::SSLeay ≥ 1.86)
* Thu Feb 07 2019 Petr Pisar <ppisar@redhat.com> - 2.060-4
- Client sends a post-handshake-authentication extension if a client key and
a certificate are available (bug #1632660)
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.060-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Sep 24 2018 Petr Pisar <ppisar@redhat.com> - 2.060-2
- Prevent tests from dying on SIGPIPE (CPAN RT#126899)
* Mon Sep 17 2018 Paul Howarth <paul@city-fan.org> - 2.060-1
- Update to 2.060
- Support for TLS 1.3 with OpenSSL 1.1.1 (needs Net::SSLeay ≥ 1.86); see
also CPAN RT#126899
- TLS 1.3 support is not complete yet for session reuse
* Tue Aug 21 2018 Petr Pisar <ppisar@redhat.com> - 2.059-2
- Adapt to OpenSSL 1.1.1, it requires patched Net-SSLeay (bug #1616198)
* Thu Aug 16 2018 Paul Howarth <paul@city-fan.org> - 2.059-1
- Update to 2.059
- Fix memory leak when CRLs are used (CPAN RT#125867)
- Fix memory leak when using stop_SSL and threads
(https://rt.cpan.org/Ticket/Display.html?id=125867#txn-1797132)
* Thu Jul 19 2018 Paul Howarth <paul@city-fan.org> - 2.058-1
- Update to 2.058
- Fix memory leak that occurred with explicit stop_SSL in connection with
non-blocking sockets or timeout (CPAN RT#125867)
- Fix redefine warnings in case Socket6 is installed but neither
IO::Socket::IP nor IO::Socket::INET6 (CPAN RT#124963)
- IO::Socket::SSL::Intercept - optional 'serial' argument can be starting
number or callback to create serial number based on the original certificate
- New function get_session_reused to check if a session got reused
- IO::Socket::SSL::Utils::CERT_asHash: fingerprint_xxx now set to the correct
value
- Fix t/session_ticket.t: It failed with OpenSSL 1.1.* since this version
expects the extKeyUsage of clientAuth in the client cert also to be allowed
by the CA if CA uses extKeyUsage
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.056-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Jun 28 2018 Jitka Plesnikova <jplesnik@redhat.com> - 2.056-2
- Perl 5.28 rebuild
|
