Changelog |
* Thu Jul 19 2018 Paul Howarth <paul@city-fan.org> - 2.058-1
- Update to 2.058
- Fix memory leak that occured with explicit stop_SSL in connection with
non-blocking sockets or timeout (CPAN RT#125867)
- Fix redefine warnings in case Socket6 is installed but neither
IO::Socket::IP nor IO::Socket::INET6 (CPAN RT#124963)
- IO::Socket::SSL::Intercept - optional 'serial' argument can be starting
number or callback to create serial number based on the original certificate
- New function get_session_reused to check if a session got reused
- IO::Socket::SSL::Utils::CERT_asHash: fingerprint_xxx now set to the correct
value
- Fix t/session_ticket.t: It failed with OpenSSL 1.1.* since this version
expects the extKeyUsage of clientAuth in the client cert also to be allowed
by the CA if CA uses extKeyUsage
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.056-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Jun 28 2018 Jitka Plesnikova <jplesnik@redhat.com> - 2.056-2
- Perl 5.28 rebuild
* Mon Feb 19 2018 Paul Howarth <paul@city-fan.org> - 2.056-1
- Update to 2.056
- Intercept: Fix creation of serial number (basing it on binary digest
instead of treating hex fingerprint as binary), allow use of own serial
numbers again
- t/io-socket-ip.t: Skip test if no IPv6 support on system (CPAN RT#124464)
- Update PublicSuffix
* Thu Feb 15 2018 Paul Howarth <paul@city-fan.org> - 2.055-1
- Update to 2.055
- Use SNI also if hostname was given all-uppercase
- Utils::CERT_create: Don't add authority key for issuer since Chrome does
not like this
- Intercept:
- Change behavior of code-based cache to better support synchronizing
within multiprocess/threaded set-ups
- Don't use counter for serial number but somehow base it on original
certificate in order to avoid conflicts with reuse of serial numbers
after restart
- Better support platforms without IPv6 (CPAN RT#124431)
- Spelling fixes in documentation (CPAN RT#124306)
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.054-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Mon Jan 22 2018 Paul Howarth <paul@city-fan.org> - 2.054-1
- Update to 2.054
- Small behavior fixes
- If SSL_fingerprint is used and matches, don't check for OCSP
- Utils::CERT_create: Small fixes to properly specific purpose, ability to
use predefined complex purpose but disable some features
- Update PublicSuffix
- Updates for documentation, especially regarding pitfalls with forking or
using non-blocking sockets, spelling fixes
- Test fixes and improvements
- Stability improvements for live tests
- Regenerate certificates in certs/ and make sure they are limited to the
correct purpose; check in program used to generate certificates
- Adjust tests since certificates have changed and some tests used
certificates intended for client authentication as server certificates,
which now no longer works
* Mon Oct 23 2017 Paul Howarth <paul@city-fan.org> - 2.052-1
- Update to 2.052
- Disable NPN support if LibreSSL ≥ 2.6.1 is detected since they've replaced
the functions with dummies instead of removing NPN completly or setting
OPENSSL_NO_NEXTPROTONEG
- t/01loadmodule.t shows more output helpful in debugging problems
- Update fingerprints for external tests
- Update documentation to make behavior of syswrite more clear
* Tue Sep 05 2017 Paul Howarth <paul@city-fan.org> - 2.051-1
- Update to 2.051
- syswrite: If SSL_write sets SSL_ERROR_SYSCALL but not $! (as seen with
OpenSSL 1.1.0 on Windows), set $! to EPIPE to propagate a useful error up
(GH#62)
* Fri Aug 18 2017 Paul Howarth <paul@city-fan.org> - 2.050-1
- Update to 2.050
- Removed unnecessary settings of SSL_version and SSL_cipher_list from tests
- protocol_version.t can now deal when TLS 1.0 and/or TLS 1.1 are not
supported, as is the case with openssl versions in latest Debian (buster)
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.049-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Mon Jun 12 2017 Paul Howarth <paul@city-fan.org> - 2.049-1
- Update to 2.049
- Fixed problem caused by typo in the context of session cache (GH#60)
- Updated PublicSuffix information from publicsuffix.org
* Mon Jun 05 2017 Jitka Plesnikova <jplesnik@redhat.com> - 2.048-2
- Perl 5.26 rebuild
* Mon Apr 17 2017 Paul Howarth <paul@city-fan.org> - 2.048-1
- Update to 2.048
- Fixed small memory leaks during destruction of socket and context
(CPAN RT#120643)
- Drop support for EOL distributions prior to F-13
- Drop BuildRoot: and Group: tags
- Drop explicit buildroot cleaning in %install section
- Drop explicit %clean section
* Fri Feb 17 2017 Paul Howarth <paul@city-fan.org> - 2.047-1
- Update to 2.047
- Better fix for problem which 2.046 tried to fix but broke LWP that way
- Update patches as needed
* Thu Feb 16 2017 Paul Howarth <paul@city-fan.org> - 2.046-1
- Update to 2.046
- Clean up everything in DESTROY and make sure to start with a fresh
%{*self} in configure_SSL because it can happen that a GLOB gets used
again without calling DESTROY
(https://github.com/noxxi/p5-io-socket-ssl/issues/56)
- Update patches as needed
* Tue Feb 14 2017 Paul Howarth <paul@city-fan.org> - 2.045-1
- Update to 2.045
- Fixed memory leak caused by not destroying CREATED_IN_THIS_THREAD for SSL
objects (GH#55)
- Optimization: don't track SSL objects and CTX in *CREATED_IN_THIS_THREAD if
perl is compiled without thread support
- Small fix in t/protocol_version.t to use older versions of Net::SSLeay with
openssl build without SSLv3 support
- When setting SSL_keepSocketOnError to true the socket will not be closed on
fatal error (GH#53, modified)
- Update patches as needed
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.044-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Thu Jan 26 2017 Paul Howarth <paul@city-fan.org> - 2.044-1
- Update to 2.044
- Protect various 'eval'-based capability detections at startup with a
localized __DIE__ handler; this way, dynamically requiring IO::Socket::SSL
as done by various third party software should cause less problems even if
there is a global __DIE__ handler that does not properly deal with 'eval'
- Update patches as needed
* Fri Jan 06 2017 Paul Howarth <paul@city-fan.org> - 2.043-1
- Update to 2.043
- Enable session ticket callback with Net::SSLeay ≥ 1.80
- Make t/session_ticket.t work with OpenSSL 1.1.0; with this version the
session no longer gets reused if it was not properly closed, which is now
done using an explicit close by the client
- Update patches as needed
* Wed Jan 04 2017 Paul Howarth <paul@city-fan.org> - 2.041-1
- Update to 2.041
- Leave session ticket callback off for now until the needed patch is
included in Net::SSLeay (see
https://rt.cpan.org/Ticket/Display.html?id=116118#txn-1696146)
- Update patches as needed
* Sun Dec 18 2016 Paul Howarth <paul@city-fan.org> - 2.040-1
- Update to 2.040
- Fix detection of default CA path for OpenSSL 1.1.x
- Utils::CERT_asHash now includes the signature algorithm used
- Utils::CERT_asHash can now deal with large serial numbers
- Update patches as needed
* Mon Nov 21 2016 Paul Howarth <paul@city-fan.org> - 2.039-1
- Update to 2.039
- OpenSSL 1.1.0c changed the behavior of SSL_read so that it now returns -1
on EOF without proper SSL shutdown; since it looks like that this behavior
will be kept at least for 1.1.1+, adapt to the changed API by treating
errno=NOERR on SSL_ERROR_SYSCALL as EOF
- Update patches as needed
* Mon Sep 19 2016 Paul Howarth <paul@city-fan.org> - 2.038-1
- Update to 2.038
- Restrict session ticket callback to Net::SSLeay 1.79+ since version before
contains bug; add test for session reuse
- Extend SSL fingerprint to pubkey digest, i.e. 'sha1$pub$xxxxxx....'
- Fix t/external/ocsp.t to use different server (under my control) to check
OCSP stapling
- Update patches as needed
* Tue Aug 23 2016 Paul Howarth <paul@city-fan.org> - 2.037-1
- Update to 2.037
- Disable OCSP support when Net::SSLeay 1.75..1.77 is used (CPAN RT#116795)
- Fix session cache del_session: it freed the session but did not properly
remove it from the cache; further reuse caused crash
- Update patches as needed
* Thu Aug 11 2016 Paul Howarth <paul@city-fan.org> - 2.035-1
- Update to 2.035
- Fixes for issues introduced in 2.034
- Return with error in configure_SSL if context creation failed; this
might otherwise result in a segmentation fault later
- Apply builtin defaults before any (user configurable) global settings
(i.e. done with set_defaults, set_default_context...) so that builtins
don't replace user settings
- Update patches as needed
* Mon Aug 08 2016 Paul Howarth <paul@city-fan.org> - 2.034-1
- Update to 2.034
- Move handling of global SSL arguments into creation of context, so that
these get also applied when creating a context only
- Update patches as needed
|