Subject: CVS commit: pkgsrc/www/ruby-httpclient
From: Takahiro Kambe
Date: 2016-10-18 17:36:34
Message id: 20161018153634.F05B5FBD2@cvs.NetBSD.org

Log Message:
Update ruby-httpclient to 2.8.2.4.

Changes in 2.8.2

Aug 15, 2016 - version 2.8.2

  * Bug

    o 2.8.1 introduced JRuby + SSL connection problem; in some cases it cannot
      connect to trusted TLS server. 2.8.1 failed to load multiple CA
      certificates in a file. #327.

Aug 16, 2016 - version 2.8.2.1

  * Bug

    o 2.8.1 introduced another bug that causes NPE from JRuby when JRuby
      program loads httpclient and uses OpenSSL::X509::Store outside of
      httpclient. 2.8.3 fixed this problem. #325

Aug 28, 2016 - version 2.8.2.3

  * Bug

    o 2.8.2 fixed VERIFY_NONE at JRuby but the fix was not enough.

Sep 11, 2016 - version 2.8.2.4

  * Bug

    o 2.8.2 caused unexpected resulting value change of
      OpenSSL::X509::Store#add_cert method. Fixed.

Changes in 2.8.1

Aug 8, 2016 - version 2.8.1

* Changes

    o Use TLSv1.2 always on JRuby #320
    o Do not reset keep-alive connection by configuration change #315
    o Add strict_response_size_check option #316 false by default, meaning it
      behavies like browsers by default.
    o Add MIME type for XML #308

* Bug

    o Direct access to SSLConfig#cert_store in JRuby was broken from 2.7
      #276 #317
    o OpenSSL::SSL::VERIFY_NONE does not work in JRuby #319
    o Allow receiving response body in block when follow_redirects => true. #304
    o Fix blocking issue with request_async when Encoding.default_internal is
      set. #307
    o Apply timeouts for chunked transfer encoding #309

Changes in 2.8.0

Apr 24, 2016 - version 2.8.0

* Changes

    o Force using RSA 2048bit CA cert set

      Use RSA 2048bit CA cert set every time if it runs with OpenSSL (==
      except JRuby.)

      Old openssl (<1.0.1p or <1.0.2d) cannot handle this CA set and causes
      SSL connection failure against some SSL servers including AWS S3
      API. For such case you can manually specify RSA 1024bit CA cert set as a
      workaround.

	c = HTTPClient.new { |c| c.ssl_config.add_trust_ca("cacert1024.pem") }
	c.get("https://www.ruby-lang.org/")

      RSA 1024bit CA cert set is not maintained over years so you should
      consider updating OpenSSL version so that HTTPClient uses RSA 2048 bit
      CA cert set.

Changes in 2.7.2

Apr 22, 2016 - version 2.7.2

* Changes

    o Use RSA 1024bit CA cert when linked to old openssl

      Based on comments to #297 this commit silently (without warning) accepts
      RSA 1024bit certificate set when runtime ruby is liked with old OpenSSL
      (<1.0.1p or <1.0.2d.)

      If you're unsure that your OpenSSL is patched or not, and want to make
      sure to use RSA 2048bit certificate set, please call
      HTTPClient::SSLConfig#add_trust_ca("cacert.pem").

	c = HTTPClient.new { |c| c.ssl_config.add_trust_ca("cacert.pem") }
	c.get("https://www.ruby-lang.org/")

      I'm going to remove RSA 1024bit certificate set and bump httpclient
      version to 2.8.0 soon after I release this as 2.7.2. I believe almost
      all OpenSSL installation is patched quickly these days so it should not
      cause SSL connectivity problem.

Files:
RevisionActionfile
1.21modifypkgsrc/www/ruby-httpclient/Makefile
1.20modifypkgsrc/www/ruby-httpclient/distinfo