Subject: CVS commit: pkgsrc/security/p5-Net-SSLeay
From: Thomas Klausner
Date: 2021-04-27 14:17:13
Message id:

Log Message:
p5-Net-SSLeay: update to 1.90.

1.90 2021-01-21
	- New stable release incorporating all changes from developer releases
	  1.89_01 to 1.89_05.
	- Summary of major changes since version 1.88:
	  - Formalised libssl version support policy: all stable versions of OpenSSL
	    in the 0.9.8 - 1.1.1 branches (with the exception of 0.9.8 - 0.9.8b) and
	    all stable releases of LibreSSL in the 2.0 - 3.1 series are supported.
	    The LibreSSL 3.2 series is not yet fully supported because its TLSv1.3
	    implementation is not currently libssl-compatible.
	  - Added support for LibreSSL on Windows when built with Visual C++.
	  - Exposed P_X509_CRL_add_extensions, several SSL_CIPHER functions, and
	    several stack functions.
	  - Fixed crashes in the callback functions CTX_set_next_proto_select_cb and
	  - The test suite is now compatible with OpenSSL 1.1.1e onwards, as well as
	    OpenSSL security level 2 (the default on many Linux distributions).

1.89_05 2021-01-21
	- Expose SSL_get_ciphers. Thanks to github user dylc5190.
	- Expose SSL_CIPHER_get_version and fix SSL_CIPHER_description
	  and SSL_CIPHER_get_bits. Also fixed and enhanced
	  documentation for these and related SSL_CIPHER functions.
	- Clarify libssl version support policy: all stable versions of OpenSSL in
	  the 0.9.8 - 1.1.1 branches (with the exception of 0.9.8 - 0.9.8b) and all
	  stable releases of LibreSSL in the 2.0 - 3.1 series are supported.
	- Direct bug reports to the GitHub repository, since will shut
	  down on 2021-03-01.

1.89_04 2021-01-13
	- Fix crashes in the callback functions CTX_set_next_proto_select_cb() and
	  CTX_set_alpn_select_cb() caused by the use of a pointer returned by
	  SSL_select_next_proto() which may already have been freed under certain
	  circumstances. Fixes GH-222. Thanks to dylc5190 for the report.
	- Remove the dependency on the AES128-SHA cipher suite in the test script
	  64_ticket_sharing.t. Fixes GH-231.
	- Remove checks and warnings in Makefile.PL relating to the use of RSAref,
	  which was removed from OpenSSL in version 0.9.7.

1.89_03 2020-12-12
	- Expose the following functions:
	  - X509_STORE_CTX_get0_cert, X509_STORE_CTX_get1_chain
	  - sk_X509_pop, sk_X509_shift, sk_X509_unshift,
	  - sk_X509_insert, sk_X509_delete, sk_x509_value, sk_X509_num
	  Thanks to Dan Freed.
	- Correct the minimum OpenSSL version required for the following functions
	  to be made available (previously they were all declared to be present in
	  1.1.0-pre1, which caused Net::SSLeay to crash at run-time when built
	  against OpenSSL versions between 1.1.0-pre1 and 1.1.0-pre3):
	  - CTX_set_max_proto_version (added in 1.1.0-pre2)
	  - CTX_set_min_proto_version (added in 1.1.0-pre2)
	  - SESSION_up_ref (added in 1.1.0-pre4)
	  - set_max_proto_version (added in 1.1.0-pre2)
	  - set_min_proto_version (added in 1.1.0-pre2)
	- Correct the minimum OpenSSL version required for get_SSL_CTX and SSL_ctrl
	  to be made available (previously they were declared to be present from
	  0.9.8f onwards, when in reality they are available in all 0.9.8 versions).
	- Replace the PKI used by the test suite with one generated by the
	  generate-test-pki helper script. All entities in the new PKI have 2048-bit
	  RSA private keys and CSRs, certificates and CRLs with SHA-256 digests,
	  allowing the test suite to execute under OpenSSL security level 2 (now the
	  default security level for OpenSSL in many Linux distributions).
	- Initialise libssl consistently in the test suite.
	- Don't rely on the availability of specific SSL/TLS protocol versions or
	  cipher suites in the test suite; instead, dynamically select from any of
	  the available protocol versions and cipher suites permitted by libssl.
	  Fixes RT#132425. Thanks to Graham Ollis for the initial report of the test
	  suite failing on Ubuntu 20.04 with the Ubuntu-packaged OpenSSL, whose
	  configuration forbids the use of TLSv1.1 and below at run-time by default.

1.89_02 2020-08-07
	- Add support for the P_X509_CRL_add_extensions function. Thanks to
	  Manuel Mausz for the patch.
	- X509_get_subjectAltNames now knows how to return
	  GEN_RID. The returned value is an ASN OID in text format
	  with current maximum length of 2500 characters. Updated
	  t/local/33_x509_create_cert.t to use GEN_RID and all other
	  supported types with certificate request and signed
	  certificate. These relate to GitHub issue GH-149 opened by
	- Support for 64-bit Windows versions of OpenSSL from 1.0.0-beta1
	  through to 1.0.0b has been withdrawn due to malfunctions occurring in
	  Perl programs that use fork(). This mainly affects users of Strawberry
	  Perl x64, which ships with OpenSSL 1.0.0-beta4.
	  Affected users should build Net-SSLeay against OpenSSL 1.0.0c or
	  above; users of Strawberry Perl x64 may instead find
	  it easier to upgrade to Strawberry Perl x64 or above. See for more

1.89_01 2020-03-22
	- Fix the repository URL in Makefile.PL (git:// rather than git@),
	  which was preventing it from being added to META.json. Thanks to
	  Dan Book.
	- When building Net-SSLeay, exit if an OpenSSL executable cannot be
	  found in PATH. Fixes RT#131060. Thanks to Nigel Horne for the report.
	- Remove non-OCSP external tests, many of which unnecessarily duplicate
	  local tests or fail for reasons outside of our control. Fixes
	  RT#129542. Thanks to Andreas Vögele for the bug report that
	  ultimately led to this change.
	- Add support for LibreSSL on Windows when built with Visual C++.
	  Thanks to Graham Ollis for the patch.
	- In SSL_CTX_free() and SSL_free(), clean callback-related data from
	  the global hash after freeing ctx, not before. This allows callbacks
	  to be executed during freeing. Thanks to Steffen Ullrich for the
	- t/local/07_sslecho.t started failing with OpenSSL 1.1.1e. Updated
	  the test file with missing calls to Net::SSLeay::shutdown(). Also
	  added one call in sslcat() function. Enabling SSLeay trace
	  level 3 showed 'unexpected eof while reading' errors which were added
	  to OpenSSL with commit db943f43. This fixes GitHub issue GH-160
	  reported by Brett T. Warden.
	- t/local/01_pod.t now requires Test::Pod 1.41 to work with Pod syntax
	  used with Net::SSLeay 1.88 and later. This fixes GitHub issue GH-147
	  reported by Ulrik Haugen.