./security/p5-IO-Socket-SSL, Perl5 SSL socket interface class

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.067, Package name: p5-IO-Socket-SSL-2.067, Maintainer: pkgsrc-users

IO::Socket::SSL is a class implementing an object-oriented interface
to SSL sockets. The class is a descendent of IO::Socket::INET and
provides a subset of the base class's interface methods as well as
SSL-specific methods.


Required to run:
[lang/perl5] [security/p5-Net-SSLeay] [net/p5-Net-LibIDN] [net/p5-IO-Socket-INET6] [security/p5-Mozilla-CA]

Required to build:
[pkgtools/cwrappers]

Master sites: (Expand)

SHA1: aa82e352ad50e7ff979c6d8cea71f84505d554e3
RMD160: 554b03f9c2a010a207affa50dd7542967277d9b9
Filesize: 239.159 KB

Version history: (Expand)


CVS history: (Expand)


   2020-03-22 22:19:35 by Nia Alarie | Files touched by this commit (2) | Package updated
Log message:
p5-IO-Socket-SSL: Update to 2.067

2.067 2020/02/14
- fix memory leak on incomplete handshake
  https://github.com/noxxi/p5-io-socket-ssl/issues/92
  Thanks to olegwtf
- add support for SSL_MODE_RELEASE_BUFFERS via SSL_mode_release_buffers
  This can decrease memory usage at the costs of more allocations
  https://rt.cpan.org/Ticket/Display.html?id=129463
- more detailed error messages when loading of certificate file failed
  https://github.com/noxxi/p5-io-socket-ssl/issues/89
- fix for ip_in_cn == 6 in verify_hostname scheme
  https://rt.cpan.org/Ticket/Display.html?id=131384
- deal with new MODE_AUTO_RETRY default in OpenSSL 1.1.1
- fix warning when no ecdh support is available
- documentation update regarding use of select and TLS 1.3
- various fixes in documentation
  https://github.com/noxxi/p5-io-socket-ssl/issues/91
  https://github.com/noxxi/p5-io-socket-ssl/issues/90
  https://github.com/noxxi/p5-io-socket-ssl/issues/87
  https://github.com/noxxi/p5-io-socket-ssl/issues/81
- stability fix t/core.t

2.066 2019/03/06
- fix test t/verify_partial_chain.t by using the newly exposed function
  can_partial_chain instead of guessing (wrongly) if the functionality is
  available

2.065 2019/03/05
- make sure that Net::SSLeay::CTX_get0_param is defined before using
  X509_V_FLAG_PARTIAL_CHAIN. Net::SSLeay 1.85 defined only the second with
  LibreSSL 2.7.4 but not the first
  https://rt.cpan.org/Ticket/Display.html?id=128716
- prefer AES for server side cipher default since it is usually
  hardware-accelerated

2.064 2019/03/04
- make algorithm for fingerprint optional, i.e. detect based on length of
  fingerprint - https://rt.cpan.org/Ticket/Display.html?id=127773
- fix t/sessions.t and improve stability of t/verify_hostname.t on windows
- use CTX_set_ecdh_auto when needed (OpenSSL 1.0.2) if explicit curves are set
- update fingerprints for live tests

2.063 2019/03/01
- support for both RSA and ECDSA certificate on same domain
- update PublicSuffix
- Refuse to build if Net::SSLeay is compiled with one version of OpenSSL but
  then linked against another API-incompatible version (ie. more than just the
  patchlevel differs).

2.062 2019/02/24
- Enable X509_V_FLAG_PARTIAL_CHAIN if supported by Net::SSLeay (1.83+) and
  OpenSSL (1.1.0+). This makes leaf certificates or intermediate certificates in
  the trust store be usable as full trust anchors too.

2.061 2019/02/23
- Support for TLS 1.3 session reuse. Needs Net::SSLeay 1.86+.
  Note that the previous (and undocumented) API for the session cache has been
  changed.
- Support for multiple curves, automatic setting of curves and setting of
  supported curves in client. Needs Net::SSLeay 1.86+.
- Enable Post-Handshake-Authentication (TLSv1.3 feature) client-side when
  client certificates are provided. Thanks to jorton[AT]redhat[DOT]com.
  Needs Net::SSLeay 1.86+.
   2019-08-11 15:25:21 by Thomas Klausner | Files touched by this commit (3557) | Package updated
Log message:
Bump PKGREVISIONs for perl 5.30.0
   2019-06-30 22:17:50 by Nia Alarie | Files touched by this commit (1816) | Package updated
Log message:
Update packages using a search.cpan.org HOMEPAGE to metacpan.org.

The former now redirects to the latter.

This covers the most simple cases where http://search.cpan.org/dist/name
can be changed to https://metacpan.org/release/name.

Reviewed by hand to hopefully make sure no unwanted changes sneak in.
   2018-10-02 03:03:33 by Wen Heping | Files touched by this commit (2) | Package updated
Log message:
Update to 2.060

Upstream changes:
2.060 2018/09/16
- support for TLS 1.3 with OpenSSL 1.1.1 (needs support in Net::SSLeay too)
  Thanks to ppisar[AT]redhat.com for major help
  see also https://rt.cpan.org/Ticket/Display.html?id=126899
  TLS 1.3 support is not complete yet for session resume
   2018-08-22 11:48:07 by Thomas Klausner | Files touched by this commit (3558)
Log message:
Recursive bump for perl5-5.28.0
   2018-08-21 14:06:03 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
p5-IO-Socket-SSL: update to 2.059.

2.059 2018/08/15
- fix memleak when CRL are used.
  Thanks to Franz Skale for report and patch
  https://rt.cpan.org/Ticket/Display.html?id=125867
- fix memleak when using stop_SSL and threads, reported by Paul Evans
  https://rt.cpan.org/Ticket/Display.html … xn-1797132
2.058 2018/07/19
- fix t/session_ticket.t: it failed with OpenSSL 1.1.* since this version
  expects the extKeyUsage of clientAuth in the client cert also to be allowed
  by the CA if CA uses extKeyUsage
2.057 2018/07/18
- fix memory leak which occured with explicit stop_SSL in connection with
  non-blocking sockets or timeout - https://rt.cpan.org/Ticket/Display.html?id=125867
  Thanks to Paul Evans for reporting
- fix redefine warnings in case Socket6 is installed but neither IO::Socket::IP
  nor IO::Socket::INET6 - https://rt.cpan.org/Ticket/Display.html?id=124963
- IO::Socket::SSL::Intercept - optional 'serial' argument can be starting number
  or callback to create serial number based on the original certificate
- new function get_session_reused to check if a session got reused
- IO::Socket::SSL::Utils::CERT_asHash: fingerprint_xxx now set to the correct value
   2018-02-25 19:47:31 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
p5-IO-Socket-SSL: update to 2.056.

2.056 2018/02/19
- Intercept - fix creation of serial number: base it on binary digest instead of
  treating hex fingerprint as binary. Allow use of own serial numbers again.
- t/io-socket-ip.t - skip test if no IPv6 support on system RT#124464
- update PublicSuffix
2.055 2018/02/15
- use SNI also if hostname was given all-uppercase
- Utils::CERT_create - don't add authority key for issuer since Chrome does
  not like this
- Intercept:
  - change behavior of code based cache to better support synchronizing
    within multiprocess/threaded setups
  - don't use counter for serial number but somehow base it on original
    certificate in order to avoid conflicts with reuse of serial numbers
    after restart
- RT#124431 - better support platforms w/o IPv6
- RT#124306 - spelling fixes in documentation
2.054 2018/01/22
- added missing test certificates to MANIFEST
2.053 2018/01/21
- small behavior fixes
  - if SSL_fingerprint is used and matches don't check for OCSP
  - Utils::CERT_create - small fixes to properly specific purpose, ability to
    use predefined complex purpose but disable some features
- update PublicSuffix
- updates for documentation, especially regarding pitfalls with forking or using
  non-blocking sockets. Spelling fixes.
- test fixes and improvements
  - stability improvements for live tests
  - regenerate certificate in certs/ and make sure they are limited to the
    correct purpose. Checkin program used to generate certificates.
  - adjust tests since certificates have changed and some tests used
    certificates intended for client authentication as server certificates,
    which now no longer works
   2017-11-08 22:07:32 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
p5-IO-Socket-SSL: update to 2.052.

2.052 2017/10/22
- disable NPN support if LibreSSL>=2.6.1 is detected since they've replaced the
  functions with dummies instead of removing NPN completly or setting
  OPENSSL_NO_NEXTPROTONEG
- t/01loadmodule.t shows more output helpful in debugging problems
- update fingerprints for extenal tests
- update documentation to make behavior of syswrite more clear