Subject: CVS commit: pkgsrc/security/p5-IO-Socket-SSL
From: Thomas Klausner
Date: 2013-09-05 21:39:04
Message id: 20130905193904.2CFC396@cvs.netbsd.org

Log Message:
Update to 1.953:

1.953 2013/7/22
- fixes to IO::Socket::SSL::Utils, thanks to rurban[AT]x-ray[DOT]at,
  RT#87052
1.952 2013/7/11
- fix t/acceptSSL-timeout.t on Win32, RT#86862
1.951 2013/7/3
- better document builtin defaults for key,cert,CA and how they are depreceated
- use Net::SSLeay::SSL_CTX_set_default_verify_paths to use openssl's builtin
  defaults for CA unless CA path/file was given (or IO::Socket::SSL builtins
  used)
1.950 2013/7/3
- MAJOR BEHAVIOR CHANGE:
  ssl_verify_mode now defaults to verify_peer for client.
  Until now it used verify_none, but loudly complained since 1.79 about it.
  It will not complain any longer, but the connection might probably fail.
  Please don't simply disable ssl verification, but instead set SSL_ca_file
  etc so that verification succeeds!
- MAJOR BEHAVIOR CHANGE:
  it will now complain if the builtin defaults of certs/my-ca.pem or ca/
  for CA and certs/{server,client}-{key,cert}.pem for cert and key are used,
  e.g. no certificates are specified explicitly.
  In the future these insecure (relative path!) defaults will be removed
  and the CA replaced with the system defaults.
v1.94 2013.06.01
- Makefile.PL reported wrong version of openssl, if Net::SSLeay was not
  installed instead of reporting missing dependency to Net::SSLeay.
v1.93 2013.05.31
- need at least OpenSSL version 0.9.8 now, since last 0.9.7 was released 6
  years ago. Remove code to work around older releases.
- changed AUTHOR in Makefile.PL from array back to string, because the
  array feature is not available in MakeMaker shipped with 5.8.9 (RT#85739)
v1.92 2013.05.30
- Intercept: use sha1-fingerprint of original cert for id into cache unless
  otherwise given
- Fix pod error in IO::Socket::SSL::Utils RT#85733
v1.91 2013.05.30
- added IO::Socket::SSL::Utils for easier manipulation of certificates and keys
- moved SSL interception into IO::Socket::SSL::Intercept and simplified it
  using IO::Socket::SSL::Utils
- enhance meta information in Makefile.PL
v1.90 2013.05.27
- RT#85290, support more digest, especially SHA-2.
  Thanks to ujvari[AT]microsec[DOT]hu
- added support for easy SSL interception (man in the middle) based
  on ideas found in mojo-mitm proxy (which was written by Karel Miko)
- make 1.46 the minimal required version for Net::SSLeay, because it
  introduced lots of useful functions.
v1.89 2013.05.14
- if IO::Socket::IP is used it should be at least version 0.20, otherwise
  we get problems with HTTP::Daemon::SSL and maybe others (RT#81932)
- Spelling corrections, thanks to dsteinbrunner
v1.88 2013.05.02
- consider a value of '' the same as undef for SSL_ca_(path|file), SSL_key*
  and SSL_cert* - some apps like Net::LDAP use it that way.
  Thanks to alexander[AT]kuehn[AT]nagilum[DOT]de for reporting the problem.
v1.87 2013.04.24
- RT#84829 - complain if given SSL_(key|cert|ca)_(file|path) do not exist or
  if they are not readable. Thanks to perl[AT]minty[DOT]org
- fix use of SSL_key|SSL_file objects instead of files, broken with 1.83

Files:
RevisionActionfile
1.65modifypkgsrc/security/p5-IO-Socket-SSL/Makefile
1.46modifypkgsrc/security/p5-IO-Socket-SSL/distinfo