Subject: CVS commit: pkgsrc/security/p5-IO-Socket-SSL
From: Nia Alarie
Date: 2020-03-22 22:19:35
Message id: 20200322211935.2CDD5FB27@cvs.NetBSD.org

Log Message:
p5-IO-Socket-SSL: Update to 2.067

2.067 2020/02/14
- fix memory leak on incomplete handshake
  https://github.com/noxxi/p5-io-socket-ssl/issues/92
  Thanks to olegwtf
- add support for SSL_MODE_RELEASE_BUFFERS via SSL_mode_release_buffers
  This can decrease memory usage at the costs of more allocations
  https://rt.cpan.org/Ticket/Display.html?id=129463
- more detailed error messages when loading of certificate file failed
  https://github.com/noxxi/p5-io-socket-ssl/issues/89
- fix for ip_in_cn == 6 in verify_hostname scheme
  https://rt.cpan.org/Ticket/Display.html?id=131384
- deal with new MODE_AUTO_RETRY default in OpenSSL 1.1.1
- fix warning when no ecdh support is available
- documentation update regarding use of select and TLS 1.3
- various fixes in documentation
  https://github.com/noxxi/p5-io-socket-ssl/issues/91
  https://github.com/noxxi/p5-io-socket-ssl/issues/90
  https://github.com/noxxi/p5-io-socket-ssl/issues/87
  https://github.com/noxxi/p5-io-socket-ssl/issues/81
- stability fix t/core.t

2.066 2019/03/06
- fix test t/verify_partial_chain.t by using the newly exposed function
  can_partial_chain instead of guessing (wrongly) if the functionality is
  available

2.065 2019/03/05
- make sure that Net::SSLeay::CTX_get0_param is defined before using
  X509_V_FLAG_PARTIAL_CHAIN. Net::SSLeay 1.85 defined only the second with
  LibreSSL 2.7.4 but not the first
  https://rt.cpan.org/Ticket/Display.html?id=128716
- prefer AES for server side cipher default since it is usually
  hardware-accelerated

2.064 2019/03/04
- make algorithm for fingerprint optional, i.e. detect based on length of
  fingerprint - https://rt.cpan.org/Ticket/Display.html?id=127773
- fix t/sessions.t and improve stability of t/verify_hostname.t on windows
- use CTX_set_ecdh_auto when needed (OpenSSL 1.0.2) if explicit curves are set
- update fingerprints for live tests

2.063 2019/03/01
- support for both RSA and ECDSA certificate on same domain
- update PublicSuffix
- Refuse to build if Net::SSLeay is compiled with one version of OpenSSL but
  then linked against another API-incompatible version (ie. more than just the
  patchlevel differs).

2.062 2019/02/24
- Enable X509_V_FLAG_PARTIAL_CHAIN if supported by Net::SSLeay (1.83+) and
  OpenSSL (1.1.0+). This makes leaf certificates or intermediate certificates in
  the trust store be usable as full trust anchors too.

2.061 2019/02/23
- Support for TLS 1.3 session reuse. Needs Net::SSLeay 1.86+.
  Note that the previous (and undocumented) API for the session cache has been
  changed.
- Support for multiple curves, automatic setting of curves and setting of
  supported curves in client. Needs Net::SSLeay 1.86+.
- Enable Post-Handshake-Authentication (TLSv1.3 feature) client-side when
  client certificates are provided. Thanks to jorton[AT]redhat[DOT]com.
  Needs Net::SSLeay 1.86+.

Files:
RevisionActionfile
1.128modifypkgsrc/security/p5-IO-Socket-SSL/Makefile
1.98modifypkgsrc/security/p5-IO-Socket-SSL/distinfo