pkgsrc.se | The NetBSD package collection

./net/ucspi-ssl, Command-line tools for SSL client-server applications

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 0.999.12.10, Package name: ucspi-ssl-0.999.12.10, Maintainer: schmonz

sslserver and sslclient are command-line tools for building SSL
client-server applications. They conform to the UNIX Client-Server
Program Interface, UCSPI.

sslserver listens for connections, and runs a program for each
connection it accepts. The program environment includes variables
that hold the local and remote host names, IP addresses, and port
numbers. sslserver offers a concurrency limit on acceptance of new
connections, and selective handling of connections based on client
identity.

sslclient requests a connection to a TCP socket, and runs a program.
The program environment includes the same variables as for sslserver.

Required to run:
[net/ucspi-tcp] [security/openssl] [net/fehqlibs]

Required to build:
[pkgtools/cwrappers]

Master sites:

https://www.fehcom.de/ipnet/ucspi-ssl/ (Download)

Filesize: 80 KB

Version history: (Expand)

(2023-12-09) Updated to version: ucspi-ssl-0.999.12.10
(2023-10-25) Updated to version: ucspi-ssl-0.999.12.7nb3
(2023-07-06) Updated to version: ucspi-ssl-0.999.12.7nb2
(2023-06-07) Updated to version: ucspi-ssl-0.999.12.7nb1
(2023-05-29) Updated to version: ucspi-ssl-0.999.12.7
(2023-04-04) Updated to version: ucspi-ssl-0.999.12.6

CVS history: (Expand)

2023-12-09 20:10:12 by Amitai Schleier | Files touched by this commit (3) | Package updated

Log message:
ucspi-ssl: update to 0.12.10. Changes:

0.12.8:
- Added new x509 certs and key material; all ECC now.
- Fixed wrong evaluation of peer cert in ssl_verify (none-critical).

0.12.9:
- Included IP info in sslserver's TLS error messages for a quick lookup.
- Fixed sslhandle's wrong if nesting.
- sslserver return FATAL (and not ERROR) in case TLS is requested but missing.
- Enhanced compatibility with OpenSSL 3.x.y.

0.12.10:
- Added argument '-y cdb' to sslserver in order to allow a rule checking
  for IP addresses prior of the DNS/IDENT lookup (to cope with DDos attacks).

2023-10-25 00:11:51 by Thomas Klausner | Files touched by this commit (2298)

Log message:
*: bump for openssl 3

2023-07-06 11:43:03 by Thomas Klausner | Files touched by this commit (2483)

Log message:
*: recursive bump for perl 5.38

2023-06-07 17:11:53 by Amitai Schleier | Files touched by this commit (2)

Log message:
ucspi-ssl: remove non-meaningful 'inet6' option. Bump PKGREVISION.

The dependency was to ensure the runtime presence of tcprules(1),
described at HOMEPAGE thus:

    Optional but indispensible: ucspi-tcp6 to build the cdb to control
    incoming connections for sslserver using tcprules coming with the
    ucspi-tcp6 package. Older versions of ucspi-tcp can be used as well,
    but don't provide neither IPv4 CIDR nor IPv6 capabilities. The
    generated cdb however, is binary compatible among all versions.

Depending on either of net/ucspi-tcp{,6} here was complicating the
dependency graph in exchange for... still getting in the way of other
packages installing what they need (e.g. mail/bincimap). Trust the
sysadmin to notice if they don't already have tcprules and decide what
to install in that case.

2023-05-29 13:52:59 by Amitai Schleier | Files touched by this commit (2)

Log message:
Update to 0.12.7. From the changelog:

- sslserver MAXCONIP feature is working now from the cdb read by
  the children.
- MAXCONIP works even the general limit is 0.
- Fixed wrong '-m' option for sslserver.
- Added ip and port information in case sslserver/sslclient can't bind
  to local addresses.
- Tweaked rts to include external load libraries.

2023-04-04 20:47:29 by Amitai Schleier | Files touched by this commit (2)

Log message:
Update to 0.12.6. From the changelog:

- ssl_io uses now two specific return codes under condition 'BOMB'
  avoiding unnecessary error messages in case of TLS client termination.
- ssl_io.c closes TLS connection gracefully upon SSL_ERROR_SSL recognition and \ 
not continue looping.
- Included tests on tai_now in ssl_timeout.c and removed obsolete pollmax variables.

2022-06-28 13:38:00 by Thomas Klausner | Files touched by this commit (3952)

Log message:
*: recursive bump for perl 5.36

2021-10-26 13:07:15 by Nia Alarie | Files touched by this commit (958)

Log message:
net: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Not committed (merge conflicts...):

net/radsecproxy/distinfo

The following distfiles could not be fetched (fetched conditionally?):

./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz
./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch
./net/djbdns/distinfo djbdns-1.05-test28.diff.xz
./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch
./net/djbdns/distinfo djbdns-1.05-multiip.diff
./net/djbdns/distinfo djbdns-cachestats.patch