Changelog |
* Fri Aug 17 2018 Petr Pisar <ppisar@redhat.com> - 1.85-7
- Revert retry in Net::SSLeay::write_partial() (bug #1614884)
* Wed Aug 15 2018 Petr Pisar <ppisar@redhat.com> - 1.85-6
- Revert retry in Net::SSLeay::{read,write}() (bug #1614884)
* Tue Aug 14 2018 Petr Pisar <ppisar@redhat.com> - 1.85-5
- Avoid SIGPIPE in t/local/36_verify.t (bug #1614884)
* Mon Aug 13 2018 Petr Pisar <ppisar@redhat.com> - 1.85-4
- Adapt to OpenSSL 1.1.1 (bug #1614884)
- Adapt tests to system-wide crypto policy (bug #1614884)
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.85-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Jun 28 2018 Jitka Plesnikova <jplesnik@redhat.com> - 1.85-2
- Perl 5.28 rebuild
* Wed Mar 14 2018 Paul Howarth <paul@city-fan.org> - 1.85-1
- Update to 1.85
- Preparations for transferring maintenace to a new maintainer
- Fixed test failure in t/local/33_x509_create_cert.t for some versions of
OpenSSL
- Fixed free() error that causes "Free to wrong pool ..." message on Windows
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.84-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Jan 17 2018 Paul Howarth <paul@city-fan.org> - 1.84-1
- Update to 1.84
- Fixed an error in t/local/04_basic.t causing a test failure if
Test::Exception not installed
* Tue Jan 16 2018 Paul Howarth <paul@city-fan.org> - 1.83-1
- Update to 1.83
- Fixed a problem with exporting OPENSSL_NO_NEXTPROTONEG even though they
are not available on LibreSSL
- Add support for SSL_set_default_passwd_cb* for OpenSSL 1.1.0f and later;
LibreSSL does not support these functions, at least yet
- Add new functions related to SSL_CTX_new
- Add two new functions introduced in OpenSSL 1.1.0, a number of constants
and a couple of const qualifiers to SSLeay.xs; tests and documentation .pod
were also updated
- Added support for SSL_use_certificate_chain_file function introduced in
OpenSSL 1.1.0
- Fixed LibreSSL version detection to correctly parse LibreSSL minor version
- Fix memory leaks in OCSP handling
- Add new functions for certificate verification introduced in OpenSSL 1.02,
a number of constants, new test data files, new tests and updates to .pod
documentation; the new functions provide access to the built-in wildcard
check functionality available in OpenSSL 1.0.2 and later
- Added X509_STORE_CTX_new and X509_verify_cert
- SSL_OCSP_response_verify now clears the error queue if OCSP_basic_verify
fails but the intermediate certificate succeeds
* Tue Oct 31 2017 Paul Howarth <paul@city-fan.org> - 1.82-1
- Update to 1.82
- Added support for building under Linuxbrew (a linuxbrew version of MacOS
Homebrew)
- Implement SSL_CTX_set_psk_client_callback() and
SSL_set_psk_client_callback()
- Skip the NPN test if the SSL library is LibreSSL
- Fixed a problem with a variable declaration in
ssleay_session_secret_cb_invoke
- Bugfix: tlsext_status_cb_invoke(...): free ocsp_response only when
allocated; the same callback is used on a server side for OCSP stapling
and in that case ocsp_response is NULL and not used
- New feature: Added a binding
SSL_set_session_ticket_ext_cb(ssl, callback, data); a callback used by
EAP-FAST/EAP-TEAT to parse and process TLS session ticket
- New feature: Added a binding SSL_set_session_ticket_ext(ssl, ticket); used
by EAP-FAST/EAP-TEAP to define TLS session ticket value
- Bugfix: tlsext_ticket_key_cb_invoke(...): allow SHA256 HMAC key to be 32
bytes instead of 16 bytes (which OpenSSL will pad with zeros up to 32
bytes)
- New feature: Added following bindings:
- X509_get_ex_data(cert, idx)
- X509_get_ex_new_index(argl, argp, new_func, dup_func, free_func)
- X509_get_app_data(cert)
- X509_set_ex_data(cert, idx, data)
- X509_set_app_data(cert, arg)
- X509_STORE_CTX_get_ex_new_index(argl, argp, new_func, dup_func, free_func)
- X509_STORE_CTX_get_app_data(x509_store_ctx)
- X509_STORE_CTX_set_app_data(x509_store_ctx, arg)
- New feature: Added an implementation for
SSL_get_finished(ssl, buf, count=2*EVP_MAX_MD_SIZE)
- New feature: Added an implementation for
SSL_get_peer_finished(ssl, buf, count=2*EVP_MAX_MD_SIZE)
- Bugfix: SSL_get_keyblock_size(s): Calculate key block size correctly also
with AEAD ciphers, which don’t use digest functions
- New feature: Added a binding SSL_set_tlsext_status_ocsp_resp(ssl, staple);
used by a server side to include OCSP staple in ServerHello
- Bugfix: SSL_OCSP_response_verify(ssl, rsp, svreq, flags): check that chain
and last are not NULL before trying to use them
- Bugfix: inc/Module/Install/PRIVATE/Net/SSLeay.pm: Don’t quote include and
lib paths
- Drop EL-5 support
- Drop BuildRoot: and Group: tags
- Drop explicit buildroot cleaning in %install section
- Drop explicit %clean section
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.81-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.81-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sun Jun 04 2017 Jitka Plesnikova <jplesnik@redhat.com> - 1.81-2
- Perl 5.26 rebuild
* Tue Mar 28 2017 Paul Howarth <paul@city-fan.org> - 1.81-1
- Update to 1.81
- Enable RSA_get_key_parameters with LibreSSL - again
- Fixed memory leak in X509_get_subjectAltNames
- Added . to lib path in Makefile.PL to accommodate people who are using a
perl with -Ddefault_inc_excludes_dot
- Fixed build failure if engine support not present
- Improvements to get_my_thread_id to work around possibility of ERRSV not
being defined, e.g. on OpenWRT
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.80-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Thu Jan 05 2017 Paul Howarth <paul@city-fan.org> - 1.80-1
- Update to 1.80
- Fix unexpected changes in the control flow of the Perl program that seemed
to be triggered by the ticket key callback
* Tue Jan 03 2017 Paul Howarth <paul@city-fan.org> - 1.79-1
- Update to 1.79
- Patch to fix a few inline variable declarations that cause errors for older
compilers
- Patch: Generated C code is not compatible with MSVC, AIX cc, probably
others; added some PREINIT blocks and replaced 2 cases of INIT with PREINIT
- Fix compile failure if the OpenSSL library it's built against has
compression support compiled out
- Added RSA_get_key_parameters() to return a list of pointers to RSA key
internals (only available prior to OpenSSL 1.1)
- Fix some documentation typos
- Testing with openssl-1.1.0b
* Wed Oct 12 2016 Paul Howarth <paul@city-fan.org> - 1.78-2
- Rebuild for OpenSSL 1.1.0 in Fedora 26
|