| Changelog |
* Fri May 31 2019 Jitka Plesnikova <jplesnik@redhat.com> - 1.88-2
- Perl 5.30 rebuild
* Sat May 11 2019 Paul Howarth <paul@city-fan.org> - 1.88-1
- Update to 1.88
Summary of major changes since version 1.85
- Mike McCauley has stepped down as maintainer: the new maintainers are Chris
Novakovic, Heikki Vatiainen and Tuure Vartiainen
- The source code has moved from the now-defunct Debian Subversion server
(alioth.debian.org) to GitHub
(https://github.com/radiator-software/p5-net-ssleay)
- Net-SSLeay is provided under the terms of the Artistic License 2.0; this
has been the case since version 1.66, but references to other licenses
remained in the source code, causing ambiguity
- Perl 5.8.1 or newer is now required to use Net-SSLeay; this has already
been the case for some time in practice, as the test suite hasn't fully
passed on Perl 5.6 for several years
- Much-improved compatibility with OpenSSL 1.1.1, and improved support for
TLS 1.3
- Fixed a long-standing bug in cb_data_advanced_put() that caused memory
leaks when callbacks were frequently added and removed
- Support in the test suite for "hardened" OpenSSL configurations that set a
default security level of 2 or higher (e.g., in the OpenSSL packages that
ship with recent versions of Debian, Fedora and Ubuntu)
* Thu Apr 18 2019 Petr Pisar <ppisar@redhat.com> - 1.86-0.3.09
- Replace expired test certificates (CPAN RT#129201)
* Fri Mar 29 2019 Paul Howarth <paul@city-fan.org> - 1.86-0.2.09
- Get libraries to link against from pkg-config
https://github.com/radiator-software/p5-net-ssleay/pull/127
* Wed Mar 20 2019 Petr Pisar <ppisar@redhat.com> - 1.86-0.1.09
- Update to 1.86_09 (see Changes file for details)
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.85-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Sat Sep 29 2018 Paul Howarth <paul@city-fan.org> - 1.85-9
- OpenSSL 1.1.1 in Fedora disables SSL3 API, so stop trying to test it
* Wed Sep 19 2018 Paul Howarth <paul@city-fan.org> - 1.85-8
- Expose SSL_CTX_set_post_handshake_auth (#1630391)
https://github.com/radiator-software/p5-net-ssleay/pull/68
* Fri Aug 17 2018 Petr Pisar <ppisar@redhat.com> - 1.85-7
- Revert retry in Net::SSLeay::write_partial() (bug #1614884)
* Wed Aug 15 2018 Petr Pisar <ppisar@redhat.com> - 1.85-6
- Revert retry in Net::SSLeay::{read,write}() (bug #1614884)
* Tue Aug 14 2018 Petr Pisar <ppisar@redhat.com> - 1.85-5
- Avoid SIGPIPE in t/local/36_verify.t (bug #1614884)
* Mon Aug 13 2018 Petr Pisar <ppisar@redhat.com> - 1.85-4
- Adapt to OpenSSL 1.1.1 (bug #1614884)
- Adapt tests to system-wide crypto policy (bug #1614884)
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.85-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Jun 28 2018 Jitka Plesnikova <jplesnik@redhat.com> - 1.85-2
- Perl 5.28 rebuild
* Wed Mar 14 2018 Paul Howarth <paul@city-fan.org> - 1.85-1
- Update to 1.85
- Preparations for transferring maintenace to a new maintainer
- Fixed test failure in t/local/33_x509_create_cert.t for some versions of
OpenSSL
- Fixed free() error that causes "Free to wrong pool ..." message on Windows
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.84-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Jan 17 2018 Paul Howarth <paul@city-fan.org> - 1.84-1
- Update to 1.84
- Fixed an error in t/local/04_basic.t causing a test failure if
Test::Exception not installed
* Tue Jan 16 2018 Paul Howarth <paul@city-fan.org> - 1.83-1
- Update to 1.83
- Fixed a problem with exporting OPENSSL_NO_NEXTPROTONEG even though they
are not available on LibreSSL
- Add support for SSL_set_default_passwd_cb* for OpenSSL 1.1.0f and later;
LibreSSL does not support these functions, at least yet
- Add new functions related to SSL_CTX_new
- Add two new functions introduced in OpenSSL 1.1.0, a number of constants
and a couple of const qualifiers to SSLeay.xs; tests and documentation .pod
were also updated
- Added support for SSL_use_certificate_chain_file function introduced in
OpenSSL 1.1.0
- Fixed LibreSSL version detection to correctly parse LibreSSL minor version
- Fix memory leaks in OCSP handling
- Add new functions for certificate verification introduced in OpenSSL 1.02,
a number of constants, new test data files, new tests and updates to .pod
documentation; the new functions provide access to the built-in wildcard
check functionality available in OpenSSL 1.0.2 and later
- Added X509_STORE_CTX_new and X509_verify_cert
- SSL_OCSP_response_verify now clears the error queue if OCSP_basic_verify
fails but the intermediate certificate succeeds
* Tue Oct 31 2017 Paul Howarth <paul@city-fan.org> - 1.82-1
- Update to 1.82
- Added support for building under Linuxbrew (a linuxbrew version of MacOS
Homebrew)
- Implement SSL_CTX_set_psk_client_callback() and
SSL_set_psk_client_callback()
- Skip the NPN test if the SSL library is LibreSSL
- Fixed a problem with a variable declaration in
ssleay_session_secret_cb_invoke
- Bugfix: tlsext_status_cb_invoke(...): free ocsp_response only when
allocated; the same callback is used on a server side for OCSP stapling
and in that case ocsp_response is NULL and not used
- New feature: Added a binding
SSL_set_session_ticket_ext_cb(ssl, callback, data); a callback used by
EAP-FAST/EAP-TEAT to parse and process TLS session ticket
- New feature: Added a binding SSL_set_session_ticket_ext(ssl, ticket); used
by EAP-FAST/EAP-TEAP to define TLS session ticket value
- Bugfix: tlsext_ticket_key_cb_invoke(...): allow SHA256 HMAC key to be 32
bytes instead of 16 bytes (which OpenSSL will pad with zeros up to 32
bytes)
- New feature: Added following bindings:
- X509_get_ex_data(cert, idx)
- X509_get_ex_new_index(argl, argp, new_func, dup_func, free_func)
- X509_get_app_data(cert)
- X509_set_ex_data(cert, idx, data)
- X509_set_app_data(cert, arg)
- X509_STORE_CTX_get_ex_new_index(argl, argp, new_func, dup_func, free_func)
- X509_STORE_CTX_get_app_data(x509_store_ctx)
- X509_STORE_CTX_set_app_data(x509_store_ctx, arg)
- New feature: Added an implementation for
SSL_get_finished(ssl, buf, count=2*EVP_MAX_MD_SIZE)
- New feature: Added an implementation for
SSL_get_peer_finished(ssl, buf, count=2*EVP_MAX_MD_SIZE)
- Bugfix: SSL_get_keyblock_size(s): Calculate key block size correctly also
with AEAD ciphers, which don’t use digest functions
- New feature: Added a binding SSL_set_tlsext_status_ocsp_resp(ssl, staple);
used by a server side to include OCSP staple in ServerHello
- Bugfix: SSL_OCSP_response_verify(ssl, rsp, svreq, flags): check that chain
and last are not NULL before trying to use them
- Bugfix: inc/Module/Install/PRIVATE/Net/SSLeay.pm: Don’t quote include and
lib paths
- Drop EL-5 support
- Drop BuildRoot: and Group: tags
- Drop explicit buildroot cleaning in %install section
- Drop explicit %clean section
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.81-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.81-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
