- updated to 1.967
 - verify the hostname inside a certificate by default with a superset of
   common verification schemes instead of not verifying identity at all.
   For now it will only complain if name verification failed, in the future
   it will fail certificate verification, forcing you to set the expected
   SSL_verifycn_name if you want to accept the certificate.
 - new option SSL_fingerprint and new methods get_fingerprint and
   get_fingerprint_bin. Together they can be used to selectively accept
   specific certificates which would otherwise fail verification, like
   self-signed, outdated or from unknown CAs.
   This makes another reason to disable verification obsolete.
 - Utils:
   - default RSA key length 2048
   - digest algorithm to sign certificate in CERT_create can be given,
     defaults to SHA-256
   - CERT_create can now issue non-CA selfsigned certificate
   - CERT_create add some more useful constraints to certificate
 - spelling fixes, thanks to ville[dot]skytta[at]iki[dot]fi
 1.966 2014/01/21
 - fixed bug introduced in 1.964 - disabling TLSv1_2 worked no longer with
   specifying !TLSv12, only !TLSv1_2 worked
 - fixed leak of session objects in SessionCache, if another session 
   replaced an existing session (introduced in 1.965)
 1.965 2014/01/16
 - new key SSL_session_key to influence how sessions are inserted and looked
   up in the clients session cache. This makes it possible to share sessions
   over different ip:host (like required with some FTPS servers)
 - t/core.t - handle case, were default loopback source is not 127.0.0.1, like
   in FreeBSD jails
 1.964 2014/01/15

• Files Changed
• Browse Source

- updated to 1.962
 - work around problems with older F5 BIG-IP by offering fewer ciphers on the
   client side by default, so that the client hello stays below 255 byte
 - IO::Socket::SSL::Utils::CERT_create can now create CA-certificates which
   are not self-signed (by giving issuer_*)

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

Split 13.1 from Factory

• Files Changed
• Browse Source

Automatic submission by obs-autosubmit

• Files Changed
• Browse Source

- new version 0.951
  * better document builtin defaults for key,cert,CA and how they are depreceated
  * use Net::SSLeay::SSL_CTX_set_default_verify_paths to use
    openssl's builtin defaults for CA unless CA path/file was given
  * MAJOR BEHAVIOR CHANGE:
    ssl_verify_mode now defaults to verify_peer for client. Until
    now it used verify_none, but loudly complained since 1.79 about
    it. It will not complain any longer, but the connection might
    probably fail. Please don't simply disable ssl verification, but
    instead set SSL_ca_file etc so that verification succeeds!
  * MAJOR BEHAVIOR CHANGE:
    it will now complain if the builtin defaults of certs/my-ca.pem
    or ca/ for CA and certs/{server,client}-{key,cert}.pem for cert
    and key are used, e.g. no certificates are specified explicitly.
    In the future these insecure (relative path!) defaults will be
    removed and the CA replaced with the system defaults.
  * Makefile.PL reported wrong version of openssl, if Net::SSLeay was not
    installed instead of reporting missing dependency to Net::SSLeay.
  * need at least OpenSSL version 0.9.8 now, since last 0.9.7 was released 6
    years ago. Remove code to work around older releases.
  * changed AUTHOR in Makefile.PL from array back to string, because the
    array feature is not available in MakeMaker shipped with 5.8.9 (RT#85739)
  * Intercept: use sha1-fingerprint of original cert for id into cache unless 
    otherwise given
  * Fix pod error in IO::Socket::SSL::Utils RT#85733
  * added IO::Socket::SSL::Utils for easier manipulation of certificates and keys
  * moved SSL interception into IO::Socket::SSL::Intercept and simplified it 
    using IO::Socket::SSL::Utils
  * enhance meta information in Makefile.PL
  * RT#85290, support more digest, especially SHA-2. (forwarded request 182138 from lnussel)

• Files Changed
• Browse Source

Split 12.3 from Factory

• Files Changed
• Browse Source

branched from openSUSE:Factory

• Files Changed
• Browse Source

Automatic submission by obs-autosubmit

• Files Changed
• Browse Source

Automatic submission by obs-autosubmit

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- update to 1.52
  - fix syntax error in t/memleak_bad_handshake.t
  - disable t/memleak_bad_handshake.t on AIX, because it might hang
    https://rt.cpan.org/Ticket/Display.html?id=72170

• Files Changed
• Browse Source

replace license with spdx.org variant

• Files Changed
• Browse Source

- update to 1.49
- another regression for readline fix, this time it failed to return lines
  at eof which don't end with newline. Extended t/readline.t to catch this

• Files Changed
• Browse Source

- update to 1.48
- bugfix for readline fix in 1.45. If the pending data where false
  (like '0') it failed to read rest of line.
  Thanks to Victor Popov for reporting
  https://rt.cpan.org/Ticket/Display.html?id=71953

- update to 1.47
  fix for 1.46 - check for mswin32 needs to be /i. Thanks to
  Alexandr Ciornii for reporting

- update to 1.46
  - added test for signals

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- update to 1.45
- fix readline to continue when getting interrupt waiting for more
  data. Thanks to kgc[AT]corp[DOT]sonic[DOT]net for reporting problem

• Files Changed
• Browse Source

- update to 1.44:
  * fix invalid call to inet_pton in verify_hostname_of_cert when identity
    should be verified as ipv6 address, because it contains colon

• Files Changed
• Browse Source

- update to 1.43: no user-visible changes: fixes in testsuite

• Files Changed
• Browse Source