Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
devel:openSUSE:Factory:rpmlint
perl-Net-SSLeay
perl-Net-SSLeay.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File perl-Net-SSLeay.changes of Package perl-Net-SSLeay
------------------------------------------------------------------- Fri Mar 22 19:08:41 UTC 2024 - Tina Müller <tina.mueller@suse.com> - Remove Use-constants-X509_VERSION_3-and-X509_REQ_VERSION_1-when-available.patch (fixed upstream) ------------------------------------------------------------------- Mon Jan 8 03:06:42 UTC 2024 - Tina Müller <timueller+perl@suse.de> - updated to 1.94 see /usr/share/doc/packages/perl-Net-SSLeay/Changes 1.94 2024-01-08 - New stable release incorporating all changes from developer releases 1.93_01 to 1.93_05. - Summary of major changes since version 1.92: - Net::SSLeay now officially supports all stable releases of OpenSSL 3.1 and 3.2, and LibreSSL 3.5 - 3.8. - Many noisy compiler warnings have been silenced - if SSLeay.xs fails to compile, it should now be much easier to identify the cause. - libcrypto's OPENSSL_init_crypto() function and libssl's OPENSSL_init_ssl() function are now exposed, enabling fine-grained control over the initialisation and configuration of both libraries. - libssl functions implementing TLS 1.3 PSK authentication are now exposed, in particular SSL_CTX_set_psk_find_session_callback() (on the server side) and SSL_CTX_set_psk_use_session_callback() (on the client side). - libssl functions implementing server-side TLS 1.2 PSK authentication are now exposed, in particular SSL_CTX_set_psk_server_callback(). - libssl's SSL_CTX_set_client_hello_cb() function is now exposed, allowing a TLS server to set a callback function that is executed when the server processes a ClientHello message. - Many more libcrypto/libssl constants and functions are now exposed; see the release notes for the 1.93 developer releases for a full list. 1.93_05 2024-01-06 - Remove support for automatic detection of libssl/libcrypto via pkg-config with ExtUtils::PkgConfig if it is installed, due to the compiler and linker options provided by pkg-config being used unconditionally (which is incompatible with the OPENSSL_PREFIX detection method). The implementation of this was merged in time for developer release 1.93_03 and therefore hasn't been included in a stable release yet, so this doesn't represent a breaking change to the way in which libssl/libcrypto are detected by Makefile.PL. This is, however, a very useful feature, and we intend to bring it back in time for Net-SSLeay 1.96 after ironing out the remaining bugs. 1.93_04 2024-01-05 - Use -DOPENSSL_API_COMPAT=908 when compiling SSLeay.xs to suppress OpenSSL deprecation warnings. - Expose a number of functions that were added in recent LibreSSL releases or were not otherwise exposed before: - SSL(_CTX)_get/set_security_level in LibreSSL 3.6.0 - SSL(_CTX)_get/set_num_tickets in LibreSSL 3.5.0 - SSL(_CTX)_set_ciphersuites in LibreSSL 3.4.0 - EVP_PKEY_security_bits in LibreSSL 3.6.0 - SSL_CTX_set_keylog_callback in LibreSSL 3.5.0 - SSL_is_dtls in LibreSSL 3.3.2 - Remove Tuure Vartiainen as an active contributor. Tuure's contributions were instrumental in the transition from ad hoc testing to CI-based testing, which has greatly improved Net-SSLeay's stability, reliability and compatibility. Thanks for your contributions, Tuure! 1.93_03 2024-01-02 - Pass RAND_seed()'s sole argument to the underlying RAND_seed() function in libcrypto, rather than passing the value of a non-existent second argument. Fixes GH-427. Thanks to cgf1 for the report. - Avoid explicit and implicit use of weak hash algorithms, such as MD5 and SHA-1, in test suite. This allows tests 44_sess.t and 45_exporter.t to correctly work on systems where crypto policies prohibit their direct use and TLS versions that require them. An example of such a system is Rocky Linux 9.2. Any Red Hat Enterprise Linux 9 and derived system is likely to have similar behaviour. Thanks to Paul Howarth for the investigation and patches. - LibreSSL 3.8.0 release notes state: The POLICY_TREE and its related structures and API were removed. The affected Net::SSLeay functions are: - X509_policy_level_get0_node - X509_policy_level_node_count - X509_policy_node_get0_parent - X509_policy_node_get0_policy - X509_policy_node_get0_qualifiers - X509_policy_tree_free - X509_policy_tree_get0_level - X509_policy_tree_get0_policies - X509_policy_tree_get0_user_policies - X509_policy_tree_level_count Patch by GitHub user orbea. - Add OpenSSL 3.1 and LibreSSL 3.7 minor releases to GitHub CI testing. Update the previous minor releases to their latest versions. Add NetBSD to BSDs job and update the other BSDs and Alpine Linux jobs to cover additional and latest releases. Use the latest MacOS runners. - Expose SSL_CTX_set_client_hello_cb for setting a callback the server calls when it processes a ClientHello. Expose the following functions that can be called only from the callback. None of these are available with LibreSSL. - SSL_client_hello_isv2 - SSL_client_hello_get0_legacy_version - SSL_client_hello_get0_random - SSL_client_hello_get0_session_id - SSL_client_hello_get0_ciphers - SSL_client_hello_get0_compression_methods - SSL_client_hello_get1_extensions_present - SSL_client_hello_get_extension_order - SSL_client_hello_get0_ext - Expose constants used by SSL_CTX_set_client_hello_cb related functions. - AD_ prefixed constants naming TLS alert codes for returning from a ClientHello callback or where alert types are used - CLIENT_HELLO_ERROR, CLIENT_HELLO_RETRY and CLIENT_HELLO_SUCCESS for returning from a ClientHello callback - TLSEXT_TYPE_ prefixed contants for naming TLS extension types - Expose functions for setting up TLS PSK on the server side. Only SSL_CIPHER_find is available with LibreSSL. - SSL_use_psk_identity_hint - SSL_CTX_use_psk_identity_hint - SSL_set_psk_server_callback - SSL_CTX_set_psk_server_callback - SSL_set_psk_find_session_callback - SSL_CTX_set_psk_find_session_callback - SSL_SESSION_set1_master_key - SSL_SESSION_set_cipher - SSL_SESSION_set_protocol_version - SSL_CIPHER_find - Expose NID_shake128, NID_shake256 and the rest of NID_sha* constants. - Expose functions for setting up TLS 1.3 PSK authentication on the client side. Only SSL_SESSION_get0_cipher is available with LibreSSL. - SSL_set_psk_use_session_callback - SSL_CTX_set_psk_use_session_callback - SSL_CIPHER_get_handshake_digest - SSL_SESSION_get0_cipher - EVP_MD_get0_description - EVP_MD_get0_name - EVP_MD_get_type - Major documentation cleanup. Thanks to John Jetmore. - Add constants for specifying version field for certificates, certificate requests and CRLs. Available in OpenSSL 3.0: - X509_VERSION_1, X509_VERSION_2 and X509_VERSION_3 - X509_REQ_VERSION_1, X509_REQ_VERSION_2 and X509_REQ_VERSION_3 - X509_CRL_VERSION_1 and X509_CRL_VERSION_2 - Remove conditional compilation checks from SSLeay.xs and compatilibty notes from SSLeay.pod for OpenSSL versions earlier than 0.9.8. This includes all 0.9.7 and earlier releases down to 0.9.3a. Update tests respectively. - Add OpenSSL 3.2 and LibreSSL 3.8 minor releases to GitHub CI testing. Update existing OpenSSL releases to 1.1.1w, 3.0.12 and 3.1.4. - Support compiling SSLeay.xs with a C++ compiler. Thanks to James E Keenan and GitHub user twata1 for suggesting this, testing and providing detailed test reports. Tested with GCC 13 g++, Clang 17 clang++ and Visual Studio Community 2022 C++ compilers. Discussion in GH-425 and GH-438. - Add constants for OPENSSL_init_crypto and related functions: - CONF_MFLAGS_DEFAULT_SECTION - CONF_MFLAGS_IGNORE_ERRORS - CONF_MFLAGS_IGNORE_MISSING_FILE - CONF_MFLAGS_IGNORE_RETURN_CODES - CONF_MFLAGS_NO_DSO - CONF_MFLAGS_SILENT - OPENSSL_INIT_ADD_ALL_CIPHERS - OPENSSL_INIT_ADD_ALL_DIGESTS - OPENSSL_INIT_ASYNC - OPENSSL_INIT_ATFORK - OPENSSL_INIT_ENGINE_AFALG - OPENSSL_INIT_ENGINE_CAPI - OPENSSL_INIT_ENGINE_CRYPTODEV - OPENSSL_INIT_ENGINE_DYNAMIC - OPENSSL_INIT_ENGINE_OPENSSL - OPENSSL_INIT_ENGINE_PADLOCK - OPENSSL_INIT_ENGINE_RDRAND - OPENSSL_INIT_LOAD_CONFIG - OPENSSL_INIT_LOAD_CRYPTO_STRINGS - OPENSSL_INIT_LOAD_SSL_STRINGS - OPENSSL_INIT_NO_ADD_ALL_CIPHERS - OPENSSL_INIT_NO_ADD_ALL_DIGESTS - OPENSSL_INIT_NO_ATEXIT - OPENSSL_INIT_NO_LOAD_CONFIG - OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS - OPENSSL_INIT_NO_LOAD_SSL_STRINGS - Expose functions for OpenSSL libcrypto and libssl initialisation, configuration and deinitialisation. These are available in OpenSSL 1.1.0 and later: - OPENSSL_init_ssl and OPENSSL_init_crypto - OPENSSL_cleanup, also in LibreSSL 3.6.0 - OPENSSL_INIT_new and OPENSSL_INIT_free - OPENSSL_INIT_set_config_filename - OPENSSL_INIT_set_config_appname - OPENSSL_INIT_set_config_file_flags - Add new test file 23_openssl_init.t for OPENSSL_init_ssl and related functions. - Support finding OpenSSL libraries using ExtUtils::PkgConfig. Thanks to Paul Howarth for the patch. - Fix a number of cases where variables were declared after code triggering Gcc and Clang warning -Wdeclaration-after-statement. This is supported by C language version C99 and used by Perl 5.35.5 and later. SSLeay.xs is likely compiled with compilers that do not support this, therefore such constructs are avoided in SSLeay.xs. Thanks to GitHub user bulk88 for the patch. - Fix _CRT_SECURE_NO_DEPRECATE warning on Windows. Fix OpenSSL library file path detection loop in Makefile.PL. Both thanks to bulk88. - Update Shining Light OpenSSL detection to work with OpenSSL 1.1.1w, 3.0.12, 3.1.4 and 3.2.0 installers. Caveats: when both 32bit and 64bit versions are installed, OpenSSL library path detection may pick the wrong version. Static compilation needs seems not to work with the these versions. Thanks to bulk88 for the initial updates. - Tone down Makefile.PL and README warning against mixing compilers and flags when compiling OpenSSL, Perl and Net::SSLeay. This may still be a requirement on some platforms, but, for example, with Linux and macOS mixing clang and gcc appears to work. - Add general installation instructions in README. Thanks to GitHub user viviparous. Update README and README.OSX. 1.93_02 2023-02-22 - Update ppport.h to version 3.68. This eliminates thousands of compound-token-split-by-macro compiler warnings when building Net-SSLeay with Clang 12 or greater. Partially fixes GH-383. - Silence compound-token-split-by-macro warnings when building Net-SSLeay with Clang 12 or greater. Fixes the remainder of GH-383. - When building Net-SSLeay, search for the openssl binary in the same directory in which Perl is installed (i.e. $Config{prefix}/bin/). Thanks to Henrik Grimler for the patch. - Expose EVP_PKEY_security_bits. Thanks to Felipe Gasper. - Major update to Gihub Actions configuration. Thanks to Felipe Gasper. New testing targets are: - OpenSSL and LibreSSL on Alpine Linux on i386, x390x, arm32v6, ar32v7 and arm64v8 architectures. - OpenSSL and LibreSSL on Ubuntu on i386, x390x, ar32v7 and arm64v8 architectures. - OpenSSL on FreeBSD 13.0, not enabled yet because of GH #272 and #394 - LibreSSL on FreeBSD 13.0 - LibreSSL on OpenBSD 6.9 - LibreSSL on OpenBSD 7.1 - Cygwin on x86_64 - Fix compilation failure using cl. Microsoft cl compiler do not like when preprocessor directives are inside a macro. Fixes GH-403. Thanks to Jean-Damien Durand. - Update CTX_use_PKCS12_file() and CTX_use_PKCS12_file() to use BIO functions for avoiding "no OPENSSL_Applink" runtime errors. Fixes GH-281 and RT#101638. Thanks to Jean-Damien Durand. - Add to README.Win32 more information about OPENSSL_Applink and how it may be needed with FILE pointers and POSIX/Unix fds. Recommended method is to avoid them and use OpenSSL BIO functions instead. Update SSLeay.pod with alternatives to Net::SSLeay::SESSION_print_fp(). Closes GH-411. - Refactor variable declarations in RSA_generate_key to allow SSLeay.xs to compile under -Werror=declaration-after-statement. Fixes GH-407. Thanks to dharanlinux for the report. - Fix memory leaks after calls to X509_get_ext_d2i. Thanks to Anton Borowka. - Documentation fix: Correct CRL revocation reasons in P_X509_CRL_add_revoked_serial_hex(). Closes GH-397. Reported by Marc Reisner. - Support stable releases of LibreSSL 3.5 and 3.6. - Update callback set by SSL_set_session_secret_cb to adjust master secret's length. This is needed with OpenSSL 1.1.1 and later that provide buffer that is now longer than 48 octets. Fix Net::SSLeay::get_keyblock_size() size calculation with AEAD ciphers. These functions were originally added to OpenSSL and Net::SSLeay for EAP-FAST. These changes allow EAP-FAST to work with AEAD ciphers and with OpenSSL versions 1.1.1 and later. - Remove code guarded by obsolete SSL_F_SSL_SET_HELLO_EXTENSION #ifdef. This was used by the initial EAP-FAST related OpenSSL patch which was never part of the OpenSSL distribution. - PEM_get_string_PrivateKey() currently uses DES-CBC as its default encryption algorithm. Test 33_x509_create_cert.t now skips testing the default algorithm on systems that support providers but don't have the legacy provider available. One such system is FreeBSD 13.0 with OpenSSL which was added as disabled in GitHub actions by PR GH-402 but can now be enabled. Long term fix is to replace DES-CBC with a modern cipher. Allows closing GH-394. 1.93_01 2022-03-20 - LibreSSL 3.5.0 has removed access to internal data structures: Use X509_get0_tbs_sigalg() and OCSP_SINGLERESP_get0_id() like in OpenSSL 1.1. Also use RSA_get0... with RSA_get_key_parameters(). Thanks to Alexander Bluhm. - Expose SSL_CTX_get_min_proto_version(), SSL_CTX_get_max_proto_version(), SSL_get_min_proto_version() and SSL_get_max_proto_version() with LibresSSL 3.4.0 and later. Thanks to Alexander Bluhm. - Update tests 07_sslecho.t and 44_sess.t to work around failures seen on Windows with Perls earlier than 5.20. For the details, see GH-356 and look for CloseHandle() in Perl 5.20.0 changelog. Thanks to GitHub user twata1 for the report and additional help. - Alexander's recent work with RSA_get_key_parameters(), allows to make it available with all OpenSSL versions. It was already available with versions earlier than 1.1.0. - Expose BN_dup(), BN_clear(), BN_clear_free() and BN_free(). - Use PTR2IV instead of direct cast to IV to fix compilation warning with SSLeay.xs internal function bn2sv(). - Expose X509_CRL_get0_lastUpdate(), X509_CRL_get0_nextUpdate(), X509_CRL_set1_lastUpdate() and X509_CRL_set1_nextUpdate() that became available with OpenSSL 1.1.0 and LibreSSL 2.7.0. These, and the respective deprecated _get/set_ aliases, are available with all OpenSSL and LibreSSL versions. Fixes part of RT#124371. - Note in documentation that the X509_CRL_get* functions return a pointer to time structure that should be considered read-only. - Use ASN1_STRING_get0_data() instead of ASN1_STRING_data() to avoid compile time deprecation warnings. Partly fixes RT#124371. - Add the following constants from Current OpenSSL master branch: - SSL_ASYNC_PAUSED - SSL_ASYNC_NO_JOBS - SSL_CLIENT_HELLO_CB - SSL_ERROR_WANT_ASYNC - SSL_ERROR_WANT_ASYNC_JOB - SSL_ERROR_WANT_CLIENT_HELLO_CB - SSL_ERROR_WANT_RETRY_VERIFY - SSL_MODE_ASYNC - SSL_MODE_NO_AUTO_CHAIN - SSL_OP_ALLOW_CLIENT_RENEGOTIATION - SSL_OP_CLEANSE_PLAINTEXT - SSL_OP_DISABLE_TLSEXT_CA_NAMES - SSL_OP_ENABLE_KTLS - SSL_OP_IGNORE_UNEXPECTED_EOF - SSL_OP_NO_EXTENDED_MASTER_SECRET - SSL_RETRY_VERIFY - SSL_SESS_CACHE_UPDATE_TIME - X509_TRUST_DEFAULT - X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL - X509_V_ERR_CA_BCONS_NOT_CRITICAL - X509_V_ERR_CA_CERT_MISSING_KEY_USAGE - X509_V_ERR_EC_KEY_EXPLICIT_PARAMS - X509_V_ERR_EMPTY_SUBJECT_ALT_NAME - X509_V_ERR_EMPTY_SUBJECT_SAN_NOT_CRITICAL - X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3 - X509_V_ERR_ISSUER_NAME_EMPTY - X509_V_ERR_KU_KEY_CERT_SIGN_INVALID_FOR_NON_CA - X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER - X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER - X509_V_ERR_NO_ISSUER_PUBLIC_KEY - X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA - X509_V_ERR_PATHLEN_WITHOUT_KU_KEY_CERT_SIGN - X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY - X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH - X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL - X509_V_ERR_SUBJECT_NAME_EMPTY - X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM - Expose X509_get0_notBefore(), X509_getm_notBefore() X509_get0_nextAfter() and X509_getm_nextAfter() that became available with OpenSSL 1.1.0 and LibreSSL 2.7.0. These, and the deprecated _get functions, are available, as aliases when needed, with all OpenSSL and LibreSSL versions. Fixes GH-367. - Only export the TLSv1*_method() functions when support for the respective TLS version is available in the underlying libssl library. This allows Net::SSLeay to be built against libssl libraries that were compiled without support for old TLS versions. ------------------------------------------------------------------- Thu Dec 14 13:47:04 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com> - Use constants X509_VERSION_3 and X509_REQ_VERSION_1 when available (#GH-449) * Add Use-constants-X509_VERSION_3-and-X509_REQ_VERSION_1-when-available.patch ------------------------------------------------------------------- Fri Jan 14 03:07:28 UTC 2022 - Tina Müller <timueller+perl@suse.de> - updated to 1.92 see /usr/share/doc/packages/perl-Net-SSLeay/Changes 1.92 2022-01-12 - New stable release incorporating all changes from developer releases 1.91_01 to 1.91_03. - Summary of major changes since version 1.90: - Net::SSLeay now supports stable releases of OpenSSL 3.0. - OpenSSL 3.0.0 introduces the concept of "providers", which contain cryptographic algorithm implementations. Many outdated, deprecated and/or insecure algorithms have been moved to the "legacy" provider, which may need to be loaded explicitly in order to use them with Net::SSLeay. See "Low level API: OSSL_LIB_CTX and OSSL_PROVIDER related functions" in the Net::SSLeay module documentation for details. - Net::SSLeay's built-in PEM_get_string_PrivateKey() function depends on algorithms that have moved to the legacy provider described above; if OpenSSL has been compiled without the legacy provider, the tests t/local/33_x509_create_cert.t and t/local/63_ec_key_generate_key.t will fail when the test suite is run. - TLS 1.1 and below may only be used at security level 0 as of OpenSSL 3.0.0; if a minimum required security level is imposed (e.g. in an OpenSSL configuration file managed by the operating system), the tests t/local/44_sess.t and t/local/45_exporter.t will fail when the test suite is run. - Net::SSLeay now supports stable releases of LibreSSL from the 3.2 - 3.4 series (with the exception of 3.2.2 and 3.2.3 - see "COMPATIBILITY" in the Net::SSLeay module documentation for details). - The TLS 1.3 implementation in LibreSSL 3.1 - 3.3, parts of which are enabled by default, is not fully compatible with the libssl API and may not function as expected with Net::SSLeay; see "KNOWN BUGS AND CAVEATS" in the Net::SSLeay module documentation for details. - A number of new libcrypto/libssl constants and functions are now exposed, including SSL_CTX_set_keylog_callback() and SSL_CTX_set_msg_callback(), which are helpful when debugging TLS handshakes. See the release notes for the 1.91 developer releases below for a full list of newly-exposed constants and functions. 1.91_03 2022-01-10 - Avoid misclassifying Clang as GCC in Test::Net::SSLeay's can_thread() function. This fixes test failures in 61_threads-cb-crash.t and 62_threads-ctx_new-deadlock.t on OpenBSD and FreeBSD (and possibly other OSes too). Fixes GH-350. - Add the following constants for OpenSSL_version(): - OPENSSL_CPU_INFO - OPENSSL_FULL_VERSION_STRING - OPENSSL_MODULES_DIR - OPENSSL_VERSION_STRING These constants are new in OpenSSL 3.0.0 release. - Update test 03_use.t to print information returned by the new constants. - Add more information to 03_use.t print output, including printing OPENSSL_VERSION_NUMBER as a 32bit hex number. - Add the following constants for OPENSSL_info() added in OpenSSL 3.0.0. - OPENSSL_INFO_CONFIG_DIR - OPENSSL_INFO_CPU_SETTINGS - OPENSSL_INFO_DIR_FILENAME_SEPARATOR - OPENSSL_INFO_DSO_EXTENSION - OPENSSL_INFO_ENGINES_DIR - OPENSSL_INFO_LIST_SEPARATOR - OPENSSL_INFO_MODULES_DIR - OPENSSL_INFO_SEED_SOURCE - Expose OPENSSL_info(), OPENSSL_version_major(), OPENSSL_version_minor(), OPENSSL_version_patch(), OPENSSL_version_pre_release() and OPENSSL_version_build_metadata() added in OpenSSL 3.0.0. Update 03_use.t diagnostics and 04_basic.t tests to use these functions. - Clarify documentation of OpenSSL_version_num(), SSLeay(), SSLeay_version() and OpenSSL_version(). - Add notes to OpenSSL_version_num() and SSLeay() on how to determine if the library is OpenSSL or LibreSSL and how to interpret the version number these functions return. - Add constants OPENSSL_VERSION_MAJOR, OPENSSL_VERSION_MINOR and OPENSSL_VERSION_PATCH. Update OPENSSL_version_major/minor/patch documentation to describe how these library functions relate to Net-SSLeay compile time constants. Add tests to verify the constants and functions return equal values. 1.91_02 2021-12-29 - On OpenVMS, detect vendor SSL111 product based on OpenSSL 1.1.x. - Cast the return value of OCSP_SINGLERESP_get0_id to fix a const/non-const mismatch warning that broke the build on OpenVMS. - Create SSL_CTXs with Test::Net::SSLeay's new_ctx() function for tests that are broken with LibreSSL 3.2. Partially fixes GH-232. - In 36_verify.t, account for the presence of the X509_V_FLAG_LEGACY_VERIFY flag (signalling the use of the legacy X.509 verifier) in LibreSSL 3.2 versions from 3.2.4 onwards. Fixes the remainder of GH-232. - Note in the Net::SSLeay documentation that the TLS 1.3 implementation in LibreSSL 3.1 - 3.3, parts of which are enabled by default, is not libssl-compatible. See the "KNOWN BUGS AND CAVEATS" section of lib/Net/SSLeay.pod for details. - Add constants for, but not limited to, SSL_CTX_set_msg_callback and SSL_set_msg_callback functions: SSL3_RT_* for record content types, SSL3_MT_* for Handshake and ChangeCipherSpec message types, SSL2_VERSION to complement the list of existing SSL and TLS version constants and SSL2_MT_* for SSLv2 Handshake messages. - Expose SSL_CTX_set_keylog_callback and SSL_CTX_get_keylog_callback available with OpenSSL 1.1.1pre1 and later. - Enhance 10_rand.t RAND_file_name tests: tests are no longer affected by the runtime environment variables, HOME and RANDFILE. These variables are insted controlled by the tests with local %ENV. Problems related to RAND_file_name were discussed in Github issue GH-152, and there might still be cases when, for example, setuid is used because of OpenSSL's use of glibc secure_getenv() and related functions. Address RAND_file_name differences between OpenSSL versions. Note in SSLeay.pod that RAND_file_name() can return undef with LibreSSL and recent OpenSSL versions. - Removed the following exportable symbols from SSLeay.pm: - SESSION, clear_error and err have never been defined. - add_session, flush_sessions and remove_session were removed in Net::SSLeay 1.04 - Undocumented X509_STORE_CTX_set_flags() was removed in Net::SSLeay 1.37 when X509_VERIFY_PARAM_* functions were added. These are preferred over directly setting the flags. - Clarified Changes entry for release 1.75 to state that CTX_v2_new is not removed from Net::SSLeay. SSLv2 is completely removed in OpenSSL 1.1.0. - Beginning with OpenSSL 3.0.0-alpha17, SSL_CTX_get_options() and related functions return uint64_t instead of long. For this reason constant() in constant.c and Net::SSLeay must also be able to return 64bit constants. Add uint64_t definitions to typemap file and update constant() and options functions to use uint64_t with OpenSSL 3.0.0 and later when Perl is compiled with 64bit integers. With 32bit integers, the functions remain as they are: constant() functions return double and options functions return long. This partially fixes GH-315, 32bit integer Perls need to be handled separately. - Work around macOS Monterey build failure during 'perl Makefile.PL' that causes perl to exit with 'WARNING: .../perl is loading libcrypto in an unsafe way' or similar message. This fixes GH-329. Thanks to Daniel J. Luke for the report and John Napiorkowski for additional help. 1.91_01 2021-10-24 - Correct X509_STORE_CTX_init() return value to integer. Previous versions of Net::SSLeay return nothing. - Update tests to call close() to avoid problems seen with test 44_sess.t, and possibly other tests, running on older Windows Perl versions. Also add some missing calls in tests to shutdown and free ssl structures. - Fix multiple formatting errors in the documentation for Net::SSLeay. Thanks to John Jetmore. - Check for presence of libssl headers in Makefile.PL, and exit with an error instead of generating an invalid Makefile if they cannot be found. Fixes RT#105189. Thanks to James E Keenan for the report. - Added support for SSL_CTX_set_msg_callback/SSL_set_msg_callback Thanks to Tim Aerts. - Adjust time in ASN1_TIME_timet based on current offset to GMT to address GH-148. Thanks to Steffen Ullrich. - Multiple updates to tests to match OpenSSL 3.0 behaviour. Thanks to Michal Josef Špaček. - OpenSSL 3.0 related changes in tests include: - TLSv1 and TLSv1.1 require security level 0 starting with 3.0 alpha 5. - SSL_CTX_set_ciphersuites() and SSL_set_ciphersuites() ignore unknown ciphersuites starting with 3.0 alpha 11. - Error code and error string packing and formatting changes. - PEM_get_string_PrivateKey default algorithm requires legacy provider. - See OpenSSL manual page migration_guide(7) for more information about changes in OpenSSL 3.0. - Automatically detect OpenSSL installed via Homebrew on ARM-based macOS systems. Thanks to Graham Knop for the patch. - Account for the divergence in TLSv1.3 ciphersuite names between OpenSSL and LibreSSL, which was causing failures of some TLSv1.3 tests with LibreSSL. - In 36_verify.t, account for the presence of the X509_V_FLAG_LEGACY_VERIFY flag (signalling the use of the legacy X.509 verifier) in LibreSSL 3.3.2 and above. - In 43_misc_functions.t, account for the fact that LibreSSL 3.2.0 and above implement TLSv1.3 without exposing a TLS1_3_VERSION constant. - Expose OpenSSL 3.0 functions OSSL_LIB_CTX_get0_global_default, OSSL_PROVIDER_load, OSSL_PROVIDER_try_load, OSSL_PROVIDER_unload, OSSL_PROVIDER_available, OSSL_PROVIDER_do_all OSSL_PROVIDER_get0_name and OSSL_PROVIDER_self_test. Add test files 22_provider.t, 22_provider_try_load.t and 22_provider_try_load_zero_retain.t. - With OpenSSL 3.0 and later, the legacy provider is loaded in 33_x509_create_cert.t to allow PEM_get_string_PrivateKey to continue working until its default encryption method is updated. Fixes GH-272 and closes GH-273. - Remove the test suite's optional dependency on the non-core modules Test::Exception, Test::NoWarnings and Test::Warn. Tests that verify Net::SSLeay's behaviour when errors occur are now executed regardless of the availability of these modules. - Fully automate the process of changing the list of constants exported by Net::SSLeay. Fixes GH-313. - Perform function autoloading tests in the test suite. Fixes GH-311. - In 36_verify.t, account for the fact that the X509_V_FLAG_LEGACY_VERIFY flag (signalling the use of the legacy X.509 verifier) is no longer exposed as of LibreSSL 3.4.1. Fixes GH-324. ------------------------------------------------------------------- Thu Jan 13 10:00:15 UTC 2022 - Tina Müller <tina.mueller@suse.com> - Fix cpanspec.yml ------------------------------------------------------------------- Tue Jun 29 11:07:37 UTC 2021 - Pedro Monreal <pmonreal@suse.com> - Fix cpanspec.yml preamble section. ------------------------------------------------------------------- Tue Jun 22 12:31:18 UTC 2021 - Pedro Monreal <pmonreal@suse.com> - Fix autoupdate build: * Add required build and test dependencies * Update spec file and add cpanspec.yml ------------------------------------------------------------------- Wed Jan 27 08:02:17 UTC 2021 - Dirk Müller <dmueller@suse.com> - update to 1.90: - New stable release incorporating all changes from developer releases 1.89_01 to 1.89_05. - Summary of major changes since version 1.88: - Formalised libssl version support policy: all stable versions of OpenSSL in the 0.9.8 - 1.1.1 branches (with the exception of 0.9.8 - 0.9.8b) and all stable releases of LibreSSL in the 2.0 - 3.1 series are supported. The LibreSSL 3.2 series is not yet fully supported because its TLSv1.3 implementation is not currently libssl-compatible. - Added support for LibreSSL on Windows when built with Visual C++. - Exposed P_X509_CRL_add_extensions, several SSL_CIPHER functions, and several stack functions. - Fixed crashes in the callback functions CTX_set_next_proto_select_cb and CTX_set_alpn_select_cb. - The test suite is now compatible with OpenSSL 1.1.1e onwards, as well as OpenSSL security level 2 (the default on many Linux distributions). ------------------------------------------------------------------- Mon May 27 11:29:57 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> - Update to 1.88 1.88 2019-05-10 - New stable release incorporating all changes from developer releases 1.86_01 to 1.86_11. - From this release, Net-SSLeay is switching to an "odd/even" developer/stable release version numbering system, like that of many core modules (e.g. ExtUtils::MakeMaker): developer releases will have an odd minor version number (and the usual "_xx" suffix), and stable releases will have an even minor version number. This means there is no Net-SSLeay 1.87. - Summary of major changes since version 1.85: - Mike McCauley has stepped down as maintainer. The new maintainers are Chris Novakovic, Heikki Vatiainen and Tuure Vartiainen. - The source code has moved from the now-defunct Debian Subversion server (alioth.debian.org) to GitHub (https://github.com/radiator-software/p5-net-ssleay). - Net-SSLeay is provided under the terms of the Artistic License 2.0 - this has been the case since version 1.66, but references to other licenses remained in the source code, causing ambiguity. - Perl 5.8.1 or newer is now required to use Net-SSLeay. This has already been the case for some time in practice, as the test suite hasn't fully passed on Perl 5.6 for several years. - Much-improved compatibility with OpenSSL 1.1.1, and improved support for TLS 1.3. - Fixed a long-standing bug in cb_data_advanced_put() that caused memory leaks when callbacks were frequently added and removed. - Support in the test suite for "hardened" OpenSSL configurations that set a default security level of 2 or higher (e.g., in the OpenSSL packages that ship with recent versions of Debian, Fedora and Ubuntu). 1.86_11 2019-05-08 - Clarified Net-SSLeay's licensing terms: the module distribution has been released under the terms of the Artistic License 2.0 since version 1.66; references to other licenses have been removed. Fixes RT#106314. Thanks to Kent Fredric for pointing out the ambiguity. - Replace the HTTPS hosts in the external tests (some of which were no longer online) with more resilient ones. Closes issue #26. 1.86_10 2019-05-04 - Use locally-generated certificate chain in local tests rather than the Twitter one, which changes regularly and breaks the test suite unnecessarily. Fixes RT#129201. Thanks to Petr Písař for the report and patch, and Steffen Ullrich for an alternative patch suggestion. - In t/local/09_ctx_new.t, rather than checking that the functions (CTX_)get_min_proto_version and (CTX_)get_max_proto_version return 0x0000 (indicating the lowest and highest versions supported by libssl respectively, which is not the case if a run-time configuration is enforcing a different minimum or maximum), just check whether the returned value is one of those mentioned on the SSL_CTX_set_min_proto_version(3) man page. Partially fixes RT#128025. Thanks to Slaven Rezić and Dmytro Zagashev for the downstream reports. - Move from 1024-bit keys/certificates to 2048-bit keys/certificates across the entire test suite. This removes the need to manually set the security level to 1 in tests that used the old keys, and fixes large numbers of test failures on modern Linux distributions that set the minimum OpenSSL security level to 2. Fixes RT#126270 and the remainder of RT#128025. Thanks to Petr Písař and Slaven Rezić for the downstream reports. - In t/local/06_tcpecho.t and t/local/07_sslecho.t, connect to 127.0.0.1 instead of localhost. This fixes these tests when executed inside a network sandbox that disrupts the behaviour of gethostbyname(). Fixes RT#128207. Thanks to Kent Fredric for the downstream report. 1.86_09 2019-03-12 - Add missing files to MANIFEST that prevented tests from passing when installing from the 1.86_08 release tarball. 1.86_08 2019-03-12 - Add and fix functions needed to properly implement client side session reuse for TLS 1.3 with using CTX_sess_set_new_cb. Newly exposed functions: SSL_SESSION_dup and SSL_SESSION_up_ref. Fixed functions: i2d_SSL_SESSION and d2i_SSL_SESSION. Thanks to Steffen Ullrich. - Add functions functions to allow reading multiple pems from file and creating untrusted chain: These functions allow you to: - Read in a PEM file with multiple certificates as a STACK_OF(X509_INFO) - Determine the size of the STACK_OF(X509_INFO) and value at an index, which allows you to loop over the stack. - Retrieve the X509 structure from each X509_INFO structure in the stack. Then you can create a new STACK_OF(X509) and push the X509 structures onto the new stack. You can then pass this STACK_OF(X509) to X509_STORE_CTX_init which will allow you to add additional untrusted certificates to the chain for verification. Exposed functions are: PEM_X509_INFO_read_bio sk_X509_INFO_num sk_X509_INFO_value sk_X509_INFO_free sk_X509_new_null sk_X509_free sk_X509_push New function implemented by Net::SSLeay: P_X509_INFO_get_x509 Thanks to Marc Reisner. - Add functions and constants that are necessary to verify a certificate using a hash directory outside of an SSL/TLS connection. Newly exposed functions: X509_STORE_CTX_init X509_STORE_CTX_free X509_STORE_new X509_STORE_free X509_STORE_add_lookup X509_LOOKUP_hash_dir X509_LOOKUP_add_dir Newly exposed constants: X509_FILETYPE_ASN1 X509_FILETYPE_DEFAULT X509_FILETYPE_PEM Thanks to Marc Reisner. - Declare n_a in ssleay_set_psk_client_callback_invoke and ssleay_ctx_set_psk_client_callback_invoke to avoid a compilation error with Perl versions below 5.8.8. Fixes RT#128030. Thanks to Graham Ollis for the report. - Add X509_get0_serialNumber. Thanks to Marc Reisner. - Enable Travis CI for LibreSSL 2.2.1, 2.7.5, 2.8.3 and 2.9.0 on Perl 5.20 and more recent. - Expose the following functions for curve and group selection: - CTX_set_ecdh_auto, set_ecdh_auto - CTX_set1_curves_list, set1_curves_list - CTX_set1_groups_list, set1_groups_list Thanks to Steffen Ullrich. ------------------------------------------------------------------- Tue Mar 5 14:04:18 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> - Update to 1.86_07 1.86_07 2018-12-13 - Net::SSLeay::RSA_generate_key() now prefers using RSA_generate_key_ex. This avois deprecated RSA_generate_key and allows removing the only Android specific code in SSLeay.xs. Fixes RT#127593. Thanks to Rouven Weiler. - SSL_CTX_get0_param, SSL_CTX_get0_param, X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host, X509_VERIFY_PARAM_set_hostflags, X509_VERIFY_PARAM_get0_peername, X509_VERIFY_PARAM_set1_email, X509_VERIFY_PARAM_set1_ip and X509_VERIFY_PARAM_set1_ip_asc added in 1.83 for OpenSSL 1.0.2 and later are now available with LibreSSL 2.7.0 and later. - get_keyblock_size() now gets the MAC secret size from the cipher on LibreSSL 2.7.0 and later, rather than reaching into libssl internals. This effectively takes the OpenSSL 1.1 code path for LibreSSL 2.7.0 instead of the OpenSSL 1.0 code path. Thanks to Alexander Bluhm. - get_client_random and get_server_random now use API functions supported by LibreSSL 2.7.0 and later. Thanks to Alexander Bluhm. - Add X509_check_host(), X509_check_email(), X509_check_ip(), and X509_check_ip_asc() for LibreSSL 2.5.0 and later. Thanks to Alexander Bluhm. - OpenSSL_version() and OpenSSL_version_num() are available with LibreSSL 2.7.0 and later. Thanks to Alexander Bluhm. - Use OPENSSL_cleanse() instead of memset(). Fixes RT#116599. Thanks to A. Sinan Unur. 1.86_06 2018-09-29 - Net::SSLeay::read() and SSL_peek() now check SSL_get_error() for SSL_ERROR_ZERO_RETURN for return values <= 0 to make Net::SSLeay::read() behave more like underlying OpenSSL function SSL_read(). Convenience function ssl_read_all() now does an automatic retry when ERROR_WANT_READ or ERROR_WANT_WRITE is returned with Net::SSLeay::read(). Convenience function ssl_read_until() now uses Net::SSLeay::ssl_read_all() instead of Net::SSLeay::read(). Tests 07_sslecho.t and 36_verify.t were also updated to use ssl_read_all() and ssl_write_all(). The tests now also disable TLSv1.3 session tickets and ignore SIGPIPE to avoid this signal when the client has finished before server has sent session tickets and called Net::SSLeay::accept(). Thanks to Petr Pisar and Sebastian Andrzej Siewior for the patches (in #RT125218). - Fix a memory leak in cb_data_advanced_put. Fixes RT#127131. Noticed, investigated and patched by Paul Evans. Thanks! - Enable OpenSSL 1.1.1-pre9 with Travis CI. - Add SSL_CTX_set_num_tickets, SSL_CTX_get_num_tickets, SSL_set_num_ticket and SSL_get_num_tickets for controlling the number of TLSv1.3 session tickets that are issued. Add tests in 44_sess.t. Parts taken from a larger patch by Petr Pisar of RedHat. - Add SSL_CTX_set_ciphersuites and SSL_set_ciphersuites for configuring the available TLSv1.3 ciphersuites. Add tests in 43_misc_functions.t and clarify SSL_client_version tests. - Add SSL_CTX_set_security_level, SSL_CTX_get_security_level, SSL_set_security_level and SSL_get_security_level. Add new test file 65_security_level.t. All courtesy of Damyan Ivanov of Debian project. - Fix export_keying_material return value check and context handling. SSL_export_keying_material use_context is now correctly set to non-zero value when context is an empty string. This affects values exported with TLSv1.2 and earlier. Update documentation in NetSSLeay.pod and add tests in t/local/45_export.t. - Add RAND_priv_bytes. Add new test file t/local/10_rand.t for RAND_bytes, RAND_pseudo_bytes, RAND_priv_bytes, RAND_status, RAND_poll, RAND_file_name and RAND_load_file. - Update documentation for RAND_*bytes return values and RAND_file_name behaviour with LibreSSL. - Add SSL_SESSION_is_resumable. Add and update tests in 44_sess.t. - Set OpenSSL security level to 1 in tests that use the test suite's (1024-bit) RSA keys, which allows the test suite to pass when Net-SSLeay is built against an OpenSSL with a higher default security level. Fixes RT#126987. Thanks to Petr Pisar (in RT#126270) and Damyan Ivanov (in RT#126987) for the reports and patches, and to Damyan Ivanov for the preferred patch. - Add SSL_CTX_sess_set_new_cb and SSL_CTX_sess_set_remove_cb. Add new test file 44_sess.t for these and future session related tests for which no specific test file is needed. - Add SSL_get_version, SSL_client_version and SSL_is_dtls. - Add SSL_peek_ex, SSL_read_ex, SSL_write_ex and SSL_has_pending. Add tests in t/local/11_read.t - Add SSL_CTX_set_post_handshake_auth contributed by Paul Howarth. Add SSL_set_post_handshake_auth, SSL_verify_client_post_handshake and constant SSL_VERIFY_POST_HANDSHAKE. - Applied a patch to set_cert_and_key() from Damyan Ivanov, Debian Perl Group. This function now returns errors from library's error stack only when an underlying routine fails. Unrelated errors are now skipped. Fixes RT#126988. - Add support for TLSv1.3 via $Net::SSLeay::ssl_version. - Enhance t/local/43_misc_functions.t get_keyblock_size test to work better with AEAD ciphers. - Add constants SSL_OP_ENABLE_MIDDLEBOX_COMPAT and SSL_OP_NO_ANTI_REPLAY for TLSv1.3 - Fix compile time DEFINE=-DSHOW_XS_DEBUG to work with non-threaded Perls. Fixes RT#127027. Thanks to SREZIC for the report. Also fix other minor compile warnings. 1.86_05 2018-08-22 - Net-SSLeay now requires at least Perl 5.8.1. This is a formalisation of what has been the de facto case for some time, as the distribution hasn't compiled and passed its tests on Perl 5.005 for several years. - Increment Net::SSLeay::Handle's version number to keep it in sync with Net::SSLeay's, thus satisfying Kwalitee's consistent_version metric. - Re-enable the d2i_X509_bio() test in t/local/33_x509_create_cert.t for LibreSSL. Thanks to Alexander Bluhm. - Automatically detect new library names on Windows for OpenSSL 1.1.0 onwards (libcrypto, libssl). Fixes part of RT#121084. Thanks to Jean-Damien Durand. - Fix a typo preventing OpenSSL libraries built with the VC compiler (i.e. ones with a ".lib" suffix) from being automatically detected on Windows. Fixes part of RT#121084. Thanks to Jean-Damien Durand. - Add missing call to va_end() following va_start() in TRACE(). Fixes RT#126028. Thanks to Jitka Plesnikova. - Added SSL_in_init() and the related functions for all libraries and their versions. All return 0 or 1 as documented by OpenSSL 1.1.1. Use of these functions is recommended over using constants returned by get_state() and state(). New constants TLS_ST_*, used by OpenSSL 1.1.0 and later, will not be made available by Net::SSLeay. 1.86_04 2018-07-30 - Re-add SSLv3_method() for OpenSSL 1.0.2 and above. Fixes RT#101484. - Don't expose ENGINE-related functions when building against OpenSSL builds without ENGINE support. Fixes RT#121538. Thanks to Paul Green. - Automatically detect OpenSSL 1.0.x on VMS, and update VMS installation instructions to reflect removal of Module::Install from the build system. Fixes RT#124388. Thanks to Craig A. Berry. - Prevent memory leak in OCSP_cert2ids() and OCSP_response_verify(). Fixes RT#125273. Thanks to Steffen Ullrich. 1.86_03 2018-07-19 - Convert packaging to ExtUtils::MakeMaker. Thanks to mohawk2. - Module::Install is no longer a prerequisite when building from the reposistory. - Re-apply patch from ETJ permitting configure and build in places with a space in the name. 1.86_02 2018-07-06 - Removed inc/ from repository. Module::Install is now a prerequisite when building from the repository. This allowed also removing "." from Makefile.PL lib path which was added in version 1.81. These updates require no changes when building from release packages. They also help AppVeyor builds to work better with old Perls. - Added CONTRIBUTING.md, reformatted the previous Changes entry to use CPAN::Changes::Spec guidelines and removed unused version control tags from comments. 1.86_01 2018-07-04 [Version control system change] - Chris Novakovic did a full conversion from the old Debian hosted SVN repository to git. - Fixes to commit metadata, branches and tags that git-svn couldn't handle or had no way of handling, were done manually or semi-automatically afterwards. For instance, the "git-svn-id:" lines that git-svn appends to commit messages were kept because Mike used SVN revision numbers in RT replies to indicate when bugs had been fixed/patches applied (which may be useful for future reference). - All commits were replayed onto a single master branch rather than having separate dead-end branches for the old SVN version tags (as this seems more "git-like"). - New lightweight tags were created for each public release going back as far as the start of the SVN repository using data from MetaCPAN (cross-referencing with the changelog when it wasn't clear when a release was cut from the SVN repo). - Florian's and Mike's email addresses were mapped to git author/committer IDs [Continuous integration] - Travis CI configuration was added for automated testing on Linux using 64 bit Ubuntu Trusty. Build matrix dimensions are: Perl 5.8 - 5.26 x OpenSSL 0.9.8zh - 1.1.0h. Only the currently latest version for each major Perl and OpenSSL release is chosen. - AppVeyor configuration was added for automated testing on Windows. Build matrix dimensions are: Perl 5.8 - 5.26 x 32bit and 64bit Perl environment x Windows Server 2012R2 and Windows Server 2016. The Perl environment is Strawberry Perl and its OpenSSL is used with builds. Only the latest major versions are used, similarly to Travis CI. Net-SSLeay PPM and PPD files are made available as artifacts. - Added README.md with link to master branch build and test status. Did minor updates to README and other misc files. [Release packaging] - Files t/local/43_misc_functions.t and t/local/65_ticket_sharing_2.t were missing from MANIFEST. - Updated inc/ directory with Module::Install 1.19. Updated Makefile.PL author and resource information. Synced SSLeay.pm under ext/ with the latest changes under inc/. Reordered use imports so that META.yml gets correctly regenerated. More Module::Install related changes will follow. [Repository amd maintainer change] - Net::SSLeay functionality was not changed in this release. Work was done to switch version contorol systems, add automated testing, update module packaging and change the primary maintainer. This coincided with the decommission of previous code repository service on alioth.debian.org. - The module is now primarily maintained by Tuure Vartiainen and Heikki Vatiainen of Radiator Software. The new repository location is https://github.com/radiator-software/p5-net-ssleay - Dropped patches merged upstream: * Net-SSLeay-1.85-Adapt-to-OpenSSL-1.1.1.patch * Net-SSLeay-1.85-Expose_SSL_CTX_set_post_handshake_auth.patch * Net-SSLeay-1.85-Avoid-SIGPIPE-in-t-local-36_verify.t.patch * Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-.patch * Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-from_write_partial.patch ------------------------------------------------------------------- Mon Jan 14 15:55:27 UTC 2019 - Vítězslav Čížek <vcizek@suse.com> - Expose SSL_CTX_set_post_handshake_auth * https://github.com/radiator-software/p5-net-ssleay/pull/68 - add Net-SSLeay-1.85-Expose_SSL_CTX_set_post_handshake_auth.patch - Fix build on SLE-12 * apparently %autopatch needs to be followed by an empty line there ------------------------------------------------------------------- Tue Sep 4 14:44:25 UTC 2018 - Vítězslav Čížek <vcizek@suse.com> - Add patches to support openssl 1.1.1 from Fedora * Net-SSLeay-1.85-Avoid-SIGPIPE-in-t-local-36_verify.t.patch * Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-.patch * Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-from_write_partial.patch * Net-SSLeay-1.85-Adapt-to-OpenSSL-1.1.1.patch ------------------------------------------------------------------- Mon Aug 27 09:35:57 UTC 2018 - tchvatal@suse.com - Version update to 1.85: * Removal of many deprecated calls from 1.1.x series ------------------------------------------------------------------- Mon Aug 27 09:31:53 UTC 2018 - tchvatal@suse.com - Add dependency over zlib-devel, previously added by openssl devel - Make sure all tests are run ------------------------------------------------------------------- Mon Aug 21 09:18:18 UTC 2017 - vcizek@suse.com - Fix license as requested by licensedigger in https://build.opensuse.org/request/show/501145 ------------------------------------------------------------------- Mon Jun 5 10:48:38 UTC 2017 - vcizek@suse.com - update to the latest upstream version 1.81 * introduces compatibility with openssl 1.1.x - drop net-ssleay-no-ofb.patch (not needed anymore) ------------------------------------------------------------------- Wed Jun 24 08:05:15 UTC 2015 - meissner@suse.com - net-ssleay-no-ofb.patch: disable the OFB cipher, not exported by our openssl 1.0.2 currently. ------------------------------------------------------------------- Tue Jun 23 09:33:48 UTC 2015 - zaitor@opensuse.org - Update to version 1.69: + Testing with OpenSSL 1.0.2, 1.0.2a. OK. + Completed LibreSSL compatibility. + Improved compatibility with OpenSSL 1.0.2a. + Added the X509_check_* functions introduced in OpenSSL 1.0.2. + Added support for X509_V_FLAG_TRUSTED_FIRST constant. Patch allows get_keyblock_size to work correctly with OpenSSL 1.0.1 and later versions. ------------------------------------------------------------------- Tue Apr 7 14:05:17 UTC 2015 - vcizek@suse.com - fix %description, it was accidently chopped ------------------------------------------------------------------- Fri Feb 6 13:13:05 UTC 2015 - coolo@suse.com - updated to 1.68 Fixed a problem on OSX when macports openssl 1.x is installed: headers from macport were found but older OSX openssl libraries were linked, resulting in "Symbol not found: _EVP_MD_do_all_sorted". Added notes about runtime error "no OPENSSL_Applink", when calling Net::SSLeay::P_PKCS12_load_file. 1.67 2015-01-17 Improvements to inc/Module/Install/PRIVATE/Net/SSLeay.pm to handle the case whe there are muliple OPENSSLs installed. Patch from HBRAND Fixed a documentation error in get_peer_cert_chain, reported by tejas. Fixed a problem with building on Windows that prevented correct OpenSSL directory detection with version 1.0.1j as delivered with Shining Light OpenSSL. Fixed a problem with building on Windows that prevented finding MT or MD versions of SSL libraries. Updated doc in README.Win32 to build with Microsoft Visual Studio 2010 Express. Added Windows crypt32 library to Windows linking as some compilers/platforms seem to require it and it is innocuous otherwise. For Steve Hay. Fixed a failure in t/external/20_cert_chain.t where some platforms do not have HTTPS in /etc/services. Reported and patched by Gisle Aas. Recent 1.0.2 betas have dropped the SSLv3_method function. This patch leaves out the function on newer versions, much the same as the SSLv2 deprecation is handled. Patch from Tom Molesworth. Fix the ALPN test, which was incorrectly failing on OpenSSL due to the LibreSSL check (earlier versions bailed out before that line).Patch from Tom Molesworth. 1.66 2014-08-21 Fixed compile problem with perl prior to 5.8.8, similar to RT#76267. Reported by Graham Knop. Fixed a problem with Socket::IPPROTO_TCP on early perls. After discussions with the community and the original author Sampo Kellomaki, the license conditions have been changed to "Perl Artisitic License 2.0". 1.65 2014-07-14 Added note to doc to make it clear that X509_get_subjectAltNames returns a packed binary IP address for type 7 - GEN_IPADD. Improvements to SSL_OCSP_response_verify to compile under non c99 compilers. Requested by MERIJNB. Port to Android, contributed by Brian Fraser. Includes Android specific version of RSA_generate_key. Added LibreSSL support, patch provided by Alexander Bluhm. Thanks! Patch that fixes the support for SSL_set_info_callback and adds SSL_CTX_set_info_callback and SSL_set_state. Support for these functions is necessary to either detect renegotiation or to enforce renegotiation. Contributed by Steffen Ullrich. Thanks! Fixed a problem with SSL_set_state not available on some early OpenSSLs, patched by Steffen Ullrich. Thanks! Removed arbitrary size limits from calls to tcp_read_all in tcpcat() and http_cat(). Removed unnecessary Debian_SPANTS.txt from MANIFEST. Again. ------------------------------------------------------------------- Thu Feb 5 07:55:36 UTC 2015 - coolo@suse.com - avoid prompts in terminals ------------------------------------------------------------------- Thu Jun 12 14:38:14 UTC 2014 - meissner@suse.com - updated to 1.64 Fixes for test ocsp.t. Test now does not fail if HTTP::Tiny is not installed. Fixed repository in META.yml. Fixed a problem with SSL_get_peer_cert_chain: if the SSL handshake results in an anonymous authentication, like ADH-DES-CBC3-SHA, get_peer_cert_chain will not return an empty list, but instead return the SSL object. Reported and fixed by Steffen Ullrich. Thanks. Fixed a problem where patch https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=3009244da47b989c4cc59ba02cf81a4e9d8f8431 caused a failed test in t/local/33_x509_create_cert.t. ------------------------------------------------------------------- Fri Jun 6 13:44:06 UTC 2014 - coolo@suse.com - updated to 1.63 1.63 2014-05-19 Fixed error in version number in META.yml 1.62 2014-05-19 Improvements to OCSP support: It turns out that some CA (like Verisign) sign the OCSP response with the CA we have in the trust store and don't attach this certifcate in the response. But OpenSSL by itself only considers the certificates included in the response and SSL_OCSP_response_verify added the certificates in the chain too. Now, we also add the trusted CA from the store which signed the lowest chain certificate, at least if we could not verify the OCSP response without doing it. Patch from Steffen Ullrich. Thanks. Fixed some compiler warnings. 1.61 2014-05-12 Changes calloc to Newx and free to Safefree, otherwise there might be problems because calloc is done from a different memory pool than free (depends on the build options for perl, but seen on Windows). Patch from Steffen Ullrich. Thanks. 1.60 2014-05-10 Fixed a typo in an error message. Patch from gregor herrmann. Thanks. Fixed a problem with building with openssl that does not support OCSP. Also fixed some newly introduced warnings if compiled with -Wall. Patch from Steffen Ullrich. Thanks. fix build-failure on most Debian architectures: SSLeay.xs: In function 'XS_Net__SSLeay_OCSP_response_results': SSLeay.xs:5602:3: error: format not a string literal and no format arguments. Patch from gregor herrmann. 1.59 2014-05-10 Fixed local/30_error.t, so that tests do not fail if diagnostics are enabled. Fixed error messages about undefined strings used with length or split. Reported and patched by Peter Heuchert. Improvements to configuration of OPTIMIZE flags, to prevent overriding of perls expected optimization flags. Caution: HPUX aCC optimize options are special. SSL_peek() now returns openssl error code as second item when called in array context, same as SSL_read. Patch from Andreas Mohr. Fixed some warnings. Added support for tlsv1.1 tlsv1.2 via $Net::SSLeay::ssl_version. Patch from Andreas Mohr. Improve examples in 'Using other perl modules based on Net::SSLeay'. Patched by Andreas Mohr. Added support for OCSP. Patched by Steffen Ullrich. Thanks! Added missing t/external/ocsp.t ------------------------------------------------------------------- Sun Feb 9 13:34:34 UTC 2014 - coolo@suse.com - updated to 1.58 Always use size_t for strlen() return value, requested by Alexander Bluhm. t/external/20_cert_chain.t was missing from dist. Version number in META.yml was incorrect Improvements to test t/external/20_cert_chain.t to provoke following bug: Fixed crash due to SSL_get_peer_cert_chain incorrectly free'ing the chain after use. Fixed a problem when compiling against openssl where OPENSSL_NO_EC is set. 1.57 2014-01-09 Fixed remaining problems with test suite: pod coverage and kwalitee tests are only enabled with RELEASE_TESTING=1 1.56 2014-01-08 Fixed a typo in documentation of BEAST Attack, patched by gregor herrmann. Added LICENSE file copied form OpenSSL distribution to prevent complaints from various versions of kwalitee. Adjusted license: in META.yml to be 'openssl' Adds support for the basic operations necessary to support ECDH for PFS, e.g. EC_KEY_new_by_curve_name, EC_KEY_free and SSL_CTX_set_tmp_ecdh. Improvements to t/handle/external/50_external.t to handle the case when a test connection was not possible. Patched by Alexandr Ciornii. Added support for ALPN TLS extension. Patch from Lubomir Rintel. Tested with openssl-1.0.2-stable-SNAP-20131205. Fix an use-after-free error. Patch from Lubomir Rintel. Fixed a problem with Invalid comparison on OBJ_cmp result in t/local/36_verify.t. Contributed by paul. Added support for get_peer_cert_chain(). Patch by Markus Benning. Fixed a bug that could cause stack faults: mixed up PUTBACK with SPAGAIN in ssleay_RSA_generate_key_cb_invoke() a final PUTBACK is needed here. A second issue is also fixed: cb->data defaults to &PL_sv_undef but throught the code you do not check against &PL_sv_undef, just NULL. To avoid passing the 3rd optional arg at all, do not create it. This fixes all the cb->data checks and wrong refcounts on &PL_sv_undef. Patched by Reini Urban. Deleted support for SSL_get_tlsa_record_byname: it is not included in OpenSSL git master. ------------------------------------------------------------------- Wed Oct 2 20:26:56 UTC 2013 - dmueller@suse.com - disable checks on qemu user build (hangs) ------------------------------------------------------------------- Wed Jul 3 09:13:30 UTC 2013 - lnussel@suse.de - new version 1.55 * Added support for TLSV1_1 and TLSV1_2 methods with SSL_CTX_tlsv1_1_new(), SSL_CTX_tlsv1_2_new(), TLSv1_1_method() and TLSv1_2_method(), where available in the underlying openssl. * Added CRL support functions X509_CRL_get_ext(), X509_CRL_get_ext_by_NID(), X509_CRL_get_ext_count(). Patch from Franck Youssef. * Added support for SSL_get_tlsa_record_byname() required for DANE support in openssl*1.0.2 and later. SSL_get_tlsa_record_byname() was added to OpenSSL with the financial assistance of .SE. * Added X509_NAME_new and X509_NAME_hash, patched by Franck Youssef. * Added support for SSL_export_keying_material where present * Net::SSLeay::ASN1_INTEGER_get, since it works differntly on 32 and 64 bit platforms. Updated author and distribution location details to airspayce.com * Fixed a few compiler warnings in SSLeay.xs. Most of them are just signed/unsigned pointer mismatches but there is one that actually fixes returning what would be an arbitrary value off the stack from get_my_thread_id if it happened to be called in a non*threaded build. * Added SSL_set_tlsext_host_name, SSL_get_servername, SSL_get_servername_type, SSL_CTX_set_tlsext_servername_callback for server side Server Name Indication (SNI) support. Patched by kmx. * Improvements to Net::SSLeay::read to make it easier to use with non*blocking IO Added documentation about how to mitigatxe various SSL/TLS vulnerabilities. * initializes the SSL library at most once. * Patch from kmx to protect SSLeay_add_ssl_algorithms from multiple loads and reentrancy in multi*threaded perls. - remove perl-Net-SSLeay-1.36.diff: no obvious nor documented justification - remove perl-Net-SSLeay-1.36-undefined.diff: no longer applies ------------------------------------------------------------------- Thu Jun 14 09:28:09 UTC 2012 - cfarrell@suse.com - license update: OpenSSL ------------------------------------------------------------------- Wed Feb 8 15:53:50 UTC 2012 - vcizek@suse.com - update to 1.42 Fixed incorrect documentation of how to enable CRL checking. Patched by Steffen_Ullrich. Fixed incorrect letter in Sebastien in Credits. Patch by Neil Bowers. Reversed order of the Changes file to be reverse chronological. Patch by Neil Bowers. Fixed a a compile error when building on Windows with MSVC6. reported and patched by "Andrew J. Savige via RT". 1.41 2011-09-25 Fixed incorrect const signatures for 1.0 that were causing warnings. Patches provided by "Douglas Christopher Wilson via RT". Now have clean compile with 0.9.8a through 1.0.0. 1.40 2011-09-23 Fixed incorrect argument type in call to SSL_set1_param Fixed a number of issues with pointer sizes, patched by "Douglas Christopher Wilson via RT". Removed redundant pointer cast tests from t/ Added Perl version requirements to SSLeay.pm 1.39 2011-09-21 Downgraded Module::Install to 0.93 since 1.01 was causing problems in the Makefile. Reported by Albert Chin. 1.38 2011-09-16 - Fixed a problem with various symbols that only became available in OpenSSL 0.9.8 such as X509_VERIFY_PARAM and X509_POLICY_NODE, causing build failures with older versions of OpenSSL. Patched by paul. 1.37 2011-09-16 - Added X509_get_fingerprint, contributed by Thierry Walrant (with minor changes die to the fact that stricmp is not avialable. Cert types must be lowercase. Also added test to 07_sslecho.t - Added suport for SSL_CTX_set1_param, SSL_set1_param, selected X509_VERIFY_PARAM_* OBJ_* functions. Added new test t/local/36_verify.t - Fixed the prototype for randomize(), it missed one arg, and errors are reported with perl 5.10.1 on Windows - Fixed an uninitialized value warning in $Net::SSLeay::proxyauth, reported by Andrey Rikov. - Update so net-ssleay will compile if SSLV2 is not present. Patch from Chris Butler. - Fixed a problem where sslcat (and possibly other functions) expect RSA keys and will not load DSA keys for client certificates. Reported and patched by "Jesse DeFer via RT" - Removed SSL_CTX_v2_new and SSLv2_method() for OpenSSL 1.0 and later. - Added CTX_use_PKCS12_file contributed by "Andrew A. Budkin". ------------------------------------------------------------------- Wed Dec 1 13:34:11 UTC 2010 - coolo@novell.com - switch to perl_requires macro ------------------------------------------------------------------- Tue Jul 13 15:08:17 UTC 2010 - chris@computersalat.de - recreated by cpanspec 1.78 - added bcond_with test ------------------------------------------------------------------- Tue Feb 23 16:24:10 CET 2010 - anicka@suse.cz - update to 1.36 * Added SSL_CTX_get_client_CA_list sk_X509_NAME_free sk_X509_NAME_num sk_X509_NAME_value SSL_get_client_CA_list * Added EVP_add_digest and EVP_sha256 (if available) * Improve documentation on callback functions. * bugfixes ------------------------------------------------------------------- Sun Dec 20 16:40:19 CET 2009 - jengelh@medozas.de - enable parallel build ------------------------------------------------------------------- Fri Jul 25 16:12:21 CEST 2008 - anicka@suse.cz - update to 1.35 * Added optional support for SSL_set_hello_extension, * Added SSL_SESSION_set_master_key and SSL_get_keyblock_size. * Added all SSL_OP_* options flags present in 0.9.9 * Don't use Module::Installs auto_install. * Bind NID_ and GEN_ constants. * Default to not running external tests. * Added support for ENGINE_load_builtin_engines and ENGINE_register_all_complete in order to enable built-in OpenSSL crypto engines for hardware acceleration etc. * Added support for ENGINE_by_id and ENGINE_set_default, required to enable Sun crypto acceleration - enable all the test again (external are not running by default) - rename to perl-Net-SSLeay ------------------------------------------------------------------- Wed May 14 15:21:19 CEST 2008 - adrian@suse.de - do not contact remote servers during build, disable check ------------------------------------------------------------------- Wed Mar 12 15:14:57 CET 2008 - anicka@suse.cz - update to 1.32 * Removed %Filenum_Objects from Net::SSLeay::Handle so unused handles will be freed. * Use ppport.h. * improved openssl path guessing, forcing openssl path now * Fixed a problem with X509_get_subjectAltNames not working when the subjectAltNAmes are the first extension. * Fixed incorrect test failure reports in 08_external. * Add parens to function calls in Makefile.PL to prevent warnings with some perls. * Removed auto_include from Makefile.PL * Removed build_requires('Test::NoWarnings') from Makefile.PL * Don't let the tests die when something unexpected happens. - fix undefined operation in SSLeay.xs - add perl-Test-Warn to BuildRequires ------------------------------------------------------------------- Mon May 7 11:55:28 CEST 2007 - anicka@suse.cz - add openssl to BuildRequires ------------------------------------------------------------------- Wed Jan 25 21:39:52 CET 2006 - mls@suse.de - converted neededforbuild to BuildRequires ------------------------------------------------------------------- Tue Jan 3 20:46:06 CET 2006 - anicka@suse.cz - update to 1.30 - remove X509_STORE_CTX_set_flags patch (not neccessary any more) ------------------------------------------------------------------- Thu Mar 17 19:08:59 CET 2005 - mjancar@suse.cz - use secure path for entropy (#65753) ------------------------------------------------------------------- Wed Sep 29 18:50:54 CEST 2004 - mls@suse.de - added X509_STORE_CTX_set_flags() function needed to enable crl checking. Also fixed the documentation. ------------------------------------------------------------------- Wed Mar 03 18:00:11 CET 2004 - mjancar@suse.cz - update to 1.25 - disable test running out of memmory in build environment ------------------------------------------------------------------- Sun Jan 11 09:27:53 CET 2004 - adrian@suse.de - build as user ------------------------------------------------------------------- Fri Aug 22 15:25:55 CEST 2003 - mjancar@suse.cz - require the perl version we build with ------------------------------------------------------------------- Tue Jul 15 16:14:16 CEST 2003 - mjancar@suse.cz - adapt to perl-5.8.1 - use %perl_process_packlist ------------------------------------------------------------------- Tue Jun 17 15:17:45 CEST 2003 - mjancar@suse.cz - update to 1.23 - kill obsolete patches - fix filelist ------------------------------------------------------------------- Fri Jun 06 12:53:42 CEST 2003 - mjancar@suse.cz - update to 1.22 - use $RPM_OPT_FLAGS - don't package MANIFEST ------------------------------------------------------------------- Tue May 20 12:38:22 CEST 2003 - mjancar@suse.cz - remove unpackaged files ------------------------------------------------------------------- Thu Nov 21 01:21:05 CET 2002 - prehak@suse.cz - updated to version 1.21 - applied patches eliminating security bug [#21903] ------------------------------------------------------------------- Thu Sep 12 19:07:07 CEST 2002 - prehak@suse.cz - updated to version 1.20 - fixed hanged up processes in test -> enabled make test ------------------------------------------------------------------- Sat Jul 20 20:21:49 CEST 2002 - prehak@suse.cz - update to version 1.18 - adjusted %files section - added examples directory to documentation ------------------------------------------------------------------- Tue Jul 2 17:40:06 MEST 2002 - mls@suse.de - remove race in .packlist generation ------------------------------------------------------------------- Mon Jan 14 18:59:19 CET 2002 - rvasice@suse.cz - update to version 1.12 - spec file cleanup ------------------------------------------------------------------- Thu Oct 11 11:03:08 CEST 2001 - cihlar@suse.cz - disabled make test as it leaves processes after build ------------------------------------------------------------------- Wed Apr 4 14:20:14 CEST 2001 - schwab@suse.de - Fix cast to not lose pointer bits. ------------------------------------------------------------------- Mon Mar 26 07:29:39 CEST 2001 - cihlar@suse.cz - fixed AUTOLOAD - added make test - remove tests which need network ------------------------------------------------------------------- Thu Nov 23 12:46:26 CET 2000 - cihlar@suse.cz - fixed neededforbuild ------------------------------------------------------------------- Fri Nov 10 12:49:01 CET 2000 - cihlar@suse.cz - renamed p_ssleay -> perl-Net_SSLeay ------------------------------------------------------------------- Wed Aug 23 10:44:53 CEST 2000 - cihlar@suse.cz - package created
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor