Overview Repositories Revisions Requests Users Attributes Meta

Revisions of perl-IO-Socket-SSL

Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 636831 from Dirk Stoecker's avatar Dirk Stoecker (dstoecker) (revision 80) 
- updated to 2.060
   see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 575636 from Stephan Kulow's avatar Stephan Kulow (coolo) (revision 76) 
- ignore Mozilla::CA

- updated to 2.054
   see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
  2.054 2018/01/22
  - added missing test certificates to MANIFEST
  2.053 2018/01/21
  - small behavior fixes
    - if SSL_fingerprint is used and matches don't check for OCSP
    - Utils::CERT_create - small fixes to properly specific purpose, ability to
      use predefined complex purpose but disable some features
  - update PublicSuffix
  - updates for documentation, especially regarding pitfalls with forking or using
    non-blocking sockets. Spelling fixes.
  - test fixes and improvements
    - stability improvements for live tests
    - regenerate certificate in certs/ and make sure they are limited to the
      correct purpose. Checkin program used to generate certificates.
    - adjust tests since certificates have changed and some tests used
      certificates intended for client authentication as server certificates,
      which now no longer works
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 370293 from Stephan Kulow's avatar Stephan Kulow (coolo) (revision 72) 
- updated to 2.024
   see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
  2.024 2016/02/06
  - Work around issue where the connect fails on systems having only a loopback
    interface and where IO::Socket::IP is used as super class (default when
    available). Since IO::Socket::IP sets AI_ADDRCONFIG by default connect to
    localhost would fail on this systems. This happened at least for the tests,
    see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813796
    Workaround is to explicitely set GetAddrInfoFlags to 0 if no GetAddrInfoFlags
    is set but the Family/Domain is given. In this case AI_ADDRCONFIG would not
    be useful anyway but would cause at most harm.
  2.023 2016/01/30
  - OpenSSL 1.0.2f changed the behavior of SSL shutdown in case the TLS connection
    was not fully established (commit: f73c737c7ac908c5d6407c419769123392a3b0a9).
    This somehow resulted in Net::SSLeay::shutdown returning 0 (i.e. keep trying)
    which caused an endless loop. It will now ignore this result in case the TLS
    connection was not yet established and consider the TLS connection closed
    instead.
  2.022 2015/12/10
  - fix stringification of IPv6 inside subjectAltNames in Utils::CERT_asHash.
    Thanks to Mark.Martinec[AT]ijs[DOT]si for reporting in #110253
  2.021 2015/12/02
  - Fixes for documentation and typos thanks to DavsX and jwilk.
  - Update PublicSuffx with latest version from publicsuffix.org
  2.020 2015/09/20
  - support multiple directories in SSL_ca_path as proposed in RT#106711
    by dr1027[AT]evocat[DOT]ne. Directories can be given as array or as string
    with a path separator, see documentation.
  - typos fixed thanks to jwilk https://github.com/noxxi/p5-io-socket-ssl/pull/34
  2.019 2015/09/01
Adrian Schröter's avatar Adrian Schröter (adrianSuSE) committed (revision 66) 
Split 13.2 from Factory
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 242336 from Stephan Kulow's avatar Stephan Kulow (coolo) (revision 65) 
- updated to 1.997, huge Changes
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 221506 from Stephan Kulow's avatar Stephan Kulow (coolo) (revision 63) 
- updated to 1.967
 - verify the hostname inside a certificate by default with a superset of
   common verification schemes instead of not verifying identity at all.
   For now it will only complain if name verification failed, in the future
   it will fail certificate verification, forcing you to set the expected
   SSL_verifycn_name if you want to accept the certificate.
 - new option SSL_fingerprint and new methods get_fingerprint and
   get_fingerprint_bin. Together they can be used to selectively accept
   specific certificates which would otherwise fail verification, like
   self-signed, outdated or from unknown CAs.
   This makes another reason to disable verification obsolete.
 - Utils:
   - default RSA key length 2048
   - digest algorithm to sign certificate in CERT_create can be given,
     defaults to SHA-256
   - CERT_create can now issue non-CA selfsigned certificate
   - CERT_create add some more useful constraints to certificate
 - spelling fixes, thanks to ville[dot]skytta[at]iki[dot]fi
 1.966 2014/01/21
 - fixed bug introduced in 1.964 - disabling TLSv1_2 worked no longer with
   specifying !TLSv12, only !TLSv1_2 worked
 - fixed leak of session objects in SessionCache, if another session 
   replaced an existing session (introduced in 1.965)
 1.965 2014/01/16
 - new key SSL_session_key to influence how sessions are inserted and looked
   up in the clients session cache. This makes it possible to share sessions
   over different ip:host (like required with some FTPS servers)
 - t/core.t - handle case, were default loopback source is not 127.0.0.1, like
   in FreeBSD jails
 1.964 2014/01/15
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 208877 from Stephan Kulow's avatar Stephan Kulow (coolo) (revision 62) 
- updated to 1.962
 - work around problems with older F5 BIG-IP by offering fewer ciphers on the
   client side by default, so that the client hello stays below 255 byte
 - IO::Socket::SSL::Utils::CERT_create can now create CA-certificates which
   are not self-signed (by giving issuer_*)
Displaying revisions 21 - 40 of 100
openSUSE Build Service is sponsored by
Places