[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/security/p5-IO-Socket-SSL
Module Name: pkgsrc
Committed By: hiramatsu
Date: Fri Apr 19 09:12:50 UTC 2013
pkgsrc/security/p5-IO-Socket-SSL: Makefile distinfo
Update p5-IO-Socket-SSL to 1.86.
Changes from previous:
- RT#84686 - don't complain about SSL_verify_mode is SSL_reuse_ctx,
thanks to CLEACH
- probe for available modules with local __DIE__ and __WARN__handlers.
fixes RT#84574, thanks to FRAZER
- fix warning, when IO::Socket::IP is installed and inet6 support gets explictly
requested. RT#84619, thanks to Prashant[DOT]Tekriwal[AT]netapp[DOT]com
- disabled client side SNI for openssl version < 1.0.0 because of RT#83289
- added functions can_client_sni, can_server_sni, can_npn to check avaibility
of SNI and NPN features. Added more documentation for SNI and NPN.
- seperated documention of non-blocking I/O from error handling
- changed and documented behavior of readline to return the read
data on EAGAIN/EWOULDBLOCK in case of non-blocking socket.
See https://github.com/noxxi/p5-io-socket-ssl/issues/1, thanks to
- Server Name Indication (SNI) support on the server side, inspired by
patch provided by karel[DOT]miko[AT]gmail[DOT]com.
- reworked part of the documentation, like providing better examples.
- sub error sets $SSL_ERROR etc only if there really is an error,
otherwise it will keep the latest error. This causes
IO::Socket::SSL->new.. to report the correct problem, even if
the problem is deeper in the code (like in connect)
- correct spelling, rt#8270. Thanks to ETHER
- deprecated set_ctx_defaults, new name ist set_defaults (but old name
- changed handling of default path for SSL_(ca|cert|key)* keys: either
if one of these keys is user defined don't add defaults for the
others, e.g. don't mix user settings and defaults
- cleaner handling of module defaults vs. global settings vs. socket
specific settings. Global and socket specific settings are both
provided by the user, while module defaults not.
- make IO::Socket::INET6 and IO::Socket::IP specific tests run both,
even if both modules are installed by faking a failed load of the
- removed some warnings in test (missing SSL_verify_mode => 0) which
caused tests to hang on Windows.
- prepare transition to a more secure default for SSL_verify_mode.
The use of the current default SSL_VERIFY_NONE will cause a big warning
for clients, unless SSL_verify_mode was explicitly set inside the
application to this insecure value.
In the near future the default will be SSL_VERIFY_PEER, and thus
causing verification failures in unchanged applications.
- use getnameinfo instead of unpack_sockaddr_in6 to get PeerAddr and
PeerPort from sockaddr in _update_peer, because this provides scope
too. Thanks to bluhm[AT]genua[DOT]de.
- work around systems which don't defined AF_INET6
Thanks to GAAS for reporting
To generate a diff of this commit:
cvs rdiff -u -r1.62 -r1.63 pkgsrc/security/p5-IO-Socket-SSL/Makefile
cvs rdiff -u -r1.44 -r1.45 pkgsrc/security/p5-IO-Socket-SSL/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Main Index |
Thread Index |