pkgsrc-changes: CVS commit: pkgsrc/security/p5-SSLeay

Subject: CVS commit: pkgsrc/security/p5-SSLeay
To: None <pkgsrc-changes@netbsd.org>
From: Martin J. Laubach <mjl@netbsd.org>
List: pkgsrc-changes
Date: 01/19/2002 05:19:13
Module Name:	pkgsrc
Committed By:	mjl
Date:		Sat Jan 19 03:19:13 UTC 2002

Modified Files:
	pkgsrc/security/p5-SSLeay: Makefile distinfo
	pkgsrc/security/p5-SSLeay/patches: patch-aa

Log Message:
Update p5-Crypt-SSLeay to 0.35

+ Set local $SIG{PIPE} = \&die before $ssl->connect()
  to capture the "broken pipe" error associated with connecting
  to a computer that is not running a SSL web server

+ Documented differences / conflicts between LWP proxy support
  and Crypt::SSLeay which seems to be a source of confusion for users.

+ Added Net::SSL::get_peer_verify call so the warning header
  from LWP that says:

    Client-SSL-Warning: Peer certificate not verified

  can be suppressed when HTTPS_CA_FILE & HTTPS_CA_DIR environment
  variables are set to invoke peer certificate verification.

+ $ENV{HTTPS_DEBUG} activates Crypt::SSLeay specific debugging,
  so one can debug from LWP:: calls without using ./net_ssl_test script

- removed exit from Makefile.PL

+ Streamlined *CA* patches so only in $CTX->set_verify()
  which gets called every time now.

+ Throw error instead of return undef in Net::SSL->connect()
  because we loose the errors otherwise.

- Turn SSL_MODE_AUTO_RETRY on so clients can survive
  changes in SSLVerifyClient changes in the modssl connection

+ Integrated patches from Gamid Isayev for CA peer verification.

- Client certs weren't working correctly, setup certs earlier in connection
  now, also create new CTX per request, so cert settings don't remain
  sticky from one request to the next.

+ update ./net_ssl_test to do smart parsing of host, where
  host can now be of the form http://www.nodeworks.com:443/

- local $@ in Net::SSL::DESTROY so we don't kill real errors

- return undef in Net::SSL::connect() instead of die() for better LWP
  support & error handling.

+ alarm() on Unix platforms around ssl ctx connect, which can hang for
  process for way too long when trying to connect to dead https SSL servers.

Fixes PR/15053 by Shell Hung.


To generate a diff of this commit:
cvs rdiff -r1.3 -r1.4 pkgsrc/security/p5-SSLeay/Makefile
cvs rdiff -r1.2 -r1.3 pkgsrc/security/p5-SSLeay/distinfo
cvs rdiff -r1.1.1.1 -r1.2 pkgsrc/security/p5-SSLeay/patches/patch-aa

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.