CVS commit: pkgsrc/security/p5-IO-Socket-SSL

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/security/p5-IO-Socket-SSL
From: "Amitai Schlair" <schmonz%netbsd.org@localhost>
Date: Mon, 9 Jun 2014 19:43:51 +0000

Module Name:    pkgsrc
Committed By:   schmonz
Date:           Mon Jun  9 19:43:51 UTC 2014

Modified Files:
        pkgsrc/security/p5-IO-Socket-SSL: Makefile distinfo

Log Message:
Update to 1.992. From the changelog:

1.992 2014/06/01
- set $! to undef before doing IO (accept, read..). On Winwdows a connection
  reset could cause SSL read error without setting $!, so make sure we don't
  keep the old value and maybe thus run into endless loop.

1.991 2014/05/27
- new option SSL_OCSP_TRY_STAPLE to enforce staple request even if
  VERIFY_NONE
- work around for RT#96013 in peer_certificates

1.990 2014/05/27
- added option SSL_ocsp_staple_callback to get the stapled OCSP response
  and verify it somewhere else
- try to fix warnings on Windows again (#95967)
- work around temporary OCSP error in t/external/ocsp.t

1.989 2014/05/24
- fix #95881 (warnings on windows), thanks to TMHALL

1.988 2014/05/17
- add transparent support for DER and PKCS#12 files to specify cert and key,
  e.g. it will autodetect the format
- if SSL_cert_file is PEM and no SSL_key_file is given it will check if
  the key is in SSL_cert_file too

1.987 2014/05/17
- fix t/verify_hostname_standalone.t on systems without usable IDNA or IPv6
  #95719, thanks srchulo
- enable IPv6 support only if we have a usable inet_pton
- remove stale entries from MANIFEST (thanks seen[AT]myfairpoint[DOT]net)

1.986 2014/05/16
- allow IPv4 in common name, because browsers allow this too. But only for
  scheme www/http, not for rfc2818 (because RC2818 does not allow this).
  In default scheme IPv6 and IPv4 are allowed in CN.
  Thanks to heiko[DOT]hund[AT]sophos[DOT]com for reporting the problem.
- Fix handling of public suffix. Add exemption for *.googleapis.com
  wildcard, which should be better not allowed according to public suffix
  list but actually is used.
- Add hostname verification test based on older test of chromium. But change
  some of the test expectations because we don't want to support IP as SAN
  DNS and because we enforce a public suffix list (and thus *.co.uk should
  not be allowed)


To generate a diff of this commit:
cvs rdiff -u -r1.69 -r1.70 pkgsrc/security/p5-IO-Socket-SSL/Makefile
cvs rdiff -u -r1.48 -r1.49 pkgsrc/security/p5-IO-Socket-SSL/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index