diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..9648a14 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/Net-SSLeay-1.90.tar.gz diff --git a/.perl-Net-SSLeay.metadata b/.perl-Net-SSLeay.metadata new file mode 100644 index 0000000..d20fdfc --- /dev/null +++ b/.perl-Net-SSLeay.metadata @@ -0,0 +1 @@ +675c9df74163d48477ecf06601a589f3c3b096dd SOURCES/Net-SSLeay-1.90.tar.gz diff --git a/SOURCES/Net-SSLeay-1.90-openssl3.0.0-05_passwd_cb.patch b/SOURCES/Net-SSLeay-1.90-openssl3.0.0-05_passwd_cb.patch new file mode 100644 index 0000000..188361c --- /dev/null +++ b/SOURCES/Net-SSLeay-1.90-openssl3.0.0-05_passwd_cb.patch @@ -0,0 +1,69 @@ +diff -ru Net-SSLeay-1.90.orig/t/local/05_passwd_cb.t Net-SSLeay-1.90/t/local/05_passwd_cb.t +--- Net-SSLeay-1.90.orig/t/local/05_passwd_cb.t 2020-11-18 10:12:44.000000000 +0100 ++++ Net-SSLeay-1.90/t/local/05_passwd_cb.t 2021-08-11 12:50:16.452681751 +0200 +@@ -5,7 +5,12 @@ + use Net::SSLeay; + use Test::Net::SSLeay qw( data_file_path initialise_libssl ); + +-plan tests => 36; ++my $callback_double_use_in_pem_read_bio_key = check_callback_double_use_in_pem_read_bio_key(); ++if (! $callback_double_use_in_pem_read_bio_key) { ++ plan tests => 36; ++} else { ++ plan tests => 40; ++} + + initialise_libssl(); + +@@ -99,7 +104,13 @@ + ok( !Net::SSLeay::CTX_use_PrivateKey_file($ctx_1, $key_pem, &Net::SSLeay::FILETYPE_PEM), + 'CTX_use_PrivateKey_file doesn\'t work with wrong passphrase' ); + +-is($cb_1_calls, 2, 'callback1 called 2 times'); ++my $right_cb_1_calls; ++if (! $callback_double_use_in_pem_read_bio_key) { ++ $right_cb_1_calls = 2; ++} else { ++ $right_cb_1_calls = 3; ++} ++is($cb_1_calls, $right_cb_1_calls, 'callback1 called '.$right_cb_1_calls.' times'); + + + # OpenSSL 1.1.0 has SSL_set_default_passwd_cb, but the callback is not +@@ -177,5 +188,35 @@ + ok( !Net::SSLeay::use_PrivateKey_file($ssl_1, $key_pem, &Net::SSLeay::FILETYPE_PEM), + 'use_PrivateKey_file doesn\'t work with wrong passphrase' ); + +- is($cb_1_calls, 2, 'callback1 called 2 times'); ++ my $right_cb_1_calls; ++ if (! $callback_double_use_in_pem_read_bio_key) { ++ $right_cb_1_calls = 2; ++ } else { ++ $right_cb_1_calls = 3; ++ } ++ ++ is($cb_1_calls, $right_cb_1_calls, 'callback1 called '.$right_cb_1_calls.' times'); ++} ++ ++# In OpenSSL between alpha16 and alpha17 was change (7bc027d73bc51cfa0ae23fbfd91134be9464d694) ++# which add one callback call in case of failing pem_read_bio_key_decoder() ++# In OpenSSL between beta1 and beta2 was change (66a7c9f34b46edd462d647ae2febe8276bb9b4f7) ++# which add passphrase caching to avoid asking for password twice ++sub check_callback_double_use_in_pem_read_bio_key { ++ my $ssleay_version = Net::SSLeay::SSLeay_version( Net::SSLeay::SSLEAY_VERSION() ); ++ my ($openssl_alpha_version, $openssl_beta_version); ++ if (Net::SSLeay::SSLeay == 0x30000000 && $ssleay_version =~ /-alpha(\d+)\ /) { ++ $openssl_alpha_version = $1; ++ } ++ if (Net::SSLeay::SSLeay == 0x30000000 && $ssleay_version =~ /-beta(\d+)\ /) { ++ $openssl_beta_version = $1; ++ } ++ if ((Net::SSLeay::SSLeay == 0x30000000 && defined $openssl_alpha_version && $openssl_alpha_version < 17) ++ || Net::SSLeay::SSLeay == 0x30000000 && defined $openssl_beta_version && $openssl_beta_version > 1 ++ || Net::SSLeay::SSLeay < 0x30000000) { ++ ++ return 0; ++ } else { ++ return 1; ++ } + } diff --git a/SOURCES/Net-SSLeay-1.90-openssl3.0.0-32_x509_get_cert_info.patch b/SOURCES/Net-SSLeay-1.90-openssl3.0.0-32_x509_get_cert_info.patch new file mode 100644 index 0000000..7292928 --- /dev/null +++ b/SOURCES/Net-SSLeay-1.90-openssl3.0.0-32_x509_get_cert_info.patch @@ -0,0 +1,12 @@ +diff -ru Net-SSLeay-1.90.orig/t/local/32_x509_get_cert_info.t Net-SSLeay-1.90/t/local/32_x509_get_cert_info.t +--- Net-SSLeay-1.90.orig/t/local/32_x509_get_cert_info.t 2020-11-18 10:12:44.000000000 +0100 ++++ Net-SSLeay-1.90/t/local/32_x509_get_cert_info.t 2021-06-02 00:37:27.881748999 +0200 +@@ -190,7 +190,7 @@ + Net::SSLeay::SSLeay < 0x30000000 + || ( + Net::SSLeay::SSLeay == 0x30000000 +- && Net::SSLeay::SSLeay_version( Net::SSLeay::SSLEAY_VERSION() ) =~ /-alpha1/ ++ && Net::SSLeay::SSLeay_version( Net::SSLeay::SSLEAY_VERSION() ) =~ /-alpha1\ / + ) + ) + ) { diff --git a/SOURCES/Net-SSLeay-1.90-openssl3.0.0-33_x509_create_cert.patch b/SOURCES/Net-SSLeay-1.90-openssl3.0.0-33_x509_create_cert.patch new file mode 100644 index 0000000..3c653fa --- /dev/null +++ b/SOURCES/Net-SSLeay-1.90-openssl3.0.0-33_x509_create_cert.patch @@ -0,0 +1,12 @@ +diff -ru Net-SSLeay-1.90.orig/SSLeay.xs Net-SSLeay-1.90/SSLeay.xs +--- Net-SSLeay-1.90.orig/SSLeay.xs 2021-01-21 16:14:11.000000000 +0100 ++++ Net-SSLeay-1.90/SSLeay.xs 2021-06-02 01:47:55.724962156 +0200 +@@ -4556,7 +4556,7 @@ + if (passwd_len>0) { + /* encrypted key */ + if (!enc_alg) +- PEM_write_bio_PrivateKey(bp,pk,EVP_des_cbc(),(unsigned char *)passwd,passwd_len,cb,u); ++ PEM_write_bio_PrivateKey(bp,pk,EVP_des_ede(),(unsigned char *)passwd,passwd_len,cb,u); + else + PEM_write_bio_PrivateKey(bp,pk,enc_alg,(unsigned char *)passwd,passwd_len,cb,u); + } diff --git a/SOURCES/Net-SSLeay-1.90-openssl3.0.0-39_pkcs12.patch b/SOURCES/Net-SSLeay-1.90-openssl3.0.0-39_pkcs12.patch new file mode 100644 index 0000000..ec41b7e --- /dev/null +++ b/SOURCES/Net-SSLeay-1.90-openssl3.0.0-39_pkcs12.patch @@ -0,0 +1,60 @@ +commit 327550f61f5e1e932ea911e59ccc496ebb307030 +Author: Chris Novakovic +Date: Tue Jun 8 21:49:40 2021 +0100 + + 39_pkcs12.t: validate CA certificate CNs with all libssl versions + + When verifying common names in the PKCS#12 certificate chain, account + for the fact that PKCS12_parse() returns the CA certificate chain in a + different order in different versions of libssl. + + Since the CA certificate chain tests now cover all versions of OpenSSL + and LibreSSL, don't skip the order check for versions of OpenSSL before + 1.0.0, and remove the generic tests that ensure X509_NAME_oneline() + returns a valid-looking common name for each of the CA certificates + (since they're now redundant). + +diff --git a/t/local/39_pkcs12.t b/t/local/39_pkcs12.t +index 5c7fb8b..5083331 100644 +--- a/t/local/39_pkcs12.t ++++ b/t/local/39_pkcs12.t +@@ -3,7 +3,7 @@ use lib 'inc'; + use Net::SSLeay; + use Test::Net::SSLeay qw( data_file_path initialise_libssl ); + +-plan tests => 19; ++plan tests => 17; + + initialise_libssl(); + +@@ -36,12 +36,24 @@ my $filename3 = data_file_path('simple-cert.p12'); + my $ca1_subj_name = Net::SSLeay::X509_get_subject_name($cachain[0]); + my $ca2_subj_name = Net::SSLeay::X509_get_subject_name($cachain[1]); + is(Net::SSLeay::X509_NAME_oneline($subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=simple-cert.net-ssleay.example', "X509_NAME_oneline [2/1]"); +- like(Net::SSLeay::X509_NAME_oneline($ca1_subj_name), qr/C=.*CN=.*/, "X509_NAME_oneline [2/2]"); +- like(Net::SSLeay::X509_NAME_oneline($ca2_subj_name), qr/C=.*CN=.*/, "X509_NAME_oneline [2/3]"); +- SKIP: { +- skip("cert order in CA chain is different in openssl pre-1.0.0", 2) unless Net::SSLeay::SSLeay >= 0x01000000; +- is(Net::SSLeay::X509_NAME_oneline($ca1_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Root CA', "X509_NAME_oneline [2/4]"); +- is(Net::SSLeay::X509_NAME_oneline($ca2_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Intermediate CA', "X509_NAME_oneline [2/5]"); ++ # OpenSSL versions 1.0.0-beta2 to 3.0.0-alpha6 inclusive and all versions of ++ # LibreSSL return the CA certificate chain with the root CA certificate at the ++ # end; all other versions return the certificate chain with the root CA ++ # certificate at the start ++ if ( ++ Net::SSLeay::SSLeay < 0x10000002 ++ || ( ++ Net::SSLeay::SSLeay == 0x30000000 ++ && Net::SSLeay::SSLeay_version( Net::SSLeay::SSLEAY_VERSION() ) !~ /-alpha[1-6] / ++ ) ++ || Net::SSLeay::SSLeay > 0x30000000 ++ ) { ++ is(Net::SSLeay::X509_NAME_oneline($ca1_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Intermediate CA', "X509_NAME_oneline [2/3]"); ++ is(Net::SSLeay::X509_NAME_oneline($ca2_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Root CA', "X509_NAME_oneline [2/4]"); ++ } ++ else { ++ is(Net::SSLeay::X509_NAME_oneline($ca1_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Root CA', "X509_NAME_oneline [2/3]"); ++ is(Net::SSLeay::X509_NAME_oneline($ca2_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Intermediate CA', "X509_NAME_oneline [2/4]"); + } + } + diff --git a/SOURCES/Net-SSLeay-1.90-openssl3.0.0-43_misc_functions.patch b/SOURCES/Net-SSLeay-1.90-openssl3.0.0-43_misc_functions.patch new file mode 100644 index 0000000..76bf9a6 --- /dev/null +++ b/SOURCES/Net-SSLeay-1.90-openssl3.0.0-43_misc_functions.patch @@ -0,0 +1,45 @@ +diff -ru Net-SSLeay-1.90.orig/t/local/43_misc_functions.t Net-SSLeay-1.90/t/local/43_misc_functions.t +--- Net-SSLeay-1.90.orig/t/local/43_misc_functions.t 2021-01-21 16:14:11.000000000 +0100 ++++ Net-SSLeay-1.90/t/local/43_misc_functions.t 2021-06-04 17:30:29.508947419 +0200 +@@ -245,6 +245,23 @@ + + my $ciphersuites = join(':', keys(%tls_1_3_aead_cipher_to_keyblock_size)); + ++ # In OpenSSL 3.0.0 alpha 11 (commit c1e8a0c66e32b4144fdeb49bd5ff7acb76df72b9) was ++ # changed api of set_ciphersuites to ignore unknown ciphers. ++ my $ret_partially_bad_ciphersuites; ++ my $ssleay_version = Net::SSLeay::SSLeay_version( Net::SSLeay::SSLEAY_VERSION() ); ++ my $openssl_alpha_version; ++ if (Net::SSLeay::SSLeay == 0x30000000 && $ssleay_version =~ /-alpha(\d+)\ /) { ++ $openssl_alpha_version = $1; ++ } ++ if ((Net::SSLeay::SSLeay == 0x30000000 ++ && defined $openssl_alpha_version && $openssl_alpha_version < 11) ++ || Net::SSLeay::SSLeay < 0x30000000) { ++ ++ $ret_partially_bad_ciphersuites = 0; ++ } else { ++ $ret_partially_bad_ciphersuites = 1; ++ } ++ + my ($ctx, $rv, $ssl); + $ctx = Net::SSLeay::CTX_new(); + $rv = Net::SSLeay::CTX_set_ciphersuites($ctx, $ciphersuites); +@@ -257,7 +271,7 @@ + }; + is($rv, 1, 'CTX set undef ciphersuites'); + $rv = Net::SSLeay::CTX_set_ciphersuites($ctx, 'nosuchthing:' . $ciphersuites); +- is($rv, 0, 'CTX set partially bad ciphersuites'); ++ is($rv, $ret_partially_bad_ciphersuites, 'CTX set partially bad ciphersuites'); + $rv = Net::SSLeay::CTX_set_ciphersuites($ctx, 'nosuchthing:'); + is($rv, 0, 'CTX set bad ciphersuites'); + +@@ -272,7 +286,7 @@ + }; + is($rv, 1, 'SSL set undef ciphersuites'); + $rv = Net::SSLeay::set_ciphersuites($ssl, 'nosuchthing:' . $ciphersuites); +- is($rv, 0, 'SSL set partially bad ciphersuites'); ++ is($rv, $ret_partially_bad_ciphersuites, 'SSL set partially bad ciphersuites'); + $rv = Net::SSLeay::set_ciphersuites($ssl, 'nosuchthing:'); + is($rv, 0, 'SSL set bad ciphersuites'); + diff --git a/SOURCES/Net-SSLeay-1.90-openssl3.0.0-tests-disable_TLS1_and_TLS1_1.patch b/SOURCES/Net-SSLeay-1.90-openssl3.0.0-tests-disable_TLS1_and_TLS1_1.patch new file mode 100644 index 0000000..8cc220c --- /dev/null +++ b/SOURCES/Net-SSLeay-1.90-openssl3.0.0-tests-disable_TLS1_and_TLS1_1.patch @@ -0,0 +1,37 @@ +diff -ru Net-SSLeay-1.90.orig/t/local/44_sess.t Net-SSLeay-1.90/t/local/44_sess.t +--- Net-SSLeay-1.90.orig/t/local/44_sess.t 2020-12-12 14:55:23.000000000 +0100 ++++ Net-SSLeay-1.90/t/local/44_sess.t 2021-06-04 18:50:09.733150048 +0200 +@@ -13,13 +13,13 @@ + if (not can_fork()) { + plan skip_all => "fork() not supported on this system"; + } else { +- plan tests => 58; ++ plan tests => 34; + } + + initialise_libssl(); + + my @rounds = qw( +- TLSv1 TLSv1.1 TLSv1.2 TLSv1.3 TLSv1.3-num-tickets-ssl ++ TLSv1.2 TLSv1.3 TLSv1.3-num-tickets-ssl + TLSv1.3-num-tickets-ctx-6 TLSv1.3-num-tickets-ctx-0 + ); + +diff -ru Net-SSLeay-1.90.orig/t/local/45_exporter.t Net-SSLeay-1.90/t/local/45_exporter.t +--- Net-SSLeay-1.90.orig/t/local/45_exporter.t 2020-12-12 14:55:23.000000000 +0100 ++++ Net-SSLeay-1.90/t/local/45_exporter.t 2021-06-04 18:50:13.931192784 +0200 +@@ -15,12 +15,12 @@ + } elsif (!defined &Net::SSLeay::export_keying_material) { + plan skip_all => "No export_keying_material()"; + } else { +- plan tests => 36; ++ plan tests => 18; + } + + initialise_libssl(); + +-my @rounds = qw( TLSv1 TLSv1.1 TLSv1.2 TLSv1.3 ); ++my @rounds = qw( TLSv1.2 TLSv1.3 ); + + my %usable = + map { diff --git a/SOURCES/Net-SSLeay-1.90-pkgconfig.patch b/SOURCES/Net-SSLeay-1.90-pkgconfig.patch new file mode 100644 index 0000000..5cefe35 --- /dev/null +++ b/SOURCES/Net-SSLeay-1.90-pkgconfig.patch @@ -0,0 +1,16 @@ +--- Makefile.PL ++++ Makefile.PL +@@ -209,7 +209,12 @@ EOM + @{ $opts->{lib_links} } = map { $_ =~ s/32\b//g } @{ $opts->{lib_links} } if $Config{use64bitall}; + } + else { +- push @{ $opts->{lib_links} }, qw( ssl crypto z ); ++ if ( eval { require ExtUtils::PkgConfig; ExtUtils::PkgConfig->VERSION('1.16') } && ExtUtils::PkgConfig->exists('openssl') ) { ++ push @{ $opts->{lib_links} }, map { s/^-l//; $_ } split(' ', ExtUtils::PkgConfig->libs_only_l('openssl')); ++ } ++ else { ++ push @{ $opts->{lib_links} }, qw( ssl crypto z ); ++ } + + if (($Config{cc} =~ /aCC/i) && $^O eq 'hpux') { + print "*** Enabling HPUX aCC options (+e)\n"; diff --git a/SPECS/perl-Net-SSLeay.spec b/SPECS/perl-Net-SSLeay.spec new file mode 100644 index 0000000..fde74c6 --- /dev/null +++ b/SPECS/perl-Net-SSLeay.spec @@ -0,0 +1,1034 @@ +%if ! (0%{?rhel}) +%{bcond_without perl_Net_SSLeay_enables_optional_test} +%else +%{bcond_with perl_Net_SSLeay_enables_optional_test} +%endif + +Name: perl-Net-SSLeay +Version: 1.90 +Release: 8%{?dist} +Summary: Perl extension for using OpenSSL +License: Artistic 2.0 +URL: https://metacpan.org/release/Net-SSLeay +Source0: https://cpan.metacpan.org/modules/by-module/Net/Net-SSLeay-%{version}.tar.gz +Patch10: Net-SSLeay-1.90-pkgconfig.patch +Patch11: Net-SSLeay-1.90-openssl3.0.0-32_x509_get_cert_info.patch +Patch12: Net-SSLeay-1.90-openssl3.0.0-33_x509_create_cert.patch +Patch13: Net-SSLeay-1.90-openssl3.0.0-39_pkcs12.patch +Patch14: Net-SSLeay-1.90-openssl3.0.0-43_misc_functions.patch +Patch15: Net-SSLeay-1.90-openssl3.0.0-tests-disable_TLS1_and_TLS1_1.patch +Patch16: Net-SSLeay-1.90-openssl3.0.0-05_passwd_cb.patch +# =========== Module Build =========================== +BuildRequires: coreutils +BuildRequires: findutils +BuildRequires: gcc +BuildRequires: make +BuildRequires: openssl +BuildRequires: openssl-devel +BuildRequires: perl-devel +BuildRequires: perl-generators +BuildRequires: perl-interpreter +BuildRequires: perl(Cwd) +BuildRequires: perl(ExtUtils::MakeMaker) >= 6.76 +BuildRequires: perl(ExtUtils::PkgConfig) +BuildRequires: perl(ExtUtils::MM) +BuildRequires: perl(File::Basename) +BuildRequires: perl(File::Path) +BuildRequires: perl(Symbol) +BuildRequires: perl(utf8) +# =========== Module Runtime ========================= +BuildRequires: perl(AutoLoader) +BuildRequires: perl(Carp) +BuildRequires: perl(Exporter) +BuildRequires: perl(MIME::Base64) +BuildRequires: perl(Socket) +BuildRequires: perl(XSLoader) +# =========== Test Suite ============================= +BuildRequires: perl(Config) +BuildRequires: perl(File::Spec) +BuildRequires: perl(FindBin) +BuildRequires: perl(HTTP::Tiny) +BuildRequires: perl(IO::Handle) +BuildRequires: perl(IO::Socket::INET) +BuildRequires: perl(lib) +BuildRequires: perl(Storable) +BuildRequires: perl(strict) +BuildRequires: perl(Test::More) >= 0.61 +BuildRequires: perl(threads) +BuildRequires: perl(warnings) +# =========== Optional Test Suite ==================== +%if %{with perl_Net_SSLeay_enables_optional_test} +BuildRequires: perl(Test::Exception) +# Test::Kwalitee 1.00 not used +BuildRequires: perl(Test::NoWarnings) +BuildRequires: perl(Test::Pod) >= 1.0 +# Test::Pod::Coverage 1.00 not used +BuildRequires: perl(Test::Warn) +%endif +# =========== Module Runtime ========================= +Requires: perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version)) +Requires: perl(MIME::Base64) +Requires: perl(XSLoader) + +# Don't "provide" private Perl libs or the redundant unversioned perl(Net::SSLeay) provide +%global __provides_exclude ^(perl\\(Net::SSLeay\\)$|SSLeay\\.so) + +%description +This module offers some high level convenience functions for accessing +web pages on SSL servers (for symmetry, same API is offered for +accessing http servers, too), a sslcat() function for writing your own +clients, and finally access to the SSL API of SSLeay/OpenSSL package +so you can write servers or clients for more complicated applications. + +%prep +%setup -q -n Net-SSLeay-%{version} + +# Get libraries to link against from pkg-config +# https://github.com/radiator-software/p5-net-ssleay/pull/127 +%patch10 + +# https://github.com/radiator-software/p5-net-ssleay/pull/271 +%patch11 -p1 + +# https://github.com/radiator-software/p5-net-ssleay/issues/272 +%patch12 -p1 + +# https://github.com/radiator-software/p5-net-ssleay/pull/274 +%patch13 -p1 + +# https://github.com/radiator-software/p5-net-ssleay/pull/275 +%patch14 -p1 + +# Disable TLS1 and TLS1_1 from tests +%patch15 -p1 + +# https://github.com/radiator-software/p5-net-ssleay/pull/282 +%patch16 -p1 + +# Fix permissions in examples to avoid bogus doc-file dependencies +chmod -c 644 examples/* + +%build +unset OPENSSL_PREFIX +PERL_MM_USE_DEFAULT=1 perl Makefile.PL \ + INSTALLDIRS=vendor \ + NO_PACKLIST=1 \ + NO_PERLLOCAL=1 \ + OPTIMIZE="%{optflags}" - 1.90-8 +- Fix tests for openssl 3.0.0-beta2. rhbz#1992571 + - Add another fix for t/05_passwd_cb.t, because change in passphrase caching +- Remove XXX in spec file + +* Mon Aug 09 2021 Mohan Boddu - 1.90-7 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Fri Jul 23 2021 Michal Josef Špaček - 1.90-6 +- Fix tests for openssl 3.0.0-beta1. rhbz#1964854 + - Add fix for t/05_passwd_cb.t + - Update Net-SSLeay-1.90-openssl3.0.0-43_misc_functions.patch to accept beta version +- Fix tab vs space in spec file +- Update Net-SSLeay-1.90-openssl3.0.0-39_pkcs12.patch patch to upstream version + +* Wed Jun 16 2021 Mohan Boddu - 1.90-5 +- Rebuilt for RHEL 9 BETA for openssl 3.0 + Related: rhbz#1971065 + +* Fri Jun 04 2021 Michal Josef Špaček - 1.90-4 +- Fix tests for openssl 3.0.0-alpha16. rhbz#1964854 + - Fix check across alpha1 vs alpha17 + - Change default alg for PEM_get_string_PrivateKey() + - Different order in CA chain in some versions + - Changed API of CTX_set_ciphersuites() and set_ciphersuites(), ignore + unknown ciphers + - Disable TLSv1 and TLSv1_1 usage in test + +* Fri Apr 16 2021 Mohan Boddu - 1.90-3 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Wed Jan 27 2021 Fedora Release Engineering - 1.90-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Thu Jan 21 2021 Paul Howarth - 1.90-1 +- Update to 1.90 + - Formalised libssl version support policy: all stable versions of OpenSSL + in the 0.9.8-1.1.1 branches (with the exception of 0.9.8-0.9.8b) and all + stable releases of LibreSSL in the 2.0-3.1 series are supported + - The LibreSSL 3.2 series is not yet fully supported because its TLSv1.3 + implementation is not currently libssl-compatible + - Added support for LibreSSL on Windows when built with Visual C++ + - Exposed P_X509_CRL_add_extensions, several SSL_CIPHER functions, and + several stack functions + - Fixed crashes in the callback functions CTX_set_next_proto_select_cb and + CTX_set_alpn_select_cb + - The test suite is now compatible with OpenSSL 1.1.1e onwards, as well as + OpenSSL security level 2 (the default on many Linux distributions) + +* Tue Jul 28 2020 Fedora Release Engineering - 1.88-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jun 23 2020 Jitka Plesnikova - 1.88-8 +- Perl 5.32 rebuild + +* Sat Mar 21 2020 Paul Howarth - 1.88-7 +- Add SSL_shutdown() calls in Net::SSLeay::sslcat() and t/local/07_sslecho.t + to fix compatibility with OpenSSL 1.1.1e (GH#160, GH#161) + +* Tue Mar 10 2020 Paul Howarth - 1.88-6 +- BR: perl(FindBin) for test suite + +* Wed Feb 05 2020 Tom Stellard - 1.88-5 +- Spec file cleanups: Use make_build and make_install macros +- https://docs.fedoraproject.org/en-US/packaging-guidelines/#_parallel_make +- https://fedoraproject.org/wiki/Perl/Tips#ExtUtils::MakeMaker + +* Thu Jan 30 2020 Fedora Release Engineering - 1.88-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Fri Jul 26 2019 Fedora Release Engineering - 1.88-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Fri May 31 2019 Jitka Plesnikova - 1.88-2 +- Perl 5.30 rebuild + +* Sat May 11 2019 Paul Howarth - 1.88-1 +- Update to 1.88 + Summary of major changes since version 1.85 + - Mike McCauley has stepped down as maintainer: the new maintainers are Chris + Novakovic, Heikki Vatiainen and Tuure Vartiainen + - The source code has moved from the now-defunct Debian Subversion server + (alioth.debian.org) to GitHub + (https://github.com/radiator-software/p5-net-ssleay) + - Net-SSLeay is provided under the terms of the Artistic License 2.0; this + has been the case since version 1.66, but references to other licenses + remained in the source code, causing ambiguity + - Perl 5.8.1 or newer is now required to use Net-SSLeay; this has already + been the case for some time in practice, as the test suite hasn't fully + passed on Perl 5.6 for several years + - Much-improved compatibility with OpenSSL 1.1.1, and improved support for + TLS 1.3 + - Fixed a long-standing bug in cb_data_advanced_put() that caused memory + leaks when callbacks were frequently added and removed + - Support in the test suite for "hardened" OpenSSL configurations that set a + default security level of 2 or higher (e.g., in the OpenSSL packages that + ship with recent versions of Debian, Fedora and Ubuntu) + +* Thu Apr 18 2019 Petr Pisar - 1.86-0.3.09 +- Replace expired test certificates (CPAN RT#129201) + +* Fri Mar 29 2019 Paul Howarth - 1.86-0.2.09 +- Get libraries to link against from pkg-config + https://github.com/radiator-software/p5-net-ssleay/pull/127 + +* Wed Mar 20 2019 Petr Pisar - 1.86-0.1.09 +- Update to 1.86_09 (see Changes file for details) + +* Fri Feb 01 2019 Fedora Release Engineering - 1.85-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Sat Sep 29 2018 Paul Howarth - 1.85-9 +- OpenSSL 1.1.1 in Fedora disables SSL3 API, so stop trying to test it + +* Wed Sep 19 2018 Paul Howarth - 1.85-8 +- Expose SSL_CTX_set_post_handshake_auth (#1630391) + https://github.com/radiator-software/p5-net-ssleay/pull/68 + +* Fri Aug 17 2018 Petr Pisar - 1.85-7 +- Revert retry in Net::SSLeay::write_partial() (bug #1614884) + +* Wed Aug 15 2018 Petr Pisar - 1.85-6 +- Revert retry in Net::SSLeay::{read,write}() (bug #1614884) + +* Tue Aug 14 2018 Petr Pisar - 1.85-5 +- Avoid SIGPIPE in t/local/36_verify.t (bug #1614884) + +* Mon Aug 13 2018 Petr Pisar - 1.85-4 +- Adapt to OpenSSL 1.1.1 (bug #1614884) +- Adapt tests to system-wide crypto policy (bug #1614884) + +* Fri Jul 13 2018 Fedora Release Engineering - 1.85-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Thu Jun 28 2018 Jitka Plesnikova - 1.85-2 +- Perl 5.28 rebuild + +* Wed Mar 14 2018 Paul Howarth - 1.85-1 +- Update to 1.85 + - Preparations for transferring maintenace to a new maintainer + - Fixed test failure in t/local/33_x509_create_cert.t for some versions of + OpenSSL + - Fixed free() error that causes "Free to wrong pool ..." message on Windows + +* Thu Feb 08 2018 Fedora Release Engineering - 1.84-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Wed Jan 17 2018 Paul Howarth - 1.84-1 +- Update to 1.84 + - Fixed an error in t/local/04_basic.t causing a test failure if + Test::Exception not installed + +* Tue Jan 16 2018 Paul Howarth - 1.83-1 +- Update to 1.83 + - Fixed a problem with exporting OPENSSL_NO_NEXTPROTONEG even though they + are not available on LibreSSL + - Add support for SSL_set_default_passwd_cb* for OpenSSL 1.1.0f and later; + LibreSSL does not support these functions, at least yet + - Add new functions related to SSL_CTX_new + - Add two new functions introduced in OpenSSL 1.1.0, a number of constants + and a couple of const qualifiers to SSLeay.xs; tests and documentation .pod + were also updated + - Added support for SSL_use_certificate_chain_file function introduced in + OpenSSL 1.1.0 + - Fixed LibreSSL version detection to correctly parse LibreSSL minor version + - Fix memory leaks in OCSP handling + - Add new functions for certificate verification introduced in OpenSSL 1.02, + a number of constants, new test data files, new tests and updates to .pod + documentation; the new functions provide access to the built-in wildcard + check functionality available in OpenSSL 1.0.2 and later + - Added X509_STORE_CTX_new and X509_verify_cert + - SSL_OCSP_response_verify now clears the error queue if OCSP_basic_verify + fails but the intermediate certificate succeeds + +* Tue Oct 31 2017 Paul Howarth - 1.82-1 +- Update to 1.82 + - Added support for building under Linuxbrew (a linuxbrew version of MacOS + Homebrew) + - Implement SSL_CTX_set_psk_client_callback() and + SSL_set_psk_client_callback() + - Skip the NPN test if the SSL library is LibreSSL + - Fixed a problem with a variable declaration in + ssleay_session_secret_cb_invoke + - Bugfix: tlsext_status_cb_invoke(...): free ocsp_response only when + allocated; the same callback is used on a server side for OCSP stapling + and in that case ocsp_response is NULL and not used + - New feature: Added a binding + SSL_set_session_ticket_ext_cb(ssl, callback, data); a callback used by + EAP-FAST/EAP-TEAT to parse and process TLS session ticket + - New feature: Added a binding SSL_set_session_ticket_ext(ssl, ticket); used + by EAP-FAST/EAP-TEAP to define TLS session ticket value + - Bugfix: tlsext_ticket_key_cb_invoke(...): allow SHA256 HMAC key to be 32 + bytes instead of 16 bytes (which OpenSSL will pad with zeros up to 32 + bytes) + - New feature: Added following bindings: + - X509_get_ex_data(cert, idx) + - X509_get_ex_new_index(argl, argp, new_func, dup_func, free_func) + - X509_get_app_data(cert) + - X509_set_ex_data(cert, idx, data) + - X509_set_app_data(cert, arg) + - X509_STORE_CTX_get_ex_new_index(argl, argp, new_func, dup_func, free_func) + - X509_STORE_CTX_get_app_data(x509_store_ctx) + - X509_STORE_CTX_set_app_data(x509_store_ctx, arg) + - New feature: Added an implementation for + SSL_get_finished(ssl, buf, count=2*EVP_MAX_MD_SIZE) + - New feature: Added an implementation for + SSL_get_peer_finished(ssl, buf, count=2*EVP_MAX_MD_SIZE) + - Bugfix: SSL_get_keyblock_size(s): Calculate key block size correctly also + with AEAD ciphers, which don’t use digest functions + - New feature: Added a binding SSL_set_tlsext_status_ocsp_resp(ssl, staple); + used by a server side to include OCSP staple in ServerHello + - Bugfix: SSL_OCSP_response_verify(ssl, rsp, svreq, flags): check that chain + and last are not NULL before trying to use them + - Bugfix: inc/Module/Install/PRIVATE/Net/SSLeay.pm: Don’t quote include and + lib paths +- Drop EL-5 support + - Drop BuildRoot: and Group: tags + - Drop explicit buildroot cleaning in %%install section + - Drop explicit %%clean section + +* Thu Aug 03 2017 Fedora Release Engineering - 1.81-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 1.81-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Sun Jun 04 2017 Jitka Plesnikova - 1.81-2 +- Perl 5.26 rebuild + +* Tue Mar 28 2017 Paul Howarth - 1.81-1 +- Update to 1.81 + - Enable RSA_get_key_parameters with LibreSSL - again + - Fixed memory leak in X509_get_subjectAltNames + - Added . to lib path in Makefile.PL to accommodate people who are using a + perl with -Ddefault_inc_excludes_dot + - Fixed build failure if engine support not present + - Improvements to get_my_thread_id to work around possibility of ERRSV not + being defined, e.g. on OpenWRT + +* Sat Feb 11 2017 Fedora Release Engineering - 1.80-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Thu Jan 5 2017 Paul Howarth - 1.80-1 +- Update to 1.80 + - Fix unexpected changes in the control flow of the Perl program that seemed + to be triggered by the ticket key callback + +* Tue Jan 3 2017 Paul Howarth - 1.79-1 +- Update to 1.79 + - Patch to fix a few inline variable declarations that cause errors for older + compilers + - Patch: Generated C code is not compatible with MSVC, AIX cc, probably + others; added some PREINIT blocks and replaced 2 cases of INIT with PREINIT + - Fix compile failure if the OpenSSL library it's built against has + compression support compiled out + - Added RSA_get_key_parameters() to return a list of pointers to RSA key + internals (only available prior to OpenSSL 1.1) + - Fix some documentation typos + - Testing with openssl-1.1.0b + +* Wed Oct 12 2016 Paul Howarth - 1.78-2 +- Rebuild for OpenSSL 1.1.0 in Fedora 26 + +* Sun Aug 14 2016 Paul Howarth - 1.78-1 +- Update to 1.78 + - Fixed broken (since 1.75) OCSP code and tests + +* Thu Aug 11 2016 Paul Howarth - 1.77-2 +- Fix OCSP (CPAN RT#116795) + +* Mon Aug 1 2016 Paul Howarth - 1.77-1 +- Update to 1.77 + - Fixed incorrect size to memset in tlsext_ticket_key_cb_invoke + +* Sun Jul 31 2016 Paul Howarth - 1.76-1 +- Update to 1.76 + - Compatibility with OpenSSL 1.1, tested with openssl-1.1.0-pre5: + - Conditionally remove threading locking code, not needed in 1.1 + - Rewrite code that accesses inside X509_ATTRIBUTE struct + - SSL_CTX_need_tmp_RSA, SSL_CTX_set_tmp_rsa, SSL_CTX_set_tmp_rsa_callback, + SSL_set_tmp_rsa_callback support not available in 1.1 + - SSL_session_reused is now native + - SSL_get_keyblock_size modifed to use new API + - OCSP functions modified to use new API under 1.1 + - SSL_set_state removed with 1.1 + - SSL_get_state and SSL_state are now equivalent and available in all + versions + - SSL_CTX_v2_new removed + - SESSION_set_master_key removed with 1.1; code that previously used + SESSION_set_master_key must now set $secret in the session_secret + callback set with SSL_set_session_secret_cb + - With 1.1, $secret in the session_secret callback set with + SSL_set_session_secret_cb can be changed to alter the master key + (required by EAP-FAST) + - Added a function EC_KEY_generate_key similar to RSA_generate_key and a + function EVP_PKEY_assign_EC_KEY similar to EVP_PKEY_assign_RSA; using + these functions it is easy to create and use EC keys in the same way as RSA + keys + - Testing with LibreSSL 2.4.1 + - Provide support for cross context (and cross process) session sharing using + the stateless TLS session tickets + - Added documentation about downloading latest version from SVN + - Added missing Module/install files to SVN + +* Thu Jul 21 2016 Paul Howarth - 1.74-3 +- Fix FTBFS when perl isn't in the SRPM build root + +* Sun May 15 2016 Jitka Plesnikova - 1.74-2 +- Perl 5.24 rebuild + +* Tue Apr 12 2016 Paul Howarth - 1.74-1 +- Update to 1.74 + - README.OSX was missing from the distribution + +* Mon Apr 11 2016 Paul Howarth - 1.73-1 +- Update to 1.73 + - Added X509_get_X509_PUBKEY + - Added README.OSX with instructions on how to build for recent OS X + - Added info about using OPENSSL_PREFIX to README.Win32 + - Added comments in POD about installation documentation + - Added '/usr/local/opt/openssl/bin/openssl' to Openssl search path for + latest version of OSX homebrew openssl +- Simplify find commands using -delete + +* Thu Feb 04 2016 Fedora Release Engineering - 1.72-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Fri Jan 15 2016 Paul Howarth - 1.72-2 +- Prefer %%global over %%define + +* Tue Sep 22 2015 Paul Howarth - 1.72-1 +- Update to 1.72 + - Fixed a problem where SvPVx_nolen was undefined in some versions of perl; + replaced with SvPV_nolen + - Fixed a cast warning on Darwin + +* Fri Sep 18 2015 Paul Howarth - 1.71-1 +- Update to 1.71 + - Conditionalize support for MD4, MD5 + - Added support for linking libraries in /usr/local/lib64 for some flavours + of Linux like RH Tikanga + - Fixes to X509_check_host, X509_check_ip, SSL_CTX_set_alpn_protos, and + SSL_set_alpn_protos so they will compile on MSVC and AIX cc + - Fixed typos in documentation for X509_NAME_new and X509_NAME_hash + - Version number in META.yml is now quoted +- Explicitly BR: perl-devel, needed for EXTERN.h + +* Fri Jun 26 2015 Paul Howarth - 1.70-1 +- Update to 1.70 + - The new OpenSSL 1.0.2 X509_check_* functions are not available in current + LibreSSL, so disable them in SSLeay.xs + - Fixed a problem with building against OSX homebrew's openssl + - Removed a test in t/local/33_x509_create_cert.t that fails due to changes + in 1.0.1n and later + +* Thu Jun 18 2015 Fedora Release Engineering - 1.69-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Tue Jun 09 2015 Jitka Plesnikova - 1.69-2 +- Perl 5.22 rebuild + +* Sun Jun 7 2015 Paul Howarth - 1.69-1 +- Update to 1.69 + - Testing with OpenSSL 1.0.2, 1.0.2a OK + - Completed LibreSSL compatibility + - Improved compatibility with OpenSSL 1.0.2a + - Added the X509_check_* functions introduced in OpenSSL 1.0.2 + - Added support for X509_V_FLAG_TRUSTED_FIRST constant + - Allow get_keyblock_size to work correctly with OpenSSL 1.0.1 onwards + +* Fri Jun 05 2015 Jitka Plesnikova - 1.68-3 +- Perl 5.22 rebuild + +* Mon May 18 2015 Paul Howarth - 1.68-2 +- SSLv3_method not dropped in OpenSSL 1.0.2, so revert that change (#1222521) + +* Fri Jan 30 2015 Paul Howarth - 1.68-1 +- Update to 1.68 + - Improvements to inc/Module/Install/PRIVATE/Net/SSLeay.pm to handle the case + where there are muliple OPENSSLs installed + - Fixed a documentation error in get_peer_cert_chain + - Fixed a problem with building on Windows that prevented correct OpenSSL + directory detection with version 1.0.1j as delivered with Shining Light + OpenSSL + - Fixed a problem with building on Windows that prevented finding MT or MD + versions of SSL libraries + - Updated doc in README.Win32 to build with Microsoft Visual Studio 2010 + Express + - Added Windows crypt32 library to Windows linking as some + compilers/platforms seem to require it and it is innocuous otherwise + - Fixed a failure in t/external/20_cert_chain.t where some platforms do not + have HTTPS in /etc/services + - Recent 1.0.2 betas have dropped the SSLv3_method function; we leave out + the function on newer versions, much the same as the SSLv2 deprecation is + handled + - Fix the ALPN test, which was incorrectly failing on OpenSSL due to the + LibreSSL check (earlier versions bailed out before that line) + - Fixed a problem on OSX when macports openssl 1.x is installed: headers from + macport were found but older OSX openssl libraries were linked, resulting + in "Symbol not found: _EVP_MD_do_all_sorted" + - Added notes about runtime error "no OPENSSL_Applink", when calling + Net::SSLeay::P_PKCS12_load_file +- Don't change %%{__perl_provides} unless we need to + +* Tue Sep 09 2014 Jitka Plesnikova - 1.66-2 +- Perl 5.20 mass + +* Mon Sep 8 2014 Paul Howarth - 1.66-1 +- Update to 1.66 + - Fixed compile problem with perl prior to 5.8.8, similar to CPAN RT#76267 + - Fixed a problem with Socket::IPPROTO_TCP on early perls + - After discussions with the community and the original author Sampo + Kellomaki, the license conditions have been changed to "Perl Artistic + License 2.0" +- License changed to Artistic 2.0 +- Use %%license where possible + +* Thu Aug 28 2014 Jitka Plesnikova - 1.65-3 +- Perl 5.20 rebuild + +* Sun Aug 17 2014 Fedora Release Engineering - 1.65-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Tue Jul 15 2014 Paul Howarth - 1.65-1 +- Update to 1.65 + - Added note to docs to make it clear that X509_get_subjectAltNames returns a + packed binary IP address for type 7 - GEN_IPADD + - Improvements to SSL_OCSP_response_verify to compile under non-c99 compilers + - Port to Android, includes Android-specific version of RSA_generate_key + - Added LibreSSL support + - Patch that fixes the support for SSL_set_info_callback and adds + SSL_CTX_set_info_callback and SSL_set_state; support for these functions is + necessary to either detect renegotiation or to enforce renegotiation + - Fixed a problem with SSL_set_state not available on some early OpenSSLs + - Removed arbitrary size limits from calls to tcp_read_all in tcpcat() and + http_cat() + - Removed unnecessary Debian_CPANTS.txt from MANIFEST - again + +* Wed Jun 11 2014 Paul Howarth - 1.64-1 +- Update to 1.64 + - Test ocsp.t now does not fail if HTTP::Tiny is not installed + - Fixed repository in META.yml + - Fixed a problem with SSL_get_peer_cert_chain: if the SSL handshake results + in an anonymous authentication, like ADH-DES-CBC3-SHA, get_peer_cert_chain + will not return an empty list, but instead return the SSL object + - Fixed a problem where patch + https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=3009244d + caused a failed test in t/local/33_x509_create_cert.t + +* Sun Jun 8 2014 Paul Howarth - 1.63-3 +- Fix failing test with openssl-1.0.1h (upstream commit 414, CPAN RT#96256) + +* Sat Jun 7 2014 Fedora Release Engineering - 1.63-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Mon May 19 2014 Paul Howarth - 1.63-1 +- Update to 1.63 + - Improvements to OCSP support: it turns out that some CAs (like Verisign) + sign the OCSP response with the CA we have in the trust store and don't + attach this certifcate in the response, but OpenSSL by itself only + considers the certificates included in the response and + SSL_OCSP_response_verify added the certificates in the chain too, so now + we also add the trusted CA from the store which signed the lowest chain + certificate, at least if we could not verify the OCSP response without + doing it + - Fixed some compiler warnings +- BR: perl(HTTP::Tiny) for test suite + +* Mon May 12 2014 Paul Howarth - 1.61-1 +- Update to 1.61 + - Fixed a typo in an error message + - Fixed a problem with building with openssl that does not support OCSP + - Fixed some newly introduced warnings if compiled with -Wall + - Fixed format string issue causing build failures + - Changed calloc to Newx and free to Safefree, otherwise there might be + problems because calloc is done from a different memory pool than free + (depends on the build options for perl, but seen on Windows) + +* Sat May 10 2014 Paul Howarth - 1.59-1 +- Update to 1.59 + - Fixed local/30_error.t so that tests do not fail if diagnostics are enabled + - Fixed error messages about undefined strings used with length or split + - Improvements to configuration of OPTIMIZE flags, to prevent overriding of + perl's expected optimization flags + - SSL_peek() now returns openssl error code as second item when called in + array context, same as SSL_read + - Fixed some warnings + - Added support for tlsv1.1 tlsv1.2 via $Net::SSLeay::ssl_version + - Improve examples in 'Using other perl modules based on Net::SSLeay' + - Added support for OCSP + - Added missing t/external/ocsp.t +- Add patch to stop gcc complaining about format string usage + +* Wed Jan 15 2014 Paul Howarth - 1.58-1 +- Update to 1.58 + - Always use size_t for strlen() return value + - t/external/20_cert_chain.t was missing from dist + - Version number in META.yml was incorrect + - Improvements to test t/external/20_cert_chain.t to provoke following bug: + fixed crash due to SSL_get_peer_cert_chain incorrectly free'ing the chain + after use + - Fixed a problem when compiling against openssl where OPENSSL_NO_EC is set +- Drop Fedora/EL ECC support patch, no longer needed + +* Sun Jan 12 2014 Paul Howarth - 1.57-1 +- Update to 1.57 + - Fixed remaining problems with test suite: pod coverage and kwalitee tests + are only enabled with RELEASE_TESTING=1 + +* Wed Jan 8 2014 Paul Howarth - 1.56-1 +- Update to 1.56 + - Fixed a typo in documentation of BEAST Attack + - Added LICENSE file copied from OpenSSL distribution to prevent complaints + from various versions of kwalitee + - Adjusted license: in META.yml to be 'openssl' + - Adds support for the basic operations necessary to support ECDH for PFS, + e.g. EC_KEY_new_by_curve_name, EC_KEY_free and SSL_CTX_set_tmp_ecdh + - Improvements to t/handle/external/50_external.t to handle the case when a + test connection was not possible + - Added support for ALPN TLS extension + - Fixed a use-after-free error + - Fixed a problem with invalid comparison on OBJ_cmp result in + t/local/36_verify.t + - Added support for get_peer_cert_chain() + - Fixed a bug that could cause stack faults: mixed up PUTBACK with SPAGAIN in + ssleay_RSA_generate_key_cb_invoke(); a final PUTBACK is needed here + - Fixed cb->data checks and wrong refcounts on &PL_sv_undef + - Deleted support for SSL_get_tlsa_record_byname: it is not included in + OpenSSL git master +- Drop upstreamed patch for CPAN RT#91215 +- Skip the Pod Coverage test, as there are naked subroutines in this release +- ECC support not available in Fedora/EL until OpenSSL 1.0.1e, so patch the + source accordingly to fix builds for F-12 .. F-17 + +* Fri Dec 6 2013 Paul Howarth - 1.55-6 +- Fix usage of OBJ_cmp in the test suite (CPAN RT#91215) + +* Sun Dec 1 2013 Paul Howarth - 1.55-5 +- Drop the kwalitee test for now as it's too fussy for the current code + +* Wed Aug 14 2013 Jitka Plesnikova - 1.55-4 +- Perl 5.18 re-rebuild of bootstrapped packages + +* Sat Aug 03 2013 Fedora Release Engineering - 1.55-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Mon Jul 22 2013 Petr Pisar - 1.55-2 +- Perl 5.18 rebuild + +* Sat Jun 8 2013 Paul Howarth - 1.55-1 +- update to 1.55 + - added support for TLSV1_1 and TLSV1_2 methods with SSL_CTX_tlsv1_1_new(), + SSL_CTX_tlsv1_2_new(), TLSv1_1_method() and TLSv1_2_method(), where + available in the underlying openssl + - added CRL support functions X509_CRL_get_ext(), X509_CRL_get_ext_by_NID(), + X509_CRL_get_ext_count() + - fixed a problem that could cause content with a value of '0' to be + incorrectly encoded by do_httpx3 and friends (CPAN RT#85417) + - added support for SSL_get_tlsa_record_byname() required for DANE support in + openssl-1.0.2 and later + - testing with openssl-1.0.2-stable-SNAP-20130521 + - added X509_NAME_new and X509_NAME_hash + +* Sat Mar 23 2013 Paul Howarth - 1.54-1 +- update to 1.54 + - added support for SSL_export_keying_material where present (i.e. in OpenSSL + 1.0.1 and later) + - changed t/handle/external/50_external.t to use www.airspayce.com instead of + perldition.org, who no longer have an https server + - patch to fix a crash: P_X509_get_crl_distribution_points on an X509 + certificate with values in the CDP extension that do not have an ia5 string + would cause a segmentation fault when accessed + - change in t/local/32_x509_get_cert_info.t to not use + Net::SSLeay::ASN1_INTEGER_get, since it works differently on 32 and 64 bit + platforms + - updated author and distribution location details to airspayce.com + - improvement to test 07_sslecho.t so that if set_cert_and_key fails we can + tell why + +* Thu Feb 14 2013 Fedora Release Engineering - 1.52-2 +- rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Wed Jan 9 2013 Paul Howarth - 1.52-1 +- update to 1.52 + - rebuild package with gnu format tar, to prevent problems with unpacking on + other systems such as old Solaris + +* Fri Dec 14 2012 Paul Howarth - 1.51-1 +- update to 1.51 + - fixed a problem where SSL_set_SSL_CTX is not available with + OpenSSL < 0.9.8f (CPAN RT#81940) +- fix bogus date in spec changelog + +* Thu Dec 13 2012 Paul Howarth - 1.50-1 +- update to 1.50 + - fixed a problem where t/handle/external/50_external.t would crash if any of + the test sites were not contactable + - now builds on VMS, added README.VMS + - fixed a few compiler warnings in SSLeay.xs; most of them are just + signed/unsigned pointer mismatches but there is one that actually fixes + returning what would be an arbitrary value off the stack from + get_my_thread_id if it happened to be called in a non-threaded build + - added SSL_set_tlsext_host_name, SSL_get_servername, SSL_get_servername_type, + SSL_CTX_set_tlsext_servername_callback for server side Server Name + Indication (SNI) support + - fixed a problem with C++ comments preventing builds on AIX and HPUX + - perdition.org not available for tests, changed to www.open.com.au + - added SSL_FIPS_mode_set + - improvements to test suite so it succeeds with and without FIPS mode + enabled + - added documentation, warning not to pass UTF-8 data in the content + argument to post_https + +* Tue Sep 25 2012 Paul Howarth - 1.49-1 +- update to 1.49 + - fixed problem where on some platforms test t/local/07_tcpecho.t would bail + out if it could not bind port 1212; it now tries a number of ports to bind + to until successful + - improvements to unsigned casting + - improvements to Net::SSLeay::read to make it easier to use with + non-blocking IO: it modifies Net::SSLeay::read() to return the result from + SSL_read() as the second return value, if Net::SSLeay::read() is called in + list context (its behavior should be unchanged if called in scalar or void + context) + - fixed a problem where t/local/kwalitee.t fails with + Module::CPANTS::Analyse 0.86 + - fixed a number of typos + - fixed a compiler warning from Compiling with gcc-4.4 and -Wall + - Fixed problems with get_https4: documentation was wrong, $header_ref was + not correctly set and $server_cert was not returned + - fixed a problem that could cause a Perl exception about no blength method + on undef (CPAN RT#79309) + - added documentation about how to mitigate various SSL/TLS vulnerabilities + - SSL_MODE_* are now available as constants +- drop upstreamed pod encoding patch + +* Mon Aug 20 2012 Paul Howarth - 1.48-6 +- fix POD encoding (CPAN RT#78281) +- classify buildreqs by usage +- BR:/R: perl(XSLoader) + +* Mon Aug 13 2012 Petr Pisar - 1.48-5 +- specify all dependencies + +* Fri Jul 20 2012 Fedora Release Engineering - 1.48-4 +- rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Tue Jul 10 2012 Petr Pisar - 1.48-3 +- perl 5.16 re-rebuild of bootstrapped packages + +* Wed Jun 13 2012 Petr Pisar - 1.48-2 +- perl 5.16 rebuild + +* Wed Apr 25 2012 Paul Howarth - 1.48-1 +- update to 1.48 + - removed unneeded Debian_CPANTS.txt from MANIFEST + - fixed incorrect documentation about the best way to call CTX_set_options + - fixed problem that caused "Undefined subroutine utf8::encode" in + t/local/33_x509_create_cert.t (on perl 5.6.2) + - in examples and pod documentation, changed #!/usr/local/bin/perl + to #!/usr/bin/perl + - t/local/06_tcpecho.t now tries a number of ports to bind to until + successful +- no longer need to fix shellbangs in examples + +* Thu Apr 19 2012 Paul Howarth - 1.47-3 +- simplify Test::Kwalitee conditional + +* Thu Apr 19 2012 Marcela Mašláňová - 1.47-2 +- make module Kwalitee conditional + +* Wed Apr 4 2012 Paul Howarth - 1.47-1 +- update to 1.47 + - fixed overlong lines and spelling errors in pod + - fixed extra "garbage" files in 1.46 tarball + - fixed incorrect fail reports on some 64 bit platforms + - fix to avoid FAIL reports from cpantesters with missing openssl + - use my_snprintf from ppport.h to prevent link failures with perl 5.8 and + earlier when compiled with MSVC + +* Tue Apr 3 2012 Paul Howarth - 1.46-1 +- update to 1.46 (see Changes file for details) +- BR: openssl as well as openssl-devel, needed for building +- no longer need help to find openssl +- upstream no longer shipping TODO +- drop %%defattr, redundant since rpm 4.4 + +* Sat Feb 25 2012 Paul Howarth - 1.45-1 +- update to 1.45 (see Changes file for full details) + - added thread safety and dynamic locking, which should complete thread + safety work, making Net::SSLeay completely thread-safe + - lots of improved documentation +- BR: perl(Test::Pod::Coverage) +- install Net/SSLeay.pod as %%doc + +* Thu Jan 12 2012 Paul Howarth - 1.42-2 +- use DESTDIR rather than PERL_INSTALL_ROOT +- use %%{_fixperms} macro rather than our own chmod incantation +- BR: perl(AutoLoader), perl(Exporter), perl(Socket) + +* Mon Oct 3 2011 Paul Howarth - 1.42-1 +- update to 1.42 + - fixed incorrect documentation of how to enable CRL checking + - fixed incorrect letter in Sebastien in Credits + - changed order of the Changes file to be reverse chronological + - fixed a compile error when building on Windows with MSVC6 +- drop UTF8 patch, no longer needed + +* Sun Sep 25 2011 Paul Howarth - 1.41-1 +- update to 1.41 + - fixed incorrect const signatures for 1.0 that were causing warnings; now + have clean compile with 0.9.8a through 1.0.0 +- BR: perl(Carp) + +* Fri Sep 23 2011 Paul Howarth - 1.40-1 +- update to 1.40 + - fixed incorrect argument type in call to SSL_set1_param + - fixed a number of issues with pointer sizes; removed redundant pointer cast + tests from t/ + - added Perl version requirements to SSLeay.pm + +* Wed Sep 21 2011 Paul Howarth - 1.39-1 +- update to 1.39 + - downgraded Module::Install to 0.93 since 1.01 was causing problems in the + Makefile + +* Fri Sep 16 2011 Paul Howarth - 1.38-1 +- update to 1.38 + - fixed a problem with various symbols that only became available in OpenSSL + 0.9.8 such as X509_VERIFY_PARAM and X509_POLICY_NODE, causing build + failures with older versions of OpenSSL (CPAN RT#71013) + +* Fri Sep 16 2011 Paul Howarth - 1.37-1 +- update to 1.37 + - added X509_get_fingerprint + - added support for SSL_CTX_set1_param, SSL_set1_param and selected + X509_VERIFY_PARAM_* OBJ_* functions + - fixed the prototype for randomize() + - fixed an uninitialized value warning in $Net::SSLeay::proxyauth + - allow net-ssleay to compile if SSLV2 is not present + - fixed a problem where sslcat (and possibly other functions) expect RSA + keys and will not load DSA keys for client certificates + - removed SSL_CTX_v2_new and SSLv2_method() for OpenSSL 1.0 and later + - added CTX_use_PKCS12_file +- this release by MIKEM => update source URL + +* Tue Jul 19 2011 Petr Sabata - 1.36-7 +- Perl mass rebuild + +* Thu Jul 14 2011 Paul Howarth - 1.36-6 +- BR: perl(Test::Kwalitee) if we're not bootstrapping +- explicitly BR: pkgconfig +- use a patch rather than a scripted iconv to fix the character encoding +- modernize provides filter +- stop running the tests in verbose mode +- nobody else likes macros for commands + +* Wed Jul 13 2011 Iain Arnell - 1.36-5 +- drop obsolete BRs Array::Compare, Sub::Uplevel, Tree::DAG_Node + +* Tue Feb 08 2011 Fedora Release Engineering - 1.36-4 +- rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Tue Dec 21 2010 Marcela Maslanova - 1.36-3 +- rebuild to fix problems with vendorarch/lib (#661697) + +* Tue May 04 2010 Marcela Maslanova - 1.36-2 +- mass rebuild with perl-5.12.0 + +* Sun Jan 31 2010 Paul Howarth - 1.36-1 +- update to 1.36 (see Changes for details) +- drop svn patches + +* Mon Dec 7 2009 Stepan Kasal - 1.35-8 +- rebuild against perl 5.10.1 + +* Sat Aug 22 2009 Paul Howarth - 1.35-7 +- update to svn trunk (rev 252), needed due to omission of MD2 functionality + from OpenSSL 1.0.0 (CPAN RT#48916) + +* Fri Aug 21 2009 Tomas Mraz - 1.35-6 +- rebuilt with new openssl + +* Sun Jul 26 2009 Fedora Release Engineering - 1.35-5 +- rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Sun Mar 8 2009 Paul Howarth - 1.35-4 +- filter out unwanted provides for perl shared objects +- run tests in verbose mode + +* Thu Feb 26 2009 Fedora Release Engineering - 1.35-3 +- rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Sat Jan 17 2009 Tomas Mraz - 1.35-2 +- rebuild with new openssl + +* Mon Jul 28 2008 Paul Howarth - 1.35-1 +- update to 1.35 +- drop flag and patch for enabling/disabling external tests - patch now upstream +- external hosts patch no longer needed as we don't do external tests +- filter out unversioned provide for perl(Net::SSLeay) +- use the distro openssl flags rather than guessing them + +* Wed Feb 27 2008 Tom "spot" Callaway - 1.32-5 +- rebuild for perl 5.10 (again) + +* Tue Feb 19 2008 Fedora Release Engineering - 1.32-4 +- autorebuild for GCC 4.3 + +* Thu Jan 31 2008 Tom "spot" Callaway - 1.32-3 +- rebuild for new perl + +* Wed Dec 5 2007 Paul Howarth - 1.32-2 +- rebuild with new openssl + +* Wed Nov 28 2007 Paul Howarth - 1.32-1 +- update to 1.32, incorporate new upstream URLs +- cosmetic spec changes suiting new maintainer's preferences +- fix argument order for find with -depth +- remove patch for CVE-2005-0106, fixed upstream in 1.30 (#191351) + (http://rt.cpan.org/Public/Bug/Display.html?id=19218) +- remove test patch, no longer needed +- re-encode Credits as UTF-8 +- include TODO as %%doc +- add buildreqs perl(Array::Compare), perl(MIME::Base64), perl(Sub::Uplevel), + perl(Test::Exception), perl(Test::NoWarnings), perl(Test::Pod), + perl(Test::Warn), perl(Tree::DAG_Node) +- add patch needed to disable testsuite non-interactively +- run test suite but disable external tests by default; external tests can be + enabled by using rpmbuild --with externaltests +- add patch to change hosts connected to in external tests + +* Fri Nov 16 2007 Parag Nemade - 1.30-7 +- Merge Review (#226272) Spec cleanup + +* Tue Nov 6 2007 Stepan Kasal - 1.30-6 +- fix a typo in description (#231756, #231757) + +* Tue Oct 16 2007 Tom "spot" Callaway - 1.30-5.1 +- correct license tag +- add BR: perl(ExtUtils::MakeMaker) + +* Tue Aug 21 2007 Warren Togami - 1.30-5 +- rebuild + +* Fri Jul 14 2006 Warren Togami - 1.30-4 +- import into FC6 + +* Tue Feb 28 2006 Jose Pedro Oliveira - 1.30-3 +- Rebuild for FC5 (perl 5.8.8). + +* Fri Jan 27 2006 Jose Pedro Oliveira - 1.30-2 +- CVE-2005-0106: patch from Mandriva + http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:023 + +* Sun Jan 15 2006 Ville Skyttä - 1.30-1 +- 1.30. +- Optionally run the test suite during build with "--with tests". + +* Wed Nov 9 2005 Ville Skyttä - 1.26-3 +- Rebuild for new OpenSSL. +- Cosmetic cleanups. + +* Wed Apr 6 2005 Michael Schwendt - 1.26-2 +- rebuilt + +* Mon Dec 20 2004 Ville Skyttä - 0:1.26-1 +- Drop fedora.us release prefix and suffix. + +* Mon Oct 25 2004 Ville Skyttä - 0:1.26-0.fdr.2 +- Convert manual page to UTF-8. + +* Tue Oct 12 2004 Ville Skyttä - 0:1.26-0.fdr.1 +- Update to unofficial 1.26 from Peter Behroozi, adds get1_session(), + enables session caching with IO::Socket::SSL (bug 1859, bug 1860). +- Bring outdated test14 up to date (bug 1859, test suite still not enabled). + +* Sun Jul 11 2004 Ville Skyttä - 0:1.25-0.fdr.4 +- Rename to perl-Net-SSLeay, provide perl-Net_SSLeay for compatibility + with the rest of the world. + +* Wed Jul 7 2004 Ville Skyttä - 0:1.25-0.fdr.3 +- Bring up to date with current fedora.us Perl spec template. +- Include examples in docs. + +* Sun Feb 8 2004 Ville Skyttä - 0:1.25-0.fdr.2 +- Reduce directory ownership bloat. + +* Fri Oct 17 2003 Ville Skyttä - 0:1.25-0.fdr.1 +- First build.