Changes (from 0.49) :
- fixed build problem for OpenSSL 0.9.6 and some builds
of perl 5.8.x which resulted in make error:
/usr/include/openssl/des.h:193: parse error before '&' token"
Thanks to Rob Brown for submitting a similar patch to cover
this problem
- bug fix from Dongqiang Bai when server using proxy cannot
resolve host name being connected to
- Added c:/openssl in default search path on win32 machines
which is the recommended installation area in the openssl dist
- Added patch from Pavel Hlavnicka for freeing memory leaks
from SSL_CTX_use_pkcs12_file() whose functionality is triggered
by the $ENV{HTTPS_PKCS12_*} settings
- Added alarm() during Net::SSL->read() to honor socket timeout
setting for more robust applications. read()
will die_with_error() which in consistent with previous
semantics used during SSL read() failure
Thanks to Pavel Hlavnicka for prompting this change.
- Removed code that supported versions of SSLeay before version 0.8
I believe SSLeay v.8 was released back in 1998
- Added patch from Devin Heitmueller so that initial random seed
would be taken from /dev/urandom if available via RAND_load_file
API
Changes from 0.45
+ Added patch from Pavel Hlavnicka for freeing memory leaks
from SSL_CTX_use_pkcs12_file() whose functionality is triggered
by the $ENV{HTTPS_PKCS12_*} settings
+ Set timeout to 15 seconds for ./net_ssl_test and lwp-ssl-test
sample scripts for better testing of timeout behavior
+ Added alarm() during Net::SSL->read() to honor socket timeout setting
for more robust applications. read() will die_with_error() which
in consistent with previous semantics used during SSL read() failure
Thanks to Pavel Hlavnicka for prompting this change.
+ Removed code that supported versions of SSLeay before version 0.8
I believe SSLeay v.8 was released back in 1998
+ Added patch from Devin Heitmueller so that initial random seed
would be taken from /dev/urandom if available via RAND_load_file API
Changes :
+ PKCS12 certificate support, patch submitted by Beni Takahashi,
author of patch Daisuke Kuroda
+ Fixing compile warnings on Solaris 8/Sparc with Forte 7.0 about
implicit conversions and implicit declarations. Thanks to
Marek Rouchal for bug report.
- Removed unused dependency on URI::URL, thanks to Ric Steinberger
for pointing out this problem under perl 5.8.0
- fixed Makefile.PL use of dirname() which could error for perl 5.8.x
Thanks to Chip Turner of RedHat for patch.
- Fixed a runtime error with Net::SSL->proxy for running under
perl warnings with no proxy defined, which t/net_ssl.t test case
revealed.
+ Added t/net_ssl.t test for initializing a Net::SSL object
+ Added build auto-detect for 0.9.6+ and only then use OPENSSL_free
instead of free() since older OpenSSL like 0.9.4 did not have it.
+ Added ./net_ssl_test -CAfile documentation, and root CA file from mod_ssl
distribution at certs/ca-bundle.crt that can be used for general root CA
peer certificate verification.
+ Plus many bugs fixed and improvement... see CHANGES for more
+ Set local $SIG{PIPE} = \&die before $ssl->connect()
to capture the "broken pipe" error associated with connecting
to a computer that is not running a SSL web server
+ Documented differences / conflicts between LWP proxy support
and Crypt::SSLeay which seems to be a source of confusion for users.
+ Added Net::SSL::get_peer_verify call so the warning header
from LWP that says:
Client-SSL-Warning: Peer certificate not verified
can be suppressed when HTTPS_CA_FILE & HTTPS_CA_DIR environment
variables are set to invoke peer certificate verification.
+ $ENV{HTTPS_DEBUG} activates Crypt::SSLeay specific debugging,
so one can debug from LWP:: calls without using ./net_ssl_test script
- removed exit from Makefile.PL
+ Streamlined *CA* patches so only in $CTX->set_verify()
which gets called every time now.
+ Throw error instead of return undef in Net::SSL->connect()
because we loose the errors otherwise.
- Turn SSL_MODE_AUTO_RETRY on so clients can survive
changes in SSLVerifyClient changes in the modssl connection
+ Integrated patches from Gamid Isayev for CA peer verification.
- Client certs weren't working correctly, setup certs earlier in connection
now, also create new CTX per request, so cert settings don't remain
sticky from one request to the next.
+ update ./net_ssl_test to do smart parsing of host, where
host can now be of the form http://www.nodeworks.com:443/
- local $@ in Net::SSL::DESTROY so we don't kill real errors
- return undef in Net::SSL::connect() instead of die() for better LWP
support & error handling.
+ alarm() on Unix platforms around ssl ctx connect, which can hang for
process for way too long when trying to connect to dead https SSL servers.
Fixes PR/15053 by Shell Hung.
The automatic truncation in gensolpkg doesn't work for packages which
have the same package name for the first 5-6 chars.
e.g. amanda-server and amanda-client would be named amanda and amanda.
Now, we add a SVR4_PKGNAME and use amacl for amanda-client and amase for
amanda-server.
All svr4 packages also have a vendor tag, so we have to reserve some chars
for this tag, which is normaly 3 or 4 chars. Thats why we can only use 6
or 5 chars for SVR4_PKGNAME. I used 5 for all the packages, to give the
vendor tag enough room.
All p5-* packages and a few other packages have now a SVR4_PKGNAME.
