+ Set local $SIG{PIPE} = \&die before $ssl->connect()
to capture the "broken pipe" error associated with connecting
to a computer that is not running a SSL web server
+ Documented differences / conflicts between LWP proxy support
and Crypt::SSLeay which seems to be a source of confusion for users.
+ Added Net::SSL::get_peer_verify call so the warning header
from LWP that says:
Client-SSL-Warning: Peer certificate not verified
can be suppressed when HTTPS_CA_FILE & HTTPS_CA_DIR environment
variables are set to invoke peer certificate verification.
+ $ENV{HTTPS_DEBUG} activates Crypt::SSLeay specific debugging,
so one can debug from LWP:: calls without using ./net_ssl_test script
- removed exit from Makefile.PL
+ Streamlined *CA* patches so only in $CTX->set_verify()
which gets called every time now.
+ Throw error instead of return undef in Net::SSL->connect()
because we loose the errors otherwise.
- Turn SSL_MODE_AUTO_RETRY on so clients can survive
changes in SSLVerifyClient changes in the modssl connection
+ Integrated patches from Gamid Isayev for CA peer verification.
- Client certs weren't working correctly, setup certs earlier in connection
now, also create new CTX per request, so cert settings don't remain
sticky from one request to the next.
+ update ./net_ssl_test to do smart parsing of host, where
host can now be of the form http://www.nodeworks.com:443/
- local $@ in Net::SSL::DESTROY so we don't kill real errors
- return undef in Net::SSL::connect() instead of die() for better LWP
support & error handling.
+ alarm() on Unix platforms around ssl ctx connect, which can hang for
process for way too long when trying to connect to dead https SSL servers.
Fixes PR/15053 by Shell Hung.
