pkgsrc/security/p5-SSLeay/patches
mjl b632bed3a2 Update p5-Crypt-SSLeay to 0.35
+ Set local $SIG{PIPE} = \&die before $ssl->connect()
  to capture the "broken pipe" error associated with connecting
  to a computer that is not running a SSL web server

+ Documented differences / conflicts between LWP proxy support
  and Crypt::SSLeay which seems to be a source of confusion for users.

+ Added Net::SSL::get_peer_verify call so the warning header
  from LWP that says:

    Client-SSL-Warning: Peer certificate not verified

  can be suppressed when HTTPS_CA_FILE & HTTPS_CA_DIR environment
  variables are set to invoke peer certificate verification.

+ $ENV{HTTPS_DEBUG} activates Crypt::SSLeay specific debugging,
  so one can debug from LWP:: calls without using ./net_ssl_test script

- removed exit from Makefile.PL

+ Streamlined *CA* patches so only in $CTX->set_verify()
  which gets called every time now.

+ Throw error instead of return undef in Net::SSL->connect()
  because we loose the errors otherwise.

- Turn SSL_MODE_AUTO_RETRY on so clients can survive
  changes in SSLVerifyClient changes in the modssl connection

+ Integrated patches from Gamid Isayev for CA peer verification.

- Client certs weren't working correctly, setup certs earlier in connection
  now, also create new CTX per request, so cert settings don't remain
  sticky from one request to the next.

+ update ./net_ssl_test to do smart parsing of host, where
  host can now be of the form http://www.nodeworks.com:443/

- local $@ in Net::SSL::DESTROY so we don't kill real errors

- return undef in Net::SSL::connect() instead of die() for better LWP
  support & error handling.

+ alarm() on Unix platforms around ssl ctx connect, which can hang for
  process for way too long when trying to connect to dead https SSL servers.

Fixes PR/15053 by Shell Hung.
2002-01-19 03:19:12 +00:00
..
patch-aa Update p5-Crypt-SSLeay to 0.35 2002-01-19 03:19:12 +00:00