Overview
Request 184296 accepted
- new version 0.951
* better document builtin defaults for key,cert,CA and how they are depreceated
* use Net::SSLeay::SSL_CTX_set_default_verify_paths to use
openssl's builtin defaults for CA unless CA path/file was given
* MAJOR BEHAVIOR CHANGE:
ssl_verify_mode now defaults to verify_peer for client. Until
now it used verify_none, but loudly complained since 1.79 about
it. It will not complain any longer, but the connection might
probably fail. Please don't simply disable ssl verification, but
instead set SSL_ca_file etc so that verification succeeds!
* MAJOR BEHAVIOR CHANGE:
it will now complain if the builtin defaults of certs/my-ca.pem
or ca/ for CA and certs/{server,client}-{key,cert}.pem for cert
and key are used, e.g. no certificates are specified explicitly.
In the future these insecure (relative path!) defaults will be
removed and the CA replaced with the system defaults.
* Makefile.PL reported wrong version of openssl, if Net::SSLeay was not
installed instead of reporting missing dependency to Net::SSLeay.
* need at least OpenSSL version 0.9.8 now, since last 0.9.7 was released 6
years ago. Remove code to work around older releases.
* changed AUTHOR in Makefile.PL from array back to string, because the
array feature is not available in MakeMaker shipped with 5.8.9 (RT#85739)
* Intercept: use sha1-fingerprint of original cert for id into cache unless
otherwise given
* Fix pod error in IO::Socket::SSL::Utils RT#85733
* added IO::Socket::SSL::Utils for easier manipulation of certificates and keys
* moved SSL interception into IO::Socket::SSL::Intercept and simplified it
using IO::Socket::SSL::Utils
* enhance meta information in Makefile.PL
* RT#85290, support more digest, especially SHA-2. (forwarded request 182138 from lnussel)
Request History
lrupp created request
- new version 0.951
* better document builtin defaults for key,cert,CA and how they are depreceated
* use Net::SSLeay::SSL_CTX_set_default_verify_paths to use
openssl's builtin defaults for CA unless CA path/file was given
* MAJOR BEHAVIOR CHANGE:
ssl_verify_mode now defaults to verify_peer for client. Until
now it used verify_none, but loudly complained since 1.79 about
it. It will not complain any longer, but the connection might
probably fail. Please don't simply disable ssl verification, but
instead set SSL_ca_file etc so that verification succeeds!
* MAJOR BEHAVIOR CHANGE:
it will now complain if the builtin defaults of certs/my-ca.pem
or ca/ for CA and certs/{server,client}-{key,cert}.pem for cert
and key are used, e.g. no certificates are specified explicitly.
In the future these insecure (relative path!) defaults will be
removed and the CA replaced with the system defaults.
* Makefile.PL reported wrong version of openssl, if Net::SSLeay was not
installed instead of reporting missing dependency to Net::SSLeay.
* need at least OpenSSL version 0.9.8 now, since last 0.9.7 was released 6
years ago. Remove code to work around older releases.
* changed AUTHOR in Makefile.PL from array back to string, because the
array feature is not available in MakeMaker shipped with 5.8.9 (RT#85739)
* Intercept: use sha1-fingerprint of original cert for id into cache unless
otherwise given
* Fix pod error in IO::Socket::SSL::Utils RT#85733
* added IO::Socket::SSL::Utils for easier manipulation of certificates and keys
* moved SSL interception into IO::Socket::SSL::Intercept and simplified it
using IO::Socket::SSL::Utils
* enhance meta information in Makefile.PL
* RT#85290, support more digest, especially SHA-2. (forwarded request 182138 from lnussel)
factory-auto accepted review
Check script succeeded
factory-auto added a reviewer
Please review sources
factory-auto added a reviewer
Please review build success
licensedigger accepted review
{"approve": "preliminary, version number changed"}
factory-repo-checker accepted review
Builds for repo pure_factory
mvyskocil accepted review
mvyskocil approved review
coolo accepted request
checkin
