[perl-IO-Socket-SSL] Update to 1.951
Paul Howarth
pghmcfc at fedoraproject.org
Wed Jul 3 12:06:17 UTC 2013
commit 5289b4544b356a6f0b3c58e3f8d1afb184676940
Author: Paul Howarth <paul at city-fan.org>
Date: Wed Jul 3 13:04:57 2013 +0100
Update to 1.951
- New upstream release 1.951
(1.950)
- MAJOR BEHAVIOR CHANGE:
- ssl_verify_mode now defaults to verify_peer for client
- Previously it used verify_none, but loudly complained since 1.79 about it
- It will not complain any longer, but the connection will probably fail
- Please don't simply disable ssl verification; instead, set SSL_ca_file
etc. so that verification succeeds!
- MAJOR BEHAVIOR CHANGE:
- It will now complain if the built-in defaults of certs/my-ca.pem or ca/
for CA and certs/{server,client}-{key,cert}.pem for cert and key are
used, i.e. no certificates are specified explicitly
- In the future these insecure (relative path!) defaults will be removed
and the CA replaced with the system defaults
(1.951)
- Use Net::SSLeay::SSL_CTX_set_default_verify_paths to use openssl's built-in
defaults for CA unless CA path/file was given (or IO::Socket::SSL built-ins
used)
perl-IO-Socket-SSL.spec | 30 +++++++++++++++++++++++++++---
sources | 2 +-
2 files changed, 28 insertions(+), 4 deletions(-)
---
diff --git a/perl-IO-Socket-SSL.spec b/perl-IO-Socket-SSL.spec
index 5de6d18..e7eec89 100644
--- a/perl-IO-Socket-SSL.spec
+++ b/perl-IO-Socket-SSL.spec
@@ -1,11 +1,15 @@
+# Work around Perl/RPM versioning inconsistencies
+%global rpmversion 1.95.1
+%global cpanversion 1.951
+
Name: perl-IO-Socket-SSL
-Version: 1.94
+Version: %{rpmversion}
Release: 1%{?dist}
Summary: Perl library for transparent SSL
Group: Development/Libraries
License: GPL+ or Artistic
URL: http://search.cpan.org/dist/IO-Socket-SSL/
-Source0: http://search.cpan.org/CPAN/authors/id/S/SU/SULLR/IO-Socket-SSL-%{version}.tar.gz
+Source0: http://search.cpan.org/CPAN/authors/id/S/SU/SULLR/IO-Socket-SSL-%{cpanversion}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu)
BuildArch: noarch
BuildRequires: openssl >= 0.9.8
@@ -44,7 +48,7 @@ SSL version selection. As an extra bonus, it works perfectly with
mod_perl.
%prep
-%setup -q -n IO-Socket-SSL-%{version}
+%setup -q -n IO-Socket-SSL-%{cpanversion}
%build
perl Makefile.PL INSTALLDIRS=vendor
@@ -70,6 +74,26 @@ rm -rf %{buildroot}
%{_mandir}/man3/IO::Socket::SSL::Utils.3pm*
%changelog
+* Wed Jul 3 2013 Paul Howarth <paul at city-fan.org> - 1.95.1-1
+- Update to 1.951
+ (1.950)
+ - MAJOR BEHAVIOR CHANGE:
+ - ssl_verify_mode now defaults to verify_peer for client
+ - Previously it used verify_none, but loudly complained since 1.79 about it
+ - It will not complain any longer, but the connection will probably fail
+ - Please don't simply disable ssl verification; instead, set SSL_ca_file
+ etc. so that verification succeeds!
+ - MAJOR BEHAVIOR CHANGE:
+ - It will now complain if the built-in defaults of certs/my-ca.pem or ca/
+ for CA and certs/{server,client}-{key,cert}.pem for cert and key are
+ used, i.e. no certificates are specified explicitly
+ - In the future these insecure (relative path!) defaults will be removed
+ and the CA replaced with the system defaults
+ (1.951)
+ - Use Net::SSLeay::SSL_CTX_set_default_verify_paths to use openssl's built-in
+ defaults for CA unless CA path/file was given (or IO::Socket::SSL built-ins
+ used)
+
* Sat Jun 1 2013 Paul Howarth <paul at city-fan.org> - 1.94-1
- Update to 1.94
- Makefile.PL reported wrong version of openssl if Net::SSLeay was not
diff --git a/sources b/sources
index 1aa7f71..a6c96f4 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-96f19be345b87f659d945764b058e750 IO-Socket-SSL-1.94.tar.gz
+dcaec234df6c405609fef322f6e0c3f9 IO-Socket-SSL-1.951.tar.gz
More information about the perl-devel
mailing list