IO-Socket-SSL
view release on metacpan or search on metacpan
over different ip:host (like required with some FTPS servers)
- t/core.t - handle case, were default loopback source is not 127.0.0.1, like
in FreeBSD jails
1.964 2014/01/15
- Disabling TLSv1_1 did not work, because the constant was wrong. Now it gets
the constants from calling Net::SSLeay::SSL_OP_NO_TLSv1_1 etc
- The new syntax for the protocols is TLSv1_1 instead of TLSv11. This matches
the syntax from OpenSSL. The old syntax continues to work in SSL_version.
- New functions get_sslversion and get_sslversion_int which get the SSL version
of the establish session as string or int.
- disable t/io-socket-inet6.t if Acme::Override::INET is installed
1.963 2014/01/13
- fix behavior of stop_SSL: for blocking sockets it now enough to call it
once, for non-blocking it should be called again as long as EAGAIN and
SSL_ERROR is set to SSL_WANT_(READ|WRITE).
- don't call blocking if start_SSL failed and downgraded socket has no
blocking method, thanks to tokuhirom
- documentation enhancements:
- special section for differences to IO::Socket
- describe problem with blocking accept on non-blocking socket
- describe arguments to new_from_fd and make clear, that for upgrading an
v1.87 2013.04.24
- RT#84829 - complain if given SSL_(key|cert|ca)_(file|path) do not exist or
if they are not readable. Thanks to perl[AT]minty[DOT]org
- fix use of SSL_key|SSL_file objects instead of files, broken with 1.83
v1.86 2013.04.17
- RT#84686 - don't complain about SSL_verify_mode is SSL_reuse_ctx,
thanks to CLEACH
v1.85 2013.04.14
- probe for available modules with local __DIE__ and __WARN__handlers.
fixes RT#84574, thanks to FRAZER
- fix warning, when IO::Socket::IP is installed and inet6 support gets explicitly
requested. RT#84619, thanks to Prashant[DOT]Tekriwal[AT]netapp[DOT]com
v1.84 2013.02.15
- disabled client side SNI for openssl version < 1.0.0 because of RT#83289
- added functions can_client_sni, can_server_sni, can_npn to check availability
of SNI and NPN features. Added more documentation for SNI and NPN.
v1.83_1 2013.02.14
- separated documentation of non-blocking I/O from error handling
- changed and documented behavior of readline to return the read
data on EAGAIN/EWOULDBLOCK in case of non-blocking socket.
See https://github.com/noxxi/p5-io-socket-ssl/issues/1, thanks to
v1.76 2012.06.18
- no longer depend on Socket.pm 1.95 for inet_pton, but use Socket6.pm if
no current Socket.pm is available. Thanks to paul[AT]city-fan[DOT]org
for pointing out the problem and providing first patch
v1.75 2012.06.15
- made it possible to explicitly disable TLSv11 and TLSv12 in SSL_version
v1.74_2 2012.06.07
- fixed documentation errors, reported by MARSCHAP
https://rt.cpan.org/Ticket/Display.html?id=77690
v1.74_1 2012.06.07
- add support to IO::Socket::IP which support inet6 and inet4 by
integrating patch from PEVANS
for https://rt.cpan.org/Ticket/Display.html?id=75218
v1.74 2012.05.13
- accept a version of SSLv2/3 as SSLv23, because older documentation
could be interpreted like this
v1.73 2012.05.11
- make test t/dhe.t hopefully work for more version of openssl
Thanks to paul[AT]city-fan[DOT]org for providing bug reports and
testing environment
v1.72 2012.05.10
- fix readline to continue when getting interrupt waiting for more
data. Thanks to kgc[AT]corp[DOT]sonic[DOT]net for reporting problem
v1.44 2011.05.27
- fix invalid call to inet_pton in verify_hostname_of_cert when
identity should be verified as ipv6 address, because it contains
colon.
v1.43_1 2011.05.12
- try to make t/nonblock.t more stable, especially on Mac OS X
v1.43 2011.05.11
- fix t/nonblock.t
- stability improvements t/inet6.t
v1.42 2011.05.10
- add SSL_create_ctx_callback to have a way to adjust context on
creation. https://rt.cpan.org/Ticket/Display.html?id=67799
- describe problem of fake memory leak because of big session cache
and how to fix it, see https://rt.cpan.org/Ticket/Display.html?id=68073
v1.41 2011.05.09
- fix issue in stop_SSL where it did not issue a shutdown of the
SSL connection if it first received the shutdown from the other
side. Thanks to fencingleo[AT]gmail[DOT]com for reporting
- try to make t/nonblock.t more reliable, at least report the real
- work around Bug in IO::Socket::INET6 on BSD systems
http://rt.cpan.org/Ticket/Display.html?id=39550
by setting Domain based on PeerAddr
Thanks to srezic for report and support
- remove tests of recv/send from t/core.t. Might badly interact
with SSL handshake and cause crashes as seen on OS X 10.4
v1.16_1 2008.09.19
- better support for IPv6:
- IPv6 is enabled by default if IO::Socket::INET6 is available
- t/inet6.t for basic tests
v1.16 2008.09.19
- change code for SSL_check_crl to use X509_STORE_set_flags instead of
X509_STORE_CTX_set_flags based on bug report from
<tjtoocool[AT]phreaker[DOT]net >
- change opened() to report -1 if the IO::Handle is open, but the
SSL connection failed, needed with HTTP::Daemon::SSL which will send
an error message over the unencrypted socket
v1.15
including subjectAltNames, support for IDN etc based on patch and
input from christopher[AT]odenbachs[DOT]de and
achim[AT]grolmsnet[DOT]de.
It is also possible to get more information from peer_certificate
based on this patch. See documentation for peer_certificate and
verify_hostname
- automatic verification of hostnames with SSL_verifycn_scheme and
SSL_verifycn_name
- global setting of default context options like SSL_verifycn_scheme,
SSL_verify_mode with set_ctx_defaults
- fix import of inet4,inet6 which got broken within 1.13_X.
Thanks to <at[AT]altlinux[DOT]ru> for bugreport and patch
- clarified and enhanced debugging support based on bugreport
http://rt.cpan.org/Ticket/Display.html?id=32960
- put information into README regarding the supported and recommended
version of Net::SSLeay
v1.13
- removed CLONE_SKIP which was added in 1.03 because this breaks
windows forking. Handled threads/windows forking better by making
sure that CTX from Net::SSLeay gets not freed multiple times from
t/certs/test-ca.pem
t/certs/test-subca.pem
t/compatibility.t
t/connectSSL-timeout.t
t/core.t
t/dhe.t
t/ecdhe.t
t/external/fingerprint.pl
t/external/ocsp.t
t/external/usable_ca.t
t/io-socket-inet6.t
t/io-socket-ip.t
t/memleak_bad_handshake.t
t/mitm.t
t/multiple-cert-rsa-ecc.t
t/nonblock.t
t/npn.t
t/plain_upgrade_downgrade.t
t/protocol_version.t
t/psk.t
t/public_suffix_lib_encode_idn.t
lib/IO/Socket/SSL.pm view on Meta::CPAN
eval { require Mozilla::CA; 1 };
};
$ca_detected = 1;
return %default_ca;
}
}
# Export some stuff
# inet4|inet6|debug will be handled by myself, everything
# else will be handled the Exporter way
sub import {
my $class = shift;
my @export;
foreach (@_) {
if ( /^inet4$/i ) {
# explicitly fall back to inet4
@ISA = 'IO::Socket::INET';
@caller_force_inet4 = caller(); # save for warnings for 'inet6' case
} elsif ( /^inet6$/i ) {
# check if we have already ipv6 as base
if ( ! UNIVERSAL::isa( $class, 'IO::Socket::INET6')
and ! UNIVERSAL::isa( $class, 'IO::Socket::IP' )) {
# either we don't support it or we disabled it by explicitly
# loading it with 'inet4'. In this case re-enable but warn
# because this is probably an error
if ( CAN_IPV6 ) {
@ISA = ( CAN_IPV6 );
warn "IPv6 support re-enabled in __PACKAGE__, got disabled in file $caller_force_inet4[1] line $caller_force_inet4[2]";
} else {
( run in 0.253 second using v1.01-cache-2.11-cpan-87723dcf8b7 )