Projects
openEuler:Mainline
perl-IO-Socket-SSL
Sign Up
Log In
Username
Password
We truncated the diff of some files because they were too big. If you want to see the full diff for every file,
click here
.
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 9
View file
_service:tar_scm:perl-IO-Socket-SSL.spec
Changed
@@ -1,5 +1,5 @@ Name: perl-IO-Socket-SSL -Version: 2.081 +Version: 2.083 Release: 1 Summary: Perl library for transparent SSL License: GPL+ or Artistic @@ -61,6 +61,9 @@ %{_mandir}/man3/IO::Socket::SSL::Utils.3* %changelog +* Wed Jul 19 2023 dongyuzhen <dongyuzhen@h-partners.com> - 2.083-1 +- upgrade version to 2.083 + * Mon Feb 13 2023 dongyuzhen <dongyuzhen@h-partners.com> - 2.081-1 - upgrade version to 2.081
View file
_service:tar_scm:IO-Socket-SSL-2.081.tar.gz/Changes -> _service:tar_scm:IO-Socket-SSL-2.083.tar.gz/Changes
Changed
@@ -1,3 +1,13 @@ +2.083 2023/05/18 +- fix t/protocol_version.t for OpenSSL versions which don't support SECLEVEL + (regression from #122) +2.082 2023/05/17 +- SSL_version default now TLS 1.2+ since TLS 1.1 and lower deprecated #122 +- fix output of alert string when debugging #132 +- improve regex for hostname validation #130, #126 +- add can_ciphersuites subroutine for feature checking #127 +- Utils::CERT_create - die if unexpected arguments are given instead of ignoring + these 2.081 2023/01/25 - new function set_msg_callback for user defined callback on each SSL message - showcase function in example/ssl_client.pl and example/ssl_server.pl for
View file
_service:tar_scm:IO-Socket-SSL-2.081.tar.gz/META.json -> _service:tar_scm:IO-Socket-SSL-2.083.tar.gz/META.json
Changed
@@ -52,6 +52,6 @@ "url" : "https://github.com/noxxi/p5-io-socket-ssl" } }, - "version" : "2.081", + "version" : "2.083", "x_serialization_backend" : "JSON::PP version 4.06" }
View file
_service:tar_scm:IO-Socket-SSL-2.081.tar.gz/META.yml -> _service:tar_scm:IO-Socket-SSL-2.083.tar.gz/META.yml
Changed
@@ -27,5 +27,5 @@ homepage: https://github.com/noxxi/p5-io-socket-ssl license: http://dev.perl.org/licenses/ repository: https://github.com/noxxi/p5-io-socket-ssl -version: '2.081' +version: '2.083' x_serialization_backend: 'CPAN::Meta::YAML version 0.018'
View file
_service:tar_scm:IO-Socket-SSL-2.081.tar.gz/lib/IO/Socket/SSL.pm -> _service:tar_scm:IO-Socket-SSL-2.083.tar.gz/lib/IO/Socket/SSL.pm
Changed
@@ -13,7 +13,7 @@ package IO::Socket::SSL; -our $VERSION = '2.081'; +our $VERSION = '2.083'; use IO::Socket; use Net::SSLeay 1.46; @@ -196,7 +196,8 @@ # global defaults my %DEFAULT_SSL_ARGS = ( SSL_check_crl => 0, - SSL_version => 'SSLv23:!SSLv3:!SSLv2', # consider both SSL3.0 and SSL2.0 as broken + # TLS 1.1 and lower are deprecated with RFC 8996 + SSL_version => 'SSLv23:!TLSv1:!TLSv1_1:!SSLv3:!SSLv2', SSL_verify_callback => undef, SSL_verifycn_scheme => undef, # fallback cn verification SSL_verifycn_publicsuffix => undef, # fallback default list verification @@ -790,12 +791,12 @@ if ( ! defined $host ) { if ( $host = $arg_hash->{PeerAddr} || $arg_hash->{PeerHost} ) { $host =~s{^ - (?: - (^:\+) | # ipv4|host - (\(.*)\) # ipv6|host + ( + (?:^:\+) | # ipv4|host + (?:\(?:.*)\) # ipv6|host ) - (:\w\-+)? # optional :port - $}{$1$2}x; # ipv4|host|ipv6 + (:\w\-+)? # optional :port + $}{$1}x; # ipv4|host|ipv6 } } ${$ctx->{verify_name_ref}} = $host; @@ -2114,6 +2115,7 @@ sub can_ticket_keycb { return $can_tckt_keycb } sub can_pha { return $can_pha } sub can_partial_chain { return $check_partial_chain && 1 } +sub can_ciphersuites { return $can_ciphersuites } sub DESTROY { my $self = shift or return; @@ -3680,7 +3682,7 @@ } elsif ($content_type == $trace_constants{SSL3_RT_ALERT}) { my @c = unpack('c2', $buf); $msg_type = ($c0 << 8) + $c1; - $msg_name = eval { Net::SSLeay::SSL_alert_desc_string_long($msg_type) } || "Unknown alert"; + $msg_name = eval { Net::SSLeay::alert_desc_string_long($msg_type) } || "Unknown alert"; } else { $msg_type = unpack('c1', $buf); $msg_name = $tc_msgtype2s{$ssl_ver, $msg_type} || "Unknown (ssl_ver=$ssl_ver, msg=$msg_type)";
View file
_service:tar_scm:IO-Socket-SSL-2.081.tar.gz/lib/IO/Socket/SSL/Intercept.pm -> _service:tar_scm:IO-Socket-SSL-2.083.tar.gz/lib/IO/Socket/SSL/Intercept.pm
Changed
@@ -105,7 +105,8 @@ } @$ext; } my ($clone,$key) = CERT_create( - %$hash, + %$hash, + ignore_invalid_args => 1, issuer_cert => $self->{cacert}, issuer_key => $self->{cakey}, key => $self->{certkey},
View file
_service:tar_scm:IO-Socket-SSL-2.081.tar.gz/lib/IO/Socket/SSL/PublicSuffix.pm -> _service:tar_scm:IO-Socket-SSL-2.083.tar.gz/lib/IO/Socket/SSL/PublicSuffix.pm
Changed
@@ -728,11 +728,29 @@ // biz : https://en.wikipedia.org/wiki/.biz biz -// bj : https://en.wikipedia.org/wiki/.bj +// bj : https://nic.bj/bj-suffixes.txt +// submitted by registry <contact@nic.bj> bj -asso.bj -barreau.bj -gouv.bj +africa.bj +agro.bj +architectes.bj +assur.bj +avocats.bj +co.bj +com.bj +eco.bj +econo.bj +edu.bj +info.bj +loisirs.bj +money.bj +net.bj +org.bj +ote.bj +resto.bj +restaurant.bj +tourism.bj +univ.bj // bm : http://www.bermudanic.bm/dnr-text.txt bm @@ -1381,8 +1399,7 @@ // fo : https://en.wikipedia.org/wiki/.fo fo -// fr : http://www.afnic.fr/ -// domaines descriptifs : https://www.afnic.fr/medias/documents/Cadre_legal/Afnic_Naming_Policy_12122016_VEN.pdf +// fr : https://www.afnic.fr/ https://www.afnic.fr/wp-media/uploads/2022/12/afnic-naming-policy-2023-01-01.pdf fr asso.fr com.fr @@ -1390,7 +1407,7 @@ nom.fr prd.fr tm.fr -// domaines sectoriels : https://www.afnic.fr/en/products-and-services/the-fr-tld/sector-based-fr-domains-4.html +// Former "domaines sectoriels", still registration suffixes aeroport.fr avocat.fr avoues.fr @@ -4400,555 +4417,8 @@ co.mu or.mu -// museum : http://about.museum/naming/ -// http://index.museum/ +// museum : https://welcome.museum/wp-content/uploads/2018/05/20180525-Registration-Policy-MUSEUM-EN_VF-2.pdf https://welcome.museum/buy-your-dot-museum-2/ museum -academy.museum -agriculture.museum -air.museum -airguard.museum -alabama.museum -alaska.museum -amber.museum -ambulance.museum -american.museum -americana.museum -americanantiques.museum -americanart.museum -amsterdam.museum -and.museum -annefrank.museum -anthro.museum -anthropology.museum -antiques.museum -aquarium.museum -arboretum.museum -archaeological.museum -archaeology.museum -architecture.museum -art.museum -artanddesign.museum -artcenter.museum -artdeco.museum -arteducation.museum -artgallery.museum -arts.museum -artsandcrafts.museum -asmatart.museum -assassination.museum -assisi.museum -association.museum -astronomy.museum -atlanta.museum -austin.museum -australia.museum -automotive.museum -aviation.museum -axis.museum -badajoz.museum -baghdad.museum -bahn.museum -bale.museum -baltimore.museum -barcelona.museum -baseball.museum -basel.museum -baths.museum -bauern.museum -beauxarts.museum -beeldengeluid.museum -bellevue.museum -bergbau.museum -berkeley.museum -berlin.museum -bern.museum -bible.museum -bilbao.museum -bill.museum -birdart.museum -birthplace.museum -bonn.museum -boston.museum -botanical.museum -botanicalgarden.museum -botanicgarden.museum -botany.museum -brandywinevalley.museum -brasil.museum -bristol.museum -british.museum -britishcolumbia.museum -broadcast.museum -brunel.museum -brussel.museum -brussels.museum -bruxelles.museum -building.museum -burghof.museum -bus.museum -bushey.museum -cadaques.museum -california.museum -cambridge.museum -can.museum -canada.museum -capebreton.museum -carrier.museum -cartoonart.museum -casadelamoneda.museum -castle.museum -castres.museum -celtic.museum -center.museum -chattanooga.museum -cheltenham.museum -chesapeakebay.museum -chicago.museum -children.museum -childrens.museum -childrensgarden.museum -chiropractic.museum -chocolate.museum -christiansburg.museum -cincinnati.museum -cinema.museum -circus.museum -civilisation.museum -civilization.museum -civilwar.museum -clinton.museum -clock.museum -coal.museum -coastaldefence.museum -cody.museum -coldwar.museum -collection.museum -colonialwilliamsburg.museum -coloradoplateau.museum -columbia.museum -columbus.museum -communication.museum -communications.museum -community.museum -computer.museum -computerhistory.museum -xn--comunicaes-v6a2o.museum -contemporary.museum -contemporaryart.museum -convent.museum -copenhagen.museum -corporation.museum -xn--correios-e-telecomunicaes-ghc29a.museum -corvette.museum -costume.museum -countryestate.museum
View file
_service:tar_scm:IO-Socket-SSL-2.081.tar.gz/lib/IO/Socket/SSL/Utils.pm -> _service:tar_scm:IO-Socket-SSL-2.083.tar.gz/lib/IO/Socket/SSL/Utils.pm
Changed
@@ -424,7 +424,7 @@ for(my $i=0;$i<@ext;$i+=2) { $have_ext{ $ext$i }++ } - for my $ext (@{ $args{ext} || }) { + for my $ext (@{ delete $args{ext} || }) { my $nid = $ext->{nid} || $ext->{sn} && Net::SSLeay::OBJ_sn2nid($ext->{sn}) || croak "cannot determine NID of extension"; @@ -444,6 +444,9 @@ } } + die "unknown arguments: ". join(" ", sort keys %args) + if !delete $args{ignore_invalid_args} && %args; + Net::SSLeay::X509_set_issuer_name($cert, Net::SSLeay::X509_get_subject_name($issuer_cert)); Net::SSLeay::X509_sign($cert,$issuer_key,_digest($digest_name)); @@ -783,6 +786,11 @@ specify the algorithm used to sign the certificate, default SHA-256. +=item ignore_invalid_args + +ignore any unknown arguments which might be in the argument list (which might be +in the arguments for example as result from CERT_asHash) + =back =back
View file
_service:tar_scm:IO-Socket-SSL-2.081.tar.gz/t/external/fingerprint.pl -> _service:tar_scm:IO-Socket-SSL-2.083.tar.gz/t/external/fingerprint.pl
Changed
@@ -18,7 +18,7 @@ }, { _ => 'no OCSP stapling', - fingerprint => 'sha1$pub$c8ba0806b887fc15e9d98e73107a17150f847bbf', + fingerprint => 'sha1$pub$7bb3ccee47202aaa3ff54385d1e16041607c2717', host => 'www.bild.de', ocsp => { staple => 0 @@ -36,13 +36,13 @@ port => 443 }, { - fingerprint => 'sha1$pub$7397f9dea15c007ad1eabe7a0c895ccac60389b1', + fingerprint => 'sha1$pub$8420580d25d48cbe657b44d44ffb3208c809d853', host => 'www.yahoo.com', port => 443, subject_hash_ca => '244b5494' }, { - fingerprint => 'sha1$pub$c40d9bc2496fa2db198b27b6c1f94d1c703e7039', + fingerprint => 'sha1$pub$ca8114a3303ff688f63c70ae2e605d39f6f654cb', host => 'www.comdirect.de', port => 443, subject_hash_ca => '062cdee6' @@ -54,13 +54,13 @@ subject_hash_ca => '607986c7' }, { - fingerprint => 'sha1$pub$232e02961a493a2e528460d0d3c0720a8f533428', + fingerprint => 'sha1$pub$916746dac08bb07342b3e5b76a80d108b6c3205b', host => 'www.twitter.com', port => 443, subject_hash_ca => '3513523f' }, { - fingerprint => 'sha1$pub$12b35a6d540bcba5f9ff055fdcc5af0dac67fc73', + fingerprint => 'sha1$pub$dd05d516982dc8d869fcb3269f323232eeaf2204', host => 'www.facebook.com', port => 443, subject_hash_ca => '244b5494'
View file
_service:tar_scm:IO-Socket-SSL-2.081.tar.gz/t/protocol_version.t -> _service:tar_scm:IO-Socket-SSL-2.083.tar.gz/t/protocol_version.t
Changed
@@ -15,7 +15,7 @@ my $XDEBUG = 0; my @versions = qw(SSLv3 TLSv1 TLSv1_1 TLSv1_2 TLSv1_3); -my $server = IO::Socket::SSL->new( +my %server_args = ( LocalAddr => '127.0.0.1', LocalPort => 0, Listen => 2, @@ -24,7 +24,24 @@ SSL_version => 'SSLv23', # allow SSLv3 too SSL_cert_file => 't/certs/server-cert.pem', SSL_key_file => 't/certs/server-key.pem', -) or BAIL_OUT("cannot listen on localhost: $!"); +); +my %cipher_args = ( + SSL_cipher_list => 'DEFAULT:@SECLEVEL=0', +); +my $server = IO::Socket::SSL->new( + %server_args, + %cipher_args, +); +if (!$server && $SSL_ERROR) { + # likely SECLEVEL not supported + diag("$SSL_ERROR - assuming SECLEVEL not supported"); + %cipher_args = (SSL_cipher_list => 'DEFAULT'); + $server = IO::Socket::SSL->new( + %server_args, + %cipher_args, + ); +} +$server or BAIL_OUT("cannot listen on localhost: $!"); print "not ok\n", exit if !$server; my $saddr = $server->sockhost().':'.$server->sockport(); $XDEBUG && diag("server at $saddr"); @@ -46,6 +63,7 @@ SSL_startHandshake => 0, SSL_verify_mode => 0, SSL_version => $ver, + %cipher_args, ) or do { # Might bail out before the starttls if we provide a known-unsupported # version, for example SSLv3 on openssl 1.0.2+
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2