Hello community, here is the log from the commit of package perl-Net-SSLGlue for openSUSE:Factory checked in at 2013-12-19 12:23:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/perl-Net-SSLGlue (Old) and /work/SRC/openSUSE:Factory/.perl-Net-SSLGlue.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-Net-SSLGlue" Changes: -------- --- /work/SRC/openSUSE:Factory/perl-Net-SSLGlue/perl-Net-SSLGlue.changes 2013-05-06 10:10:58.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.perl-Net-SSLGlue.new/perl-Net-SSLGlue.changes 2013-12-19 12:23:51.000000000 +0100 @@ -1,0 +2,11 @@ +Wed Dec 18 10:41:09 UTC 2013 - [email protected] + +- updated to 1.04 + replace Net::Cmd::getline via Net::SSLGlue::POP3 because it assumed, that it + just needs to wait for read events on the sockets - which is not the case for + SSL (e.g. SSL_WANT_READ, SSL_WANT_WRITE). + Fixes https://rt.cpan.org/Ticket/Display.html?id=87507. + fixed documentation for Net::SSLGlue::POP3 + added Net::SSLGlue::POP3 + +------------------------------------------------------------------- Old: ---- Net-SSLGlue-1.01.tar.gz New: ---- Net-SSLGlue-1.04.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-Net-SSLGlue.spec ++++++ --- /var/tmp/diff_new_pack.xoaQCr/_old 2013-12-19 12:23:52.000000000 +0100 +++ /var/tmp/diff_new_pack.xoaQCr/_new 2013-12-19 12:23:52.000000000 +0100 @@ -17,7 +17,7 @@ Name: perl-Net-SSLGlue -Version: 1.01 +Version: 1.04 Release: 0 %define cpan_name Net-SSLGlue Summary: add/extend SSL support for common perl modules @@ -30,6 +30,7 @@ BuildRequires: perl BuildRequires: perl-macros BuildRequires: perl(IO::Socket::SSL) >= 1.19 + Requires: perl(IO::Socket::SSL) >= 1.19 %{perl_requires} @@ -44,6 +45,8 @@ * Net::SMTP - add SSL from beginning or using STARTTLS +* Net::POP3 - add SSL from beginning or using STLS + * Net::LDAP - add proper certificate checking * LWP - add proper certificate checking @@ -63,9 +66,6 @@ %perl_process_packlist %perl_gen_filelist -%clean -%{__rm} -rf %{buildroot} - %files -f %{name}.files %defattr(-,root,root,755) %doc Changes COPYRIGHT examples README TODO ++++++ Net-SSLGlue-1.01.tar.gz -> Net-SSLGlue-1.04.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Net-SSLGlue-1.01/Changes new/Net-SSLGlue-1.04/Changes --- old/Net-SSLGlue-1.01/Changes 2012-01-31 07:50:44.000000000 +0100 +++ new/Net-SSLGlue-1.04/Changes 2013-08-01 23:00:28.000000000 +0200 @@ -1,3 +1,16 @@ +1.04 2013/08/01 +replace Net::Cmd::getline via Net::SSLGlue::POP3 because it assumed, that it +just needs to wait for read events on the sockets - which is not the case for +SSL (e.g. SSL_WANT_READ, SSL_WANT_WRITE). +Fixes https://rt.cpan.org/Ticket/Display.html?id=87507. +Thanks to MICHIELB for reporting + +1.03 2013/05/15 +fixed documentation for Net::SSLGlue::POP3 + +1.02 2013/05/14 +added Net::SSLGlue::POP3 + 1.01 2012/01/31 Net::SSLGlue::LDAP as wrongly named Net::DNSGlue::LDAP diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Net-SSLGlue-1.01/MANIFEST new/Net-SSLGlue-1.04/MANIFEST --- old/Net-SSLGlue-1.01/MANIFEST 2012-01-31 07:51:19.000000000 +0100 +++ new/Net-SSLGlue-1.04/MANIFEST 2013-08-01 23:02:20.000000000 +0200 @@ -2,11 +2,13 @@ lib/Net/SSLGlue/LDAP.pm lib/Net/SSLGlue/LWP.pm lib/Net/SSLGlue/SMTP.pm +lib/Net/SSLGlue/POP3.pm Makefile.PL MANIFEST This list of files t/01_load.t t/external/02_smtp.t t/external/03_lwp.t +t/external/04_pop3.t TODO COPYRIGHT examples/lwp.pl diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Net-SSLGlue-1.01/META.yml new/Net-SSLGlue-1.04/META.yml --- old/Net-SSLGlue-1.01/META.yml 2012-01-31 07:51:19.000000000 +0100 +++ new/Net-SSLGlue-1.04/META.yml 2013-08-01 23:02:20.000000000 +0200 @@ -1,6 +1,6 @@ --- #YAML:1.0 name: Net-SSLGlue -version: 1.01 +version: 1.04 abstract: ~ author: [] license: unknown @@ -15,7 +15,7 @@ directory: - t - inc -generated_by: ExtUtils::MakeMaker version 6.56 +generated_by: ExtUtils::MakeMaker version 6.57_05 meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html version: 1.4 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Net-SSLGlue-1.01/lib/Net/SSLGlue/POP3.pm new/Net-SSLGlue-1.04/lib/Net/SSLGlue/POP3.pm --- old/Net-SSLGlue-1.01/lib/Net/SSLGlue/POP3.pm 1970-01-01 01:00:00.000000000 +0100 +++ new/Net-SSLGlue-1.04/lib/Net/SSLGlue/POP3.pm 2013-08-01 22:56:47.000000000 +0200 @@ -0,0 +1,202 @@ +use strict; +use warnings; + +package Net::SSLGlue::POP3; +use IO::Socket::SSL 1.19; +use Net::POP3; +our $VERSION = 0.91; + +############################################################################## +# mix starttls method into Net::POP3 which on SSL handshake success +# upgrades the class to Net::POP3::_SSLified +############################################################################## +sub Net::POP3::starttls { + my $self = shift; + $self->_STLS or return; + my $host = $self->host; + # for name verification strip port from domain:port, ipv4:port, [ipv6]:port + $host =~s{(?<!:):\d+$}{}; + + Net::POP3::_SSLified->start_SSL( $self, + SSL_verify_mode => 1, + SSL_verifycn_scheme => 'pop3', + SSL_verifycn_name => $host, + @_ + ) or return; +} +sub Net::POP3::_STLS { + shift->command("STLS")->response() == Net::POP3::CMD_OK +} + +no warnings 'redefine'; +my $old_new = \&Net::POP3::new; +*Net::POP3::new = sub { + my $class = shift; + my %arg = @_ % 2 == 0 ? @_ : ( Host => shift,@_ ); + if ( delete $arg{SSL} ) { + $arg{Port} ||= 995; + return Net::POP3::_SSLified->new(%arg); + } else { + return $old_new->($class,%arg); + } +}; + +############################################################################## +# Socket class derived from IO::Socket::SSL +# strict certificate verification per default +############################################################################## +our %SSLopts; +{ + package Net::POP3::_SSL_Socket; + our @ISA = 'IO::Socket::SSL'; + sub configure_SSL { + my ($self,$arg_hash) = @_; + + # set per default strict certificate verification + $arg_hash->{SSL_verify_mode} = 1 + if ! exists $arg_hash->{SSL_verify_mode}; + $arg_hash->{SSL_verifycn_scheme} = 'pop3' + if ! exists $arg_hash->{SSL_verifycn_scheme}; + $arg_hash->{SSL_verifycn_name} = $self->host + if ! exists $arg_hash->{SSL_verifycn_name}; + + # force keys from %SSLopts + while ( my ($k,$v) = each %SSLopts ) { + $arg_hash->{$k} = $v; + } + return $self->SUPER::configure_SSL($arg_hash) + } +} + + +############################################################################## +# Net::POP3 derived from Net::POP3::_SSL_Socket instead of IO::Socket::INET +# this talks SSL to the peer +############################################################################## +{ + package Net::POP3::_SSLified; + use Carp 'croak'; + + # deriving does not work because we need to replace a superclass + # from Net::POP3, so just copy the class into the new one and then + # change it + + # copy subs + for ( keys %{Net::POP3::} ) { + no strict 'refs'; + eval { *{$Net::POP3::{$_}} && *{$Net::POP3::{$_}}{CODE} } or next; + *{$_} = \&{ "Net::POP3::$_" }; + } + + # copy + fix @ISA + our @ISA = @Net::POP3::ISA; + grep { s{^IO::Socket::INET$}{Net::POP3::_SSL_Socket} } @ISA + or die "cannot find and replace IO::Socket::INET superclass"; + + # we are already sslified + no warnings 'redefine'; + sub starttls { croak "have already TLS\n" } + + my $old_new = \&new; + *Net::POP3::_SSLified::new = sub { + my $class = shift; + my %arg = @_ % 2 == 0 ? @_ : ( Host => shift,@_ ); + local %SSLopts; + $SSLopts{$_} = delete $arg{$_} for ( grep { /^SSL_/ } keys %arg ); + return $old_new->($class,%arg); + }; + + # Net::Cmd getline uses select, but this is not sufficient with SSL + # note that this does no EBCDIC etc conversions + *Net::POP3::_SSLified::getline = sub { + my $self = shift; + # skip Net::POP3 getline and go directly to IO::Socket::SSL + return $self->IO::Socket::SSL::getline(@_); + }; +} + +1; + +=head1 NAME + +Net::SSLGlue::POP3 - make Net::POP3 able to use SSL + +=head1 SYNOPSIS + + use Net::SSLGlue::POP3; + my $pop3s = Net::POP3->new( $host, + SSL => 1, + SSL_ca_path => ... + ); + + my $pop3 = Net::POP3->new( $host ); + $pop3->starttls( SSL_ca_path => ... ); + +=head1 DESCRIPTION + +L<Net::SSLGlue::POP3> extends L<Net::POP3> so one can either start directly with SSL +or switch later to SSL using the STLS command. + +By default it will take care to verify the certificate according to the rules +for POP3 implemented in L<IO::Socket::SSL>. + +=head1 METHODS + +=over 4 + +=item new + +The method C<new> of L<Net::POP3> is now able to start directly with SSL when +the argument C<<SSL => 1>> is given. In this case it will not create an +L<IO::Socket::INET> object but an L<IO::Socket::SSL> object. One can give the +usual C<SSL_*> parameter of L<IO::Socket::SSL> to C<Net::POP3::new>. + +=item starttls + +If the connection is not yet SSLified it will issue the STLS command and +change the object, so that SSL will now be used. The usual C<SSL_*> parameter of +L<IO::Socket::SSL> will be given. + +=item peer_certificate ... + +Once the SSL connection is established the object is derived from +L<IO::Socket::SSL> so that you can use this method to get information about the +certificate. See the L<IO::Socket::SSL> documentation. + +=back + +All of these methods can take the C<SSL_*> parameter from L<IO::Socket::SSL> to +change the behavior of the SSL connection. The following parameters are +especially useful: + +=over 4 + +=item SSL_ca_path, SSL_ca_file + +Specifies the path or a file where the CAs used for checking the certificates +are located. This is typically L</etc/ssl/certs> on UNIX systems. + +=item SSL_verify_mode + +If set to 0, verification of the certificate will be disabled. By default +it is set to 1 which means that the peer certificate is checked. + +=item SSL_verifycn_name + +Usually the name given as the hostname in the constructor is used to verify the +identity of the certificate. If you want to check the certificate against +another name you can specify it with this parameter. + +=back + +=head1 SEE ALSO + +IO::Socket::SSL, Net::POP3 + +=head1 COPYRIGHT + +This module is copyright (c) 2013, Steffen Ullrich. +All Rights Reserved. +This module is free software. It may be used, redistributed and/or modified +under the same terms as Perl itself. + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Net-SSLGlue-1.01/lib/Net/SSLGlue.pm new/Net-SSLGlue-1.04/lib/Net/SSLGlue.pm --- old/Net-SSLGlue-1.01/lib/Net/SSLGlue.pm 2012-01-31 07:50:38.000000000 +0100 +++ new/Net-SSLGlue-1.04/lib/Net/SSLGlue.pm 2013-08-01 23:00:02.000000000 +0200 @@ -1,5 +1,5 @@ package Net::SSLGlue; -our $VERSION = '1.01'; +our $VERSION = '1.04'; =head1 NAME @@ -19,6 +19,8 @@ =item Net::SMTP - add SSL from beginning or using STARTTLS +=item Net::POP3 - add SSL from beginning or using STLS + =item Net::LDAP - add proper certificate checking =item LWP - add proper certificate checking @@ -28,7 +30,7 @@ =head1 COPYRIGHT This module and the modules in the Net::SSLGlue Hierarchy distributed together -with this module are copyright (c) 2008-2011, Steffen Ullrich. +with this module are copyright (c) 2008-2013, Steffen Ullrich. All Rights Reserved. These modules are free software. They may be used, redistributed and/or modified under the same terms as Perl itself. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Net-SSLGlue-1.01/t/external/04_pop3.t new/Net-SSLGlue-1.04/t/external/04_pop3.t --- old/Net-SSLGlue-1.01/t/external/04_pop3.t 1970-01-01 01:00:00.000000000 +0100 +++ new/Net-SSLGlue-1.04/t/external/04_pop3.t 2013-05-14 08:38:04.000000000 +0200 @@ -0,0 +1,87 @@ + +use strict; +use warnings; + +BEGIN { + eval "use Net::POP3"; + if ( $@ ) { + print "1..0 # no Net::POP3\n"; + exit + } +} + +use Net::SSLGlue::POP3; + +my $capath = '/etc/ssl/certs/'; # unix? +-d $capath or do { + print "1..0 # cannot find system CA-path\n"; + exit +}; + +# first try to connect w/o smtp +# plain +diag( "connect inet to pop.gmx.net:110" ); +IO::Socket::INET->new( 'pop.gmx.net:110' ) or do { + print "1..0 # pop.gmx.net:110 not reachable\n"; + exit +}; + +# ssl to the right host +diag( "connect ssl to pop.gmx.net:995" ); +IO::Socket::SSL->new( + PeerAddr => 'pop.gmx.net:995', + SSL_ca_path => $capath, + SSL_verify_mode => 1, + SSL_verifycn_scheme => 'smtp' +) or do { + print "1..0 # pop.gmx.net:995 not reachable with SSL\n"; + exit +}; + +# ssl to the wrong host +# the certificate pop.gmx.de returns is for pop.gmx.net +diag( "connect ssl to pop.gmx.de:995" ); +IO::Socket::SSL->new( + PeerAddr => 'pop.gmx.de:995', + SSL_ca_path => $capath, + SSL_verify_mode => 1, + SSL_verifycn_scheme => 'smtp' +) and do { + print "1..0 # pop.gmx.de:995 reachable with SSL\n"; + exit +}; + +print "1..6\n"; + +# first direct SSL +my $smtp = Net::POP3->new( 'pop.gmx.net', + SSL => 1, + SSL_ca_path => $capath, +); +print $smtp ? "ok\n" : "not ok # smtp connect pop.gmx.net\n"; + +# then starttls +$smtp = Net::POP3->new( 'pop.gmx.net' ); +my $ok = $smtp->starttls( SSL_ca_path => $capath ); +print $ok ? "ok\n" : "not ok # smtp starttls pop.gmx.net\n"; +# check that we can talk on connection +print $smtp->quit ? "ok\n": "not ok # quit failed\n"; + +# against wrong host should fail +$smtp = Net::POP3->new( 'pop.gmx.de' ); # should succeed +$ok = $smtp->starttls( SSL_ca_path => $capath ); +print $ok ? "not ok # smtp starttls pop.gmx.de did not fail\n": "ok\n"; + +# but not if we specify the right SSL_verifycn_name +$smtp = Net::POP3->new( 'pop.gmx.de' ); # should succeed +$ok = $smtp->starttls( SSL_ca_path => $capath, SSL_verifycn_name => 'pop.gmx.net' ); +print $ok ? "ok\n" : "not ok # smtp starttls pop.gmx.de/net\n"; + +# or disable verification +$smtp = Net::POP3->new( 'pop.gmx.de' ); # should succeed +$ok = $smtp->starttls( SSL_verify_mode => 0 ); +print $ok ? "ok\n" : "not ok # smtp starttls pop.gmx.de\n"; + +sub diag { + #print STDERR "@_\n" +} -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
