Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package perl-Net-SSLeay for openSUSE:Factory
checked in at 2026-06-15 19:40:58
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/perl-Net-SSLeay (Old)
and /work/SRC/openSUSE:Factory/.perl-Net-SSLeay.new.1981 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-Net-SSLeay"
Mon Jun 15 19:40:58 2026 rev:40 rq:1359509 version:1.960.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/perl-Net-SSLeay/perl-Net-SSLeay.changes
2025-04-15 16:48:23.593352881 +0200
+++
/work/SRC/openSUSE:Factory/.perl-Net-SSLeay.new.1981/perl-Net-SSLeay.changes
2026-06-15 19:42:45.037671141 +0200
@@ -1,0 +2,70 @@
+Sun Jun 14 13:21:04 UTC 2026 - Tina Müller <[email protected]>
+
+- Remove test-32_x509_get_cert_info-allow-single-colon.patch (fixed upstream)
+
+-------------------------------------------------------------------
+Sun Mar 22 06:15:02 UTC 2026 - Tina Müller <[email protected]>
+
+- updated to 1.960.0 (1.96)
+ see /usr/share/doc/packages/perl-Net-SSLeay/Changes
+
+ 1.96 2026-03-21
+ - New stable release incorporating all changes from developer releases
+ 1.95_01 to 1.95_03.
+ - Summary of major changes since version 1.94:
+ - Net::SSLeay now officially supports all stable releases of OpenSSL
+ 3.3 - 3.6 and LibreSSL 3.9 - 4.2, including the vendor-supplied
+ version of OpenSSL 3 on VMS.
+ - Several libssl functions allowing for the control of supported
+ signature algorithms are now exposed.
+ 1.95_03 2026-03-20
+ - In 67_sigalgs.t, load the certificates and keys before forking
+ to avoid a failure on MSWin32.
+ 1.95_02 2026-03-18
+ - Support SSL_CTX_set1_sigalgs_list and
+ SSL_CTX_set1_client_sigalgs_list. Contributed by Wes Malone.
+ - Support SSL_set1_sigalgs_list, SSL_set1_client_sigalgs_list,
+ SSL_get_sigalgs and SSL_get_shared_sigalgs, and add the
+ function SSL_CTX_set_cert_cb.
+ - Add test file 67_sigalgs.t for the sigalgs functions.
+ 1.95_01 2026-02-05
+ - Skip NPN tests when NPN is disabled in OpenSSL instead o
+ assuming NPN is always enabled. Reported by GitHub user
+ dilyanpalauzov Дилян Палаузов.
+ - Update GitHub Actions CI workflow. A number of test jobs
+ were broken because some GitHub runners were discontinued,
+ changes in QEMU setup, changes in Cygwin, etc.
+ - Adjust test 32_x509_get_cert_info.t to match formatting
+ changes in OpenSSL 3.4.0 and 3.4.1. Thanks to Sebastian
+ Andrzej Siewior for the patches.
+ - OpenSSL 3.9.0 and later remove EVP_add_digest(). Thanks to
+ Derrik Pates for the report and patch.
+ - Increase timeout in 62_threads-ctx_new-deadlock.t to allow
+ the test to pass on very slow platforms.
+ - Add missing documentation for STACK_OF() free functions
+ sk_X509_free and sk_X509_INFO_free. Contributed by Marc
+ Reisner
+ - Add $prefx/lib/64 to lib paths in Makefile.PL for
+ Illumos. Contributed by Marcel Telka.
+ - Support vendor-supplied OpenSSL 3.x on VMS and update %ENV
+ modification in test 10_rand.t to work on VMS. Contributed
+ by Craig Barry.
+ - Compiler -D switches Makefile.PL sets are no longer added to
+ the MakeMaker CCFLAG attribute because of portability
+ reasons. The switches are now passed either via
+ WriteMakefile() or appending them to 'perl Makefile.PL ...'
+ DEFINE argument. CCFLAG problem diagnosed by Craig
+ Barry. Fixes by Craig Barry and Heikki Vatiainen.
+ - Update GitHub Actions CI testing:
+ - Perl on Ubuntu 24.04: Add Perl 5.38, 5.40 and 5.42, add
+ OpenSSL 3.3, 3.4 and 3.5 minor releases, add LibreSSL 3.9,
+ 4.0 and 4.1 release branches.
+ - Alpine Linux: Remove 3.15, 3.16 and 3.17. Add 3.19, 3.20,
+ 3.21 and 3.22.
+ - Freebsd: Add 14.3 and replace 13.2 with 13.5.
+ - OpenBSD: Add 7.6 and 7.7. Remove 7.2 and 7.3.
+ - NetBSD: Add 10.1 and replace 9.3 with 9.4.
+ - Update test 62_threads-ctx_new-deadlock.t to work with
+ LibreSSL 4.1.0.
+
+-------------------------------------------------------------------
Old:
----
Net-SSLeay-1.94.tar.gz
test-32_x509_get_cert_info-allow-single-colon.patch
New:
----
Net-SSLeay-1.96.tar.gz
README.md
_scmsync.obsinfo
build.specials.obscpio
----------(Old B)----------
Old:
- Remove test-32_x509_get_cert_info-allow-single-colon.patch (fixed upstream)
----------(Old E)----------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ perl-Net-SSLeay.spec ++++++
--- /var/tmp/diff_new_pack.Nlrhfh/_old 2026-06-15 19:42:45.649696787 +0200
+++ /var/tmp/diff_new_pack.Nlrhfh/_new 2026-06-15 19:42:45.649696787 +0200
@@ -1,7 +1,7 @@
#
# spec file for package perl-Net-SSLeay
#
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2026 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,17 +18,16 @@
%define cpan_name Net-SSLeay
Name: perl-Net-SSLeay
-Version: 1.940.0
+Version: 1.960.0
Release: 0
-# 1.94 -> normalize -> 1.940.0
-%define cpan_version 1.94
+# 1.96 -> normalize -> 1.960.0
+%define cpan_version 1.96
License: Artistic-2.0
Summary: Perl bindings for OpenSSL and LibreSSL
URL: https://metacpan.org/release/%{cpan_name}
Source0:
https://cpan.metacpan.org/authors/id/C/CH/CHRISN/%{cpan_name}-%{cpan_version}.tar.gz
Source1: cpanspec.yml
-# PATCH-FIX-UPSTREAM: Fix build with openssl >= 3.4.1
-Patch: test-32_x509_get_cert_info-allow-single-colon.patch
+Source100: README.md
BuildRequires: perl
BuildRequires: perl-macros
Provides: perl(Net::SSLeay) = %{version}
@@ -49,7 +48,7 @@
libcrypto (a cryptography API).
%prep
-%autosetup -p1 -n %{cpan_name}-%{cpan_version}
+%autosetup -n %{cpan_name}-%{cpan_version} -p1
find . -type f ! -path "*/t/*" ! -name "*.pl" ! -path "*/bin/*" ! -path
"*/script/*" ! -path "*/scripts/*" ! -name "configure" -print0 | xargs -0 chmod
644
++++++ Net-SSLeay-1.94.tar.gz -> Net-SSLeay-1.96.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Net-SSLeay-1.94/Changes new/Net-SSLeay-1.96/Changes
--- old/Net-SSLeay-1.94/Changes 2024-01-08 02:17:02.000000000 +0100
+++ new/Net-SSLeay-1.96/Changes 2026-03-21 01:39:56.000000000 +0100
@@ -1,5 +1,67 @@
Revision history for Perl extension Net::SSLeay.
+1.96 2026-03-21
+ - New stable release incorporating all changes from developer releases
+ 1.95_01 to 1.95_03.
+ - Summary of major changes since version 1.94:
+ - Net::SSLeay now officially supports all stable releases of OpenSSL
+ 3.3 - 3.6 and LibreSSL 3.9 - 4.2, including the vendor-supplied
+ version of OpenSSL 3 on VMS.
+ - Several libssl functions allowing for the control of supported
+ signature algorithms are now exposed.
+
+1.95_03 2026-03-20
+ - In 67_sigalgs.t, load the certificates and keys before forking
+ to avoid a failure on MSWin32.
+
+1.95_02 2026-03-18
+ - Support SSL_CTX_set1_sigalgs_list and
+ SSL_CTX_set1_client_sigalgs_list. Contributed by Wes Malone.
+ - Support SSL_set1_sigalgs_list, SSL_set1_client_sigalgs_list,
+ SSL_get_sigalgs and SSL_get_shared_sigalgs, and add the
+ function SSL_CTX_set_cert_cb.
+ - Add test file 67_sigalgs.t for the sigalgs functions.
+
+1.95_01 2026-02-05
+ - Skip NPN tests when NPN is disabled in OpenSSL instead o
+ assuming NPN is always enabled. Reported by GitHub user
+ dilyanpalauzov Дилян Палаузов.
+ - Update GitHub Actions CI workflow. A number of test jobs
+ were broken because some GitHub runners were discontinued,
+ changes in QEMU setup, changes in Cygwin, etc.
+ - Adjust test 32_x509_get_cert_info.t to match formatting
+ changes in OpenSSL 3.4.0 and 3.4.1. Thanks to Sebastian
+ Andrzej Siewior for the patches.
+ - OpenSSL 3.9.0 and later remove EVP_add_digest(). Thanks to
+ Derrik Pates for the report and patch.
+ - Increase timeout in 62_threads-ctx_new-deadlock.t to allow
+ the test to pass on very slow platforms.
+ - Add missing documentation for STACK_OF() free functions
+ sk_X509_free and sk_X509_INFO_free. Contributed by Marc
+ Reisner
+ - Add $prefx/lib/64 to lib paths in Makefile.PL for
+ Illumos. Contributed by Marcel Telka.
+ - Support vendor-supplied OpenSSL 3.x on VMS and update %ENV
+ modification in test 10_rand.t to work on VMS. Contributed
+ by Craig Barry.
+ - Compiler -D switches Makefile.PL sets are no longer added to
+ the MakeMaker CCFLAG attribute because of portability
+ reasons. The switches are now passed either via
+ WriteMakefile() or appending them to 'perl Makefile.PL ...'
+ DEFINE argument. CCFLAG problem diagnosed by Craig
+ Barry. Fixes by Craig Barry and Heikki Vatiainen.
+ - Update GitHub Actions CI testing:
+ - Perl on Ubuntu 24.04: Add Perl 5.38, 5.40 and 5.42, add
+ OpenSSL 3.3, 3.4 and 3.5 minor releases, add LibreSSL 3.9,
+ 4.0 and 4.1 release branches.
+ - Alpine Linux: Remove 3.15, 3.16 and 3.17. Add 3.19, 3.20,
+ 3.21 and 3.22.
+ - Freebsd: Add 14.3 and replace 13.2 with 13.5.
+ - OpenBSD: Add 7.6 and 7.7. Remove 7.2 and 7.3.
+ - NetBSD: Add 10.1 and replace 9.3 with 9.4.
+ - Update test 62_threads-ctx_new-deadlock.t to work with
+ LibreSSL 4.1.0.
+
1.94 2024-01-08
- New stable release incorporating all changes from developer releases
1.93_01
to 1.93_05.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Net-SSLeay-1.94/MANIFEST new/Net-SSLeay-1.96/MANIFEST
--- old/Net-SSLeay-1.94/MANIFEST 2024-01-08 02:17:32.000000000 +0100
+++ new/Net-SSLeay-1.96/MANIFEST 2026-03-21 01:40:42.000000000 +0100
@@ -232,6 +232,7 @@
t/local/65_security_level.t
t/local/65_ticket_sharing_2.t
t/local/66_curves.t
+t/local/67_sigalgs.t
t/local/kwalitee.t
typemap
META.yml Module YAML meta-data (added by
MakeMaker)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Net-SSLeay-1.94/META.json
new/Net-SSLeay-1.96/META.json
--- old/Net-SSLeay-1.94/META.json 2024-01-08 02:17:32.000000000 +0100
+++ new/Net-SSLeay-1.96/META.json 2026-03-21 01:40:42.000000000 +0100
@@ -82,6 +82,6 @@
"web" : "https://github.com/radiator-software/p5-net-ssleay";
}
},
- "version" : "1.94",
+ "version" : "1.96",
"x_serialization_backend" : "JSON::PP version 4.06"
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Net-SSLeay-1.94/META.yml new/Net-SSLeay-1.96/META.yml
--- old/Net-SSLeay-1.94/META.yml 2024-01-08 02:17:32.000000000 +0100
+++ new/Net-SSLeay-1.96/META.yml 2026-03-21 01:40:42.000000000 +0100
@@ -47,5 +47,5 @@
resources:
bugtracker: https://github.com/radiator-software/p5-net-ssleay/issues
repository: git://github.com/radiator-software/p5-net-ssleay.git
-version: '1.94'
+version: '1.96'
x_serialization_backend: 'CPAN::Meta::YAML version 0.012'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Net-SSLeay-1.94/Makefile.PL
new/Net-SSLeay-1.96/Makefile.PL
--- old/Net-SSLeay-1.94/Makefile.PL 2024-01-08 01:43:17.000000000 +0100
+++ new/Net-SSLeay-1.96/Makefile.PL 2025-06-29 21:05:27.000000000 +0200
@@ -111,18 +111,16 @@
ssleay(),
);
-# CCFLAGS is used internally by Makefile.PL to define various C preprocessor
-# macros (as opposed to DEFINE, which is user-facing).
-$eumm_args{CCFLAGS} = $Config{ccflags};
+$eumm_args{DEFINE} = '';
# Expose the current Perl version to the C preprocessor. This is used in
# SSLeay.xs before perl.h is included (and therefore before its PERL_VERSION_*
# macros are available).
-add_ccflag( $eumm_args{CCFLAGS}, "-DNET_SSLEAY_PERL_VERSION=" . $] * 1e6 );
+add_define( $eumm_args{DEFINE}, "-DNET_SSLEAY_PERL_VERSION=" . $] * 1e6 );
# Suppress deprecation warnings during compilation.
# https://www.openssl.org/docs/manmaster/man7/openssl_user_macros.html
-add_ccflag( $eumm_args{CCFLAGS}, '-DOPENSSL_API_COMPAT=908' );
+add_define( $eumm_args{DEFINE}, '-DOPENSSL_API_COMPAT=908' );
# See if integers are only 32 bits long. If they are, add a flag to
# CCFLAGS. Since OpenSSL 1.1.0, a growing number of APIs are using 64
@@ -133,7 +131,7 @@
# use this define, do it so that 64bit case is the default whenever
# possible. This is safer for future library and Net::SSLeay releases.
if ( !defined $Config{use64bitint} || $Config{use64bitint} ne 'define' ) {
- add_ccflag( $eumm_args{CCFLAGS}, '-DNET_SSLEAY_32BIT_INT_PERL' );
+ add_define( $eumm_args{DEFINE}, '-DNET_SSLEAY_32BIT_INT_PERL' );
}
# This can go when EU::MM older than 6.58 are gone
@@ -142,6 +140,15 @@
# This can go when EU::MM older than 6.64 are gone
delete $eumm_args{TEST_REQUIRES} unless eval {
ExtUtils::MakeMaker->VERSION(6.64); };
+# DEFINE cannot be passed via command line ARGV and WriteMakefile(). If there's
+# a DEFINE on the command line, append ours to the last one. MakeMaker appears
+# to use only the last command line DEFINE when there are multiple.
+foreach my $arg (reverse @ARGV)
+{
+ next unless $arg =~ m/^DEFINE=/s;
+ $arg .= ' ' . delete $eumm_args{DEFINE};
+ last;
+}
WriteMakefile(%eumm_args);
sub MY::postamble {
@@ -153,7 +160,7 @@
# Prepends the C compiler flag in the second parameter to the string of
compiler
# flags in the first parameter.
-sub add_ccflag {
+sub add_define {
substr $_[0], 0, 0, $_[1] . ( length $_[0] ? ' ' : '' );
}
@@ -244,7 +251,7 @@
# phase fails.
my @try_lib_paths = (
["$prefix/lib64", "$prefix/lib", "$prefix/out32dll", $prefix] => sub
{$OSNAME eq 'darwin' },
- [$prefix, "$prefix/lib64", "$prefix/lib", "$prefix/out32dll"] => sub {
1 },
+ [$prefix, "$prefix/lib64", "$prefix/lib/64", "$prefix/lib",
"$prefix/out32dll"] => sub { 1 },
);
while (
@@ -304,6 +311,10 @@
@{ $opts->{lib_paths} } = 'SSLLIB';
@{ $opts->{lib_links} } = qw( ssl_libssl32.olb ssl_libcrypto32.olb );
}
+ elsif (-r 'ssl3$root:[000000]openssl.cnf') { # VSI SSL3 install
+ @{ $opts->{lib_paths} } = 'SYS$SHARE';
+ @{ $opts->{lib_links} } = qw( SSL3$LIBSSL_SHR32
SSL3$LIBCRYPTO_SHR32 );
+ }
elsif (-r 'ssl111$root:[000000]openssl.cnf') { # VSI SSL111 install
@{ $opts->{lib_paths} } = 'SYS$SHARE';
@{ $opts->{lib_links} } = qw( SSL111$LIBSSL_SHR32
SSL111$LIBCRYPTO_SHR32 );
@@ -380,6 +391,7 @@
$Config{prefix} . '\bin\openssl.exe' => $Config{prefix},
# strawberry perl
$Config{prefix} . '\..\c\bin\openssl.exe' => $Config{prefix} . '\..\c',
# strawberry perl
'/sslexe/openssl.exe' => '/sslroot', # VMS, openssl.org
+ '/ssl3$exe/openssl.exe' => '/ssl3$root',# VMS, VSI install
'/ssl111$exe/openssl.exe' => '/ssl111$root',# VMS, VSI install
'/ssl1$exe/openssl.exe' => '/ssl1$root',# VMS, VSI or HPE
install
'/ssl$exe/openssl.exe' => '/ssl$root', # VMS, HP install
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Net-SSLeay-1.94/README new/Net-SSLeay-1.96/README
--- old/Net-SSLeay-1.94/README 2024-01-04 23:41:01.000000000 +0100
+++ new/Net-SSLeay-1.96/README 2026-03-18 23:11:23.000000000 +0100
@@ -21,9 +21,9 @@
One of the following libssl implementations:
* Any stable release of OpenSSL (https://www.openssl.org) in the
- 0.9.8 - 3.2 branches, except for OpenSSL 0.9.8 - 0.9.8b.
+ 0.9.8 - 3.6 branches, except for OpenSSL 0.9.8 - 0.9.8b.
* Any stable release of LibreSSL (https://www.libressl.org) in the
- 2.0 - 3.8 series, except for LibreSSL 3.2.2 and 3.2.3.
+ 2.0 - 4.2 series, except for LibreSSL 3.2.2 and 3.2.3.
Net-SSLeay may not compile or pass its tests against releases other
than the ones listed above due to libssl API incompatibilities, or, in
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Net-SSLeay-1.94/SSLeay.xs
new/Net-SSLeay-1.96/SSLeay.xs
--- old/Net-SSLeay-1.94/SSLeay.xs 2024-01-04 23:41:01.000000000 +0100
+++ new/Net-SSLeay-1.96/SSLeay.xs 2026-03-18 23:17:08.000000000 +0100
@@ -2154,6 +2154,42 @@
}
#endif
+int ssl_ctx_set_cert_cb_invoke(SSL *ssl, void *arg)
+{
+ dSP;
+ int count, res;
+ SV *cb_func, *cb_arg;
+ SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
+
+ PR1("STARTED: ssl_ctx_set_cert_cb_invoke\n");
+ cb_func = cb_data_advanced_get(ctx, "ssleay_ssl_ctx_set_cert_cb!!func");
+ cb_arg = cb_data_advanced_get(ctx, "ssleay_ssl_ctx_set_cert_cb!!arg");
+ if(!SvOK(cb_func))
+ croak ("Net::SSLeay: ssl_ctx_set_cert_cb_invoke called, but not set to
point to any perl function.\n");
+
+ ENTER;
+ SAVETMPS;
+
+ PUSHMARK(SP);
+ EXTEND(SP, 2);
+ PUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
+ PUSHs(sv_2mortal(newSVsv(cb_arg)));
+
+ PUTBACK;
+ count = call_sv(cb_func, G_SCALAR);
+ SPAGAIN;
+
+ if (count != 1)
+ croak ("Net::SSLeay: ssl_ctx_set_cert_cb_invoke perl function returned
%d values, 1 expected\n", count);
+ res = POPi;
+
+ PUTBACK;
+ FREETMPS;
+ LEAVE;
+
+ return res;
+}
+
/* ============= end of callback stuff, begin helper functions ==============
*/
time_t ASN1_TIME_timet(ASN1_TIME *asn1t, time_t *gmtoff) {
@@ -2565,6 +2601,16 @@
#endif
+#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(LIBRESSL_VERSION_NUMBER)
/* OpenSSL 1.0.2 */
+
+long
+SSL_CTX_set1_sigalgs_list(SSL_CTX *ctx, const char *str)
+
+long
+SSL_CTX_set1_client_sigalgs_list(SSL_CTX *ctx, const char *str)
+
+#endif
+
#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER)
/* OpenSSL 1.1.1 */
void
@@ -3584,6 +3630,54 @@
#endif
+#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(LIBRESSL_VERSION_NUMBER)
/* OpenSSL 1.0.2 */
+
+long
+SSL_set1_sigalgs_list(SSL *ssl, const char *str)
+
+long
+SSL_set1_client_sigalgs_list(SSL *ssl, const char *str)
+
+void
+SSL_get_sigalgs(SSL *ssl, int idx)
+ PREINIT:
+ int n_sigalgs;
+ int psign = NID_undef, phash = NID_undef, psignhash = NID_undef;
+ unsigned char rsig = 0, rhash = 0;
+ PPCODE:
+ n_sigalgs = SSL_get_sigalgs(ssl, idx,
+ &psign, &phash, &psignhash,
+ &rsig, &rhash);
+
+ EXTEND(SP, 6);
+ PUSHs(sv_2mortal(newSViv(n_sigalgs)));
+ PUSHs(sv_2mortal(newSViv(psign)));
+ PUSHs(sv_2mortal(newSViv(phash)));
+ PUSHs(sv_2mortal(newSViv(psignhash)));
+ PUSHs(sv_2mortal(newSVuv(rsig)));
+ PUSHs(sv_2mortal(newSVuv(rhash)));
+
+void
+SSL_get_shared_sigalgs(SSL *ssl, int idx)
+ PREINIT:
+ int n_sigalgs;
+ int psign = NID_undef, phash = NID_undef, psignhash = NID_undef;
+ unsigned char rsig = 0, rhash = 0;
+ PPCODE:
+ n_sigalgs = SSL_get_shared_sigalgs(ssl, idx,
+ &psign, &phash, &psignhash,
+ &rsig, &rhash);
+
+ EXTEND(SP, 6);
+ PUSHs(sv_2mortal(newSViv(n_sigalgs)));
+ PUSHs(sv_2mortal(newSViv(psign)));
+ PUSHs(sv_2mortal(newSViv(phash)));
+ PUSHs(sv_2mortal(newSViv(psignhash)));
+ PUSHs(sv_2mortal(newSVuv(rsig)));
+ PUSHs(sv_2mortal(newSVuv(rhash)));
+
+#endif
+
const BIO_METHOD *
BIO_f_ssl()
@@ -6232,6 +6326,23 @@
#endif
+#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(LIBRESSL_VERSION_NUMBER)
+
+void
+SSL_CTX_set_cert_cb(SSL_CTX *ctx, SV *callback, SV *arg=&PL_sv_undef)
+ CODE:
+ if (callback==NULL || !SvOK(callback)) {
+ SSL_CTX_set_cert_cb(ctx, NULL, NULL);
+ cb_data_advanced_put(ctx, "ssleay_ssl_ctx_set_cert_cb!!func", NULL);
+ cb_data_advanced_put(ctx, "ssleay_ssl_ctx_set_cert_cb!!arg", NULL);
+ } else {
+ cb_data_advanced_put(ctx, "ssleay_ssl_ctx_set_cert_cb!!func",
newSVsv(callback));
+ cb_data_advanced_put(ctx, "ssleay_ssl_ctx_set_cert_cb!!arg",
newSVsv(arg));
+ SSL_CTX_set_cert_cb(ctx, ssl_ctx_set_cert_cb_invoke, NULL);
+ }
+
+#endif
+
#if OPENSSL_VERSION_NUMBER >= 0x10101001L && !defined(LIBRESSL_VERSION_NUMBER)
void
@@ -7493,8 +7604,12 @@
#endif
+#if !defined(LIBRESSL_VERSION_NUMBER) || (LIBRESSL_VERSION_NUMBER <
0x3090000fL) /* LibreSSL < 3.9.0 */
+
int EVP_add_digest(const EVP_MD *digest)
+#endif
+
#ifndef OPENSSL_NO_SHA
const EVP_MD *EVP_sha1()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Net-SSLeay-1.94/helper_script/generate-test-pki
new/Net-SSLeay-1.96/helper_script/generate-test-pki
--- old/Net-SSLeay-1.94/helper_script/generate-test-pki 2024-01-08
02:17:02.000000000 +0100
+++ new/Net-SSLeay-1.96/helper_script/generate-test-pki 2026-03-21
01:39:56.000000000 +0100
@@ -14,7 +14,7 @@
use Getopt::Long qw(GetOptionsFromArray);
use IPC::Run qw( start finish timeout );
-our $VERSION = '1.94';
+our $VERSION = '1.96';
local $SIG{__DIE__} = sub {
my ($cause) = @_;
@@ -1254,7 +1254,7 @@
=head1 VERSION
-This document describes version 1.94 of C<generate-test-pki>.
+This document describes version 1.96 of C<generate-test-pki>.
=head1 USAGE
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Net-SSLeay-1.94/helper_script/update-exported-constants
new/Net-SSLeay-1.96/helper_script/update-exported-constants
--- old/Net-SSLeay-1.94/helper_script/update-exported-constants 2024-01-08
02:17:02.000000000 +0100
+++ new/Net-SSLeay-1.96/helper_script/update-exported-constants 2026-03-21
01:39:56.000000000 +0100
@@ -14,7 +14,7 @@
use Getopt::Long qw(GetOptionsFromArray);
use POSIX qw(ceil);
-our $VERSION = '1.94';
+our $VERSION = '1.96';
local $SIG{__DIE__} = sub {
my ($cause) = @_;
@@ -427,7 +427,7 @@
=head1 VERSION
-This document describes version 1.94 of C<update-exported-constants>.
+This document describes version 1.96 of C<update-exported-constants>.
=head1 USAGE
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Net-SSLeay-1.94/inc/Test/Net/SSLeay/Socket.pm
new/Net-SSLeay-1.96/inc/Test/Net/SSLeay/Socket.pm
--- old/Net-SSLeay-1.94/inc/Test/Net/SSLeay/Socket.pm 2024-01-08
02:17:02.000000000 +0100
+++ new/Net-SSLeay-1.96/inc/Test/Net/SSLeay/Socket.pm 2026-03-21
01:39:56.000000000 +0100
@@ -13,7 +13,7 @@
inet_aton inet_ntoa pack_sockaddr_in unpack_sockaddr_in
);
-our $VERSION = '1.94';
+our $VERSION = '1.96';
my %PROTOS = (
tcp => SOCK_STREAM,
@@ -134,7 +134,7 @@
=head1 VERSION
-This document describes version 1.94 of Test::Net::SSLeay::Socket.
+This document describes version 1.96 of Test::Net::SSLeay::Socket.
=head1 SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Net-SSLeay-1.94/inc/Test/Net/SSLeay.pm
new/Net-SSLeay-1.96/inc/Test/Net/SSLeay.pm
--- old/Net-SSLeay-1.94/inc/Test/Net/SSLeay.pm 2024-01-08 02:17:02.000000000
+0100
+++ new/Net-SSLeay-1.96/inc/Test/Net/SSLeay.pm 2026-03-21 01:39:56.000000000
+0100
@@ -14,7 +14,7 @@
use Test::Builder;
use Test::Net::SSLeay::Socket;
-our $VERSION = '1.94';
+our $VERSION = '1.96';
our @EXPORT_OK = qw(
can_fork can_really_fork can_thread
@@ -542,7 +542,7 @@
=head1 VERSION
-This document describes version 1.94 of Test::Net::SSLeay.
+This document describes version 1.96 of Test::Net::SSLeay.
=head1 SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Net-SSLeay-1.94/lib/Net/SSLeay/Handle.pm
new/Net-SSLeay-1.96/lib/Net/SSLeay/Handle.pm
--- old/Net-SSLeay-1.94/lib/Net/SSLeay/Handle.pm 2024-01-08
02:17:02.000000000 +0100
+++ new/Net-SSLeay-1.96/lib/Net/SSLeay/Handle.pm 2026-03-21
01:39:56.000000000 +0100
@@ -57,7 +57,7 @@
use vars qw(@ISA @EXPORT_OK $VERSION);
@ISA = qw(Exporter);
@EXPORT_OK = qw(shutdown);
-$VERSION = '1.94';
+$VERSION = '1.96';
my $Initialized; #-- only _initialize() once
my $Debug = 0; #-- pretty hokey
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Net-SSLeay-1.94/lib/Net/SSLeay.pm
new/Net-SSLeay-1.96/lib/Net/SSLeay.pm
--- old/Net-SSLeay-1.94/lib/Net/SSLeay.pm 2024-01-08 02:17:02.000000000
+0100
+++ new/Net-SSLeay-1.96/lib/Net/SSLeay.pm 2026-03-21 01:39:56.000000000
+0100
@@ -70,7 +70,7 @@
# inc/Test/Net/SSLeay.pm
# inc/Test/Net/SSLeay/Socket.pm
# lib/Net/SSLeay/Handle.pm
-$VERSION = '1.94';
+$VERSION = '1.96';
@ISA = qw(Exporter);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Net-SSLeay-1.94/lib/Net/SSLeay.pod
new/Net-SSLeay-1.96/lib/Net/SSLeay.pod
--- old/Net-SSLeay-1.94/lib/Net/SSLeay.pod 2024-01-04 23:41:01.000000000
+0100
+++ new/Net-SSLeay-1.96/lib/Net/SSLeay.pod 2026-03-18 23:17:08.000000000
+0100
@@ -1,3 +1,4 @@
+
=encoding utf-8
=head1 NAME
@@ -48,12 +49,12 @@
=item *
-Any stable release of L<OpenSSL|https://www.openssl.org> in the 0.9.8 - 3.2
+Any stable release of L<OpenSSL|https://www.openssl.org> in the 0.9.8 - 3.6
branches, except for OpenSSL 0.9.8 - 0.9.8b.
=item *
-Any stable release of L<LibreSSL|https://www.libressl.org> in the 2.0 - 3.8
+Any stable release of L<LibreSSL|https://www.libressl.org> in the 2.0 - 4.2
series, except for LibreSSL 3.2.2 and 3.2.3.
=back
@@ -3273,6 +3274,38 @@
Check openssl doc
L<https://www.openssl.org/docs/manmaster/man3/SSL_CTX_get0_param.html>
+=item * CTX_set1_sigalgs_list
+
+B<COMPATIBILITY:> not available in Net-SSLeay-1.94 and before; requires at
least OpenSSL 1.0.2, not in LibreSSL
+
+Set the supported signature algorithms for $ctx. $str is a string consisting of
+a colon separated list of elements, where each element is either a combination
+of a public key algorithm and a digest separated by +, or a TLS 1.3-style named
+SignatureScheme such as rsa_pss_pss_sha256.
+
+ my $rv = Net::SSLeay::CTX_set1_sigalgs_list($str)
+ # $str - (string) signature algo list, e.g. "ECDSA+SHA256:RSA+SHA256"
+ #
+ # returns: 1 on success, 0 on failure
+
+Check openssl doc
L<https://docs.openssl.org/master/man3/SSL_CTX_set1_sigalgs_list/>
+
+=item * CTX_set1_client_sigalgs_list
+
+B<COMPATIBILITY:> not available in Net-SSLeay-1.94 and before; requires at
least OpenSSL 1.0.2, not in LibreSSL
+
+Set the supported client authentication signature algorithms for $ctx. $str is
+a string consisting of a colon separated list of elements, where each element
+is either a combination of a public key algorithm and a digest separated by +,
+or a TLS 1.3-style named SignatureScheme such as rsa_pss_pss_sha256.
+
+ my $rv = Net::SSLeay::CTX_set1_client_sigalgs_list($str)
+ # $str - (string) signature algo list, e.g. "ECDSA+SHA256:RSA+SHA256"
+ #
+ # returns: 1 on success, 0 on failure
+
+Check openssl doc
L<https://docs.openssl.org/master/man3/SSL_CTX_set1_client_sigalgs_list/>
+
=item * CTX_set_cert_store
Sets/replaces the certificate verification storage of $ctx to/with $store.
@@ -3778,6 +3811,30 @@
Check openssl doc
L<https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_client_hello_cb.html>
+=item * CTX_set_cert_cb
+
+B<COMPATIBILITY:> not available in Net-SSLeay-1.94 and before
+
+Set the callback that is called before a certificate will be used by a client
or server.
+
+ Net::SSLeay::CTX_set_cert_cb($ctx, $cb, [$arg]);
+ # $ctx - value corresponding to openssl's SSL_CTX structure
+ # $cb - reference to a perl callback function
+ # $arg - optional data passed to the callback function when invoked
+ #
+ # returns: no return value
+
+ cert_cb_func($ssl, $arg);
+ # $ssl - value corresponding to OpenSSL's SSL object associated with the
connection
+ # $arg - data to callback
+ #
+ # The callback must return an integer:
+ # 1: If the callback is successful, even if no certificates have been set.
+ # 0: On error which will abort the handshake with a fatal internal error
alert.
+ # negative: To indicate suspended handshake returning
Net::SSLeay::ERROR_WANT_X509_LOOKUP().
+
+Check openssl doc
L<https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_cert_cb.html>
+
=back
=head3 Low level API: SSL_* related functions
@@ -4914,6 +4971,76 @@
Check openssl doc
L<https://www.openssl.org/docs/manmaster/man3/SSL_set_ciphersuites.html>
+=item * set1_sigalgs_list
+
+B<COMPATIBILITY:> not available in Net-SSLeay-1.94 and before; requires at
least OpenSSL 1.0.2, not in LibreSSL
+
+Set the supported signature algorithms for $ssl. $str is a string consisting of
+a colon separated list of elements, where each element is either a combination
+of a public key algorithm and a digest separated by +, or a TLS 1.3-style named
+SignatureScheme such as rsa_pss_pss_sha256.
+
+ my $rv = Net::SSLeay::set1_sigalgs_list($str)
+ # $str - (string) signature algo list, e.g. "ECDSA+SHA256:RSA+SHA256"
+ #
+ # returns: 1 on success, 0 on failure
+
+Check openssl doc
L<https://docs.openssl.org/master/man3/SSL_set1_sigalgs_list/>
+
+=item * set1_client_sigalgs_list
+
+B<COMPATIBILITY:> not available in Net-SSLeay-1.94 and before; requires at
least OpenSSL 1.0.2, not in LibreSSL
+
+Set the supported client authentication signature algorithms for $ssl. $str is
+a string consisting of a colon separated list of elements, where each element
+is either a combination of a public key algorithm and a digest separated by +,
+or a TLS 1.3-style named SignatureScheme such as rsa_pss_pss_sha256.
+
+ my $rv = Net::SSLeay::set1_client_sigalgs_list($str)
+ # $str - (string) signature algo list, e.g. "ECDSA+SHA256:RSA+SHA256"
+ #
+ # returns: 1 on success, 0 on failure
+
+Check openssl doc
L<https://docs.openssl.org/master/man3/SSL_set1_client_sigalgs_list/>
+
+=item * get_sigalgs
+
+B<COMPATIBILITY:> not available in Net-SSLeay-1.94 and before; requires at
least OpenSSL 1.0.2, not in LibreSSL
+
+Return information about all signature algorithms supported by the TLS peer.
+
+ my @sigalg = Net::SSLeay::get_sigalgs($ssl, $idx)
+ # $ssl - value corresponding to openssl's SSL structure
+ # $idx - (integer) index in the list of algorithms sent by the peer
+ #
+ # returns: A list of six items described below.
+
+The first item in the list is the number of the signature algorithms
+or 0 if the $idx parameter is out of the range. The next three items
+are OpenSSL NIDs: the signature algorithm NID, the hash NID and the
+sign and hash NID. Items five and six are one octet signature and hash
+raw values from the wire.
+
+Check openssl doc L<https://docs.openssl.org/master/man3/SSL_get_sigalgs/>
+
+=item * get_shared_sigalgs
+
+B<COMPATIBILITY:> not available in Net-SSLeay-1.94 and before; requires at
least OpenSSL 1.0.2, not in LibreSSL
+
+Return information about the shared signature algorithms supported by
+the TLS peer. This function takes similar arguments and returns
+similar values as C<Net::SSLeay::get_sigalgs>. See
+C<Net::SSLeay::get_sigalgs> for the details of function arguments and
+return values.
+
+ my @sigalg = Net::SSLeay::get_shared_sigalgs($ssl, $idx)
+ # $ssl - value corresponding to openssl's SSL structure
+ # $idx - (integer) index in the list of shared algorithms
+ #
+ # returns: A list of six items described below.
+
+Check openssl doc
L<https://docs.openssl.org/master/man3/SSL_get_shared_sigalgs/>
+
=item * set_client_CA_list
Sets the list of CAs sent to the client when requesting a client certificate
@@ -7073,6 +7200,15 @@
#
# returns: value corresponding to openssl's STACK_OF(X509) structure
+=item * sk_X509_free
+
+Free an allocated STACK_OF(X509) structure.
+
+ Net::SSLeay::sk_X509_free($sk);
+ # $sk - value corresponding to openssl's STACK_OF(X509) structure
+ #
+ # returns: no return value
+
=item * sk_X509_push
Pushes an X509 structure onto a STACK_OF(X509) structure.
@@ -8336,6 +8472,15 @@
=over
+=item * sk_X509_INFO_free
+
+Free an allocated STACK_OF(X509_INFO) structure.
+
+ Net::SSLeay::sk_X509_INFO_free($sk);
+ # $sk - value corresponding to openssl's STACK_OF(X509_INFO) structure
+ #
+ # returns: no return value
+
=item * sk_X509_INFO_num
Returns the number of values in a STACK_OF(X509_INFO) structure.
@@ -9019,6 +9164,8 @@
#
# returns: value corresponding to openssl's EVP_MD structure
+B<COMPATIBILITY:> no longer available in LibreSSL 3.9.0 and later
+
=item * EVP_add_digest
my $rv = Net::SSLeay::EVP_add_digest($digest);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Net-SSLeay-1.94/t/local/10_rand.t
new/Net-SSLeay-1.96/t/local/10_rand.t
--- old/Net-SSLeay-1.94/t/local/10_rand.t 2021-12-29 20:50:35.000000000
+0100
+++ new/Net-SSLeay-1.96/t/local/10_rand.t 2025-06-29 21:05:27.000000000
+0200
@@ -59,8 +59,7 @@
sub test_rand_file_name_openssl
{
my $file_name;
- local %ENV = %ENV;
- delete $ENV{RANDFILE};
+ delete local @ENV{'RANDFILE', 'HOME'};
# NOTE: If there are test failures, are you using some type of
# setuid environment? If so, this may affect usability of
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Net-SSLeay-1.94/t/local/32_x509_get_cert_info.t
new/Net-SSLeay-1.96/t/local/32_x509_get_cert_info.t
--- old/Net-SSLeay-1.94/t/local/32_x509_get_cert_info.t 2024-01-04
22:47:24.000000000 +0100
+++ new/Net-SSLeay-1.96/t/local/32_x509_get_cert_info.t 2025-06-29
21:05:27.000000000 +0200
@@ -188,6 +188,11 @@
) {
$ext_data =~ s{(othername:) [^, ]+}{$1<unsupported>}g;
}
+ # Starting with 3.4.0 the double colon in emailAddress has
been removed.
+ # See https://github.com/openssl/openssl/commit/de8861a7e3100
+ if (Net::SSLeay::SSLeay >= 0x30400000) {
+ $ext_data =~ s{emailAddress::}{emailAddress:};
+ }
}
elsif ( $nid == 89 ) {
# The output formatting for certificate policies has a
@@ -214,6 +219,9 @@
# OpenSSL 1.0.0 to 1.1.1:
$ext_data =~ s{(Full Name:\n )}{\n$1}g;
$ext_data .= "\n";
+ } elsif ( Net::SSLeay::SSLeay > 0x3040000f ) {
+ $ext_data =~ s{(\nFull Name:)}{\n$1}g;
+ $ext_data .= "\n";
}
}
elsif ( $nid == 126 ) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Net-SSLeay-1.94/t/local/40_npn_support.t
new/Net-SSLeay-1.96/t/local/40_npn_support.t
--- old/Net-SSLeay-1.94/t/local/40_npn_support.t 2021-09-29
00:15:32.000000000 +0200
+++ new/Net-SSLeay-1.96/t/local/40_npn_support.t 2024-04-04
01:43:21.000000000 +0200
@@ -10,6 +10,9 @@
plan skip_all => "OpenSSL 1.0.1 or above required";
} elsif (Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER")) {
plan skip_all => "LibreSSL removed support for NPN";
+ } elsif (!defined &Net::SSLeay::CTX_set_next_protos_advertised_cb) {
+ # OpenSSL can optionally be compiled without NPN support
+ plan skip_all => "NPN is not enabled";
} elsif (not can_fork()) {
plan skip_all => "fork() not supported on this system";
} elsif ( !eval { new_ctx( undef, 'TLSv1.2' ); 1 } ) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Net-SSLeay-1.94/t/local/62_threads-ctx_new-deadlock.t
new/Net-SSLeay-1.96/t/local/62_threads-ctx_new-deadlock.t
--- old/Net-SSLeay-1.94/t/local/62_threads-ctx_new-deadlock.t 2024-01-04
22:47:24.000000000 +0100
+++ new/Net-SSLeay-1.96/t/local/62_threads-ctx_new-deadlock.t 2026-02-04
01:23:42.000000000 +0100
@@ -1,7 +1,7 @@
use lib 'inc';
use Net::SSLeay;
-use Test::Net::SSLeay qw( can_thread initialise_libssl );
+use Test::Net::SSLeay qw( can_thread is_openssl initialise_libssl );
use FindBin;
@@ -26,14 +26,24 @@
# If we need to do OPENSSL_INIT_crypto() call, we must skip the
# default library initialisation. Otherwise our call to
# OPENSSL_init_crypto() won't do anything.
-eval { Net::SSLeay::OPENSSL_INIT_NO_ATEXIT(); return 1; } ?
- Net::SSLeay::OPENSSL_init_crypto(Net::SSLeay::OPENSSL_INIT_NO_ATEXIT(),
undef) :
+if (is_openssl()) {
+ eval { Net::SSLeay::OPENSSL_INIT_NO_ATEXIT(); return 1; } ?
+ Net::SSLeay::OPENSSL_init_crypto(Net::SSLeay::OPENSSL_INIT_NO_ATEXIT(),
undef) :
+ initialise_libssl();
+} else {
+ # At the time of writing OPENSSL_init_crypto is not exposed with
+ # LibreSSL. Even if it were exposed we can skip atexit() special
+ # handling because LibreSSL 4.1.0 release notes state the
+ # following:
+ # Added an OPENSSL_INIT_NO_ATEXIT flag for OPENSSL_init_crypto().
+ # It has no effect since LibreSSL doesn't call atexit().
initialise_libssl();
+}
my $start_time = time;
#exit the whole program if it runs too long
-threads->new( sub { sleep 20; warn "FATAL: TIMEOUT!"; exit } )->detach;
+threads->new( sub { sleep 30; warn "FATAL: TIMEOUT!"; exit } )->detach;
#print STDERR "Gonna start multi-threading part\n";
threads->new(\&do_check) for (1..100);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Net-SSLeay-1.94/t/local/67_sigalgs.t
new/Net-SSLeay-1.96/t/local/67_sigalgs.t
--- old/Net-SSLeay-1.94/t/local/67_sigalgs.t 1970-01-01 01:00:00.000000000
+0100
+++ new/Net-SSLeay-1.96/t/local/67_sigalgs.t 2026-03-20 01:28:19.000000000
+0100
@@ -0,0 +1,180 @@
+
+# Tests for SSL_CTX_set1_sigalgs_list and related functions
+
+use lib 'inc';
+
+use Net::SSLeay;
+use Test::Net::SSLeay qw(can_fork data_file_path initialise_libssl new_ctx
tcp_socket);
+
+initialise_libssl();
+
+if (!defined &Net::SSLeay::CTX_set1_sigalgs_list) {
+ plan skip_all => "No CTX_set1_sigalgs_list()";
+} else {
+ plan tests => 23;
+}
+
+my $version_num = Net::SSLeay::OPENSSL_VERSION_NUMBER();
+
+my ($ctx, $proto) = new_ctx('TLSv1.2', 'TLSv1.3');
+my $ssl = Net::SSLeay::new($ctx);
+
+# '?' in the list means that the algorithm can be ignored if it's not
+# implemented
+my @tests = (
+ # TLSv1.3 list # TLSv1.2 list # components in the
list # retval
+ ['rsa_pss_rsae_sha256', 'RSA+SHA1', 'valid',
1],
+ ['rsa_pss_rsae_sha256:invalid', 'RSA+SHA1:invalid', 'valid and invalid',
0],
+ ['invalid', 'invalid', 'invalid',
0],
+ ['rsa_pss_rsae_sha256:?invalid', 'RSA+SHA1:?invalid', 'valid and ignored',
1],
+ );
+
+foreach my $test (@tests)
+{
+ my $list = $proto eq 'TLSv1.3' ? $test->[0] : $test->[1];
+
+ SKIP: {
+ # Support for ignoring a sigalg requires OpenSSL 3.0 and later
+ skip "No support for ignoring signature algorithms in " .
Net::SSLeay::SSLeay_version(), 4
+ if ($list =~ m/\?/s && $version_num < 0x30300000);
+ is(Net::SSLeay::CTX_set1_sigalgs_list ($ctx, $list), $test->[3],
"$proto CTX_set1_sigalgs_list('$list') list is: $test->[2]");
+ is(Net::SSLeay::CTX_set1_client_sigalgs_list($ctx, $list), $test->[3],
"$proto CTX_set1_client_sigalgs_list('$list') list is: $test->[2]");
+ is(Net::SSLeay::set1_sigalgs_list ($ssl, $list), $test->[3],
"$proto set1_sigalgs_list('$list') list is: $test->[2]");
+ is(Net::SSLeay::set1_client_sigalgs_list($ssl, $list), $test->[3],
"$proto set1_client_sigalgs_list('$list') list is: $test->[2]");
+ }
+}
+
+my $pid;
+alarm(30);
+END { kill 9,$pid if $pid }
+
+# Load file contents before fork to avoid failure on Windows.
+# For more information, see
+# https://github.com/radiator-software/p5-net-ssleay/issues/544
+my $ca_file_pem = data_file_path('intermediate-ca.certchain.pem');
+my $cert_pem = data_file_path('simple-cert.cert.pem');
+my $key_pem = data_file_path('simple-cert.key.pem');
+
+# See client's cert_cb callback below for more background information
+# about sigalgs function use in this callback.
+my $server_msg_to_be_sent;
+sub cert_cb_server {
+ my ($ssl, $cb_data) = @_;
+
+ my $idx = 0;
+ my @peer_sigalgs = Net::SSLeay::get_sigalgs($ssl, $idx);
+ my $peer_num_algs = $peer_sigalgs[0];
+
+ my @shared_sigalgs = Net::SSLeay::get_shared_sigalgs($ssl, 0);
+ my $shared_num_algs = $shared_sigalgs[0];
+
+ $server_msg_to_be_sent = $cb_data . " $peer_num_algs $shared_num_algs";
+
+ return 1;
+}
+
+# Filled in by server's cert_cb
+my $server = tcp_socket();
+{
+ # SSL server - just handle single connect and shutdown connection
+ defined($pid = fork()) or BAIL_OUT("failed to fork: $!");
+ if ($pid == 0) {
+ my $cl = $server->accept();
+ my $ctx = new_ctx();
+ Net::SSLeay::CTX_load_verify_locations($ctx, $ca_file_pem, '');
+ Net::SSLeay::set_cert_and_key($ctx, $cert_pem, $key_pem);
+ Net::SSLeay::CTX_set_verify($ctx, (Net::SSLeay::VERIFY_PEER() |
Net::SSLeay::VERIFY_FAIL_IF_NO_PEER_CERT()));
+
+ # Set this variable from the certificate callback
+ Net::SSLeay::CTX_set_cert_cb($ctx, \&cert_cb_server , 'server cert_cb
called:');
+
+ my $ssl = Net::SSLeay::new($ctx);
+ Net::SSLeay::set_fd($ssl, fileno($cl));
+ Net::SSLeay::accept($ssl);
+
+ # Send the message that's been updated by server's cert_cb
+ Net::SSLeay::write($ssl, $server_msg_to_be_sent);
+ Net::SSLeay::shutdown($ssl);
+
+ close($cl) || die("server close: $!");
+ $server->close() || die("server listen socket close: $!");
+ exit;
+ }
+}
+
+# Why SSL_get_siglags and SSH_get_shared_sigalgs are tested within
+# certificate callback? See the following quote from OpenSSL
+# SSL_get_shared_sigalgs manual page:
+#
+# These functions must be called after the peer has sent a list of
+# supported signature algorithms: after a client hello (for servers)
+# or a certificate request (for clients). They can (for example) be
+# called in the certificate callback.
+sub cert_cb_client {
+ my ($ssl, $cb_data) = @_;
+
+ is($cb_data, 'client cert_cb arg', 'Client certificate callback was
called');
+
+ {
+ my $idx = 0;
+ my @peer_sigalgs = Net::SSLeay::get_sigalgs($ssl, $idx);
+ my $num_algs = $peer_sigalgs[0];
+ cmp_ok($num_algs, '>', 0, "client: get_sigalgs returns > 0 algs:
$num_algs");
+
+ while ($idx < $num_algs) {
+ @peer_sigalgs = Net::SSLeay::get_sigalgs($ssl, $idx++);
+ fail('Failed looping through get_sigalgs')
+ if ($peer_sigalgs[0] != $num_algs || $peer_sigalgs[0] == 0);
+ }
+ }
+
+ # Similar loop but this time for shared sigalgs
+ {
+ my $idx = 0;
+ my @shared_sigalgs = Net::SSLeay::get_shared_sigalgs($ssl, $idx);
+ my $num_algs = $shared_sigalgs[0];
+ cmp_ok($num_algs, '>', 0, "client: get_shared_sigalgs returns > 0 algs:
$num_algs");
+
+ while ($idx < $num_algs) {
+ @shared_sigalgs = Net::SSLeay::get_shared_sigalgs($ssl, $idx++);
+ fail('Failed looping through get_shared_sigalgs')
+ if ($shared_sigalgs[0] != $num_algs || $shared_sigalgs[0] == 0);
+ }
+ }
+
+ return 1;
+}
+
+sub client {
+ # SSL client - connect and shutdown
+
+ my $cl = $server->connect();
+ my $ctx = new_ctx();
+ Net::SSLeay::set_cert_and_key($ctx, $cert_pem, $key_pem);
+ Net::SSLeay::CTX_set_options($ctx, Net::SSLeay::OP_ALL());
+ Net::SSLeay::CTX_set_cert_cb($ctx, \&cert_cb_client, 'client cert_cb arg');
+
+ my $ssl = Net::SSLeay::new($ctx);
+ Net::SSLeay::set1_client_sigalgs_list($ssl, 'rsa_pss_rsae_sha256');
+ Net::SSLeay::set_fd($ssl, $cl);
+ Net::SSLeay::connect($ssl);
+
+ my $server_msg = Net::SSLeay::read($ssl);
+ like($server_msg, qr/server cert_cb called: \d+ \d+/, 'Server certificate
callback was called');
+ my ($server_num_sigalgs, $server_num_shared_sigalgs) = ($server_msg =~
m/(\d+) (\d+)\z/s);
+ cmp_ok($server_num_sigalgs, '>', 0, "server: get_sigalgs returns >
0 algs: $server_num_sigalgs");
+ cmp_ok($server_num_shared_sigalgs, '>', 0, "server: get_shared_sigalgs
returns > 0 algs: $server_num_shared_sigalgs");
+
+ Net::SSLeay::shutdown($ssl);
+
+ close($cl) || die("client close: $!");
+
+ my $unset_cb = eval {Net::SSLeay::CTX_set_cert_cb($ctx, undef); 1; };
+ is($unset_cb, 1, "no error when removing the certificate callback");
+
+ return;
+}
+
+client();
+$server->close() || die("client listen socket close: $!");
+waitpid $pid, 0;
++++++ README.md ++++++
## Build Results
Current state of perl in openSUSE:Factory is
The current state of perl in the devel project build (devel:languages:perl)
++++++ _scmsync.obsinfo ++++++
mtime: 1781443280
commit: 1f4ac53ebbe064be5132e93bc93c64a3ab801502e3c63bb0449011374e56b754
url: https://src.opensuse.org/perl/perl-Net-SSLeay
revision: 1f4ac53ebbe064be5132e93bc93c64a3ab801502e3c63bb0449011374e56b754
projectscmsync: https://src.opensuse.org/perl/_ObsPrj
++++++ build.specials.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/.gitignore new/.gitignore
--- old/.gitignore 1970-01-01 01:00:00.000000000 +0100
+++ new/.gitignore 2026-06-14 15:21:20.000000000 +0200
@@ -0,0 +1 @@
+.osc
