This is an automated email from the git hooks/post-receive script.

carnil pushed a change to branch master
in repository libio-socket-ssl-perl.

      from  825e44a   Prepare changelog for release to experimental
      adds  3ac64c0   git-svn-id: file:///home/steffen/SVN/p5-io-socket-ssl@1 
      adds  c84bb82   - new certificates in certs/ which are more current - 
Makefile.PL: try to find usable IDN library and warn if nothing   is found. 
Check SSLeay version and warn if not sufficient   for certificate checking - add certificate checking with various policies   *** NOT testet, work 
in Progress****
      adds  b9f3a10   update wildcard cert new test verify_hostname to test 
verify_hostname() small fixes on certificate verification
      adds  0f2feb8   version 1.13_2 - IDN stuff added to certs/wildcard.pem 
and to t/verify_hostname.t - dokument changes to peer_certificate and new 
method verify_hostname
      adds  219996d   - update Changes - add forgotten server-wildcard.pem to 
MANIFEST - bump to 1.13_3
      adds  38460d0   - automatic verification of hostnames with 
SSL_verifycn_scheme and   SSL_verifycn_name - global setting of default context 
options like SSL_verifycn_scheme,   SSL_verify_mode with set_ctx_defaults - 
version 1.13_4
      adds  e48d529   small fix in import
      adds  008439c   - clarified and enhanced debugging supppport based on 
bugreport - put information 
into README regarding the supported and recommanded   version of Net::SSLeay - 
bump version to 1.14, even if Net::SSLeay 1.33 is not released yet
      adds  4e7fd69   hopefully fix t/auto_verify_hostname by changing behavior 
on SSL error _SSL_opened is now -1 on failure, no longer 1
      adds  131945b   change code for SSL_check_crl to use X509_STORE_set_flags 
instead of X509_STORE_CTX_set_flags based on bug report from 
<tjtoocool[AT]phreaker[DOT]net >
      adds  07d4f47   - change opened() to report -1 if the IO::Handle is open, 
but the   SSL connection failed, needed with HTTP::Daemon::SSL which will send  
 an error mssage over the unencrypted socket - document opened() - bump version 
to 1.16
      adds  28772de   -
      adds  67b3a74   - better IPv6 support, enabled by default if 
IO::Socket::INET6   is available
      adds  9714dc4   -
      adds  1963777   v.16_2   2008.09.24 - work around Bug in 
IO::Socket::INET6 on BSD systems   by setting Domain based on 
PeerAddr   Thanks to srezic for report and support
      adds  6db9914   +v.16_3   2008.09.25 +- fix t/nonblock.t with workaround 
for problems with +  IO::Socket::INET on some systems (Mac,5.6.2) where it 
cannot do +  nonblocking connect and leaves socket blocked. +- make some tests 
less verbose by fixing diag in t/testlib.t +  (send output to STDOUT not STDERR 
and prefix with '#')
      adds  63f0751   - make version 1.17, no code changes - document Win32 
problems with non-blocking, timeouts and test suite
      adds  274244a   1.18 - fixed typo in argument: wildcars_in_cn -> 
      adds  9b4df5a   -
      adds  2bb07b1   -
      adds  00953d8   -
      adds  c3b6a2f   +v1.21 2009.01.22 +- auto verification of name in 
certificate created circular reference between +  SSL and CTX object with the 
verify_callback, which caused the objects to be +  destroyed only at program 
end. Fix it be no longer access $self from inside +  the callback.
      adds  794e034   v1.22 2009.01.24 - Net::SSLeay stores verify callbacks 
inside hash and never clears them, so   set verify callback to NULL in destroy 
of context
      adds  624c8cb   delete META.yml from rep and MANIFEST, let it be created 
from Makefile.PL
      adds  b34f9b8   new test certificates, old expired
      adds  672e84e   checkin myca
      adds  683a91c   - if neither SSL_ca_file nor SSL_ca_path are known don't 
check cert but warn
      adds  5a062eb   warnings fix
      adds  80a08a0   - renew certs
      adds  97793f5   1.25 Fix t/nonblock.t for OS X 10.5 -
      adds  a44d892   security fix for verify_hostname_of_cert, Version 1.26
      adds  8169413   t/verify_hostname.t fixed number of tests
      adds  ff91ddd   v1.27 regex fixes and resolve Bug#48131 which only 
happened with perl -w: - changed possible local/utf-8 depended \w in some regex 
against more   explicit [a-zA-Z0-9_]. Fixed one regex, where it assumed, that 
service   names can't have '-' inside - fixed bug   where eli[AT]dvns[DOT]com 
reported warnings when perl -w was used.   While there made it more aware of 
errors in Net::ssl_write_all (return   undef not 0 in gene [...]
      adds  b30ca0b   v1.28, v1.29 memleak fix
      adds  13a474e   1.30 - fix t/memleak_bad_handshake.t
      adds  e6a15fe   1.30_1 - make sure that idn_to_ascii is not called with 
identity containing \0
      adds  a0afa60   1.30_3: make t/memleak_bad_handshake.t more stable
      adds  b05d358   1.31 - SSL_crl_file, SSL_VERIFY constants...
      adds  88d7a01   version 1.32 and 1.33
      adds  e57891c   removed svn-commit.tmp which should never have been 
checked in
      adds  9c61977   1.34: wildcards_in_cn for http, start_SSL does not close 
socket on failure
      adds  fdc5997   1.35 - no fallback to verify_none if ca_* is not valid, 
instead throw error
      adds  055e730   update SSL_verify_callback documentation
      adds  fa30f8a   let user explicitly set SSL_ca_{path,file} to undef
      adds  b2f400e   1.38 - fixed setting for wildcards_in_cn from 1 to 
anywhere for http
      adds  ea8c6f5   1.38_1 - make fileno on closed socket return undef
      adds  34f23d1   fixed docu for http cn wildcard behavior
      adds  bbea27f   version upgrade
      adds  a6f14fa   small fix in example/async_https_server
      adds  2fc0505   added t/startssl-failed.t
      adds  99f45ad   more fixes to async_https_server
      adds  a5f3196   1.40 - IDN support from URI.
      adds  f8a45f1   v1.40_1 2011.05.09 - fix issue in stop_SSL where it did 
not issue a shutdown of the   SSL connection if it first received the shutdown 
from the other   side. Thanks to fencingleo[AT]gmail[DOT]com for reporting
      adds  6b119af   make 1.40_1 ->1.41, better error handling in t/nonblock.t
      adds  b19a332   1.42: add SSL_create_ctx_callback option
      adds  719d77a   1.43 - fix t/nonblock.t
      adds  e4fc1c9   stability improvements t/inet6.t
      adds  5412bbf   1.43_1 - try to make t/nonblock.t more stable
      adds  3a0f745   1.44 - fix invalid call to inet_pton in 
      adds  35f52fa   1.45 rewrite readline for better signal handling
      adds  66e6dc5   forgot to git add test for 1.45
      adds  5a12676   1.46 - disable t/signal-readline.t for windows
      adds  efd2bab   1.47 - fix for readline introduced in 1.45
      adds  c2e8168   1.47 fix os check in t/signal-readline.t
      adds  ff967a4   1.48 Merge branch 'master' of
      adds  3c37524   1.49 - yet another readline regression. Add more tests to 
      adds  64f5672   1.50 workaround t/nonblock.t for AIX
      adds  3c93d86   1.52 fix syntax error in t/memleak_bad_handshake.t
      adds  2be90e4   1.53 - fix child leak in memleak_bad_handshake.t when 
failing test
      adds  fc93f68   1.54 - solved rt#73629 (unitialized warning)
      adds  6d7a53e   1.55 work around IO::Sockets work around for ystems 
returning EISCONN etc on connect retry
      adds  4f83a3c   1.56 added SNI support for client
      adds  266ecce   1.57 - fix t/dhe.t for openssl 1.0.1beta
      adds  ef87a2b   1.58 - disable workaround in  t/dhe.t for older openssl 
      adds  cb6982a   1.60 - doc update + fix readline for nonblocking socket
      adds  d61da37   1.59 - useful error message on attempt to use unsupported 
      adds  728004f   Merge branch 'master' of
      adds  f633127   1.61 rt#76053  automatically use 
      adds  200bc6a   1.62 small fix to 1.61
      adds  b5e793e   1.63 fix rt#76147 making Win32 tests more stable
      adds  419f418   1.64 clarify verifycn_* behavior
      adds  17f5fb7   1.65 NPN support
      adds  6d468a5   1.66 resolve bug with threads
      adds  d69ded9   1.67 - more secure defaults, new key 
SSL_honor_cipher_order to mitigate BEAST
      adds  f86e95b   1.68 - remove sslv2 from default cipher list
      adds  c32a7ec   1.69 - reenabled workaround in t/dhe.t
      adds  abc3821   1.70 - make disabling protocols via SSL_version possible, 
default SSLv23:!SSLv2
      adds  cf4608a   1.71: 1.70 done right
      adds  035be8a   1.72 set DEFAULT_CIPHER_LIST to ALL:!LOW not HIGH:!LOW
      adds  00483ba   1.73 fixes to t/dhe.t to support more openssl versions
      adds  ddd0ae7   1.74 - accept SSLv2/3 again at interpret it as SSLv23
      adds  819770a   1.74_1 - integrate IO::Socket::IP (rt#75218)
      adds  1ff9a8a   1.74_2 fix documentation of SSL_version, rt#77690
      adds  222735a   1.75 - make it possible to disable TLS version 1.1 and 1.2
      adds  6d6ad4b   1.76 - no longer depend on recent
      adds  b708b85   1.77 - rt#79916 - update_peer for IPv6
      adds  b9867b5   work around systems were AF_INET6 is not defined
      adds  7a60697   fix format - change everything to sts=4 sw=4 ts=8, prev. 
formatting was mostly tab 8 with some tab 4
      adds  0f44ccd   moved to lib/IO/Socket/
      adds  5cbf946   use getnameinfo instead of unpack_sockaddr_in6 to get 
PeerAddr and PeerPort from sockaddr in _update_peer, keeping scope
      adds  e388825   1.79 - start migration to more secure default of 
SSL_verify_mode by issuing big warning, if current insecure default gets used
      adds  74d8363   1.80 - fixed tests so that don't hang anymore on windows 
      adds  6aad6ba   1.81 - cleanups.. - depreceated set_ctx_defaults, new 
name ist set_defaults (but old name   still available) - changed handling of 
default path for SSL_(ca|cert|key)* keys: either   if one of these keys is user 
defined don't add defaults for the   others, e.g.  don't mix user settings and 
defaults - cleaner handling of module defaults vs. global settings vs. socket   
specific settings. Global and socket specific settings are both   provided by 
the user, while module  [...]
      adds  16b65e5   correct spelling of deprecated
      adds  9078b66   add link to github to Makefile.PL
      adds  aa9fd54   1.82 better error preserving
      adds  30acc99   - server side SNI - do not call DEBUG() unless debugging 
is on to speed up module
      adds  1a1c1ea   much better documentation
      adds  799468f   release as 1.83
      adds  b4e960d   add more debugging for SNI
      adds  68995c7   1.83_1 - adapted and documented behavior of readline on 
non-blocking I/O
      adds  6925c97   1.84 with more stable client side SNI and better 
support/doc for SNI and NPN
      adds  0e707b0   updated documentation
      adds  91708db   update SEE ALSO and COPYRIGHT
      adds  5e3fd26   1.85 - probe for available modules with local __DIE__ and 
__WARN__handlers.   fixes RT#84574 - fix warning, when IO::Socket::IP is 
installed and inet6 support gets explictly   requested. RT#84619
      adds  715cea8   1.86 RT#84686 - don't complain about SSL_verify_mode is 
SSL_reuse_ctx,  thanks to CLEACH
      adds  4868482   1.87 - RT#84829 - complain if given 
SSL_(key|cert|ca)_(file|path) do not exist or   if they are not readable. 
Thanks to perl[AT]minty[DOT]org - fix use of SSL_key|SSL_file objects instead 
of files, broken with 1.83
      adds  98cf0e1   1.88 consider a value of '' the same as undef for 
SSL_ca_(path|file), SSL_key* and SSL_cert* - some apps like Net::LDAP use it 
that way.
      adds  379a00c   Spelling corrections
      adds  4bf7358   Merge pull request #3 from dsteinbrunner/master
      adds  debe24d   update Changes
      adds  221b1b5   1.89 if IO::Socket::IP is used it should be at least 
version 0.20 to fix RT#81932 (HTTP::Daemon::SSL)
      adds  764097d   added SSL interception
      adds  b7a0309   - added test for intercepting feature - RT#85290 - use 
more digests by default
      adds  c59f706   1.91 - added IO::Socket::SSL::Utils for easier 
manipulation of certificates and keys - moved SSL interception into 
IO::Socket::SSL::Intercept and simplified it   using IO::Socket::SSL::Utils - 
enhance meta information in Makefile.PL
      adds  5e361a1   Fix pod error in IO::Socket::SSL::Utils RT#85733
      adds  cd137f4   1.92 Intercept: use sha1-fingerprint of original cert for 
id into cache unless otherwise given
      adds  16c4645   1.93 - need at least OpenSSL version 0.9.8 now, since 
last 0.9.7 was released 6   years ago. Remove code to work around older 
releases. - changed AUTHOR in Makefile.PL from array back to string, because 
the   array feature is not available in MakeMaker shipped with 5.8.9 (RT#85739)
      adds  c024113   set version of Intercept to 1.93, so that PAUSE indexer 
will index it again. Problem was, that Itercept was just once inside 
file and the version 1.90 was propagated from there. So any new versions will 
need to be higher.
      adds  cbf2a85   Makefile.PL: if the openssl versions looks to small show 
the detected version in the error message
      adds  3e05d82   1.94 - Makefile.PL reported wrong version of openssl, if 
Net::SSLeay was not   installed instead of reporting missing dependency to 
      adds  ad0d04f   1.950 - after long time of complaining when using 
insecure default mode finally   changed the default for ssl_verify_mode to 
ssl_verify_peer for clients,   e.g. better fail connection instead of using 
insecure connection. - start complaining if (insecure, because relative path) 
builtin defaults   for CA and cert/key files/path are used. In the future all 
certs have   to be specified explicitly and CA should use system defaults.
      adds  1cf5f61   1.951 - better document builtin defaults for key,cert,CA 
and how they are depreceated - use 
Net::SSLeay::SSL_CTX_set_default_verify_paths to use openssl's builtin   
defaults for CA unless CA path/file was given (or IO::Socket::SSL builtins   
      adds  5a9c428   1.952 - fix t/acceptSSL-timeout.t on Win32, RT#86862
      adds  6e46f6c   1.953 - RT#87052 fix in
      adds  77608e7   Fix a couple DOC schema typos to scheme
      adds  0bb1488   Merge pull request #4 from crisman/doc-fix-schema
      adds  e8b71c0   Update README to note needing 1.46 Net::SSLeay
      adds  ffec703   Update use Net::SSLeay 1.46 (continue v1.90 2013.05.27)
      adds  5ecb952   Merge pull request #5 from crisman/more-net-ssleay-floor
      adds  2deb985   1.954 - accept older versions of ExtUtils::MakeMaker and 
add meta information like link to repository only for newer versions.
      adds  e067e09   1.955 - added support for ECDH key exchange with key 
      adds  e19f5a0   fixed Skipped message in t/ecdhe.t
      adds  e13b372   - cipher_list is now per context, not per SSL object, 
e.g. behavior change if   context was setup independent from SSL object and w/o 
cipher list, which   was then given to SSL object only - move filling-in 
defaults to Context->new, thus make generating standalone   context and 
implicite context in SSL->new more consistent.   Speeds up when using reuse_ctx
      adds  9f54462   support for handshake protocol TLSv11, TLSv12
      adds  9ccacac   - fixed error in Utils::CERT_free (wrong free call) - 
added some tests to git which were in MANIFEST but not in git   thanks to 
lkundrak[AT]v3[DOT]sk for reporting
      adds  449f65d   - rework verification schemes based on RFC 6125   - add 
scheme names with RFC numbers, e.g. rfc2818...   - fix scheme for ICAP, POP3, 
ACAP, NNTP - contrary to LDAP they allow     wildcards in common name   - fix 
scheme for SMTP, it is now the same as IMAP   - add schemes for SNMP, syslog, 
netconf, GIST, SIP - fix handling of anywhere wildcards:   - www* now matches 
only www1,www2.. but not www   - do not apply anywhere wildcard if hostname 
starts with xn--, e.g.      [...]
      adds  ed5715e   - change cipherlist to more secure - add DH paramter and 
ECDH curve in default configuratio, so that   forward secrecy is done by 
default - write down all Changes from last time and release as 1.956 - fix some 
      adds  904464a   - fixed t/core.t for older openssl versions - enhance 
other tests (indent, strict, global vars...)
      adds  a61f48c   remove workaround for very old IO::Socket::INET6, instead 
require fixed version
      adds  cbd2c69   release as 1.958 fix t/session.t for older openssl 
versions - close socket instead of setting to undef to let it reuse session
      adds  66dea3c   1.959 - fix test core.t for windows
      adds  5e18d9e   1.960 - documentation enhancements
      adds  91efcd8   further documentation enhancements specifically for 
non-blocking and event loops
      adds  15dd432   1.961 IO::Socket::SSL::Utils::CERT_create can now create 
CA-certificates which are not self-signed (by giving issuer_*)
      adds  bdbcb0c   1.962 - work around problems with older F5 BIG-IP by 
offering fewer ciphers on the client side by default, so that the client hello 
stays below 255 byte
      adds  c23db6f   - documentation enhancements:   - special section for 
differences to IO::Socket   - describe problem with blocking accept on 
non-blocking socket
      adds  5b0a79c   - documentation fix: consistent use of $client instead of 
sometimes   $sock in examples in pod (thanks to 
alfonso[DOT]caponi[AT]gmail[DOT]com   for reporting)
      adds  355fc38   documentation enhancements to new_from_fd
      adds  2c33559   1.963 - fix behavior of stop_SSL: for blocking sockets it 
now enough to call it   once, for non-blocking it should be called again as 
long as EAGAIN and   SSL_ERROR is set to SSL_WANT_(READ|WRITE). - don't call 
blocking if start_SSL failed and downgraded socket has no   blocking method, 
thanks to tokuhirom
      adds  5c21511   1.964: get_sslversion* function, disabling TLS1_1 fixed
      adds  8336797   1.965 - new option SSL_session_key to influence 
client-side session caching
      adds  bd49a91   1.966 - fixed bug introduced in 1.964 - disabling TLSv1_2 
worked no longer with   specifying !TLSv12, only !TLSv1_2 worked - fixed leak 
of session objects in SessionCache, if another session   replaced an existing 
session (introduced in 1.965)
      adds  d6dcf22   Spelling fixes
      adds  8f8196a   Merge pull request #10 from scop/master
      adds  f9a5310   WIP: ssl_fingerprint etc
      adds  697a7d6   1.967: new option SSL_fingerprint, default scheme for 
verifying names, ...
      adds  a30d104   - require at least version 2.62 instead of 2.55 for 
      adds  4936ba4   1.968 - better support for usable CA path by default - 
new function default_ca which emulates openssl search for default CA path.   
Falls back to Mozilla::CA if no usable CA store is found - enforce use of 
Mozilla::CA on platforms without usable CA store (windows) - remove long 
depreceated support for certs/server-{cert,key}.pem, ca/ and   certs/my-ca.pem 
      adds  e7f8dc3   1.969 - new function set_args_filter_hack to make it 
possible to override bad SSL   settings from other code at the last moment. - 
fix set_defaults to match documentation regarding short names - determine 
default_ca on module load (and not on first use in each thread) - fix hostname 
verification when reusing context
      adds  f6ff605   pod fix from rt#93907
      adds  c017684   1.970 fix rt#93987
      adds  aab477d   new file example/ to check behavior of 
clients against various strange behavior
      adds  9204be5   1.971 - try to use SSL_hostname for hostname verification 
if no SSL_verifycn_name is given
      adds  00a95e7   1.972 fix rt#94117 t/external/usable_ca.t when no SNI 
      adds  70cf826   small code cleanups
      adds  7b43284   1.973: option SSL_ca additionally to SSL_ca_{file,path}
      adds  d8cae1b   spelling error RT#94219
      adds  89858c4   1.974 new function peer_certificates, extend 
      adds  f0b0570   1.975 - work around TEA integration on OS X
      adds  0c322e1   1.976 - check wildcard certificates against public prefix
      adds  863e07d   1.977 RT#94424 IDN fixes
      adds  0f7e189   1.978 RT#94424 again, fix test on older openssl version 
with no SNI support
      adds  f00f9c2   t/public_suffix_lib* - run test even if IDN lib cannot be 
loaded, but skip IDN tests - don't use done_testing to work with older 
      adds  add79fa    This is a combination of 2 commits.
      adds  3fe3450   hostname check: 'leftmost' renamed to 'full_label'
      adds  ea7eb94   stability improvements for tests
      adds  906ebe7   relased as 1.979
      adds  85a9bda   disable elliptic curve support for openssl 1.0.1d on 
      adds  8f4bb7d   1.980 fix fingerprint calculation
      adds  9b14e9a   update Changes for 1.980
      adds  4df7b35   1.981 - fix ecdhe test for openssl 1.0.1d
      adds  6f4638c   1.982 - fix for using subroutine as argument to 
      adds  bee7322   usable_ca.t: update for current fingerprints (changed 
after heartbleed), check that we have a usable CA for host in CA store allow 
PEM in CA store to contain "X509 CERTIFICATE" or "TRUSTED CERTIFICATE" too
      adds  717b8c1   1.983 - fix use of public suffix list RT#95317
      adds  0cd71b7   OCSP handling - works but needs test
      adds  c321455   tool util/ to analyze SSL connections
      adds  ab148ea   removed util/ - way too old to be useful 
      adds  ed15491   update Changes file
      adds  82f34c9   util/ - fix version check, show usable 
SSL_version string
      adds  221b42f - check if client or server decides over 
cipher preference
      adds  558c182   update Net::SSLeay patch for ocsp (include test, update 
      adds  a87828d - changed handling of http_proxy starttls, 
fixes for soft_error in ocsp_resolver
      adds  4405951   current OCSP patch for Net::SSLeay
      adds  fb3a11a   small OCSP fixes: - update Net::SSLeay OCSP patch - 
accept multiple single responses in stapled OCSP response analyze-ssl option 
      adds  cfcc86d fix starttls smtp, --CApath added 
t/external/ocsp.t add no ocsp_uri and no certid to soft_errors in ocsp resolver
      adds  5b41e45   work around/together with OCSP responders, which do not 
reply to all single requests inside an OCSP request
      adds  38e9f64   - OCSP resolver: add caching of soft errors + fix 
expiring if cache too big - new tool util/ to check OCSP 
status of lots of sites - update OCSP patch for Net::SSLeay (now included in 
their SVN)
      adds  774f220   util/ - log ssl version, cipher and 
bits in pubkey - don't stop if hostname does not match, but continue with OCSP 
- but log as ssl-badname and log CN - changed output format for better 
      adds  20218a1   - don't add ocsp tlsext if server mode - test fix in case 
no HTTP::Tiny is installed
      adds  9573865   remove Net::SSLeay OCSP patch and instead refer to 
Net::SSLeay version 1.59 fix t/io-socket-inet6.t is IO::Socket::INET6 is 
installed, but too old to use
      adds  92ea39a   update Changes remove util/ (put into 
p5-scripts repository instead)
      adds  16090c0   release as 1.984
      adds  7ac7d20   fix skip if fingerprint does not match in 
      adds  6cf16e1   1.985: OCSP enhancements, RT#95633 - make OCSP callback 
return 1 even if it was called on the server side   because of bad setup of the 
socket. Otherwise we get an endless calling   of the OCSP callback. - consider 
an OCSP response which is not yet or no longer valid a soft error   instead of 
an hard error - RT#95633 call EVP_PKEY_free not EVP_KEY_free in   
IO::Socket::SSL::Utils::KEY_free. Thanks to paul[AT]city-fan[DOT]org - 
util/ - with --show-chain chec [...]
      adds  7158b35   support for IP in common name for www verification 
scheme. Need to add tests for this.
      adds  50c903e   1.986 - allow IPv4 in CN for www/http scheme. Fix public 
suffix list handling.
      adds  cf80a79   1.987 fix t/verify_hostname_standalone.t on systems 
without usable IDNA or IPv6
      adds  9eeb788   typo
      adds  1050d8f   NEEDS testing: transparent support for DER and PKCS12 
files in certificate and key
      adds  15bc33b   1.988 - transparent support for DER and PKCS12 files for 
key and cert
      adds  8d25008   document behavior regarding freeing certificates, when 
using multiple certificates in SSL_cert
      adds  45a6f50   1.989  fix #95881
      adds  4426734   1.989_1 #95967, work around temporary OCSP error in 
      adds  60681ec   1.990 added option SSL_ocsp_staple_callback to get the 
stapled OCSP response
      adds  5e38bed   1.991 new option SSL_OCSP_TRY_STAPLE to enforce staple 
request even if VERIFY_NONE - work around for RT#96013 in peer_certificates
      adds  9f66a9c - do hostname verification which scheme 
matching starttls. set verified to name-mismatch if not matches, show 
subjectAltnames in show-chain
      adds  bf5d7eb   1.992 - set $! to undef before doing IO (accept, read..). 
On Winwdows a connection reset could cause SSL read error without setting $!, 
so make sure we don't keep the old value and maybe thus run into endless loop.
      adds  b45a119   - rework error handling to distinguish between SSL errors 
and internal errors   (like missing capabilities). - util/ - fix 
hostname check if SNI does not work
      adds  fe8519d   1.923 - major rewrite of documentation
      adds  8be8769   documentation fix after #96451
      adds  7c3108b   1.994 - make socket switchable between plain and SSL with 
the same object
      adds  0188eff   fix documentation error RT#96765
      adds  520fc76   - refresh option for peer_certificate, so that it checks 
if the certificate   changed in the mean time (on renegotiation) - fix 
fingerprint checking - now applies only to topmost certificate - 
IO::Socket::SSL::Utils - accept extensions within CERT_create
      adds  7612091   Fix some typos and grammar issues
      adds  1700f71   Merge pull request #14 from frioux/patch-1
      adds  c66bb67   1.995 - RT#95452: move initialization and creation of 
OpenSSL-internals into INIT section, so they get executed after compilation and 
perlcc is happy.
      adds  7eb1d78   1.996 move initialization out of INIT again because this 
breaks when used with require. Document work-arounds needed for perlcc
      adds  c110b7e   1.997 - found way to detect when initialization was 
needed, so user needs no longer workarounds for perlcc
      adds  b123501   add debug message on call to _internal_error or error fix 
pass message in t/external/ocsp.t
      adds  8aaad64   update example/ssl_client,ssl_server
      adds  cc08c98   Enhance the SNI support by configuring the SNI contexts 
in the same way as the main context. This fixes problems like client 
certificate validation for SNI hosts. Added a SNI test that verifies the client 
      adds  ac7e5d8   Merge branch 'jelu-sni-enhancement'
      adds  112bc7a   1.998 - redesign creation of SSL contexts, so that all 
contexts have CA path, verification callback etc
      adds  68b1ba1   accept PeerHost additionally to PeerAddr in all places, 
accept PeerService, enhance util/
      adds  b6af754   RT#98258 - make sure to set $/ to "\n" before using <$fh> 
in PublicSuffix
      adds  f032710   make sure we don't use version 0.30 of IO::Socket::IP
      adds  0ff7eb3   release as 1.999
      adds  b8bc6d3   Better skipping of tests requiring fork()
      adds  5aa23a2   Merge pull request #18 from steve-m-hay/master
      adds  7925def   update Changes after merge
      adds  de1451f   Solve Debian Bug#764868: with environment 
NO_NETWORK_TESTING set no external tests will be done. Simplify checks for fork 
by putting it into testlib and fix it by including Config.
      adds  42fd97a   SSL3.0 is no longer allowed in default SSL_version 
because of POODLE
      adds  fdc0e48   2.000 - update documentation regarding disabled SSL3.0
      adds  8572135   fix typo
      adds  ce9628e   util/ - work around cloudflare behavior, 
where you get different ciphers with SNI then without
      adds  5abf633   make it work with 5.8.1 again
      adds  d12477e   update expected site fingerprints in t/external/*
      adds  935c05b   add SSL_OP_SINGLE_(DH|ECDH)_USE to default options to 
increase PFS security
      adds  a6b3690   call it 2.001
      adds  fad6ac6   Update PublicSuffix with latest version from - lots of new top level domains. Add exception to PSL for - RT#99702
      adds  9407373   fix check for (invalid) IPv4 when validating hostname 
against certificate. Do not use aton any longer RT#99448
      adds  ec3cdf6   release as 2.002
      adds  1f94827   use only ICANN part in public suffix list fix typo
      adds  a09f29f   Propagate error if cert/key could not be used instead of 
continuing with an invalid context which might cause a segmentation fault
      adds  3b96ed5   skip io-socket-ip.t with IO::Socket::IP version 0.30 
instead of failing
      adds  99c1abd   max-cipher option for util/  Fix host parsing
      adds  a49cffb   2.003 make SSLv3 accessible unless forbidden (default), 
even if the SSL library disables it by default in the context (LibreSSL)
      adds  ea2eb29   2.004 fix t/protocol_version.t to deal with OpenSSL 
installations which are compiled without SSLv3 support.
      adds  2dfb8ed   2.005 next try to fix t/protocol_version.t for OpenSSL 
w/o SSLv3 support
      adds  d95289d   2.005_1: enable non-blocking support for windows, mainly 
by using EWOULDBLOCK instead of EAGAIN
      adds  fbf66f2   make PublicSuffix::_default_data thread safe by storing 
the default data inside a function inside within __DATA__
      adds  da52dac   Release as 2.006, update PublicSuffix with latest list 
      adds  1a95a4f   Utils: documentation fixes
      adds  141d2b1   2.007 - implement getline/readline properly when not 
sslified (RT#100529)
      adds  8d6c3b1   2.008 - fix test because of external errors. Small 
enhancements for
      adds  4f11bca   fix #101020 (,
      adds  1e66fe4   util/ - analyze handshake compatibility
      adds  01421a4 - fix retry without SNI
      adds  8b16bb8 - fix for max_version, don't croak on 
anyonmous ciphers
      adds  5d11618   example/*.pl - sysread with 16k (max ssl frame size) to 
avoid issues with pending data
      adds  3c99b11   util/ - compare sent chain certificates again 
used certificates and also display local root certificate
      adds  8d2a520   reset $! after successful connect/accept with timeout
      adds  b26ec49   dummy util/
      adds  71dfd76   2.009 added ALPN support thanks to TEAM RT#101452
      adds  710ca92   t/protocol_version.t - fix in case SSLv3 is not supported 
in Net::SSLeay. RT#101485
      adds  f75a0ee   2.009 - new options SSL_client_ca_file and SSL_client_ca
      adds  72eb5d4   Minor pod fixes
      adds  7750ebf   Merge pull request #21 from frioux/patch-2
      adds  f80a23d   removed RC4 from default cipher suites on the server site
      adds  f447f6b   Utils::CERT_create - add purpose client for non-CA 
      adds  a02d5f8   added option 'purpose' to Utils::CERT_create
      adds  5921fbe   increase version in to 0.031
      adds  de79931   Minor pod fixes
      adds  21fed25   removed RC4 from default cipher suites on the server site
      adds  313adf1   Utils::CERT_create - add purpose client for non-CA 
      adds  8f138a2   added option 'purpose' to Utils::CERT_create
      adds  cdf3eda   increase version in to 0.031
      adds  e8f4058   ported some tests to use Test::More
      adds  8cf2973   white space and intendation fixes
      adds  e79e825   replace various skip_all with fail, because these should 
      adds  c1af848   don't use Test::More in t/alpn.t since it does not work 
with parent and forked child doing test output
      adds  a585ee6   Merge branch 'Sweet-kid-use_Test_More'
      adds  dedca19   t/external/ocsp.t - don't count on using 
OCSP stapling - clear SSL_ERROR before attempting 
      adds  42765f2   release 2.011
      adds  a5a716b   2.012 - fix t/ocsp.t in case no HTTP::Tiny is installed
      adds  b2841cb   fixed Changes - last entries for 2014 should have been 
2015 (thanks to Alvar Freude vor pointing out)
      adds  933bc45   fixed a few grammatical problems and made some slight 
word changes to enhance readability.  I also made mention of module names links 
instead of plain text
      adds  a3b16fc   a few more fixes.  about 40% done with the POD
      adds  3226a74   a bit further along.  There is a lot to read
      adds  53d7da6   Merge branch 'genio-master'
      adds  c1490e4   updated Changes
      adds  2021d91   Replace fail(...) with ok(0,...) in t/alpn.t.
      adds  02db0fc   Put back a not ok accept failure that got lost in e8f4058.
      adds  81d17e0   Merge pull request #28 from bluhm/alpn.t
      adds  1f430ea   2.013 - rework error handling so that follow-up errors 
don't replace the original errors
      adds  75eeb90   2.014 - Utils::CERT_create - work around problems with 
authorityInfoAccess, where   OpenSSL i2v does not create the same string as v2i 
expects - Intercept - don't clone some specific extensions which make only 
sense with   the original certificate
      adds  7f2e97e   print module that was used as a parent
      adds  086ef1c   Merge pull request #32 from chorny/patch-1
      adds  c94b27d   t/01loadmodule.t - add also version of @ISA module to 
      adds  dcc09a5   explicit check that IPv6 address only contains hex,'.' 
and ':' because  inet_pton on some systems seems to accept something like 
      adds  4b3e466   2.015 - work around problem with IO::Socket::INET6 on 
windows in tests by enforcing AF_INET as Domain
      adds  19033d8   accept Domain and Family argument, so it does not matter 
if the superclass uses Family (IO::Socket::IP) or Domain (IO::Socket::INET6)
      adds  3c44971   update documentation to make it more clear where to get 
the X509* and EV_PKEY* objects for SSL_ca, SSL_cert and SSL_key
      adds  db39502   add better debugging based on a patch from H.Merijn Brand
      adds  6c69321   make t/memleak_bad_handshake.t work on cygwin and other 
systems having /proc/pid/statm., see RT#104659
      adds  8349289   make some tests work with older Test::More w/o 
      adds  a542b05   update version to 2.015_001
      adds  9eb322b   removed wrong domain AF_INET from t/io-socket-ip.t set 
version to 2.015_002
      adds  de1b62b   2.015_003  work around hanging prompt() with older perl 
in Makefile.PL RT#104731
      adds  7306627   2.015_004 - fix handling of default for yesno in 
      adds  3ede5be   2.015_005 add flag X509_V_FLAG_TRUSTED_FIRST by default 
if available, RT#104759
      adds  3304d81   another try with X509_V_FLAG_TRUSTED_FIRST
      adds  b922605   relase as 2.016
      adds  894f7b8   2.016_001 - support different ciphers for SNI hosts
      adds  fa27238   2.016_002 - enforce default verification scheme if none 
was specified instead of just warning if name is wrong (i.e. hard fail vs. soft 
      adds  eb8a20e   add more detail to example in documentation to show that 
the user must do the SMTP dialogs by itself (RT#105936)
      adds  58d3aa8   Fix failing non-blocking test on Unix platforms where 
EWOULDBLOCK is not the same as EAGAIN (Solaris, AIX, HP-UX, etc). This bug was 
introduced by commit d95289 for 2.006. The fix is simply to check for either of 
these errors instead of just one.
      adds  00858d8   Merge pull request #35 from andygrundman/master
      adds  6a98f0f   fix _update_peer for IPv6 (wrong use of getnameinfo)
      adds  7432b34   remove -r for checking SSL_{cert,key}_file since this 
will cause a usable error later anywy if file does not exist. This fixes some 
part of #106295
      adds  d139352   added interface sock_certificate to get local certificate 
 as suggest in #15733 enhanced get_fingerprint* to fingerprint any certificate, 
not only peer
      adds  421ac8e   check with open/opendir if SSL_ca_file/path is 
accessible. RT#106295
      adds  d2ef480   catch cases where SSL_verify_mode is used with string 
instead number. Update Changes and release as 2.017
      adds  0ea12ea   2.018 - RT#106687 - startssl.t failed on darwin with old 
openssl since server requested client certificate but offered also anon ciphers
      adds  3f9b660   2.019 work around different behavior of getnameinfo from 
Socket and Socket6
      adds  2cb6d54   Fix typos
      adds  0def00f   Merge pull request #34 from jwilk/typos
      adds  9d495d0   2.020 support multiple directories in SSL_ca_path as 
proposed in RT#106711
      adds  d8556e6   fix socket variable name in documentation
      adds  7805d01   Merge pull request #36 from 
      adds  c9006b7   make documentation more clear regarding enforcing IPv4
      adds  f356d58   update public suffix list with latest version, adapt 
tests to changed list
      adds  248725a   Fix typos
      adds  09ae45c   Merge pull request #38 from jwilk/spelling
      adds  f853a6e   2.021  update PublicSuffix again before new release
      adds  4d5d42b   2.022 fix stringification of IPv6 inside subjectAltNames 
in Utils::CERT_asHash, RT#110253
      adds  52c1948   Fix typo
      adds  fd2184f   Merge pull request #39 from jwilk/spelling
      adds  6e23ee4   2.023 - work around changes in OpenSSL 1.0.2f regarding 
      adds  32c2ebc   small documentation fixes for Intercept small code 
cleanup for Utils
      adds  f8ee6e7   Fix calls to X509_NAME_add_entry_by_txt in 
Utils::CREATE_cert in case the given string is not UTF-8. Retry with T.61 and 
finally use Octet
      adds  b80a30d   Intercept: ignore unknown extensions (unknown nid,sn) 
when cloning
      adds  a1f4fdd   2.024 - work around issue with AI_ADDRCONFIG default an 
IO::Socket::IP,   see
      adds  5c11d87   2.025 Resolved memleak if SSL_crl_file was used: 
RT#113257, RT#113530
      adds  c42cb54   2.026 - update default server and client ciphers based on 
recommendation of   Mozilla and what the current browsers use. Notably this 
finally disables   RC4 for the client (was disabled for server long ago) and 
adds CHACHA20.
      adds  b1cf42e   2.027 - only included changes for 2.027 in Changes file
      adds  b47ebe2   example/ - make it clear that client 
certificates are only requested    if option --ca is used
      adds  d62f932   2.028 - add del_session method to session cache - send 
accepted CA in example/ in case of SSL_ca_file
      adds  1ed5429   2.029 - fix del_session method in case a single item was 
in the cache - use SSL_session_key as the real key for the cache and not some 
derivate of it,   so that it works to remove the entry using the same key
      adds  781c5a5   support for creating ECC keys in IO::Socket::SSL::Utils 
once supported by Net::SSLeay
      adds  e329b07   assume that Net::SSLeay::P_PKCS12_load_file will return 
the CA certificates with the reverse order as in the PKCS12 file, because 
that's what it does.
      adds  dab44e4   Utils::CERT_create - don't add given extensions again if 
they were already  added. Firefox croaks with sec_error_extension_value_invalid 
if (specific?)  extensions are given twice.
      adds  da45bd5   2.030 remove internal sub session_cache and access cache 
directly (faster) This also fixes a problem when SSL_session_key was used, 
which was introduced in 2.029
      adds  2edc281   2.031 fix for bug in session handling introduced in 
2.031, RT#115975
      adds  07baa9d   2.032 - Set session id context only on the server side. 
Even if the documentation for   SSL_CTX_set_session_id_context makes clear that 
this function is server side   only it actually affects hndling of session 
reuse on the client side too and   can result in error 
"SSL3_GET_SERVER_HELLO:attempt to reuse session in   different context" at the 
      adds  7e5d364   - support for session ticket reuse over multiple contexts 
and processes   (if supported by Net::SSLeay) - small optimizations, like 
saving various Net::SSLeay constants into variables   and access variables 
instead of calling the constant sub all the time
      adds  d67d3c3   release as 2.033 make t/dhe.t work with openssl 1.1.0
      adds  8645496   Fix POD (arrows in C<> sequences)
      adds  26bf287   Fix POD: brackets in SSL_ticket_keycb example
      adds  8182684   Merge pull request #44 from choroba/master
      adds  8eb0130   describe problem with validating self-signed non-CA 
      adds  3e15230   2.034 - move handling of global SSL arguments into 
creation of context, so that these   get also applied when creating a context 
      adds  00ae563   update expected certificate fingerprints for external 
      adds  aaa7c76   switched to different hosts for live OCSP tests in the 
hope that these  use the same certificates world-wide
      adds  662178d   apply (configurable) global settings after builtin 
default settings
      adds  9e7fbf7   configure_SSL: return if context creation failed, might 
result in segfault otherwise
      adds  e159207   released as 2.035
      adds  e5596ce   2.036 - set can_ocsp to false for Net::SSLeay 1.75..1.77, 
see RT#116795
      adds  b86694d   forgot Changes information
      adds  252f015   2.037 fix session cache del_session: it freed the session 
but did not properly remove it from the cache. Further reuse causes crash.
      adds  0a6e3e4   2.038 - restrict session ticket callback to Net::SSLeay 
1.79+ since version before   contains bug. Add test for session reuse - extend 
SSL fingerprint to pubkey digest, i.e. 'sha1$pub$xxxxxx....' - fix 
t/external/ocsp.t to use different server (under my control) to check   OCSP 
      adds  a97b5d3   - don't check if SSL_key_file and SSL_cert_file are 
files, instead just   check if they can be opened which includes that they are 
readable - for SSL_ca_file skip the check for -f, open(..) should be sufficient
      adds  ca92657   2.039: adapt to the changed behavior of SSL_read on EOF 
without SSL shutdown which was introducted with OpenSSL 1.1.0c.
      adds  e16fbcd   Decode the serial number the right way
      adds  cb43675   Include signature algorithm in CERT_asHash
      adds  aef8b82   Merge pull request #47 from odenbach/serial
      adds  32ddca6   testlib: clear __DIE__ handler in child
      adds  8c81f60   Fix number used for SSLEAY_DIR/OPENSSL_DIR since this 
changed with OpenSSL 1.1. This caused it to not find the default path for CA 
any longer with OpenSSL 1.1.
      adds  4abb901   release as 2.040 document signature_alg in 
      adds  de001a9   2.041 disable session ticket callback for now until the 
feature is   fully implemented in Net::SSLeay
      adds  44dad7c   2.042 - enable session ticket callback with 
      adds  3fda2f1   2.043 - make t/session_ticket.t work with OpenSSL 1.1.0.
      adds  e2ace02   2.044  protect various 'eval'-based capability detections 
at startup with a localized   __DIE__ handler. This way dynamically requiring 
IO::Socket::SSL as done by   various third party software should cause less 
problems even if there is a   global __DIE__ handler which does not properly 
deal with 'eval'.
      adds  aebd75c   fix memory leak with %CREATED_IN_THIS_THREAD based on 
pull request
      adds  7167c64   Fix typos
      adds  137f428   Merge pull request #52 from jwilk/spelling
      adds  1e50f80   only do "stop_SSL" after accept_SSL failed with 
SSL_startHandshake=0 in place
      adds  f1b51fd   call to connect_SSL will fail if handshake already done; 
adds DEBUG message
      adds  7d6042a   Merge pull request #53 from 
      adds  586b24d   optimization: don't track SSL objects and CTX in 
*CREATED_IN_THIS_THREAD if perl is compiled w/o thread support
      adds  1bacf7e   when setting SSL_keepSocketOnError to true the socket 
will not be closed on fatal error  This is a modified version of
      adds  4f4a3ad   release as 2.045 small fix in t/protocol_version.t to use 
older versions of Net::SSLeay  with openssl build w/o SSLv3 support
      adds  7ee0ba3   2.046 cleanup everything in DESTROY and make sure to 
start with a fresh %{*self} in configure_SSL  because it can happen that a GLOB 
gets used again without calling DESTROY 
      adds  5122caa   New upstream version 2.046
       new  187d4c1   Merge tag 'upstream/2.046'
       new  3d49223   Update debian/changelog
       new  d379506   Prepare changelog for release

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.

Summary of changes:
 Changes              |  4 ++++
 META.json            |  4 ++--
 META.yml             |  4 ++--
 debian/changelog     |  6 ++++++
 lib/IO/Socket/ | 12 +++++++-----
 5 files changed, 21 insertions(+), 9 deletions(-)

Alioth's /usr/local/bin/git-commit-notice on 

Pkg-perl-cvs-commits mailing list

Reply via email to