v0.97
- Writes now correctly return errors. (Problem noted by
Dominique Quatravaux <dom at idealx.com>).
- CA paths now work without passing an empty SSL_ca_file
argument. (Problem found by Phil Pennock, <phil.pennock
at globnix.org>).
- IO::Socket::SSL now automatically passes Proto => tcp (if
not already specified) to IO::Socket::INET to work around
/etc/services files with udp entries listed first. (Fix
suggested by Phil Pennock).
- $socket->accept() now returns the peer address in array
context for better conformance with IO::Socket::INET.
However, if you were doing "map { $_->accept } (@sockets)",
or similar tricks, you will need to use "scalar" to get the
old behavior back. (Problem noted by Nils Sowen, <n.sowen
at kon.de>).
- IO::Socket::SSL should now properly block on reads larger
than the buffer size of Net::SSLeay. (Problem found by Eric
Jergensen, <eric at dvns.com>).
- IO::Socket::SSL should now send CA Certs (if necessary)
along with certificates. (Problem found by <roy at
momentous.ca>).
- Timeouts should now work, but be aware that if multiple
reads/writes are necessary to complete a connection, then
each one may have a separate timeout. (Request from
Dominique Quatravaux <dom at idealx.com>).
- In certain cases, start_SSL() would misplace a socket's
fileno, causing problems with starting SSL. This should now
be fixed. (Problem found by <russ at zerotech.net>).
- IO::Socket::SSL now requires a minimum of Net::SSLeay 1.21.
--- Old Versions --------------------------------------------------
v0.96 2004.4.30
- Makefile's error messages now correct if output is
redirected (patch from Ilya Zakharevich <ilya at
math.berkeley.edu>).
- Non-blocking connects/accepts now work (Problem found by
Uri Guttman <uri at stemsystems.com>).
- new_from_fd() now works.
- getline() and <> in scalar context now return undef
instead of '' if the read failed. (Problem found by
Christian Gilmore <cag at us.ibm.com>).
- Broken pipe signals are now ignored during socket close
to prevent a SSL shutdown message from killing the parent
program. (Problem found by Christian Gilmore).
- Tests should proceed much more quickly, and a semi-race was
fixed, meaning that on slow machines the tests should be
more reliable.
- Check for Scalar::Util and Weakref now uses default
$SIG{__DIE__} instead of a potentially user-altered one
(suggestion from Olaf Schneider <Olaf.Schneider at
iwr.fzk.de>). This only applies to Perl 5.6.0 & above.
- Session caching support (patch from Marko Asplund
<marko.asplund at kronodoc.fi>).
- set_default_context() added to alter the behavior of
modules that use IO::Socket::SSL from the main program.
- get_ssl_object() renamed to _get_ssl_object() to reflect
the fact that it's only supposed to be used internally
(not that you should have cared, of course).
- Added patch for Net::SSLeay to take advantage of
client-side session caching.
v0.95 2003.8.25
- Changed PeerAddr in example/ssl_client.pl back to localhost.
- Update of examples to automatically switch to the proper
directory if they cannot find the necessary SSL certificates.
- Minor documentation update with more INET6 info.
- Corrected some error messages for IO::Socket::INET6.
- Better opened() behavior when sockets close unexpectedly.
- Added note about random number generators for Solaris users
(Problem found by Christian Gilmore <cag at us.ibm.com>).
- Added support for WeakRef and Scalar::Util to allow
IO::Socket::SSL objects to auto-destroy themselves when
they go out of scope.
- Added croak()ing for unimplemented send() and recv() methods
so they are not accidentally used to transmit unencrypted
data. The Perl builtin functions cannot be reliably trapped
and are still dangerous, a fact that the POD now reflects
(Problem noted by Michal Ludvig <michal at logix.cx>).
v0.94 2003.6.26
- Changed accept() to use inherited accept() instead of
IO::Socket::accept, so that IPv6 inheritance is possible.
- Added options to import() so that a user could specify
IPv6 or IPv4 mode of operation.
- Documentation fixes, esp. e-mail address.
v0.93 2003.6.24
- Fixed error-checking slip in connect_SSL() (Problem found by
Uri Guttman <uri at stemsystems.com>).
- All functions now return the empty list () on errors.
- Added note about the above change to appease Graham Barr
<gbarr at pobox.com>.
- Fixed Net::SSLeay giving warnings when arguments are undef;
in all cases, undef arguments may be set to '' without any
change in behavior except for removing the warnings.
(Problem found by Dominique Quatravaux <dom at idealx.com>)
- If accept() or connect() fails in SSL negotiation, the user
now has the option to print something to the failed socket
before it is closed. (error_trap option in new())
- Added support for CRLs (SSL_check_crl option in new()) for
versions of OpenSSL >= 0.9.7b (Original patch from
Brian Lindauer <jbl at sysd.com>)
- Finally added decent support for certificate callbacks.
(SSL_verify_callback option in new(), suggestion from
Dariush Pietrzak <eyck at ghost.anime.pl>).
- accept()/connect()/socket_to_SSL() now fail immediately if
the socket in question does not have a fileno.
- Added the kill_socket() method to guarantee that a socket dies.
- Fixed extra warning when printing errors in debug mode.
- Deprecated socket_to_SSL() in favor of the class method
start_SSL() (Class method suggestion from Graham Barr
<gbarr at pobox.com>).
- Added the class method start_SSL() to allow for cases when
the desired class of the socket is not IO::Socket::SSL
(Request from Dariush Pietrzak <eyck at ghost.anime.pl>)
- Changed socket_to_SSL to rebless socket to original class
if SSL negotiation failed (Request from Graham Barr
<gbarr at pobox.com>)
- Removed the daemon.pl example, as it did not work with the
standard distribution of HTTP::Daemon (use HTTP::Daemon::SSL
instead).
v0.92 2002.10.22
- Changed the fileno() function to support returning the fileno
of server sockets. (Problem found by Roland Giersig
<RGiersig at cpan.org>).
- Fixed SSL_version incorrectly defaulting to SSLv2 (patch from
Roland Alder <roland.alder at celeris.ch>).
v0.91 2002.08.31
- Added support for SSL_peek and SSL_pending (peek() and
pending()). Updated documentation, tests, etc. to reflect
this.
v0.901 2002.08.19
- Fixed the warning that happens when sockets are not explicitly
closed() before the program terminates.
v0.90 2002.08.13
- This version is a complete rewrite of IO::Socket::SSL. It now
has about half the lines of code, twice the amount of documentation,
and a slightly more polished interface.
- IO::Socket::SSL now works properly with mod_perl and taint mode.
- Major documentation update.
- Update of the BUGS file to reflect changes made in the rewrite.
- Update of the test suite for Perl v5.8.0 (or, more precisely,
for Scalar::Util).
- Update of the test suite for Perl v5.00503 (or, more precisely,
for the lack of several nice features added in v5.6.0) (Marko
Asplund <aspa at kronodoc.fi>).
- New test suite that does not need the Internet to function.
- Update of all the files in example/ to use more current features
of IO::Socket::SSL.
- Removal of SSL_SSL and X509_Certificate classes.
- There have been a few name changes (like socketToSSL ->
socket_to_SSL) for better consistency.
- The functionality of get_peer_certificate() and friends is deprecated.
- The functionality of want_write() and want_read() is deprecated.
- The functionality of context_init() is deprecated for normal use.
- Support for all SSL context options in the new() call.
- SSL contexts are no longer global. The SSL_reuse_ctx option
is provided for those who want to re-use a context.
- The default verify mode is now VERIFY_NONE.
- IO::Socket::SSL::DEBUG is now linked to Net::SSLeay::trace to
provide different levels of debugging information.
- There is a uniform interface for error reporting, so on error
all functions will return undef and the error will be available
by calling errstr().
- The dump_peer_certificate() and peer_certificate() functions
have been added.
- sysread() will now behave correctly if the offset argument is
greater than the length of the read buffer. It also will truncate
the read buffer properly, according to the Perl documentation for
sysread().
- getline(), getlines(), and getc() have been added.
- syswrite() now uses references to avoid copying large amounts of data.
- readline() uses ssl_read_all in array context for improved speed.
- close() now uses SSL_shutdown() to properly close an SSL connection,
unless you tell it not to.
- If you have Net::SSLeay version 1.18 or greater, X509 certificates
will be properly freed.
- All other known bugs have been fixed.
v0.81a (Not publically released)
- Added support for SSL_passwd_cb.
- Added accept() server socket support to socketToSSL().
v0.81 2002.04.10
- calling context_init twice destroyed global context. fix from
Jason Heiss <jheiss at ofb.net>.
- file handle tying interface implementation moved to a separate
class to prevent problems resulting from self-tying filehandles.
Harmon S. Nine <hnine at netarx.com>.
- docs/debugging.txt file added
- require Net::SSLeay v1.08
- preliminary support for non-blocking read/write
- socketToSSL() now respects context's SSL verify setting
reported by Uri Guttman <uri at stemsystems.com>.
v0.80 2001.08.19
- fixed startTLS support (socketToSSL) (Graham Barr <gbarr at pobox.com>)
- make accept() set fileno attribute on newly created IO::Socket::SSL
object (Martin Oldfield <m at mail.tc>).
- certificate updates.
- use SSL_CTX_use_PrivateKey_file in SSL_Context::new.
v0.79 2001.06.04
- angle bracket readline operator support
(David Darville <david at dark.x.dtu.dk>).
- eliminate warnings in choosing SSL protocol version.
- implement our own opened method and make length parameter optional
in syswrite (Robert Bihlmeyer <robbe at orcus.priv.at>).
v0.78 2001.04.24
- test script targets changed, certificate setup fixed
- support for TLS in SSL_version. SSL_version parameter values
changed from integer to string. NB: this is an incompatible change.
all SSL_version parameter values have to be changed. valid values
include: 'sslv2', 'sslv3', 'sslv23'. Stephen C. Koehler
<koehler at securecomputing.com>.
- enable selecting SSL version for connections. patch from
Takanori Ugai <ugai at jp.fujitsu.com>.
- allow setting SSL_ca_file to ''. this is needed for being
able to use SSL_ca_path (Robert Bihlmeyer <robbe at orcus.priv.at>).
- include the Apache CA bundle file in the distribution (my-ca.pem).
- BUGS file added.
v0.77 2001.01.15
- don't setup SSL CA verification unless cert verification is
actually used for the connections.
- default SSL protocol version selection in SSL.pm.
v0.76 2000.11.17
- patch from Kwok Chern Yue <chernyue at post1.com> for
making IO::Socket::SSL work with HTTP::Daemon.
v0.75 2000.07.26
- IO::Socket::SSL should now work with perl v5.6.0
- demo/*.pl and t/*.t now turn module debugging on if
DEBUG command line argument is given
- default certificates changed
v0.74 2000.07.05
- Changes file added
- bugfix in IO::Socket::SSL::sysread() (zliu2 at acsu.buffalo.edu)
- libwww-perl and IO::Socket::SSL UML models added in docs
- URL changes in test scripts
- preliminary support for startTLS in IO::Socket::SSL::socketToSSL()
- miscellanous patches for Net::SSLeay added in diffs