Changes for version 1.90 - 2021-01-21
- New stable release incorporating all changes from developer releases 1.89_01 to 1.89_05.
- Summary of major changes since version 1.88:
- Formalised libssl version support policy: all stable versions of OpenSSL in the 0.9.8 - 1.1.1 branches (with the exception of 0.9.8 - 0.9.8b) and all stable releases of LibreSSL in the 2.0 - 3.1 series are supported. The LibreSSL 3.2 series is not yet fully supported because its TLSv1.3 implementation is not currently libssl-compatible.
- Added support for LibreSSL on Windows when built with Visual C++.
- Exposed P_X509_CRL_add_extensions, several SSL_CIPHER functions, and several stack functions.
- Fixed crashes in the callback functions CTX_set_next_proto_select_cb and CTX_set_alpn_select_cb.
- The test suite is now compatible with OpenSSL 1.1.1e onwards, as well as OpenSSL security level 2 (the default on many Linux distributions).
Changes for version 1.89_05 - 2021-01-21
- Expose SSL_get_ciphers. Thanks to github user dylc5190.
- Expose SSL_CIPHER_get_version and fix SSL_CIPHER_description and SSL_CIPHER_get_bits. Also fixed and enhanced documentation for these and related SSL_CIPHER functions.
- Clarify libssl version support policy: all stable versions of OpenSSL in the 0.9.8 - 1.1.1 branches (with the exception of 0.9.8 - 0.9.8b) and all stable releases of LibreSSL in the 2.0 - 3.1 series are supported.
- Direct bug reports to the GitHub repository, since rt.cpan.org will shut down on 2021-03-01.
Changes for version 1.89_04 - 2021-01-13
- Fix crashes in the callback functions CTX_set_next_proto_select_cb() and CTX_set_alpn_select_cb() caused by the use of a pointer returned by SSL_select_next_proto() which may already have been freed under certain circumstances. Fixes GH-222. Thanks to dylc5190 for the report.
- Remove the dependency on the AES128-SHA cipher suite in the test script 64_ticket_sharing.t. Fixes GH-231.
- Remove checks and warnings in Makefile.PL relating to the use of RSAref, which was removed from OpenSSL in version 0.9.7.
Changes for version 1.89_03 - 2020-12-12
- Expose the following functions:
- X509_STORE_CTX_get0_cert, X509_STORE_CTX_get1_chain
- sk_X509_pop, sk_X509_shift, sk_X509_unshift,
- sk_X509_insert, sk_X509_delete, sk_x509_value, sk_X509_num Thanks to Dan Freed.
- Correct the minimum OpenSSL version required for the following functions to be made available (previously they were all declared to be present in 1.1.0-pre1, which caused Net::SSLeay to crash at run-time when built against OpenSSL versions between 1.1.0-pre1 and 1.1.0-pre3):
- CTX_set_max_proto_version (added in 1.1.0-pre2)
- CTX_set_min_proto_version (added in 1.1.0-pre2)
- SESSION_up_ref (added in 1.1.0-pre4)
- set_max_proto_version (added in 1.1.0-pre2)
- set_min_proto_version (added in 1.1.0-pre2)
- Correct the minimum OpenSSL version required for get_SSL_CTX and SSL_ctrl to be made available (previously they were declared to be present from 0.9.8f onwards, when in reality they are available in all 0.9.8 versions).
- Replace the PKI used by the test suite with one generated by the generate-test-pki helper script. All entities in the new PKI have 2048-bit RSA private keys and CSRs, certificates and CRLs with SHA-256 digests, allowing the test suite to execute under OpenSSL security level 2 (now the default security level for OpenSSL in many Linux distributions).
- Initialise libssl consistently in the test suite.
- Don't rely on the availability of specific SSL/TLS protocol versions or cipher suites in the test suite; instead, dynamically select from any of the available protocol versions and cipher suites permitted by libssl. Fixes RT#132425. Thanks to Graham Ollis for the initial report of the test suite failing on Ubuntu 20.04 with the Ubuntu-packaged OpenSSL, whose configuration forbids the use of TLSv1.1 and below at run-time by default.
Changes for version 1.89_02 - 2020-08-07
- Add support for the P_X509_CRL_add_extensions function. Thanks to Manuel Mausz for the patch.
- X509_get_subjectAltNames now knows how to return GEN_RID. The returned value is an ASN OID in text format with current maximum length of 2500 characters. Updated t/local/33_x509_create_cert.t to use GEN_RID and all other supported types with certificate request and signed certificate. These relate to GitHub issue GH-149 opened by s482dcaw.
- Support for 64-bit Windows versions of OpenSSL from 1.0.0-beta1 through to 1.0.0b has been withdrawn due to malfunctions occurring in Perl programs that use fork(). This mainly affects users of Strawberry Perl x64 18.104.22.16880709, which ships with OpenSSL 1.0.0-beta4. Affected users should build Net-SSLeay against OpenSSL 1.0.0c or above; users of Strawberry Perl x64 22.214.171.12480709 may instead find it easier to upgrade to Strawberry Perl x64 126.96.36.199 or above. See https://github.com/radiator-software/p5-net-ssleay/issues/189 for more information.
Changes for version 1.89_01 - 2020-03-22
- Fix the repository URL in Makefile.PL (git:// rather than git@), which was preventing it from being added to META.json. Thanks to Dan Book.
- When building Net-SSLeay, exit if an OpenSSL executable cannot be found in PATH. Fixes RT#131060. Thanks to Nigel Horne for the report.
- Remove non-OCSP external tests, many of which unnecessarily duplicate local tests or fail for reasons outside of our control. Fixes RT#129542. Thanks to Andreas Vögele for the bug report that ultimately led to this change.
- Add support for LibreSSL on Windows when built with Visual C++. Thanks to Graham Ollis for the patch.
- In SSL_CTX_free() and SSL_free(), clean callback-related data from the global hash after freeing ctx, not before. This allows callbacks to be executed during freeing. Thanks to Steffen Ullrich for the patch.
- t/local/07_sslecho.t started failing with OpenSSL 1.1.1e. Updated the test file with missing calls to Net::SSLeay::shutdown(). Also added one call in SSLeay.pm sslcat() function. Enabling SSLeay trace level 3 showed 'unexpected eof while reading' errors which were added to OpenSSL with commit db943f43. This fixes GitHub issue GH-160 reported by Brett T. Warden.
- t/local/01_pod.t now requires Test::Pod 1.41 to work with Pod syntax used with Net::SSLeay 1.88 and later. This fixes GitHub issue GH-147 reported by Ulrik Haugen.
Perl extension for using OpenSSL
Perl module that lets SSL (HTTPS) sockets be handled as standard file handles.