- Net::SSLeay::read() and SSL_peek() now check SSL_get_error()
for SSL_ERROR_ZERO_RETURN for return values <= 0 to make
Net::SSLeay::read() behave more like underlying OpenSSL
function SSL_read().
Convenience function ssl_read_all() now does an automatic
retry when ERROR_WANT_READ or ERROR_WANT_WRITE is returned
with Net::SSLeay::read().
Convenience function ssl_read_until() now uses
Net::SSLeay::ssl_read_all() instead of
Net::SSLeay::read(). Tests 07_sslecho.t and 36_verify.t were
also updated to use ssl_read_all() and ssl_write_all(). The
tests now also disable TLSv1.3 session tickets and ignore
SIGPIPE to avoid this signal when the client has finished
before server has sent session tickets and called
Net::SSLeay::accept().
Thanks to Petr Pisar and Sebastian Andrzej Siewior for the
patches (in #RT125218).
- Fix a memory leak in cb_data_advanced_put. Fixes
RT#127131. Noticed, investigated and patched by Paul
Evans. Thanks!
- Enable OpenSSL 1.1.1-pre9 with Travis CI.
- Add SSL_CTX_set_num_tickets, SSL_CTX_get_num_tickets,
SSL_set_num_ticket and SSL_get_num_tickets for controlling
the number of TLSv1.3 session tickets that are issued. Add
tests in 44_sess.t. Parts taken from a larger patch by Petr
Pisar of RedHat.
- Add SSL_CTX_set_ciphersuites and SSL_set_ciphersuites for
configuring the available TLSv1.3 ciphersuites. Add tests in
43_misc_functions.t and clarify SSL_client_version tests.
- Add SSL_CTX_set_security_level, SSL_CTX_get_security_level,
SSL_set_security_level and SSL_get_security_level.
Add new test file 65_security_level.t.
All courtesy of Damyan Ivanov of Debian project.
- Fix export_keying_material return value check and context
handling. SSL_export_keying_material use_context is now
correctly set to non-zero value when context is an empty
string. This affects values exported with TLSv1.2 and earlier.
Update documentation in NetSSLeay.pod and add tests
in t/local/45_export.t.
- Add RAND_priv_bytes. Add new test file t/local/10_rand.t for
RAND_bytes, RAND_pseudo_bytes, RAND_priv_bytes, RAND_status,
RAND_poll, RAND_file_name and RAND_load_file.
- Update documentation for RAND_*bytes return values and
RAND_file_name behaviour with LibreSSL.
- Add SSL_SESSION_is_resumable. Add and update tests in 44_sess.t.
- Set OpenSSL security level to 1 in tests that use the test suite's
(1024-bit) RSA keys, which allows the test suite to pass when
Net-SSLeay is built against an OpenSSL with a higher default
security level. Fixes RT#126987. Thanks to Petr Pisar (in
RT#126270) and Damyan Ivanov (in RT#126987) for the reports and
patches, and to Damyan Ivanov for the preferred patch.
- Add SSL_CTX_sess_set_new_cb and SSL_CTX_sess_set_remove_cb.
Add new test file 44_sess.t for these and future session
related tests for which no specific test file is needed.
- Add SSL_get_version, SSL_client_version and SSL_is_dtls.
- Add SSL_peek_ex, SSL_read_ex, SSL_write_ex and SSL_has_pending.
Add tests in t/local/11_read.t
- Add SSL_CTX_set_post_handshake_auth contributed by Paul
Howarth. Add SSL_set_post_handshake_auth,
SSL_verify_client_post_handshake and constant
SSL_VERIFY_POST_HANDSHAKE.
- Applied a patch to set_cert_and_key() from Damyan Ivanov,
Debian Perl Group. This function now returns errors from
library's error stack only when an underlying routine
fails. Unrelated errors are now skipped. Fixes RT#126988.
- Add support for TLSv1.3 via $Net::SSLeay::ssl_version.
- Enhance t/local/43_misc_functions.t get_keyblock_size test
to work better with AEAD ciphers.
- Add constants SSL_OP_ENABLE_MIDDLEBOX_COMPAT and
SSL_OP_NO_ANTI_REPLAY for TLSv1.3
- Fix compile time DEFINE=-DSHOW_XS_DEBUG to work with
non-threaded Perls. Fixes RT#127027. Thanks to SREZIC for
the report. Also fix other minor compile warnings.