- Expose the following functions:
- X509_STORE_CTX_get0_cert, X509_STORE_CTX_get1_chain
- sk_X509_pop, sk_X509_shift, sk_X509_unshift,
- sk_X509_insert, sk_X509_delete, sk_x509_value, sk_X509_num
Thanks to Dan Freed.
- X509_STORE_CTX_get0_cert, X509_STORE_CTX_get1_chain
- Correct the minimum OpenSSL version required for the following functions
to be made available (previously they were all declared to be present in
1.1.0-pre1, which caused Net::SSLeay to crash at run-time when built
against OpenSSL versions between 1.1.0-pre1 and 1.1.0-pre3):
- CTX_set_max_proto_version (added in 1.1.0-pre2)
- CTX_set_min_proto_version (added in 1.1.0-pre2)
- SESSION_up_ref (added in 1.1.0-pre4)
- set_max_proto_version (added in 1.1.0-pre2)
- set_min_proto_version (added in 1.1.0-pre2)
- CTX_set_max_proto_version (added in 1.1.0-pre2)
- Correct the minimum OpenSSL version required for get_SSL_CTX and SSL_ctrl
to be made available (previously they were declared to be present from
0.9.8f onwards, when in reality they are available in all 0.9.8 versions).
- Replace the PKI used by the test suite with one generated by the
generate-test-pki helper script. All entities in the new PKI have 2048-bit
RSA private keys and CSRs, certificates and CRLs with SHA-256 digests,
allowing the test suite to execute under OpenSSL security level 2 (now the
default security level for OpenSSL in many Linux distributions).
- Initialise libssl consistently in the test suite.
- Don't rely on the availability of specific SSL/TLS protocol versions or
cipher suites in the test suite; instead, dynamically select from any of
the available protocol versions and cipher suites permitted by libssl.
Fixes RT#132425. Thanks to Graham Ollis for the initial report of the test
suite failing on Ubuntu 20.04 with the Ubuntu-packaged OpenSSL, whose
configuration forbids the use of TLSv1.1 and below at run-time by default.