cpan Net-SSLeay 1.93_03
on Perl CPAN

latest releases: 1.94, 1.93_05, 1.93_04...
pre-release9 months ago
  • Pass RAND_seed()'s sole argument to the underlying RAND_seed() function in
    libcrypto, rather than passing the value of a non-existent second argument.
    Fixes GH-427. Thanks to cgf1 for the report.
  • Avoid explicit and implicit use of weak hash algorithms,
    such as MD5 and SHA-1, in test suite. This allows tests
    44_sess.t and 45_exporter.t to correctly work on systems
    where crypto policies prohibit their direct use and TLS
    versions that require them. An example of such a system is
    Rocky Linux 9.2. Any Red Hat Enterprise Linux 9 and derived
    system is likely to have similar behaviour. Thanks to Paul
    Howarth for the investigation and patches.
  • LibreSSL 3.8.0 release notes state: The POLICY_TREE and its
    related structures and API were removed. The affected
    Net::SSLeay functions are:
    • X509_policy_level_get0_node
    • X509_policy_level_node_count
    • X509_policy_node_get0_parent
    • X509_policy_node_get0_policy
    • X509_policy_node_get0_qualifiers
    • X509_policy_tree_free
    • X509_policy_tree_get0_level
    • X509_policy_tree_get0_policies
    • X509_policy_tree_get0_user_policies
    • X509_policy_tree_level_count
      Patch by GitHub user orbea.
  • Add OpenSSL 3.1 and LibreSSL 3.7 minor releases to GitHub CI testing.
    Update the previous minor releases to their latest versions. Add
    NetBSD to BSDs job and update the other BSDs and Alpine Linux jobs to
    cover additional and latest releases. Use the latest MacOS runners.
  • Expose SSL_CTX_set_client_hello_cb for setting a callback
    the server calls when it processes a ClientHello. Expose the
    following functions that can be called only from the
    callback. None of these are available with LibreSSL.
    • SSL_client_hello_isv2
    • SSL_client_hello_get0_legacy_version
    • SSL_client_hello_get0_random
    • SSL_client_hello_get0_session_id
    • SSL_client_hello_get0_ciphers
    • SSL_client_hello_get0_compression_methods
    • SSL_client_hello_get1_extensions_present
    • SSL_client_hello_get_extension_order
    • SSL_client_hello_get0_ext
  • Expose constants used by SSL_CTX_set_client_hello_cb related
    functions.
    • AD_ prefixed constants naming TLS alert codes for
      returning from a ClientHello callback or where alert types
      are used
    • CLIENT_HELLO_ERROR, CLIENT_HELLO_RETRY and
      CLIENT_HELLO_SUCCESS for returning from a ClientHello
      callback
    • TLSEXTTYPE prefixed contants for naming TLS extension
      types
  • Expose functions for setting up TLS PSK on the server
    side. Only SSL_CIPHER_find is available with LibreSSL.
    • SSL_use_psk_identity_hint
    • SSL_CTX_use_psk_identity_hint
    • SSL_set_psk_server_callback
    • SSL_CTX_set_psk_server_callback
    • SSL_set_psk_find_session_callback
    • SSL_CTX_set_psk_find_session_callback
    • SSL_SESSION_set1_master_key
    • SSL_SESSION_set_cipher
    • SSL_SESSION_set_protocol_version
    • SSL_CIPHER_find
  • Expose NID_shake128, NID_shake256 and the rest of NID_sha* constants.
  • Expose functions for setting up TLS 1.3 PSK authentication
    on the client side. Only SSL_SESSION_get0_cipher is
    available with LibreSSL.
    • SSL_set_psk_use_session_callback
    • SSL_CTX_set_psk_use_session_callback
    • SSL_CIPHER_get_handshake_digest
    • SSL_SESSION_get0_cipher
    • EVP_MD_get0_description
    • EVP_MD_get0_name
    • EVP_MD_get_type
  • Major documentation cleanup. Thanks to John Jetmore.
  • Add constants for specifying version field for certificates,
    certificate requests and CRLs. Available in OpenSSL 3.0:
    • X509_VERSION_1, X509_VERSION_2 and X509_VERSION_3
    • X509_REQ_VERSION_1, X509_REQ_VERSION_2 and X509_REQ_VERSION_3
    • X509_CRL_VERSION_1 and X509_CRL_VERSION_2
  • Remove conditional compilation checks from SSLeay.xs and
    compatilibty notes from SSLeay.pod for OpenSSL versions
    earlier than 0.9.8. This includes all 0.9.7 and earlier
    releases down to 0.9.3a. Update tests respectively.
  • Add OpenSSL 3.2 and LibreSSL 3.8 minor releases to GitHub CI
    testing. Update existing OpenSSL releases to 1.1.1w, 3.0.12
    and 3.1.4.
  • Support compiling SSLeay.xs with a C++ compiler. Thanks to
    James E Keenan and GitHub user twata1 for suggesting this,
    testing and providing detailed test reports. Tested with GCC
    13 g++, Clang 17 clang++ and Visual Studio Community 2022
    C++ compilers. Discussion in GH-425 and GH-438.
  • Add constants for OPENSSL_init_crypto and related functions:
    • CONF_MFLAGS_DEFAULT_SECTION
    • CONF_MFLAGS_IGNORE_ERRORS
    • CONF_MFLAGS_IGNORE_MISSING_FILE
    • CONF_MFLAGS_IGNORE_RETURN_CODES
    • CONF_MFLAGS_NO_DSO
    • CONF_MFLAGS_SILENT
    • OPENSSL_INIT_ADD_ALL_CIPHERS
    • OPENSSL_INIT_ADD_ALL_DIGESTS
    • OPENSSL_INIT_ASYNC
    • OPENSSL_INIT_ATFORK
    • OPENSSL_INIT_ENGINE_AFALG
    • OPENSSL_INIT_ENGINE_CAPI
    • OPENSSL_INIT_ENGINE_CRYPTODEV
    • OPENSSL_INIT_ENGINE_DYNAMIC
    • OPENSSL_INIT_ENGINE_OPENSSL
    • OPENSSL_INIT_ENGINE_PADLOCK
    • OPENSSL_INIT_ENGINE_RDRAND
    • OPENSSL_INIT_LOAD_CONFIG
    • OPENSSL_INIT_LOAD_CRYPTO_STRINGS
    • OPENSSL_INIT_LOAD_SSL_STRINGS
    • OPENSSL_INIT_NO_ADD_ALL_CIPHERS
    • OPENSSL_INIT_NO_ADD_ALL_DIGESTS
    • OPENSSL_INIT_NO_ATEXIT
    • OPENSSL_INIT_NO_LOAD_CONFIG
    • OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS
    • OPENSSL_INIT_NO_LOAD_SSL_STRINGS
  • Expose functions for OpenSSL libcrypto and libssl
    initialisation, configuration and deinitialisation.
    These are available in OpenSSL 1.1.0 and later:
    • OPENSSL_init_ssl and OPENSSL_init_crypto
    • OPENSSL_cleanup, also in LibreSSL 3.6.0
    • OPENSSL_INIT_new and OPENSSL_INIT_free
    • OPENSSL_INIT_set_config_filename
    • OPENSSL_INIT_set_config_appname
    • OPENSSL_INIT_set_config_file_flags
  • Add new test file 23_openssl_init.t for OPENSSL_init_ssl and
    related functions.
  • Support finding OpenSSL libraries using
    ExtUtils::PkgConfig. Thanks to Paul Howarth for the patch.
  • Fix a number of cases where variables were declared after
    code triggering Gcc and Clang warning
    -Wdeclaration-after-statement. This is supported by C
    language version C99 and used by Perl 5.35.5 and
    later. SSLeay.xs is likely compiled with compilers that do
    not support this, therefore such constructs are avoided in
    SSLeay.xs. Thanks to GitHub user bulk88 for the patch.
  • Fix _CRT_SECURE_NO_DEPRECATE warning on Windows. Fix OpenSSL
    library file path detection loop in Makefile.PL. Both thanks
    to bulk88.
  • Update Shining Light OpenSSL detection to work with OpenSSL
    1.1.1w, 3.0.12, 3.1.4 and 3.2.0 installers. Caveats: when
    both 32bit and 64bit versions are installed, OpenSSL library
    path detection may pick the wrong version. Static
    compilation needs seems not to work with the these
    versions. Thanks to bulk88 for the initial updates.
  • Tone down Makefile.PL and README warning against mixing
    compilers and flags when compiling OpenSSL, Perl and
    Net::SSLeay. This may still be a requirement on some
    platforms, but, for example, with Linux and macOS mixing
    clang and gcc appears to work.
  • Add general installation instructions in README. Thanks to
    GitHub user viviparous. Update README and README.OSX.
Check out latest releases or
releases around Net-SSLeay 1.93_03

Don't miss a new Net-SSLeay release

NewReleases is sending notifications on new releases.

Get notifications