Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#11763 closed enhancement (fixed)

IO-Socket-SSL-2.066

Reported by: Douglas R. Reno Owned by: Bruce Dubbs
Priority: normal Milestone: 9.0
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New minor version

Change History (4)

comment:1 by Bruce Dubbs, 5 years ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:2 by Bruce Dubbs, 5 years ago

Lots of changes lately.

2.066

  • fix test t/verify_partial_chain.t by using the newly exposed function can_partial_chain instead of guessing (wrongly) if the functionality is available

2.065

  • make sure that Net::SSLeay::CTX_get0_param is defined before using X509_V_FLAG_PARTIAL_CHAIN. Net::SSLeay 1.85 defined only the second with LibreSSL 2.7.4 but not the first https://rt.cpan.org/Ticket/Display.html?id=128716
  • prefer AES for server side cipher default since it is usually hardware-accelerated

2.064

  • make algorithm for fingerprint optional, i.e. detect based on length of fingerprint - https://rt.cpan.org/Ticket/Display.html?id=127773
  • fix t/sessions.t and improve stability of t/verify_hostname.t on windows
  • use CTX_set_ecdh_auto when needed (OpenSSL 1.0.2) if explicit curves are set
  • update fingerprints for live tests

2.063

  • support for both RSA and ECDSA certificate on same domain
  • update PublicSuffix
  • Refuse to build if Net::SSLeay is compiled with one version of OpenSSL but then linked against another API-incompatible version (ie. more than just the patchlevel differs).

2.062

  • Enable X509_V_FLAG_PARTIAL_CHAIN if supported by Net::SSLeay (1.83+) and OpenSSL (1.1.0+). This makes leaf certificates or intermediate certificates in the trust store be usable as full trust anchors too.

comment:3 by Bruce Dubbs, 5 years ago

Resolution: fixed
Status: assignedclosed

Fixed at revision 21291.

comment:4 by Bruce Dubbs, 5 years ago

Milestone: 8.59.0

Milestone renamed

Note: See TracTickets for help on using tickets.