++ed by:
9 non-PAUSE users
Author image Chris Novakovic
and 5 contributors

Changes for version 1.90 - 2021-01-21

  • New stable release incorporating all changes from developer releases 1.89_01 to 1.89_05.
  • Summary of major changes since version 1.88:
    • Formalised libssl version support policy: all stable versions of OpenSSL in the 0.9.8 - 1.1.1 branches (with the exception of 0.9.8 - 0.9.8b) and all stable releases of LibreSSL in the 2.0 - 3.1 series are supported. The LibreSSL 3.2 series is not yet fully supported because its TLSv1.3 implementation is not currently libssl-compatible.
    • Added support for LibreSSL on Windows when built with Visual C++.
    • Exposed P_X509_CRL_add_extensions, several SSL_CIPHER functions, and several stack functions.
    • Fixed crashes in the callback functions CTX_set_next_proto_select_cb and CTX_set_alpn_select_cb.
    • The test suite is now compatible with OpenSSL 1.1.1e onwards, as well as OpenSSL security level 2 (the default on many Linux distributions).

Changes for version 1.89_05 - 2021-01-21

  • Expose SSL_get_ciphers. Thanks to github user dylc5190.
  • Expose SSL_CIPHER_get_version and fix SSL_CIPHER_description and SSL_CIPHER_get_bits. Also fixed and enhanced documentation for these and related SSL_CIPHER functions.
  • Clarify libssl version support policy: all stable versions of OpenSSL in the 0.9.8 - 1.1.1 branches (with the exception of 0.9.8 - 0.9.8b) and all stable releases of LibreSSL in the 2.0 - 3.1 series are supported.
  • Direct bug reports to the GitHub repository, since rt.cpan.org will shut down on 2021-03-01.

Changes for version 1.89_04 - 2021-01-13

  • Fix crashes in the callback functions CTX_set_next_proto_select_cb() and CTX_set_alpn_select_cb() caused by the use of a pointer returned by SSL_select_next_proto() which may already have been freed under certain circumstances. Fixes GH-222. Thanks to dylc5190 for the report.
  • Remove the dependency on the AES128-SHA cipher suite in the test script 64_ticket_sharing.t. Fixes GH-231.
  • Remove checks and warnings in Makefile.PL relating to the use of RSAref, which was removed from OpenSSL in version 0.9.7.

Changes for version 1.89_03 - 2020-12-12

  • Expose the following functions:
    • X509_STORE_CTX_get0_cert, X509_STORE_CTX_get1_chain
    • sk_X509_pop, sk_X509_shift, sk_X509_unshift,
    • sk_X509_insert, sk_X509_delete, sk_x509_value, sk_X509_num Thanks to Dan Freed.
  • Correct the minimum OpenSSL version required for the following functions to be made available (previously they were all declared to be present in 1.1.0-pre1, which caused Net::SSLeay to crash at run-time when built against OpenSSL versions between 1.1.0-pre1 and 1.1.0-pre3):
    • CTX_set_max_proto_version (added in 1.1.0-pre2)
    • CTX_set_min_proto_version (added in 1.1.0-pre2)
    • SESSION_up_ref (added in 1.1.0-pre4)
    • set_max_proto_version (added in 1.1.0-pre2)
    • set_min_proto_version (added in 1.1.0-pre2)
  • Correct the minimum OpenSSL version required for get_SSL_CTX and SSL_ctrl to be made available (previously they were declared to be present from 0.9.8f onwards, when in reality they are available in all 0.9.8 versions).
  • Replace the PKI used by the test suite with one generated by the generate-test-pki helper script. All entities in the new PKI have 2048-bit RSA private keys and CSRs, certificates and CRLs with SHA-256 digests, allowing the test suite to execute under OpenSSL security level 2 (now the default security level for OpenSSL in many Linux distributions).
  • Initialise libssl consistently in the test suite.
  • Don't rely on the availability of specific SSL/TLS protocol versions or cipher suites in the test suite; instead, dynamically select from any of the available protocol versions and cipher suites permitted by libssl. Fixes RT#132425. Thanks to Graham Ollis for the initial report of the test suite failing on Ubuntu 20.04 with the Ubuntu-packaged OpenSSL, whose configuration forbids the use of TLSv1.1 and below at run-time by default.

Changes for version 1.89_02 - 2020-08-07

  • Add support for the P_X509_CRL_add_extensions function. Thanks to Manuel Mausz for the patch.
  • X509_get_subjectAltNames now knows how to return GEN_RID. The returned value is an ASN OID in text format with current maximum length of 2500 characters. Updated t/local/33_x509_create_cert.t to use GEN_RID and all other supported types with certificate request and signed certificate. These relate to GitHub issue GH-149 opened by s482dcaw.
  • Support for 64-bit Windows versions of OpenSSL from 1.0.0-beta1 through to 1.0.0b has been withdrawn due to malfunctions occurring in Perl programs that use fork(). This mainly affects users of Strawberry Perl x64, which ships with OpenSSL 1.0.0-beta4. Affected users should build Net-SSLeay against OpenSSL 1.0.0c or above; users of Strawberry Perl x64 may instead find it easier to upgrade to Strawberry Perl x64 or above. See https://github.com/radiator-software/p5-net-ssleay/issues/189 for more information.

Changes for version 1.89_01 - 2020-03-22

  • Fix the repository URL in Makefile.PL (git:// rather than git@), which was preventing it from being added to META.json. Thanks to Dan Book.
  • When building Net-SSLeay, exit if an OpenSSL executable cannot be found in PATH. Fixes RT#131060. Thanks to Nigel Horne for the report.
  • Remove non-OCSP external tests, many of which unnecessarily duplicate local tests or fail for reasons outside of our control. Fixes RT#129542. Thanks to Andreas Vögele for the bug report that ultimately led to this change.
  • Add support for LibreSSL on Windows when built with Visual C++. Thanks to Graham Ollis for the patch.
  • In SSL_CTX_free() and SSL_free(), clean callback-related data from the global hash after freeing ctx, not before. This allows callbacks to be executed during freeing. Thanks to Steffen Ullrich for the patch.
  • t/local/07_sslecho.t started failing with OpenSSL 1.1.1e. Updated the test file with missing calls to Net::SSLeay::shutdown(). Also added one call in SSLeay.pm sslcat() function. Enabling SSLeay trace level 3 showed 'unexpected eof while reading' errors which were added to OpenSSL with commit db943f43. This fixes GitHub issue GH-160 reported by Brett T. Warden.
  • t/local/01_pod.t now requires Test::Pod 1.41 to work with Pod syntax used with Net::SSLeay 1.88 and later. This fixes GitHub issue GH-147 reported by Ulrik Haugen.


Perl extension for using OpenSSL
Perl module that lets SSL (HTTPS) sockets be handled as standard file handles.