Net-SSLeay-1.93_02

Changes for version 1.93_02 - 2023-02-22

Update ppport.h to version 3.68. This eliminates thousands of compound-token-split-by-macro compiler warnings when building Net-SSLeay with Clang 12 or greater. Partially fixes GH-383.
Silence compound-token-split-by-macro warnings when building Net-SSLeay with Clang 12 or greater. Fixes the remainder of GH-383.
When building Net-SSLeay, search for the openssl binary in the same directory in which Perl is installed (i.e. $Config{prefix}/bin/). Thanks to Henrik Grimler for the patch.
Expose EVP_PKEY_security_bits. Thanks to Felipe Gasper.
Major update to Gihub Actions configuration. Thanks to Felipe Gasper. New testing targets are:
- OpenSSL and LibreSSL on Alpine Linux on i386, x390x, arm32v6, ar32v7 and arm64v8 architectures.
- OpenSSL and LibreSSL on Ubuntu on i386, x390x, ar32v7 and arm64v8 architectures.
- OpenSSL on FreeBSD 13.0, not enabled yet because of GH #272 and #394
- LibreSSL on FreeBSD 13.0
- LibreSSL on OpenBSD 6.9
- LibreSSL on OpenBSD 7.1
- Cygwin on x86_64
Fix compilation failure using cl. Microsoft cl compiler do not like when preprocessor directives are inside a macro. Fixes GH-403. Thanks to Jean-Damien Durand.
Update CTX_use_PKCS12_file() and CTX_use_PKCS12_file() to use BIO functions for avoiding "no OPENSSL_Applink" runtime errors. Fixes GH-281 and RT#101638. Thanks to Jean-Damien Durand.
Add to README.Win32 more information about OPENSSL_Applink and how it may be needed with FILE pointers and POSIX/Unix fds. Recommended method is to avoid them and use OpenSSL BIO functions instead. Update SSLeay.pod with alternatives to Net::SSLeay::SESSION_print_fp(). Closes GH-411.
Refactor variable declarations in RSA_generate_key to allow SSLeay.xs to compile under -Werror=declaration-after-statement. Fixes GH-407. Thanks to dharanlinux for the report.
Fix memory leaks after calls to X509_get_ext_d2i. Thanks to Anton Borowka.
Documentation fix: Correct CRL revocation reasons in P_X509_CRL_add_revoked_serial_hex(). Closes GH-397. Reported by Marc Reisner.
Support stable releases of LibreSSL 3.5 and 3.6.
Update callback set by SSL_set_session_secret_cb to adjust master secret's length. This is needed with OpenSSL 1.1.1 and later that provide buffer that is now longer than 48 octets. Fix Net::SSLeay::get_keyblock_size() size calculation with AEAD ciphers. These functions were originally added to OpenSSL and Net::SSLeay for EAP-FAST. These changes allow EAP-FAST to work with AEAD ciphers and with OpenSSL versions 1.1.1 and later.
Remove code guarded by obsolete SSL_F_SSL_SET_HELLO_EXTENSION #ifdef. This was used by the initial EAP-FAST related OpenSSL patch which was never part of the OpenSSL distribution.
PEM_get_string_PrivateKey() currently uses DES-CBC as its default encryption algorithm. Test 33_x509_create_cert.t now skips testing the default algorithm on systems that support providers but don't have the legacy provider available. One such system is FreeBSD 13.0 with OpenSSL which was added as disabled in GitHub actions by PR GH-402 but can now be enabled. Long term fix is to replace DES-CBC with a modern cipher. Allows closing GH-394.

Changes for version 1.93_01 - 2022-03-20

LibreSSL 3.5.0 has removed access to internal data structures: Use X509_get0_tbs_sigalg() and OCSP_SINGLERESP_get0_id() like in OpenSSL 1.1. Also use RSA_get0... with RSA_get_key_parameters(). Thanks to Alexander Bluhm.
Expose SSL_CTX_get_min_proto_version(), SSL_CTX_get_max_proto_version(), SSL_get_min_proto_version() and SSL_get_max_proto_version() with LibresSSL 3.4.0 and later. Thanks to Alexander Bluhm.
Update tests 07_sslecho.t and 44_sess.t to work around failures seen on Windows with Perls earlier than 5.20. For the details, see GH-356 and look for CloseHandle() in Perl 5.20.0 changelog. Thanks to GitHub user twata1 for the report and additional help.
Alexander's recent work with RSA_get_key_parameters(), allows to make it available with all OpenSSL versions. It was already available with versions earlier than 1.1.0.
Expose BN_dup(), BN_clear(), BN_clear_free() and BN_free().
Use PTR2IV instead of direct cast to IV to fix compilation warning with SSLeay.xs internal function bn2sv().
Expose X509_CRL_get0_lastUpdate(), X509_CRL_get0_nextUpdate(), X509_CRL_set1_lastUpdate() and X509_CRL_set1_nextUpdate() that became available with OpenSSL 1.1.0 and LibreSSL 2.7.0. These, and the respective deprecated _get/set_ aliases, are available with all OpenSSL and LibreSSL versions. Fixes part of RT#124371.
Note in documentation that the X509_CRL_get* functions return a pointer to time structure that should be considered read-only.
Use ASN1_STRING_get0_data() instead of ASN1_STRING_data() to avoid compile time deprecation warnings. Partly fixes RT#124371.
Add the following constants from Current OpenSSL master branch:
- SSL_ASYNC_PAUSED
- SSL_ASYNC_NO_JOBS
- SSL_CLIENT_HELLO_CB
- SSL_ERROR_WANT_ASYNC
- SSL_ERROR_WANT_ASYNC_JOB
- SSL_ERROR_WANT_CLIENT_HELLO_CB
- SSL_ERROR_WANT_RETRY_VERIFY
- SSL_MODE_ASYNC
- SSL_MODE_NO_AUTO_CHAIN
- SSL_OP_ALLOW_CLIENT_RENEGOTIATION
- SSL_OP_CLEANSE_PLAINTEXT
- SSL_OP_DISABLE_TLSEXT_CA_NAMES
- SSL_OP_ENABLE_KTLS
- SSL_OP_IGNORE_UNEXPECTED_EOF
- SSL_OP_NO_EXTENDED_MASTER_SECRET
- SSL_RETRY_VERIFY
- SSL_SESS_CACHE_UPDATE_TIME
- X509_TRUST_DEFAULT
- X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL
- X509_V_ERR_CA_BCONS_NOT_CRITICAL
- X509_V_ERR_CA_CERT_MISSING_KEY_USAGE
- X509_V_ERR_EC_KEY_EXPLICIT_PARAMS
- X509_V_ERR_EMPTY_SUBJECT_ALT_NAME
- X509_V_ERR_EMPTY_SUBJECT_SAN_NOT_CRITICAL
- X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3
- X509_V_ERR_ISSUER_NAME_EMPTY
- X509_V_ERR_KU_KEY_CERT_SIGN_INVALID_FOR_NON_CA
- X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER
- X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER
- X509_V_ERR_NO_ISSUER_PUBLIC_KEY
- X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA
- X509_V_ERR_PATHLEN_WITHOUT_KU_KEY_CERT_SIGN
- X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY
- X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH
- X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL
- X509_V_ERR_SUBJECT_NAME_EMPTY
- X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM
Expose X509_get0_notBefore(), X509_getm_notBefore() X509_get0_nextAfter() and X509_getm_nextAfter() that became available with OpenSSL 1.1.0 and LibreSSL 2.7.0. These, and the deprecated _get functions, are available, as aliases when needed, with all OpenSSL and LibreSSL versions. Fixes GH-367.
Only export the TLSv1*_method() functions when support for the respective TLS version is available in the underlying libssl library. This allows Net::SSLeay to be built against libssl libraries that were compiled without support for old TLS versions.

Modules

Net::SSLeay

Perl bindings for OpenSSL and LibreSSL

Net::SSLeay::Handle

Perl module that lets SSL (HTTPS) sockets be handled as standard file handles.

Other files

To install Net::SSLeay, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Net::SSLeay

CPAN shell

perl -MCPAN -e shell
install Net::SSLeay

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

Changes for version 1.93_02 - 2023-02-22

Changes for version 1.93_01 - 2022-03-20

Modules

Examples

Other files

Module Install Instructions