packages/perl-IO-Socket-SSL
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:3d268f2ad029a198f92aa4515cd50b2df2bcb143
Branches Tags
packages:main
...
compare: packages:363bdb1e91dee9c75b545f3193c8542a39ed1d9d
Branches Tags
packages:main

10 Commits
3d268f2ad0 ... 363bdb1e91

Author SHA1 Message Date
openeuler-ci-bot
363bdb1e91
!7 【轻量级 PR】:Rebuild for next release 
From: @dongyuzhen 
Reviewed-by: @licunlong 
Signed-off-by: @licunlong
 2022-10-27 03:43:38 +00:00
dongyuzhen
cfed8ff9c2
update for mass rebuild and upgrade verification 
Signed-off-by: dongyuzhen <dongyuzhen@h-partners.com>
 2022-10-25 07:35:51 +00:00
openeuler-ci-bot
f86e5c945c !6 update version to 2.072 
Merge pull request !6 from xinyingchao/openEuler-22.03-LTS-Next
 2021-12-27 01:36:10 +00:00
renmingshuai
42fd115cdf update version to 2.068 2021-12-21 16:39:27 +08:00
openeuler-ci-bot
2bb25f630e !3 perl-IO-Socket-SSL 
Merge pull request !3 from xinghe/master
 2020-07-26 00:24:53 +08:00
jinzhimin369
f039fe7602 update version 2020-07-24 09:13:21 +08:00
openeuler-ci-bot
e76d5f3f37 !2 add yaml file in package 
Merge pull request !2 from 吴超超/master
 2020-06-29 20:14:08 +08:00
19909236985
678170d418 add yaml file in package 2020-06-13 17:22:46 +08:00
openeuler-ci-bot
eb82ba780f !1 perl-IO-Socket-SSL 
Merge pull request !1 from openeuler-basic/init
 2019-12-31 17:07:48 +08:00
openeuler-basic
762fff977b delete unneeded patch 2019-12-31 15:22:16 +08:00
6 changed files with 191 additions and 152 deletions
Show Stats Expand all files Collapse all files

40
IO-Socket-SSL-2.060-use-system-default-SSL-version.patch
View File

@ -1,40 +0,0 @@
diff --git a/lib/IO/Socket/SSL.pm b/lib/IO/Socket/SSL.pm
index c5affd8..c41b0f1 100644
--- a/lib/IO/Socket/SSL.pm
+++ b/lib/IO/Socket/SSL.pm
@@ -164,7 +164,7 @@ if ( defined &Net::SSLeay::CTX_set_min_proto_version
# global defaults
my %DEFAULT_SSL_ARGS = (
SSL_check_crl => 0,
- SSL_version => 'SSLv23:!SSLv3:!SSLv2', # consider both SSL3.0 and SSL2.0 as broken
+ SSL_version => '',
SSL_verify_callback => undef,
SSL_verifycn_scheme => undef, # fallback cn verification
SSL_verifycn_publicsuffix => undef, # fallback default list verification
@@ -2393,7 +2393,7 @@ sub new {
my $ssl_op = $DEFAULT_SSL_OP;
- my $ver;
+ my $ver = '';
for (split(/\s*:\s*/,$arg_hash->{SSL_version})) {
m{^(!?)(?:(SSL(?:v2|v3|v23|v2/3))|(TLSv1(?:_?[123])?))$}i
or croak("invalid SSL_version specified");
diff --git a/lib/IO/Socket/SSL.pod b/lib/IO/Socket/SSL.pod
index a4cf32a..7938d59 100644
--- a/lib/IO/Socket/SSL.pod
+++ b/lib/IO/Socket/SSL.pod
@@ -1028,11 +1028,12 @@ All values are case-insensitive. Instead of 'TLSv1_1', 'TLSv1_2', and
'TLSv1_3' one can also use 'TLSv11', 'TLSv12', and 'TLSv13'. Support for
'TLSv1_1', 'TLSv1_2', and 'TLSv1_3' requires recent versions of Net::SSLeay
and openssl.
+The default SSL_version is defined by the underlying cryptographic library.
Independent from the handshake format you can limit to set of accepted SSL
versions by adding !version separated by ':'.
-The default SSL_version is 'SSLv23:!SSLv3:!SSLv2' which means, that the
+For example, 'SSLv23:!SSLv3:!SSLv2' means that the
handshake format is compatible to SSL2.0 and higher, but that the successful
handshake is limited to TLS1.0 and higher, that is no SSL2.0 or SSL3.0 because
both of these versions have serious security issues and should not be used

107
IO-Socket-SSL-2.060-use-system-default-cipher-list.patch
View File

@ -1,107 +0,0 @@
diff --git a/lib/IO/Socket/SSL.pm b/lib/IO/Socket/SSL.pm
index c5affd8..10fe332 100644
--- a/lib/IO/Socket/SSL.pm
+++ b/lib/IO/Socket/SSL.pm
@@ -172,11 +172,10 @@ my %DEFAULT_SSL_ARGS = (
SSL_npn_protocols => undef, # meaning depends whether on server or client side
SSL_alpn_protocols => undef, # list of protocols we'll accept/send, for example ['http/1.1','spdy/3.1']
- # https://wiki.mozilla.org/Security/Server_Side_TLS, 2019/03/05
- # "Old backward compatibility" for best compatibility
- # .. "Most ciphers that are not clearly broken and dangerous to use are supported"
- # slightly reordered to prefer AES since it is cheaper when hardware accelerated
- SSL_cipher_list => 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP',
+ # Use system-wide default cipher list to support use of system-wide
+ # crypto policy (#1076390, #1127577, CPAN RT#97816)
+ # https://fedoraproject.org/wiki/Changes/CryptoPolicy
+ SSL_cipher_list => 'DEFAULT',
);
my %DEFAULT_SSL_CLIENT_ARGS = (
@@ -185,64 +184,6 @@ my %DEFAULT_SSL_CLIENT_ARGS = (
SSL_ca_file => undef,
SSL_ca_path => undef,
-
- # older versions of F5 BIG-IP hang when getting SSL client hello >255 bytes
- # http://support.f5.com/kb/en-us/solutions/public/13000/000/sol13037.html
- # http://guest:guest@rt.openssl.org/Ticket/Display.html?id=2771
- # Ubuntu worked around this by disabling TLSv1_2 on the client side for
- # a while. Later a padding extension was added to OpenSSL to work around
- # broken F5 but then IronPort croaked because it did not understand this
- # extension so it was disabled again :(
- # Firefox, Chrome and IE11 use TLSv1_2 but use only a few ciphers, so
- # that packet stays small enough. We try the same here.
-
- SSL_cipher_list => join(" ",
-
- # SSLabs report for Chrome 48/OSX.
- # This also includes the fewer ciphers Firefox uses.
- 'ECDHE-ECDSA-AES128-GCM-SHA256',
- 'ECDHE-RSA-AES128-GCM-SHA256',
- 'DHE-RSA-AES128-GCM-SHA256',
- 'ECDHE-ECDSA-CHACHA20-POLY1305',
- 'ECDHE-RSA-CHACHA20-POLY1305',
- 'ECDHE-ECDSA-AES256-SHA',
- 'ECDHE-RSA-AES256-SHA',
- 'DHE-RSA-AES256-SHA',
- 'ECDHE-ECDSA-AES128-SHA',
- 'ECDHE-RSA-AES128-SHA',
- 'DHE-RSA-AES128-SHA',
- 'AES128-GCM-SHA256',
- 'AES256-SHA',
- 'AES128-SHA',
- 'DES-CBC3-SHA',
-
- # IE11/Edge has some more ciphers, notably SHA384 and DSS
- # we don't offer the *-AES128-SHA256 and *-AES256-SHA384 non-GCM
- # ciphers IE/Edge offers because they look like a large mismatch
- # between a very strong HMAC and a comparably weak (but sufficient)
- # encryption. Similar all browsers which do SHA384 can do ECDHE
- # so skip the DHE*SHA384 ciphers.
- 'ECDHE-RSA-AES256-GCM-SHA384',
- 'ECDHE-ECDSA-AES256-GCM-SHA384',
- # 'ECDHE-RSA-AES256-SHA384',
- # 'ECDHE-ECDSA-AES256-SHA384',
- # 'ECDHE-RSA-AES128-SHA256',
- # 'ECDHE-ECDSA-AES128-SHA256',
- # 'DHE-RSA-AES256-GCM-SHA384',
- # 'AES256-GCM-SHA384',
- 'AES256-SHA256',
- # 'AES128-SHA256',
- 'DHE-DSS-AES256-SHA256',
- # 'DHE-DSS-AES128-SHA256',
- 'DHE-DSS-AES256-SHA',
- 'DHE-DSS-AES128-SHA',
- 'EDH-DSS-DES-CBC3-SHA',
-
- # Just to make sure, that we don't accidentally add bad ciphers above.
- # This includes dropping RC4 which is no longer supported by modern
- # browsers and also excluded in the SSL libraries of Python and Ruby.
- "!EXP !MEDIUM !LOW !eNULL !aNULL !RC4 !DES !MD5 !PSK !SRP"
- )
);
# set values inside _init to work with perlcc, RT#95452
diff --git a/lib/IO/Socket/SSL.pod b/lib/IO/Socket/SSL.pod
index a4cf32a..c0acadd 100644
--- a/lib/IO/Socket/SSL.pod
+++ b/lib/IO/Socket/SSL.pod
@@ -1054,12 +1054,8 @@ documentation (L<http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS>)
for more details.
Unless you fail to contact your peer because of no shared ciphers it is
-recommended to leave this option at the default setting. The default setting
-prefers ciphers with forward secrecy, disables anonymous authentication and
-disables known insecure ciphers like MD5, DES etc. This gives a grade A result
-at the tests of SSL Labs.
-To use the less secure OpenSSL builtin default (whatever this is) set
-SSL_cipher_list to ''.
+recommended to leave this option at the default setting, which honors the
+system-wide DEFAULT cipher list.
In case different cipher lists are needed for different SNI hosts a hash can be
given with the host as key and the cipher suite as value, similar to
--
2.19.1

BIN
IO-Socket-SSL-2.066.tar.gz
View File

Binary file not shown.

BIN
IO-Socket-SSL-2.072.tar.gz Normal file
View File

Binary file not shown.

25
perl-IO-Socket-SSL.spec
View File

@ -1,14 +1,11 @@
Name: perl-IO-Socket-SSL
Version: 2.066
Release: 3
Version: 2.072
Release: 2
Summary: Perl library for transparent SSL
License: GPL+ or Artistic
URL: https://metacpan.org/release/IO-Socket-SSL
Source0: https://cpan.metacpan.org/modules/by-module/IO/IO-Socket-SSL-%{version}.tar.gz
# https://fedoraproject.org/wiki/Changes/CryptoPolicy
Patch0: IO-Socket-SSL-2.060-use-system-default-cipher-list.patch
Patch1: IO-Socket-SSL-2.060-use-system-default-SSL-version.patch
BuildArch: noarch
#For Build
BuildRequires: coreutils findutils make perl-generators perl-interpreter perl(ExtUtils::MakeMaker)
@ -64,6 +61,24 @@ make test
%{_mandir}/man3/IO::Socket::SSL::Utils.3*
%changelog
* Tue Oct 25 2022 dongyuzhen <dongyuzhen@h-partners.com> - 2.072-2
- Rebuild for next release
* Tue Dec 21 2021 yuanxin <yuanxin24@huawei.com> - 2.072-1
- update version to 2.072
* Fri Jul 24 2020 xinghe <xinghe1@huawei.com> - 2.068-1
- Type:enhancement
- ID:NA
- SUG:NA
- DESC:update version to 2.068
* Tue Dec 31 2019 openEuler Buildteam <buildteam@openeuler.org> - 2.066-4
- Type:enhancement
- ID:NA
- SUG:NA
- DESC:delete unneeded patch
* Tue Oct 15 2019 shenyangyang <shenyangyang4@huawei.com> - 2.066-3
- Type:enhancement
- ID:NA

171
perl-IO-Socket-SSL.yaml Normal file
View File

@ -0,0 +1,171 @@
---
version_control: metacpan
src_repo: IO-Socket-SSL
tag_prefix: "^v"
seperator: "."
last_query:
time_stamp: 2020-04-26 07:41:29.874016800 +00:00
raw_data: |
{
"download_url" : "https://cpan.metacpan.org/authors/id/S/SU/SULLR/IO-Socket-SSL-2.068.tar.gz",
"author" : "SULLR",
"stat" : {
"mtime" : 1585635339,
"size" : 248709,
"mode" : 33188
},
"deprecated" : false,
"distribution" : "IO-Socket-SSL",
"id" : "85CwmI6g7kPZaST_yld_Yohhtic",
"version_numified" : 2.068,
"tests" : {
"fail" : 6,
"na" : 0,
"pass" : 587,
"unknown" : 5
},
"resources" : {
"repository" : {
"url" : "https://github.com/noxxi/p5-io-socket-ssl"
},
"homepage" : "https://github.com/noxxi/p5-io-socket-ssl",
"license" : [
"http://dev.perl.org/licenses/"
],
"bugtracker" : {
"web" : "https://rt.cpan.org/Dist/Display.html?Queue=IO-Socket-SSL"
}
},
"archive" : "IO-Socket-SSL-2.068.tar.gz",
"license" : [
"perl_5"
],
"checksum_md5" : "4230c829c8875889848093b2b46a7284",
"changes_file" : "Changes",
"abstract" : "Nearly transparent SSL encapsulation for IO::Socket::INET.",
"main_module" : "IO::Socket::SSL",
"status" : "latest",
"version" : "2.068",
"maturity" : "released",
"metadata" : {
"dynamic_config" : 1,
"author" : [
"Steffen Ullrich <sullr@cpan.org>, Peter Behroozi, Marko Asplund"
],
"generated_by" : "ExtUtils::MakeMaker version 7.24, CPAN::Meta::Converter version 2.150010, CPAN::Meta::Converter version 2.150005",
"abstract" : "Nearly transparent SSL encapsulation for IO::Socket::INET.",
"prereqs" : {
"configure" : {
"requires" : {
"ExtUtils::MakeMaker" : "0",
"Net::SSLeay" : "1.46"
}
},
"build" : {
"requires" : {
"ExtUtils::MakeMaker" : "0"
}
},
"runtime" : {
"requires" : {
"Mozilla::CA" : "0",
"Scalar::Util" : "0",
"Net::SSLeay" : "1.46"
}
}
},
"release_status" : "stable",
"version" : "2.068",
"no_index" : {
"directory" : [
"t",
"inc",
"t",
"xt",
"inc",
"local",
"perl5",
"fatlib",
"example",
"blib",
"examples",
"eg"
]
},
"meta-spec" : {
"url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec",
"version" : 2
},
"x_serialization_backend" : "JSON::PP version 2.27400_02",
"resources" : {
"repository" : {
"url" : "https://github.com/noxxi/p5-io-socket-ssl"
},
"homepage" : "https://github.com/noxxi/p5-io-socket-ssl",
"bugtracker" : {
"web" : "https://rt.cpan.org/Dist/Display.html?Queue=IO-Socket-SSL"
},
"license" : [
"http://dev.perl.org/licenses/"
]
},
"license" : [
"perl_5"
],
"name" : "IO-Socket-SSL"
},
"authorized" : true,
"checksum_sha256" : "4420fc0056f1827b4dd1245eacca0da56e2182b4ef6fc078f107dc43c3fb8ff9",
"name" : "IO-Socket-SSL-2.068",
"provides" : [
"IO::Socket::SSL",
"IO::Socket::SSL::Intercept",
"IO::Socket::SSL::OCSP_Cache",
"IO::Socket::SSL::OCSP_Resolver",
"IO::Socket::SSL::PublicSuffix",
"IO::Socket::SSL::SSL_Context",
"IO::Socket::SSL::SSL_HANDLE",
"IO::Socket::SSL::Session_Cache",
"IO::Socket::SSL::Utils"
],
"date" : "2020-03-31T06:15:39",
"dependency" : [
{
"relationship" : "requires",
"version" : "0",
"module" : "ExtUtils::MakeMaker",
"phase" : "build"
},
{
"relationship" : "requires",
"version" : "0",
"phase" : "runtime",
"module" : "Scalar::Util"
},
{
"relationship" : "requires",
"module" : "Mozilla::CA",
"phase" : "runtime",
"version" : "0"
},
{
"relationship" : "requires",
"module" : "Net::SSLeay",
"phase" : "runtime",
"version" : "1.46"
},
{
"version" : "0",
"phase" : "configure",
"module" : "ExtUtils::MakeMaker",
"relationship" : "requires"
},
{
"relationship" : "requires",
"phase" : "configure",
"module" : "Net::SSLeay",
"version" : "1.46"
}
],
"first" : false
}