Changes for version 1.82 - 2017-10-31
- Added support for building under Linuxbrew (a linuxbrew version of MacOS Homebrew) Patch from Matthew Altus, that implements SSL_CTX_set_psk_client_callback() and SSL_set_psk_client_callback(). Patch to build with LibreSSL has no support for NPN Also skip the NPN test if the SSL library is LibreSSL. Fixed a problem with a variable declaration in ssleay_session_secret_cb_invoke reported by Graham Ollis. Significant patch set from Open System Consultants:
- Bugfix: tlsext_status_cb_invoke(...): free ocsp_response only when allocated.
- The same callback is used on a server side for OCSP stapling and in that case ocsp_response is NULL and not used.
- New feature: Added a binding SSL_set_session_ticket_ext_cb(ssl,callback,data)
- A callback used by EAP-FAST/EAP-TEAT to parse and process TLS session ticket.
- Tests are in t/local/65_ticket_sharing_2.t
- New feature: Added a binding SSL_set_session_ticket_ext(ssl,ticket)
- Used by EAP-FAST/EAP-TEAP to define TLS session ticket value.
- Tests are in t/local/65_ticket_sharing_2.t
- Bugfix: tlsext_ticket_key_cb_invoke(...): allow SHA256 HMAC key to be 32 bytes instead of 16 bytes (which OpenSSL will pad with zeros up to 32 bytes).
- New feature: Added following bindings:
- X509_get_ex_data(cert,idx)
- X509_get_ex_new_index(argl,argp,new_func,dup_funL,free_func)
- X509_get_app_data(cert)
- X509_set_ex_data(cert,idx,data)
- X509_set_app_data(cert,arg)
- X509_STORE_CTX_get_ex_new_index(argl,argp,new_func,dup_func,free_func)
- X509_STORE_CTX_get_app_data(x509_store_ctx)
- X509_STORE_CTX_set_app_data(x509_store_ctx,arg)
- New feature: Added an implementation for SSL_get_finished(ssl,buf,count=2*EVP_MAX_MD_SIZE)
- Tests are in t/local/43_misc_functions.t
- New feature: Added an implementation for SSL_get_peer_finished(ssl,buf,count=2*EVP_MAX_MD_SIZE)
- Tests are in t/local/43_misc_functions.t
- Bugfix: SSL_get_keyblock_size(s): Calculate key block size correctly also with AEAD ciphers which don’t use digest functions.
- New feature: Added a binding SSL_set_tlsext_status_ocsp_resp(ssl,staple)
- Used by a server side to include OCSP staple in ServerHello.
- Bugfix: SSL_OCSP_response_verify(ssl,rsp,svreq,flags): check that chain and last are not NULL before trying to use them.
- Bugfix: inc/Module/Install/PRIVATE/Net/SSLeay.pm: Don’t quote include and lib paths.
Modules
Perl extension for using OpenSSL
Perl module that lets SSL (HTTPS) sockets be handled as standard file handles.
Examples
- examples/bio.pl
- examples/bulk.pl
- examples/callback.pl
- examples/cb-testi.pl
- examples/cli-cert.pl
- examples/ephemeral.pl
- examples/get_authenticated_page.pl
- examples/get_page.pl
- examples/get_page_cert.pl
- examples/https-proxy-snif.pl
- examples/makecert.pl
- examples/minicli.pl
- examples/passwd-cb.pl
- examples/req.conf
- examples/server_key.pem
- examples/ssl-inetd-serv.pl
- examples/ssl_diff.pl
- examples/sslcat.pl
- examples/sslecho.pl
- examples/stdio_bulk.pl
- examples/tcpcat.pl
- examples/tcpecho.pl
- examples/x509_cert_details.pl