MAJOR BEHAVIOR CHANGE: ssl_verify_mode now defaults to verify_peer for client. Until now it used verify_none, but loudly complained since 1.79 about it. It will not complain any longer, but the connection might probably fail. Please don't simply disable ssl verification, but instead set SSL_ca_file etc so that verification succeeds!
MAJOR BEHAVIOR CHANGE: it will now complain if the builtin defaults of certs/my-ca.pem or ca/ for CA and certs/{server,client}-{key,cert}.pem for cert and key are used, e.g. no certificates are specified explicitly. In the future these insecure (relative path!) defaults will be removed and the CA replaced with the system defaults.
Changes for version v1.83_1
seperated documention of non-blocking I/O from error handling
changed and documented behavior of readline to return the read data on EAGAIN/EWOULDBLOCK in case of non-blocking socket. See https://github.com/noxxi/p5-io-socket-ssl/issues/1, thanks to mytram
Changes for version v1.74_2
fixed documentation errors, reported by MARSCHAP https://rt.cpan.org/Ticket/Display.html?id=77690
Changes for version v1.74_1
add support to IO::Socket::IP which support inet6 and inet4 by integrating patch from PEVANS for https://rt.cpan.org/Ticket/Display.html?id=75218
Changes for version v1.43_1
try to make t/nonblock.t more stable, especially on Mac OS X
Changes for version v1.39_1
fix in exampel/async_https_server. Thanks to DetlefPilzecker[AT]web[DOT]de for reporting
Changes for version v1.38_1
close should undef _SSL_fileno, because the fileno is no longer valid (SSL connection and socket are closed)
Changes for version v1.30_3
make t/memleak_bad_handshake.t more stable (increase listen queue, ignore errors on connect, don't run on windows..)
Changes for version v1.30_2
t/memleak_bad_handshake.t don't write errors with ps to stderr, -o vsize argument is not supported on all platforms, just skip test then
Changes for version v1.30_1
make sure that idn_to_ascii gets no \0 bytes from identity, because it simply cuts the string their (using C semantics). Not really a security problem because IDN like identity is provided by user in hostname, not by certificate.
Changes for version v1.16_3
fix t/nonblock.t with workaround for problems with IO::Socket::INET on some systems (Mac,5.6.2) where it cannot do nonblocking connect and leaves socket blocked.
make some tests less verbose by fixing diag in t/testlib.t (send output to STDOUT not STDERR and prefix with '#')
Changes for version v1.16_2
work around Bug in IO::Socket::INET6 on BSD systems http://rt.cpan.org/Ticket/Display.html?id=39550 by setting Domain based on PeerAddr Thanks to srezic for report and support
remove tests of recv/send from t/core.t. Might badly interact with SSL handshake and cause crashes as seen on OS X 10.4
Changes for version v1.16_1
better support for IPv6:
IPv6 is enabled by default if IO::Socket::INET6 is available