PaulHowarth/Blog/2014-05-17

Saturday 17th May 2014

Fedora Project

  • Updated perl-IO-Socket-SSL to 1.988 in Rawhide:

    • Allow IPv4 in common name, because browsers allow this too; only for scheme www/http though, not for rfc2818 (because RFC2818 does not allow this; in default scheme IPv6 and IPv4 are allowed in CN)

    • Fix handling of public suffix; add exemption for *.googleapis.com wildcard, which should not be allowed according to public suffix list but actually is used

    • Add hostname verification test based on older test of chromium, but change some of the test expectations because we don't want to support IP as SAN DNS and because we enforce a public suffix list (and thus *.co.uk should not be allowed)

    • Fix t/verify_hostname_standalone.t on systems without usable IDNA or IPv6 (CPAN RT#95719)

    • Enable IPv6 support only if we have a usable inet_pton

    • Remove stale entries from MANIFEST

    • Add transparent support for DER and PKCS#12 files to specify cert and key, e.g. it will autodetect the format
    • If SSL_cert_file is PEM and no SSL_key_file is given it will check if the key is in SSL_cert_file too

Local Packages

  • Updated perl-Digest-SHA to 5.91:

    • Restored original 'addfile' for use on opened file handles, which allows callbacks in place of actual files (e.g. with IO::Callback, CPAN RT#95643)

    • Re-established inheritance from Digest::base to pick up future Digest enhancements automatically

    • Cleaned up documentation
  • Updated perl-IO-Socket-SSL to 1.988 as per the Fedora version


Recent