Hello community, here is the log from the commit of package perl-Net-SSLeay for openSUSE:Factory checked in at 2019-01-24 14:01:43 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/perl-Net-SSLeay (Old) and /work/SRC/openSUSE:Factory/.perl-Net-SSLeay.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-Net-SSLeay" Thu Jan 24 14:01:43 2019 rev:29 rq:666157 version:1.85 Changes: -------- --- /work/SRC/openSUSE:Factory/perl-Net-SSLeay/perl-Net-SSLeay.changes 2018-09-11 17:13:47.515734235 +0200 +++ /work/SRC/openSUSE:Factory/.perl-Net-SSLeay.new.28833/perl-Net-SSLeay.changes 2019-01-24 14:01:44.820165676 +0100 @@ -1,0 +2,9 @@ +Mon Jan 14 15:55:27 UTC 2019 - Vítězslav Čížek <vci...@suse.com> + +- Expose SSL_CTX_set_post_handshake_auth + * https://github.com/radiator-software/p5-net-ssleay/pull/68 +- add Net-SSLeay-1.85-Expose_SSL_CTX_set_post_handshake_auth.patch +- Fix build on SLE-12 + * apparently %autopatch needs to be followed by an empty line there + +------------------------------------------------------------------- New: ---- Net-SSLeay-1.85-Expose_SSL_CTX_set_post_handshake_auth.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-Net-SSLeay.spec ++++++ --- /var/tmp/diff_new_pack.YECdsc/_old 2019-01-24 14:01:45.628164755 +0100 +++ /var/tmp/diff_new_pack.YECdsc/_new 2019-01-24 14:01:45.636164746 +0100 @@ -1,7 +1,7 @@ # # spec file for package perl-Net-SSLeay # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -33,6 +33,8 @@ Patch3: Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-.patch # Revert retry in Net::SSLeay::write_partial(), CPAN RT#125218 Patch4: Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-from_write_partial.patch +# PATCH-FIX-UPSTREAM https://github.com/radiator-software/p5-net-ssleay/pull/68 +Patch5: Net-SSLeay-1.85-Expose_SSL_CTX_set_post_handshake_auth.patch BuildRequires: libopenssl-devel BuildRequires: openssl BuildRequires: perl @@ -55,6 +57,7 @@ %prep %setup -q -n %{cpan_name}-%{version} %autopatch -p1 + # replace rest of /usr/local/bin/perl with /usr/bin/perl for f in $(find . -type f -exec grep -l "%{_prefix}/local/bin/perl" {} \; ); do sed -i -e "s@%{_prefix}/local/bin/perl@perl@g" $f ++++++ Net-SSLeay-1.85-Expose_SSL_CTX_set_post_handshake_auth.patch ++++++ commit 6a6bcf3d96115a6ef62289838cea418c185d8c88 Author: Paul Howarth <p...@city-fan.org> Date: Wed Sep 19 09:38:40 2018 +0100 Expose SSL_CTX_set_post_handshake_auth TLS 1.3 removed renegotiation in favor of rekeying and post handshake authentication (PHA). With PHA, a server can request a client certificate from a client at some point after the handshake. The feature is commonly used by HTTP servers for conditional and path specific TLS client auth. For example, a server can decide to require a cert based on HTTP method and/or path. A client must announce support for PHA during the handshake. Apache mod_ssl uses PHA: https://github.com/apache/httpd/blob/trunk/modules/ssl/ssl_engine_kernel.c#L1207 As of OpenSSL ticket https://github.com/openssl/openssl/issues/6933, TLS 1.3 clients no longer send the PHA TLS extension by default. For on-demand auth, PHA extension must be enabled with SSL_CTX_set_post_handshake_auth(), https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_post_handshake_auth.html . This function is needed for the Apache httpd upstream test suite: https://bugzilla.redhat.com/show_bug.cgi?id=1630391 . diff --git a/SSLeay.xs b/SSLeay.xs index a4dcb0a..5777ffc 100644 --- a/SSLeay.xs +++ b/SSLeay.xs @@ -7291,4 +7291,13 @@ SSL_export_keying_material(ssl, outlen, label, p) #endif +#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.1 */ + +void +SSL_CTX_set_post_handshake_auth(s,val) + SSL_CTX * s + int val + +#endif + #define REM_EOF "/* EOF - SSLeay.xs */"