Hello community,
here is the log from the commit of package perl-Net-SSLeay for openSUSE:Factory
checked in at 2019-01-24 14:01:43
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/perl-Net-SSLeay (Old)
and /work/SRC/openSUSE:Factory/.perl-Net-SSLeay.new.28833 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-Net-SSLeay"
Thu Jan 24 14:01:43 2019 rev:29 rq:666157 version:1.85
Changes:
--------
--- /work/SRC/openSUSE:Factory/perl-Net-SSLeay/perl-Net-SSLeay.changes
2018-09-11 17:13:47.515734235 +0200
+++
/work/SRC/openSUSE:Factory/.perl-Net-SSLeay.new.28833/perl-Net-SSLeay.changes
2019-01-24 14:01:44.820165676 +0100
@@ -1,0 +2,9 @@
+Mon Jan 14 15:55:27 UTC 2019 - Vítězslav Čížek <vci...@suse.com>
+
+- Expose SSL_CTX_set_post_handshake_auth
+ * https://github.com/radiator-software/p5-net-ssleay/pull/68
+- add Net-SSLeay-1.85-Expose_SSL_CTX_set_post_handshake_auth.patch
+- Fix build on SLE-12
+ * apparently %autopatch needs to be followed by an empty line there
+
+-------------------------------------------------------------------
New:
----
Net-SSLeay-1.85-Expose_SSL_CTX_set_post_handshake_auth.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ perl-Net-SSLeay.spec ++++++
--- /var/tmp/diff_new_pack.YECdsc/_old 2019-01-24 14:01:45.628164755 +0100
+++ /var/tmp/diff_new_pack.YECdsc/_new 2019-01-24 14:01:45.636164746 +0100
@@ -1,7 +1,7 @@
#
# spec file for package perl-Net-SSLeay
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@@ -33,6 +33,8 @@
Patch3:
Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-.patch
# Revert retry in Net::SSLeay::write_partial(), CPAN RT#125218
Patch4:
Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-from_write_partial.patch
+# PATCH-FIX-UPSTREAM https://github.com/radiator-software/p5-net-ssleay/pull/68
+Patch5: Net-SSLeay-1.85-Expose_SSL_CTX_set_post_handshake_auth.patch
BuildRequires: libopenssl-devel
BuildRequires: openssl
BuildRequires: perl
@@ -55,6 +57,7 @@
%prep
%setup -q -n %{cpan_name}-%{version}
%autopatch -p1
+
# replace rest of /usr/local/bin/perl with /usr/bin/perl
for f in $(find . -type f -exec grep -l "%{_prefix}/local/bin/perl" {} \; ); do
sed -i -e "s@%{_prefix}/local/bin/perl@perl@g" $f
++++++ Net-SSLeay-1.85-Expose_SSL_CTX_set_post_handshake_auth.patch ++++++
commit 6a6bcf3d96115a6ef62289838cea418c185d8c88
Author: Paul Howarth <p...@city-fan.org>
Date: Wed Sep 19 09:38:40 2018 +0100
Expose SSL_CTX_set_post_handshake_auth
TLS 1.3 removed renegotiation in favor of rekeying and post handshake
authentication (PHA). With PHA, a server can request a client certificate
from
a client at some point after the handshake. The feature is commonly used by
HTTP servers for conditional and path specific TLS client auth. For
example, a
server can decide to require a cert based on HTTP method and/or path. A
client
must announce support for PHA during the handshake.
Apache mod_ssl uses PHA:
https://github.com/apache/httpd/blob/trunk/modules/ssl/ssl_engine_kernel.c#L1207
As of OpenSSL ticket https://github.com/openssl/openssl/issues/6933, TLS 1.3
clients no longer send the PHA TLS extension by default. For on-demand auth,
PHA extension must be enabled with SSL_CTX_set_post_handshake_auth(),
https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_post_handshake_auth.html
.
This function is needed for the Apache httpd upstream test suite:
https://bugzilla.redhat.com/show_bug.cgi?id=1630391 .
diff --git a/SSLeay.xs b/SSLeay.xs
index a4dcb0a..5777ffc 100644
--- a/SSLeay.xs
+++ b/SSLeay.xs
@@ -7291,4 +7291,13 @@ SSL_export_keying_material(ssl, outlen, label, p)
#endif
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER)
/* OpenSSL 1.1.1 */
+
+void
+SSL_CTX_set_post_handshake_auth(s,val)
+ SSL_CTX * s
+ int val
+
+#endif
+
#define REM_EOF "/* EOF - SSLeay.xs */"
