diff options
| author | mjl <mjl@pkgsrc.org> | 2002-01-19 03:19:12 +0000 |
|---|---|---|
| committer | mjl <mjl@pkgsrc.org> | 2002-01-19 03:19:12 +0000 |
| commit | b632bed3a2485a47e8c54ec277d1961800a0608c (patch) | |
| tree | d61899ab76e3743312aee24e13c184986ea93159 /security | |
| parent | df549909dd1c7a3610cf0060aa422a5a6e6ae752 (diff) | |
| download | pkgsrc-b632bed3a2485a47e8c54ec277d1961800a0608c.tar.gz | |
Update p5-Crypt-SSLeay to 0.35
+ Set local $SIG{PIPE} = \&die before $ssl->connect()
to capture the "broken pipe" error associated with connecting
to a computer that is not running a SSL web server
+ Documented differences / conflicts between LWP proxy support
and Crypt::SSLeay which seems to be a source of confusion for users.
+ Added Net::SSL::get_peer_verify call so the warning header
from LWP that says:
Client-SSL-Warning: Peer certificate not verified
can be suppressed when HTTPS_CA_FILE & HTTPS_CA_DIR environment
variables are set to invoke peer certificate verification.
+ $ENV{HTTPS_DEBUG} activates Crypt::SSLeay specific debugging,
so one can debug from LWP:: calls without using ./net_ssl_test script
- removed exit from Makefile.PL
+ Streamlined *CA* patches so only in $CTX->set_verify()
which gets called every time now.
+ Throw error instead of return undef in Net::SSL->connect()
because we loose the errors otherwise.
- Turn SSL_MODE_AUTO_RETRY on so clients can survive
changes in SSLVerifyClient changes in the modssl connection
+ Integrated patches from Gamid Isayev for CA peer verification.
- Client certs weren't working correctly, setup certs earlier in connection
now, also create new CTX per request, so cert settings don't remain
sticky from one request to the next.
+ update ./net_ssl_test to do smart parsing of host, where
host can now be of the form http://www.nodeworks.com:443/
- local $@ in Net::SSL::DESTROY so we don't kill real errors
- return undef in Net::SSL::connect() instead of die() for better LWP
support & error handling.
+ alarm() on Unix platforms around ssl ctx connect, which can hang for
process for way too long when trying to connect to dead https SSL servers.
Fixes PR/15053 by Shell Hung.
Diffstat (limited to 'security')
| -rw-r--r-- | security/p5-SSLeay/Makefile | 12 | ||||
| -rw-r--r-- | security/p5-SSLeay/distinfo | 8 | ||||
| -rw-r--r-- | security/p5-SSLeay/patches/patch-aa | 22 |
3 files changed, 22 insertions, 20 deletions
diff --git a/security/p5-SSLeay/Makefile b/security/p5-SSLeay/Makefile index ad04d0485da..589a03ab92b 100644 --- a/security/p5-SSLeay/Makefile +++ b/security/p5-SSLeay/Makefile @@ -1,13 +1,13 @@ -# $NetBSD: Makefile,v 1.3 2001/11/26 06:50:18 jlam Exp $ +# $NetBSD: Makefile,v 1.4 2002/01/19 03:19:12 mjl Exp $ # -DISTNAME= Crypt-SSLeay-0.22 +DISTNAME= Crypt-SSLeay-0.35 PKGNAME= p5-${DISTNAME} SVR4_PKGNAME= p5csl CATEGORIES= security perl5 www MASTER_SITES= ${MASTER_SITE_PERL_CPAN:=Crypt/} -MAINTAINER= damon@brodiefamily.org +MAINTAINER= shell@shellhung.org COMMENT= Crypt::SSLeay - OpenSSL glue that provides LWP https support DEPENDS+= p5-libwww>=5.48:../../www/p5-libwww @@ -15,9 +15,11 @@ DEPENDS+= p5-libwww>=5.48:../../www/p5-libwww USE_BUILDLINK_ONLY= YES PERL5_PACKLIST= ${PERL5_SITEARCH}/auto/Crypt/SSLeay/.packlist -do-configure: - @cd ${WRKSRC} && ${SED} "s|@SSLBASE@|${BUILDLINK_DIR}|" Makefile.PL \ +post-patch: + @cd ${WRKSRC} && ${SED} "s|%%SSLBASE%%|${BUILDLINK_DIR}|" Makefile.PL \ > Makefile.PL.tmp && ${MV} Makefile.PL.tmp Makefile.PL + +do-configure: @cd ${WRKSRC}; ${SETENV} ${MAKE_ENV} ${PERL5} Makefile.PL .include "../../lang/perl5/buildlink.mk" diff --git a/security/p5-SSLeay/distinfo b/security/p5-SSLeay/distinfo index e0ba4b4a81f..282e974af4e 100644 --- a/security/p5-SSLeay/distinfo +++ b/security/p5-SSLeay/distinfo @@ -1,5 +1,5 @@ -$NetBSD: distinfo,v 1.2 2001/04/19 15:40:36 agc Exp $ +$NetBSD: distinfo,v 1.3 2002/01/19 03:19:13 mjl Exp $ -SHA1 (Crypt-SSLeay-0.22.tar.gz) = 036620791d4783a326de201991afaa3c80e91f89 -Size (Crypt-SSLeay-0.22.tar.gz) = 16667 bytes -SHA1 (patch-aa) = b06750bcbde0c8836a9908ba4732b7614dc52f53 +SHA1 (Crypt-SSLeay-0.35.tar.gz) = f2c742ed159b3e0fb02f144ba06d27ecc201f39a +Size (Crypt-SSLeay-0.35.tar.gz) = 20336 bytes +SHA1 (patch-aa) = 0edc4fcf6a87b20688912df587b1145055763ed3 diff --git a/security/p5-SSLeay/patches/patch-aa b/security/p5-SSLeay/patches/patch-aa index cb38da4fcf2..893ac6c9d43 100644 --- a/security/p5-SSLeay/patches/patch-aa +++ b/security/p5-SSLeay/patches/patch-aa @@ -1,22 +1,22 @@ -$NetBSD: patch-aa,v 1.1.1.1 2001/03/10 14:16:52 wiz Exp $ +$NetBSD: patch-aa,v 1.2 2002/01/19 03:19:13 mjl Exp $ ---- Makefile.PL.orig Sat Nov 25 18:22:32 2000 +--- Makefile.PL.orig Fri Aug 17 06:03:38 2001 +++ Makefile.PL -@@ -8,7 +8,7 @@ +@@ -13,7 +13,7 @@ chdir($currdir) || die("can't change to $currdir: $!"); # FIND POSSIBLE SSL INSTALLATIONS -my @POSSIBLE_SSL_DIRS = qw(/usr/local/openssl /usr/local/ssl /local/ssl /opt/ssl /usr/local /local /usr); -+my @POSSIBLE_SSL_DIRS = qw(@SSLBASE@); ++my @POSSIBLE_SSL_DIRS = qw(%%SSLBASE%%); my @CANDIDATE; my $open_ssl = 0; my $dir; -@@ -38,7 +38,7 @@ - unless($CANDIDATE[0][0]) { - print "No OpenSSL installation found, usually in $POSSIBLE_SSL_DIRS[0]\n"; +@@ -47,7 +47,7 @@ + unless($CANDIDATE[0][0]) { + print "No OpenSSL installation found, usually in $POSSIBLE_SSL_DIRS[0]\n"; + } +- $SSL_DIR = prompt "Which OpenSSL build path do you want to link against?", $CANDIDATE[0][0]; ++ $SSL_DIR = $CANDIDATE[0][0]; } -- $SSL_DIR = prompt "Which OpenSSL build path do you want to link against?", $CANDIDATE[0][0]; -+ $SSL_DIR = $CANDIDATE[0][0]; } - my $candidate = &Candidate($SSL_DIR); - unless($candidate) { + |