r65592 - in /branches/upstream/libio-socket-ssl-perl/current: Changes META.yml SSL.pm
carnil at users.alioth.debian.org
carnil at users.alioth.debian.org
Wed Dec 8 21:34:04 UTC 2010
Author: carnil
Date: Wed Dec 8 21:33:42 2010
New Revision: 65592
URL: http://svn.debian.org/wsvn/pkg-perl/?sc=1&rev=65592
Log:
[svn-upgrade] new version libio-socket-ssl-perl (1.36)
Modified:
branches/upstream/libio-socket-ssl-perl/current/Changes
branches/upstream/libio-socket-ssl-perl/current/META.yml
branches/upstream/libio-socket-ssl-perl/current/SSL.pm
Modified: branches/upstream/libio-socket-ssl-perl/current/Changes
URL: http://svn.debian.org/wsvn/pkg-perl/branches/upstream/libio-socket-ssl-perl/current/Changes?rev=65592&op=diff
==============================================================================
--- branches/upstream/libio-socket-ssl-perl/current/Changes (original)
+++ branches/upstream/libio-socket-ssl-perl/current/Changes Wed Dec 8 21:33:42 2010
@@ -1,4 +1,8 @@
+v1.36 2010.12.08
+- update documentation for SSL_verify_callback based on
+ https://rt.cpan.org/Ticket/Display.html?id=63743
+ https://rt.cpan.org/Ticket/Display.html?id=63740
v1.35 2010.12.06
- if verify_mode is not VERIFY_NONE and the ca_file/ca_path cannot be
verified as valid it will no longer fall back to VERIFY_NONE but throw
Modified: branches/upstream/libio-socket-ssl-perl/current/META.yml
URL: http://svn.debian.org/wsvn/pkg-perl/branches/upstream/libio-socket-ssl-perl/current/META.yml?rev=65592&op=diff
==============================================================================
--- branches/upstream/libio-socket-ssl-perl/current/META.yml (original)
+++ branches/upstream/libio-socket-ssl-perl/current/META.yml Wed Dec 8 21:33:42 2010
@@ -1,6 +1,6 @@
--- #YAML:1.0
name: IO-Socket-SSL
-version: 1.35
+version: 1.36
abstract: Nearly transparent SSL encapsulation for IO::Socket::INET.
author:
- Steffen Ullrich & Peter Behroozi & Marko Asplund
Modified: branches/upstream/libio-socket-ssl-perl/current/SSL.pm
URL: http://svn.debian.org/wsvn/pkg-perl/branches/upstream/libio-socket-ssl-perl/current/SSL.pm?rev=65592&op=diff
==============================================================================
--- branches/upstream/libio-socket-ssl-perl/current/SSL.pm (original)
+++ branches/upstream/libio-socket-ssl-perl/current/SSL.pm Wed Dec 8 21:33:42 2010
@@ -78,7 +78,7 @@
}) {
@ISA = qw(IO::Socket::INET);
}
- $VERSION = '1.35';
+ $VERSION = '1.36';
$GLOBAL_CONTEXT_ARGS = {};
#Make $DEBUG another name for $Net::SSLeay::trace
@@ -1722,18 +1722,40 @@
(0x00) does no authentication. You may combine 0x01 (verify peer), 0x02 (fail
verification if no peer certificate exists; ignored for clients), and 0x04
(verify client once) to change the default.
+
See OpenSSL man page for SSL_CTX_set_verify for more information.
=item SSL_verify_callback
If you want to verify certificates yourself, you can pass a sub reference along
with this parameter to do so. When the callback is called, it will be passed:
-1) a true/false value that indicates what OpenSSL thinks of the certificate,
-2) a C-style memory address of the certificate store,
-3) a string containing the certificate's issuer attributes and owner attributes, and
-4) a string containing any errors encountered (0 if no errors).
+
+=over 4
+
+=item 1.
+a true/false value that indicates what OpenSSL thinks of the certificate,
+
+=item 2.
+a C-style memory address of the certificate store,
+
+=item 3.
+a string containing the certificate's issuer attributes and owner attributes, and
+
+=item 4.
+a string containing any errors encountered (0 if no errors).
+
+=item 5.
+a C-style memory address of the peer's own certificate (convertible to
+PEM form with Net::SSLeay::PEM_get_string_X509()).
+
+=back
+
The function should return 1 or 0, depending on whether it thinks the certificate
is valid or invalid. The default is to let OpenSSL do all of the busy work.
+
+The callback will be called for each element in the certificate chain.
+
+See the OpenSSL documentation for SSL_CTX_set_verify for more information.
=item SSL_verifycn_scheme
More information about the Pkg-perl-cvs-commits
mailing list