From 449688d154b5bdca2fc763c1af050ab708262133 Mon Sep 17 00:00:00 2001
From: Paul Howarth <paul@city-fan.org>
Date: Sep 22 2014 14:21:39 +0000
Subject: Update to 1.998


- New upstream release 1.998
  - Make client authentication work at the server side when SNI is in by use
    having CA path and other settings in all SSL contexts instead of only the
    main one (https://github.com/noxxi/p5-io-socket-ssl/pull/15)

---

diff --git a/IO-Socket-SSL-1.997-use-system-default-SSL-version.patch b/IO-Socket-SSL-1.997-use-system-default-SSL-version.patch
deleted file mode 100644
index eed3aa9..0000000
--- a/IO-Socket-SSL-1.997-use-system-default-SSL-version.patch
+++ /dev/null
@@ -1,32 +0,0 @@
---- lib/IO/Socket/SSL.pm
-+++ lib/IO/Socket/SSL.pm
-@@ -83,7 +83,7 @@ my $algo2digest = do {
- # global defaults
- my %DEFAULT_SSL_ARGS = (
-     SSL_check_crl => 0,
--    SSL_version => 'SSLv23:!SSLv2',
-+    SSL_version => '',
-     SSL_verify_callback => undef,
-     SSL_verifycn_scheme => undef,  # fallback cn verification
-     SSL_verifycn_publicsuffix => undef,  # fallback default list verification
-@@ -2043,7 +2043,7 @@ WARN
- 
-     my $ssl_op = Net::SSLeay::OP_ALL();
- 
--    my $ver;
-+    my $ver = '';
-     for (split(/\s*:\s*/,$arg_hash->{SSL_version})) {
- 	m{^(!?)(?:(SSL(?:v2|v3|v23|v2/3))|(TLSv1(?:_?[12])?))$}i
- 	or croak("invalid SSL_version specified");
---- lib/IO/Socket/SSL.pod
-+++ lib/IO/Socket/SSL.pod
-@@ -910,7 +910,8 @@ recent versions of Net::SSLeay and opens
- 
- You can limit to set of supported protocols by adding !version separated by ':'.
- 
--The default SSL_version is 'SSLv23:!SSLv2' which means, that SSLv2, SSLv3 and
-+The default SSL_version is defined by underlying cryptographic library.
-+For example, 'SSLv23:!SSLv2' means that SSLv2, SSLv3 and TLSv1
- TLSv1 are supported for initial protocol handshakes, but SSLv2 will not be
- accepted, leaving only SSLv3 and TLSv1. You can also use !TLSv1_1 and !TLSv1_2
- to disable TLS versions 1.1 and 1.2 while allowing TLS version 1.0.
diff --git a/IO-Socket-SSL-1.998-use-system-default-SSL-version.patch b/IO-Socket-SSL-1.998-use-system-default-SSL-version.patch
new file mode 100644
index 0000000..695af45
--- /dev/null
+++ b/IO-Socket-SSL-1.998-use-system-default-SSL-version.patch
@@ -0,0 +1,32 @@
+--- lib/IO/Socket/SSL.pm
++++ lib/IO/Socket/SSL.pm
+@@ -83,7 +83,7 @@ my $algo2digest = do {
+ # global defaults
+ my %DEFAULT_SSL_ARGS = (
+     SSL_check_crl => 0,
+-    SSL_version => 'SSLv23:!SSLv2',
++    SSL_version => '',
+     SSL_verify_callback => undef,
+     SSL_verifycn_scheme => undef,  # fallback cn verification
+     SSL_verifycn_publicsuffix => undef,  # fallback default list verification
+@@ -2045,7 +2045,7 @@ WARN
+ 
+     my $ssl_op = Net::SSLeay::OP_ALL();
+ 
+-    my $ver;
++    my $ver = '';
+     for (split(/\s*:\s*/,$arg_hash->{SSL_version})) {
+ 	m{^(!?)(?:(SSL(?:v2|v3|v23|v2/3))|(TLSv1(?:_?[12])?))$}i
+ 	or croak("invalid SSL_version specified");
+--- lib/IO/Socket/SSL.pod
++++ lib/IO/Socket/SSL.pod
+@@ -910,7 +910,8 @@ recent versions of Net::SSLeay and opens
+ 
+ You can limit to set of supported protocols by adding !version separated by ':'.
+ 
+-The default SSL_version is 'SSLv23:!SSLv2' which means, that SSLv2, SSLv3 and
++The default SSL_version is defined by underlying cryptographic library.
++For example, 'SSLv23:!SSLv2' means that SSLv2, SSLv3 and TLSv1
+ TLSv1 are supported for initial protocol handshakes, but SSLv2 will not be
+ accepted, leaving only SSLv3 and TLSv1. You can also use !TLSv1_1 and !TLSv1_2
+ to disable TLS versions 1.1 and 1.2 while allowing TLS version 1.0.
diff --git a/perl-IO-Socket-SSL.spec b/perl-IO-Socket-SSL.spec
index 683ff58..aea6bda 100644
--- a/perl-IO-Socket-SSL.spec
+++ b/perl-IO-Socket-SSL.spec
@@ -1,13 +1,13 @@
 Name:		perl-IO-Socket-SSL
-Version:	1.997
-Release:	4%{?dist}
+Version:	1.998
+Release:	1%{?dist}
 Summary:	Perl library for transparent SSL
 Group:		Development/Libraries
 License:	GPL+ or Artistic
 URL:		http://search.cpan.org/dist/IO-Socket-SSL/
 Source0:	http://search.cpan.org/CPAN/authors/id/S/SU/SULLR/IO-Socket-SSL-%{version}.tar.gz
 Patch0:		IO-Socket-SSL-1.997-use-system-default-cipher-list.patch
-Patch1:		IO-Socket-SSL-1.997-use-system-default-SSL-version.patch
+Patch1:		IO-Socket-SSL-1.998-use-system-default-SSL-version.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu)
 BuildArch:	noarch
 BuildRequires:	openssl >= 0.9.8
@@ -100,6 +100,12 @@ rm -rf %{buildroot}
 %{_mandir}/man3/IO::Socket::SSL::Utils.3*
 
 %changelog
+* Mon Sep 22 2014 Paul Howarth <paul@city-fan.org> - 1.998-1
+- Update to 1.998
+  - Make client authentication work at the server side when SNI is in by use
+    having CA path and other settings in all SSL contexts instead of only the
+    main one (https://github.com/noxxi/p5-io-socket-ssl/pull/15)
+
 * Thu Aug 28 2014 Jitka Plesnikova <jplesnik@redhat.com> - 1.997-4
 - Perl 5.20 rebuild
 
diff --git a/sources b/sources
index a35d649..b0270bd 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-2a6268bb42da81e69d1c1feb2fcb0eea  IO-Socket-SSL-1.997.tar.gz
+00e23adb0bd80f4fa9c4336109e4f9db  IO-Socket-SSL-1.998.tar.gz