9 changed files with 193 additions and 214 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/IO-Socket-SSL-2.085.tar.gz
+SOURCES/IO-Socket-SSL-2.073.tar.gz
--- a/.perl-IO-Socket-SSL.metadata
+++ b/.perl-IO-Socket-SSL.metadata
@ -1 +1 @@
-4ea8881ecd788f719bcaf1e9bb86c5c914abddc6 SOURCES/IO-Socket-SSL-2.085.tar.gz
+442c23ee1d0476df788f8b0b0f5fe174f871d792 SOURCES/IO-Socket-SSL-2.073.tar.gz
--- a/SOURCES/IO-Socket-SSL-2.066-Test-client-performs-Post-Handshake-Authentication.patch
+++ b/SOURCES/IO-Socket-SSL-2.066-Test-client-performs-Post-Handshake-Authentication.patch
@ -53,15 +53,15 @@ index 0000000..2413588
 +}
 +
 +my $port = 2000;
-+my $ca_cert = 't/certs/test-ca.pem';
+my $ca_cert = 'certs/test-ca.pem';
 +
 +diag 'Starting a server';
 +my ($server, $input, $stdout, $stderr);
 +eval {
 +    $server = IPC::Run::start(['openssl', 's_server', '-port', $port,
 +            '-Verify', '1',
-+            '-cert', 't/certs/server-wildcard.pem',
+            '-cert', 'certs/server-wildcard.pem',
-+            '-key', 't/certs/server-wildcard.pem', '-CAfile', $ca_cert],
+            '-key', 'certs/server-wildcard.pem', '-CAfile', $ca_cert],
 +        \$input, \$stdout, \$stderr);
 +    # subsequent \undef does not work
 +    # <https://github.com/toddr/IPC-Run/issues/124>
@ -84,8 +84,8 @@ index 0000000..2413588
 +    SSL_verifycn_scheme => 'www',
 +    SSL_verifycn_name => 'www.server.local',
 +    SSL_ca_file => $ca_cert,
-+    SSL_key_file => 't/certs/client-key.pem',
+    SSL_key_file => 'certs/client-key.pem',
-+    SSL_cert_file => 't/certs/client-cert.pem'
+    SSL_cert_file => 'certs/client-cert.pem'
 +);
 +ok($client, 'Client connected');
 +
--- a/SOURCES/IO-Socket-SSL-2.068-openssl-1.1.1e.patch
+++ b/SOURCES/IO-Socket-SSL-2.068-openssl-1.1.1e.patch
@ -0,0 +1,15 @@
 --- Makefile.PL
 +++ Makefile.PL
@@ -68,12 +68,6 @@ if (my $compiled = eval {
 	die sprintf("API-different OpenSSL versions compiled in (0x%08x) vs linked (0x%08x)",
 	    $compiled,$linked);
     }
 -
 -    # OpenSSL 1.1.1e introduced behavior changes breaking various code
 -    # will likely be reverted  in 1.1.1f - enforce to not use this version
 -    if ($linked == 0x1010105f) {
 -	die "detected OpenSSL 1.1.1e - please use a different version\n";
 -    }
 }
 # make sure that we have dualvar from the XS Version of Scalar::Util
--- a/SOURCES/IO-Socket-SSL-2.068-use-system-default-SSL-version.patch
+++ b/SOURCES/IO-Socket-SSL-2.068-use-system-default-SSL-version.patch
@ -0,0 +1,36 @@
 --- lib/IO/Socket/SSL.pm
 +++ lib/IO/Socket/SSL.pm
@@ -194,7 +194,7 @@ if ( defined &Net::SSLeay::CTX_set_min_p
 # global defaults
 my %DEFAULT_SSL_ARGS = (
     SSL_check_crl => 0,
 -    SSL_version => 'SSLv23:!SSLv3:!SSLv2', # consider both SSL3.0 and SSL2.0 as broken
 +    SSL_version => '',
     SSL_verify_callback => undef,
     SSL_verifycn_scheme => undef,  # fallback cn verification
     SSL_verifycn_publicsuffix => undef,  # fallback default list verification
@@ -2383,7 +2383,7 @@ sub new {
     my $ssl_op = $DEFAULT_SSL_OP;
 -    my $ver;
 +    my $ver = '';
     for (split(/\s*:\s*/,$arg_hash->{SSL_version})) {
 	m{^(!?)(?:(SSL(?:v2|v3|v23|v2/3))|(TLSv1(?:_?[123])?))$}i
 	or croak("invalid SSL_version specified");
 --- lib/IO/Socket/SSL.pod
 +++ lib/IO/Socket/SSL.pod
@@ -1043,11 +1043,12 @@ All values are case-insensitive.  Instea
 'TLSv1_3' one can also use 'TLSv11', 'TLSv12', and 'TLSv13'.  Support for
 'TLSv1_1', 'TLSv1_2', and 'TLSv1_3' requires recent versions of Net::SSLeay
 and openssl.
 +The default SSL_version is defined by the underlying cryptographic library.
 Independent from the handshake format you can limit to set of accepted SSL
 versions by adding !version separated by ':'.
 -The default SSL_version is 'SSLv23:!SSLv3:!SSLv2' which means, that the
 +For example, 'SSLv23:!SSLv3:!SSLv2' means that the
 handshake format is compatible to SSL2.0 and higher, but that the successful
 handshake is limited to TLS1.0 and higher, that is no SSL2.0 or SSL3.0 because
 both of these versions have serious security issues and should not be used
--- a/SOURCES/IO-Socket-SSL-2.068-use-system-default-cipher-list.patch
+++ b/SOURCES/IO-Socket-SSL-2.068-use-system-default-cipher-list.patch
@ -0,0 +1,101 @@
 --- lib/IO/Socket/SSL.pm
 +++ lib/IO/Socket/SSL.pm
@@ -202,77 +202,17 @@ my %DEFAULT_SSL_ARGS = (
     SSL_npn_protocols => undef,    # meaning depends whether on server or client side
     SSL_alpn_protocols => undef,   # list of protocols we'll accept/send, for example ['http/1.1','spdy/3.1']
 -    # https://wiki.mozilla.org/Security/Server_Side_TLS, 2019/03/05
 -    # "Old backward compatibility" for best compatibility
 -    # .. "Most ciphers that are not clearly broken and dangerous to use are supported"
 -    # slightly reordered to prefer AES since it is cheaper when hardware accelerated
 -    SSL_cipher_list => 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP',
 +    # Use system-wide default cipher list to support use of system-wide
 +    # crypto policy (#1076390, #1127577, CPAN RT#97816)
 +    # https://fedoraproject.org/wiki/Changes/CryptoPolicy
 +    SSL_cipher_list => 'PROFILE=SYSTEM',
 );
 my %DEFAULT_SSL_CLIENT_ARGS = (
     %DEFAULT_SSL_ARGS,
     SSL_verify_mode => SSL_VERIFY_PEER,
 -
     SSL_ca_file => undef,
     SSL_ca_path => undef,
 -
 -    # older versions of F5 BIG-IP hang when getting SSL client hello >255 bytes
 -    # http://support.f5.com/kb/en-us/solutions/public/13000/000/sol13037.html
 -    # http://guest:guest@rt.openssl.org/Ticket/Display.html?id=2771
 -    # Ubuntu worked around this by disabling TLSv1_2 on the client side for
 -    # a while. Later a padding extension was added to OpenSSL to work around
 -    # broken F5 but then IronPort croaked because it did not understand this
 -    # extension so it was disabled again :(
 -    # Firefox, Chrome and IE11 use TLSv1_2 but use only a few ciphers, so
 -    # that packet stays small enough. We try the same here.
 -
 -    SSL_cipher_list => join(" ",
 -
 -	# SSLabs report for Chrome 48/OSX.
 -	# This also includes the fewer ciphers Firefox uses.
 -	'ECDHE-ECDSA-AES128-GCM-SHA256',
 -	'ECDHE-RSA-AES128-GCM-SHA256',
 -	'DHE-RSA-AES128-GCM-SHA256',
 -	'ECDHE-ECDSA-CHACHA20-POLY1305',
 -	'ECDHE-RSA-CHACHA20-POLY1305',
 -	'ECDHE-ECDSA-AES256-SHA',
 -	'ECDHE-RSA-AES256-SHA',
 -	'DHE-RSA-AES256-SHA',
 -	'ECDHE-ECDSA-AES128-SHA',
 -	'ECDHE-RSA-AES128-SHA',
 -	'DHE-RSA-AES128-SHA',
 -	'AES128-GCM-SHA256',
 -	'AES256-SHA',
 -	'AES128-SHA',
 -	'DES-CBC3-SHA',
 -
 -	# IE11/Edge has some more ciphers, notably SHA384 and DSS
 -	# we don't offer the *-AES128-SHA256 and *-AES256-SHA384 non-GCM
 -	# ciphers IE/Edge offers because they look like a large mismatch
 -	# between a very strong HMAC and a comparably weak (but sufficient)
 -	# encryption. Similar all browsers which do SHA384 can do ECDHE
 -	# so skip the DHE*SHA384 ciphers.
 -	'ECDHE-RSA-AES256-GCM-SHA384',
 -	'ECDHE-ECDSA-AES256-GCM-SHA384',
 -	# 'ECDHE-RSA-AES256-SHA384',
 -	# 'ECDHE-ECDSA-AES256-SHA384',
 -	# 'ECDHE-RSA-AES128-SHA256',
 -	# 'ECDHE-ECDSA-AES128-SHA256',
 -	# 'DHE-RSA-AES256-GCM-SHA384',
 -	# 'AES256-GCM-SHA384',
 -	'AES256-SHA256',
 -	# 'AES128-SHA256',
 -	'DHE-DSS-AES256-SHA256',
 -	# 'DHE-DSS-AES128-SHA256',
 -	'DHE-DSS-AES256-SHA',
 -	'DHE-DSS-AES128-SHA',
 -	'EDH-DSS-DES-CBC3-SHA',
 -
 -	# Just to make sure, that we don't accidentally add bad ciphers above.
 -	# This includes dropping RC4 which is no longer supported by modern
 -	# browsers and also excluded in the SSL libraries of Python and Ruby.
 -	"!EXP !MEDIUM !LOW !eNULL !aNULL !RC4 !DES !MD5 !PSK !SRP"
 -    )
 );
 # set values inside _init to work with perlcc, RT#95452
 --- lib/IO/Socket/SSL.pod
 +++ lib/IO/Socket/SSL.pod
@@ -1069,12 +1069,8 @@ documentation (L<https://www.openssl.org
 for more details.
 Unless you fail to contact your peer because of no shared ciphers it is
 -recommended to leave this option at the default setting. The default setting
 -prefers ciphers with forward secrecy, disables anonymous authentication and
 -disables known insecure ciphers like MD5, DES etc. This gives a grade A result
 -at the tests of SSL Labs.
 -To use the less secure OpenSSL builtin default (whatever this is) set
 -SSL_cipher_list to ''.
 +recommended to leave this option at the default setting, which honors the
 +system-wide PROFILE=SYSTEM cipher list.
 In case different cipher lists are needed for different SNI hosts a hash can be
 given with the host as key and the cipher suite as value, similar to
--- a/SOURCES/IO-Socket-SSL-2.084-use-system-default-SSL-version.patch
+++ b/SOURCES/IO-Socket-SSL-2.084-use-system-default-SSL-version.patch
@ -1,37 +0,0 @@
 --- lib/IO/Socket/SSL.pm
 +++ lib/IO/Socket/SSL.pm
@@ -196,8 +196,7 @@ if ( defined &Net::SSLeay::CTX_set_min_p
 # global defaults
 my %DEFAULT_SSL_ARGS = (
     SSL_check_crl => 0,
 -    # TLS 1.1 and lower are deprecated with RFC 8996
 -    SSL_version => 'SSLv23:!TLSv1:!TLSv1_1:!SSLv3:!SSLv2',
 +    SSL_version => '',
     SSL_verify_callback => undef,
     SSL_verifycn_scheme => undef,  # fallback cn verification
     SSL_verifycn_publicsuffix => undef,  # fallback default list verification
@@ -2445,7 +2444,7 @@ sub new {
     my $ssl_op = $DEFAULT_SSL_OP;
 -    my $ver;
 +    my $ver = '';
     for (split(/\s*:\s*/,$arg_hash->{SSL_version})) {
 	m{^(!?)(?:(SSL(?:v2|v3|v23|v2/3))|(TLSv1(?:_?[123])?))$}i
 	or croak("invalid SSL_version specified");
 --- lib/IO/Socket/SSL.pod
 +++ lib/IO/Socket/SSL.pod
@@ -1044,11 +1044,12 @@ All values are case-insensitive.  Instea
 versions are actually supported depend on the versions of OpenSSL and
 Net::SSLeay installed, but modern protocols like TLS 1.3 are supported by these
 for many years now.
 +The default SSL_version is defined by the underlying cryptographic library.
 Independent from the handshake format you can limit to set of accepted SSL
 versions by adding !version separated by ':'.
 -The default SSL_version is 'SSLv23:!TLSv1:!TLSv1_1:!SSLv3:!SSLv2'. This means,
 +For example, 'SSLv23:!TLSv1:!TLSv1_1:!SSLv3:!SSLv2' means
 that the handshake format is compatible to SSL2.0 and higher, but that the
 successful handshake is limited to TLS1.2 and higher, that is no SSL2.0, SSL3.0,
 TLS 1.0 or TLS 1.1 because these versions have serious security issues and
--- a/SOURCES/IO-Socket-SSL-2.084-use-system-default-cipher-list.patch
+++ b/SOURCES/IO-Socket-SSL-2.084-use-system-default-cipher-list.patch
@ -1,29 +0,0 @@
 --- lib/IO/Socket/SSL.pm
 +++ lib/IO/Socket/SSL.pm
@@ -205,8 +205,10 @@ my %DEFAULT_SSL_ARGS = (
     SSL_npn_protocols => undef,    # meaning depends whether on server or client side
     SSL_alpn_protocols => undef,   # list of protocols we'll accept/send, for example ['http/1.1','spdy/3.1']
 -    # rely on system default but be sure to disable some definitely bad ones
 -    SSL_cipher_list => 'DEFAULT !EXP !MEDIUM !LOW !eNULL !aNULL !RC4 !DES !MD5 !PSK !SRP',
 +    # Use system-wide default cipher list to support use of system-wide
 +    # crypto policy (#1076390, #1127577, CPAN RT#97816)
 +    # https://fedoraproject.org/wiki/Changes/CryptoPolicy
 +    SSL_cipher_list => 'PROFILE=SYSTEM',
 );
 my %DEFAULT_SSL_CLIENT_ARGS = (
 --- lib/IO/Socket/SSL.pod
 +++ lib/IO/Socket/SSL.pod
@@ -1071,9 +1071,8 @@ ciphers for TLS 1.2 and lower. See the O
 for more details.
 Unless you fail to contact your peer because of no shared ciphers it is
 -recommended to leave this option at the default setting, which uses the system
 -default but disables some insecure ciphers which might still be enabled on older
 -systems.
 +recommended to leave this option at the default setting, which honors the
 +system-wide PROFILE=SYSTEM cipher list.
 In case different cipher lists are needed for different SNI hosts a hash can be
 given with the host as key and the cipher suite as value, similar to
--- a/SPECS/perl-IO-Socket-SSL.spec
+++ b/SPECS/perl-IO-Socket-SSL.spec
@ -1,23 +1,23 @@
 %if 0%{?rhel} >= 9
 %bcond_with perl_IO_Socket_SSL_test_unused_idn
 %bcond_with perl_IO_Socket_SSL_test_IO_Socket_INET6
 %else
 %bcond_without perl_IO_Socket_SSL_test_unused_idn
 %bcond_without perl_IO_Socket_SSL_test_IO_Socket_INET6
 %endif
 %bcond_without perl_IO_Socket_SSL_test_IO_Socket_INET6
 Name:		perl-IO-Socket-SSL
-Version:	2.085
+Version:	2.073
-Release:	3%{?dist}
+Release:	1%{?dist}
 Summary:	Perl library for transparent SSL
-License:	(GPL-1.0-or-later OR Artistic-1.0-Perl) AND MPL-2.0
+License:	(GPL+ or Artistic) and MPLv2.0
 URL:		https://metacpan.org/release/IO-Socket-SSL
 Source0:	https://cpan.metacpan.org/modules/by-module/IO/IO-Socket-SSL-%{version}.tar.gz
-Patch0:		IO-Socket-SSL-2.084-use-system-default-cipher-list.patch
+Patch0:		IO-Socket-SSL-2.068-use-system-default-cipher-list.patch
-Patch1:		IO-Socket-SSL-2.084-use-system-default-SSL-version.patch
+Patch1:		IO-Socket-SSL-2.068-use-system-default-SSL-version.patch
 # A test for Enable-Post-Handshake-Authentication-TLSv1.3-feature.patch,
 # bug #1632660, requires openssl tool
-Patch2:		IO-Socket-SSL-2.080-Test-client-performs-Post-Handshake-Authentication.patch
+Patch2:		IO-Socket-SSL-2.066-Test-client-performs-Post-Handshake-Authentication.patch
 Patch3:		IO-Socket-SSL-2.068-openssl-1.1.1e.patch
 BuildArch:	noarch
 # Module Build
 BuildRequires:	coreutils
@ -62,7 +62,8 @@ BuildRequires:	perl(Net::LibIDN)
 BuildRequires:	perl(Test::More) >= 0.88
 BuildRequires:	perl(utf8)
 BuildRequires:	procps
-# Dependencies
+# Runtime
 Requires:	perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version))
 Requires:	openssl-libs >= 0.9.8
 Requires:	perl(Config)
 Requires:	perl(HTTP::Tiny)
@ -83,16 +84,20 @@ mod_perl.
 %prep
 %setup -q -n IO-Socket-SSL-%{version}
 # Allow building with OpenSSL 1.1.1e as the Fedora package has the
 # problematic EOF handling change reverted
 %patch3
 # Use system-wide default cipher list to support use of system-wide
 # crypto policy (#1076390, #1127577, CPAN RT#97816)
 # https://fedoraproject.org/wiki/Changes/CryptoPolicy
-%patch -P 0
+%patch0
 # Use system-default SSL version too
-%patch -P 1
+%patch1
 # Add a test for PHA
-%patch -P 2 -p1
+%patch2 -p1
 %build
 NO_NETWORK_TESTING=1 perl Makefile.PL \
@ -109,7 +114,7 @@ NO_NETWORK_TESTING=1 perl Makefile.PL \
 make test
 %files
-# GPL-1.0-or-later OR Artistic-1.0-Perl
+# GPL+ or Artistic
 %doc BUGS Changes README docs/ example/
 %dir %{perl_vendorlib}/IO/
 %dir %{perl_vendorlib}/IO/Socket/
@ -121,141 +126,29 @@ make test
 %{_mandir}/man3/IO::Socket::SSL.3*
 %{_mandir}/man3/IO::Socket::SSL::Intercept.3*
 %{_mandir}/man3/IO::Socket::SSL::Utils.3*
-# MPL-2.0
+# MPLv2.0
 %{perl_vendorlib}/IO/Socket/SSL/PublicSuffix.pm
 %{_mandir}/man3/IO::Socket::SSL::PublicSuffix.3*
 %changelog
-* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 2.085-3
+* Tue Jan 04 2022 Michal Josef Špaček <mspacek@redhat.com> - 2.073-1
- Bump release for October 2024 mass rebuild:
+- Update to 2.073, which has official support for OpenSSL 3.0.0
-  Resolves: RHEL-64018
+  Related: rhbz#1968046
-* Fri Oct 25 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 2.085-2
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.070-6
- Rebuilt for MSVSphere 10
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688
-* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.085-2
+* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.070-5
- Bump release for June 2024 mass rebuild
+- Rebuilt for RHEL 9 BETA for openssl 3.0
  Related: rhbz#1971065
-* Tue Jan 23 2024 Paul Howarth <paul@city-fan.org> - 2.085-1
+* Tue Jun 08 2021 Michal Josef Špaček <mspacek@redhat.com> - 2.070-4
- Update to 2.085
+- Remove failing tests in openssl 3.0.0-alpha16. Related: rhbz#1968046
-  - Fix test that failed due to behavior changes in OpenSSL 3.2 (GH#147)
+  - Provisional for mass rebuild of openssl3.
-  - Update PublicSuffix
+
-  - Add examples for TLS JA3/JA4 fingerprinting to tls_fingerprint/
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.070-3
-
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
 * Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.084-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 * Tue Nov  7 2023 Paul Howarth <paul@city-fan.org> - 2.084-1
 - Update to 2.084
  - Various fixes for edge cases and build: GH#136, GH#141, GH#142, GH#143,
    GH#145
  - Update documentation to reflect default SSL_version
 * Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.083-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
 * Tue Jun 27 2023 Jitka Plesnikova <jplesnik@redhat.com> - 2.083-2
 - Disable optional IO::Socket::INET6 tests on ELN
 * Thu May 18 2023 Paul Howarth <paul@city-fan.org> - 2.083-1
 - Update to 2.083
  - Fix t/protocol_version.t for OpenSSL versions that don't support SECLEVEL
    (regression from GH#122)
 * Thu May 18 2023 Paul Howarth <paul@city-fan.org> - 2.082-1
 - Update to 2.082
  - SSL_version default now TLS 1.2+ since TLS 1.1 and lower are deprecated
    (GH#122)
  - Fix output of alert string when debugging (GH#132)
  - Improve regex for hostname validation (GH#130, GH#126)
  - Add can_ciphersuites subroutine for feature checking (GH#127)
  - Utils::CERT_create - die if unexpected arguments are given instead of
    ignoring these
 - Avoid use of deprecated patch syntax
 * Wed Jan 25 2023 Paul Howarth <paul@city-fan.org> - 2.081-1
 - Update to 2.081
  - New function set_msg_callback for user defined callback on each SSL message
  - Showcase function in example/ssl_client.pl and example/ssl_server.pl for
    computing JA3S/JA3 fingerprints
  - Fix tracing added in 2.076 to no longer include SSL3_RT_HEADER (noise)
 * Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.080-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
 * Wed Jan 18 2023 Paul Howarth <paul@city-fan.org> - 2.080-1
 - Update to 2.080
  - Move test certificates into t/ directory where they belong
 * Mon Jan 16 2023 Paul Howarth <paul@city-fan.org> - 2.079-1
 - Update to 2.079
  - Properly extract IPv6 address for verification from PeerAddr if
    not explicitly given as SSL_verifycn_name (GH#123)
 * Mon Dec 12 2022 Paul Howarth <paul@city-fan.org> - 2.078-1
 - Update to 2.078
  - Revert decision from 2014 to not verify hostname by default if hostname is
    IP address but no explicit verification scheme given (GH#121)
 * Mon Nov 21 2022 Paul Howarth <paul@city-fan.org> - 2.077-1
 - Update to 2.077
  - Fix memory leak in session cache (GH#118)
  - More race conditions in tests fixed (GH#97)
 * Mon Nov 14 2022 Paul Howarth <paul@city-fan.org> - 2.076-1
 - Update to 2.076
 - Added curl like tracing (based on GH#117)
 - Fixed race condition in t/sni_verify.t (GH#97)
 * Sat Sep  3 2022 Paul Howarth <paul@city-fan.org> - 2.075-1
 - Update to 2.075
  - Treat SSL_write returning 0 same as previously -1, as suggested by both
    OpenSSL and LibreSSL documentation
  - Propagate error from SSL_shutdown, unless the shutdown is caused by an outer
    SSL error, in which case keep the original error
  - Small test fixes
 - Use SPDX-format license tag
 * Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.074-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
 * Wed Jun 01 2022 Jitka Plesnikova <jplesnik@redhat.com> - 2.074-3
 - Perl 5.36 rebuild
 * Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.074-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
 * Sat Jan  8 2022 Paul Howarth <paul@city-fan.org> - 2.074-1
 - Update to 2.074
  - Add SSL_ciphersuites option for TLS 1.3 ciphers
  - No longer use own default for ciphers: instead, use system default but
    disable some weak ciphers that might still be enabled on older systems
 * Thu Dec 23 2021 Paul Howarth <paul@city-fan.org> - 2.073-1
 - Update to 2.073
  - Fix behavior and tests for OpenSSL 3.0.1
  - Fix GH#110 - prevent internal error warning in some cases
 * Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 2.072-2
 - Rebuilt with OpenSSL 3.0.0
 * Tue Aug 17 2021 Paul Howarth <paul@city-fan.org> - 2.072-1
 - Update to 2.072
  - Add PEM_certs2file and PEM_file2certs in IO::Socket::SSL::Utils based on
    idea in GH#101
  - certs/*.p12 used for testing should now work with OpenSSL 3.0 too (GH#108)
  - Update public suffix database
 - Drop patch for building with OpenSSL 1.1.1e
 * Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.071-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
 * Tue May 25 2021 Paul Howarth <paul@city-fan.org> - 2.071-1
 - Update to 2.071
  - Fix t/nonblock.t race on some systems (fixes GH#102, maybe GH#98 too)
 * Fri May 21 2021 Jitka Plesnikova <jplesnik@redhat.com> - 2.070-3
 - Perl 5.34 rebuild
 * Fri Mar 19 2021 Petr Pisar <ppisar@redhat.com> - 2.070-2
 - Disable optional libidn tests on ELN
`@ -1 +1 @@`
	`SOURCES/IO-Socket-SSL-2.085.tar.gz`	`SOURCES/IO-Socket-SSL-2.073.tar.gz`
`@ -1 +1 @@`
	`4ea8881ecd788f719bcaf1e9bb86c5c914abddc6 SOURCES/IO-Socket-SSL-2.085.tar.gz`	`442c23ee1d0476df788f8b0b0f5fe174f871d792 SOURCES/IO-Socket-SSL-2.073.tar.gz`