Revision history for Perl extension Crypt::MatrixSSL.
0.01 Mon Jan 17 21:59:03 2005
--compat-version=5.6.0 -A -n Crypt::MatrixSSL
0.02 Wed Feb 02 23:03:00 2005
0.03 Thu Feb 03 15:42:00 2005
0.04 Fri Feb 4 12:35:58 GMT 2005
0.05 Mon Mar 28 01:50:13 GMT 2005
0.06 Fri Apr 22 18:24:58 GMT 2005
0.07 Wed May 4 23:28:55 GMT 2005
1.73 Mon Feb 27 15:07:38 GMT 2006
1.8 Fri Apr 7 10:04:57 GMT 2006
1.82 Sat Oct 28 14:10:11 GMT 2006
01-online_test.patch:
* Refactored file name 't/online.enabled' into var.
* Moved unlink() to 'touch' logic to have everything related to this task
in single place.
* Delete no-op:
unless (defined $online_tests) {
* Replace global $online_tests with lexical.
* Removed needless '? 1 : 0' to have this line fit in 80 columns.
* Replaced global filehandle ENABLED with lexical $tmp.
* Replaced '|| die' with 'or die' which is generally more safe.
02-mxin_mxout_bugfix.patch:
* Typo fix.
03-mxfiles.patch:
* Added autogeneration of list with MatrixSSL object files to simplify
upgrade to new MatrixSSL version (Linux only!).
* Old version of object files list for MatrixSSL 1-1-5 and 1-7-3 moved
to separate files (probably they should be deleted?).
04-headers.patch:
* Updated matrixssl_win32_inline.
Original code was written for MatrixSSL-1.2.5 which has single .h file:
matrixSsl.h. Starting from version 1.7.3 MatrixSSL split matrixSsl.h into
two files: matrixSsl.h and matrixCommon.h. Part of code which
matrixssl_win32_inline fixes was left in matrixSsl.h, but another part of
code was moved into matrixCommon.h.
Also 'define SSLPUBLIC' was renamed to 'define MATRIXPUBLIC'.
I've updated it to process both .h-files, and #include both .h-files in .xs.
* Rewrite matrixssl_win32_inline documentation.
* Deleted mxSsl.h.
05-xs_no_pod.patch:
* Deleted all POD from .xs because:
- this documentation out of date;
- it isn't good place for such documentation in .xs;
- I don't think we need duplicate of official .pdf in POD.
06-MAX_CHAIN_LENGTH.patch:
* Increase MAX_CHAIN_LENGTH constant to allow usage of big package with
root CA certificates (about 120 certificates).
07-export_const.patch:
* All hardcoded constants replaced by real constants from .h-files, both
in .pm and .xs!
* All MatrixSSL functions exported into user's package.
* All constants from .h-files wrapped in .xs into functions and then
exported into read-only scalars into user's package in .pm.
Constant names are equal to MatrixSSL original names, i.e. without
prefix "mx".
* Hash %mxSSL_ALERT_CODES replaced by two hashes %SSL_alertLevel and
%SSL_alertDescription and these hashes also exported into user's package;
constant 67/SSL_ALLOW_ANON_CONNECTION removed from hashes.
* Exporter module replaced by custom import() function in .pm (because
Exporter is bloated, ugly, unable to export read-only scalars and it's
main feature "tags" isn't needed in this module).
* Line
if(flags!=0) {flags=SSL_FLAGS_SERVER;sessionId=0;}
deleted from matrixSslNewSession() in .xs. It's user responsibility to use
constant $SSL_FLAGS_SERVER and set $sessionId to 0.
* Added standard test: t/00.load.t
* Added test: t/export.t
* Added test: t/export-const.t
* Fixed test: t/Crypt-MatrixSSL.t to take advantage from exporting
functions and constants.
08-export_const2.patch:
* Refactored constants added in 07-export_const.patch using ExtUtils::Constant.
09-xs_cleanup.patch:
* Small documentation typo fix in Makefile.PL.
* Export new constant SSL_MAX_PLAINTEXT_LEN because user need to know
maximum length of message in matrixSslEncode() to split his huge
message into many matrixSslEncode() calls and avoid SSL_ERROR/SSL_FULL.
* Now all public MatrixSSL functions supported - added these:
matrixSslGetAnonStatus
matrixSslAssignNewKeys
matrixSslSetResumptionFlag
matrixSslGetResumptionFlag
* INCOMPATIBLE API CHANGES! Removed 'privPass' param from matrixSslReadKeysMem()
to have it interface compatible with MatrixSSL documentation.
* Added typemap to have perl support for MatrixSSL types ssl_t,
sslKeys_t and sslSessionId_t. This make possible for perl/xsubpp to
automatically generate correct XS code for most functions without
manual CODE: and OUTPUT: sections.
* Delete CODE: and/or OUTPUT: sections for all functions which can be
automatically generated now.
* Renamed all function params to names used in MatrixSSL documentation:
mxin -> in
mxout -> out
mxkeys -> keys
session -> ssl
etc...
* Moved var declarations from CODE: to INIT: sections for ease reading.
* Functions order in .xs slightly changed to correspond with their order
in MatrixSSL .pdf documentation - to ease comparing .xs and .pdf.
* Added new tests.
=========================
=== Unobvious changes ===
=========================
Replaced hardcoded constants 18500 and 4100 for 'out' buffer size in
matrixSslDecode() and matrixSslEncode() functions to SSL_MAX_BUF_SIZE.
>>> Probably SSL_MAX_RECORD_LEN should be used instead, but I'm not sure,
>>> so I take SSL_MAX_BUF_SIZE which is 5 bytes larger...
Use static 'out' buffer in matrixSslDecode() and matrixSslEncode()
instead of dirty sv_setpvn/SvCUR_set/SvGROW hacks on SV*.
Removed all SvGROW() - AFAIK it isn't required and sv_{set,cat}pv()
will automatically grow SV* if needed.
* Replaced sv_setpvn() with sv_setpvn_mg() to support more perl magic.
>>> I'm not sure, but I suppose this required for things like
>>> Data::Alias which often used in proxy applications with in/out
>>> buffers.
INCOMPATIBLE CHANGES! Now matrixSslDecode() and matrixSslEncode()
functions will APPEND data into output buffer SV* instead of replacing it.
This has sense for applications which use single output buffer both
for sending data into socket and these functions.
* matrixSslReadKeys:
Changed params type from SV to char*.
* Removed logic which replace empty string with NULL.
* matrixSslReadKeysMem:
* Removed logic which replace empty string with NULL.
* matrixSslFreeKeys:
* Do not set 'keys' param to 0 after calling matrixSslFreeKeys().
* matrixSslDeleteSession:
* Do not set 'ssl' param to 0 after calling matrixSslDeleteSession().
* matrixSslDecode:
Changed 'error', 'alertLevel' and 'alertDescription' params type
from SV to unsigned char*.
* Removed logic which initialize 'error', 'alertLevel' and
'alertDescription' to 0 before calling matrixSslDecode().
* Bugfix: 'error', 'alertLevel' and 'alertDescription' was incorrectly
set as signed values using sv_setiv() which them all unsigned.
Removed logic which silently "define" output SV.
* matrixSslEncode:
* Removed dirty hack which "define" input buffer because SvPV() will
make empty string from undef() automatically plus print warning.
Removed logic which silently "define" output SV.
* matrixSslSetSessionOption:
Removed logic which forced 'arg' to NULL because it was needed
only as workaround wrong 'arg' type char (which magically convert
undef to empty string and print warning).
* matrixSslSetCertValidator:
Bugfix: 'arg' type was int instead of void.
About these changes. I sure it's good idea to do minimum operations in XS
level (unless XS used for rewriting some slow perl code in C, of course).
Library wrappers like Crypt::MatrixSSL should stick to original library
interface where possible - it somebody wanna make C library interface more
'cool and perlish' then it's much ease to do this in perl-level wrappers
in optional Crypt/MatrixSSL/Easy.pm module. With this patch only
difference from original MatrixSSL interface is in/out buffers in
matrixSslEncode*() and matrixSslDecode() functions - everything else work
exactly as described in MatrixSSL .pdf documentation.
1) Removed logic which replace empty string with NULL.
>>> I've fixed XS so it will convert perl undef() into NULL and leave
>>> defined strings as-is, i.e. empty perl string will be empty C string.
>>> This happens not everythere, but only with params which CAN BE
>>> NULL, according to MatrixSSL documentation. If user send undef()
>>> as some other param, then he probably will see 'undefined' warning.
2) Do not set 'XXX' param to 0 after calling matrixSsl{Free,Delete}XXX().
>>> This changes original MatrixSSL interface and I don't see any
>>> reason why this 'feature' needed.
3) Removed logic which initialize 'error', 'alertLevel' and
'alertDescription' to 0 before calling matrixSslDecode().
>>> To avoid senseless 'undefined' warning I convert undefined values
>>> in these params into number 0, but if these params already defined
>>> numbers they will not be touched. If MatrixSSL doesn't initialize
>>> them, then this IS the MatrixSSL's interface!
4) Removed logic which silently "define" input/output SV* buffers.
>>> This is sort of 'always use strict/warnings' idea. User shouldn't
>>> use undefined input/output buffers, and if he using them then he
>>> will see 'undefined' warnings, which is GOOD THING.
Added certificates which I've created for new tests
10-callback.patch:
* Added constant $SSL_ALLOW_ANON_CONNECTION.
* Added support for certificate validation callback:
matrixSslSetCertValidator($ssl, \&cb, $cb_arg);
sub cb {
my ($certInfo, $cb_arg) = @;
if ($certInfo->[0]{subject}{commonName} ne 'localhost') {
return -1; # REJECT certificate
}
elsif ($certInfo->[0]{validate} == 1) {
return 0; # ACCEPT certificate
}
else {
return $SSLALLOW_ANON_CONNECTION; # ACCEPT anon certificate
}
}
11-doc.patch:
* POD documentation in .pm added to complete MatrixSSL documentation
(differences between original C interface and current Perl interface).
* Sample client&server scripts added.
* Minor fix in XS.
* MANIFEST updated to include all new files.
12-matrixssl_memleak.patch:
* Added patch for MatrixSSL which fix significant memory leak in loading
certificates with unsupported extentions.
1.83 Sun Apr 1 03:31:17 UTC 2007