-
Notifications
You must be signed in to change notification settings - Fork 38
/
Copy pathNEWS
304 lines (250 loc) · 8.7 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
uacme NEWS
Copyright (C) 2019-2024 Nicola Di Lieto <[email protected]>
## [1.7.6] - 2024-12-29
### Changed
- Fix OpenSSL 3.x deprecated APIs
- Fix cross compilation
Closes https://github.com/ndilieto/uacme/issues/79
- uacme: Add environment variables
Closes https://github.com/ndilieto/uacme/issues/63
- uacme: Add support for ACME Renewal Information (ARI)
Closes https://github.com/ndilieto/uacme/issues/67
- uacme: Try obtaining new Reply-Nonce if server doesn't supply one
Closes https://github.com/ndilieto/uacme/issues/82
- uacme: Add hook environment variables
Closes https://github.com/ndilieto/uacme/issues/83
- uacme: Allow matching alternative chain by Authority Key Id
Closes https://github.com/ndilieto/uacme/issues/85
- Documentation update
- Add link to linode api hook
## [1.7.5] - 2024-01-28
### Changed
- fix ualpn exit code in client mode
Fixes https://github.com/ndilieto/uacme/issues/76
- fix build with autoconf version 2.71
See https://github.com/ndilieto/uacme/pull/70
- uacme: nsupdate.sh overhaul and DNAME redirection support
- add link to deSEC.io DNS integration
- minor documentation changes including copyright year
## [1.7.4] - 2023-02-15
### Changed
- uacme: Validate token from ACME server. Fixes
https://github.com/ndilieto/uacme/issues/64
- minor documentation changes including copyright year
## [1.7.3] - 2022-09-20
### Changed
- better compatibility with LibreSSL, require 3.4.2 or later
- uacme: Enable --must-staple support with LibreSSL > 3.5.0
- ualpn: Fix build issue with mbedTLS 2.x
see https://github.com/ndilieto/uacme/pull/61
## [1.7.2] - 2022-07-20
### Added
- uacme: exponential backoff for status polling instead of
constant 5s delay, to reduce load on server
- uacme: -r option to allow specifying revocation code
- compatibility with mbedTLS v3.2
- compatibility with LibreSSL (with some limitations,
see https://github.com/ndilieto/uacme/commit/32546c7c
### Changed
- uacme: fix silent failure in nsupdate.sh
closes https://github.com/ndilieto/uacme/issues/45
- uacme: replace 'echo' with 'printf' in uacme.sh
closes https://github.com/ndilieto/uacme/issues/48
- uacme: fix compilation warning
- embed ax_check_compile_flag.m4 from autoconf-archive as
requested in https://github.com/ndilieto/uacme/pull/57
- minor documentation changes including copyright year
## [1.7.1] - 2021-06-04
### Changed
- uacme: fix issue when running from inaccessible directory
closes https://github.com/ndilieto/uacme/issues/41
- ualpn: use default user group when -u <user> is specified
## [1.7] - 2021-01-17
### Added
- uacme: alternate chain selection by certificate fingerprint
- uacme: print copyright with version
- ualpn: print copyright with version
- ualpn: add notice with version on startup
### Changed
- ualpn: reject duplicate options where appropriate
- ualpn: make ualpn.sh always outputs to stderr
- ualpn: fix compilation warning
- minor changes (typos)
- update copyright years
## [1.6] - 2020-12-06
### Added
- uacme: support for RFC8555 External Account Binding
closes https://github.com/ndilieto/uacme/issues/40
### Changed
- uacme: fix use after free in surrogate strcasestr function
- uacme: make nsupdate.sh accept quoted TXT challenge values
- uacme: minor cosmetic changes to log messages
## [1.5] - 2020-07-26
### Added
- uacme: -l option to allow selecting alternate chain
- ualpn: mbedtls_x509_crt_parse_der_with_ext_cb support
fixes https://github.com/ndilieto/uacme/issues/23
### Changed
- ualpn: move signal calls to beginning
## [1.4.1] - 2020-05-30
### Changed
- fix SIGPIPE of parent process in daemon mode
https://github.com/ndilieto/uacme/issues/36
## [1.4] - 2020-05-30
### Changed
- fix nsupdate.sh
https://github.com/ndilieto/uacme/issues/32
- uacme: warn that --must-staple is ignored with CSRFILE
- ualpn: swap -p and -P command line switches
- ualpn: increase key buffer size as required by OpenSSL 3.x
- ualpn: fix minor OpenBSD portability issues
- ualpn: fix library link order when using built-in libev
- minor cosmetic code/documentation changes
- README.md now included in distribution
## [1.3] - 2020-05-08
### Added
- support for issuing certificates based on a CSR
- mbedTLS implementation of OCSP check
- nsupdate.sh dns-01 authentication script
### Changed
- allow signing revocation requests with certificate key
- improved handling of RFC8738 with OpenSSL/mbedTLS
- fix memory leak in csr_gen upon some OpenSSL errors
## [1.2.4] - 2020-04-25
### Changed
- improve mbedTLS detection in configure.ac
- check format string arguments with GCC
- ualpn: fix incorrect message arguments
## [1.2.3] - 2020-04-22
### Changed
- fix Content-Type header parsing
https://github.com/ndilieto/uacme/issues/22
## [1.2.2] - 2020-04-18
### Changed
- fix ualpn socket type bug on uClibc based systems
- fix configure.ac MAP_ANON cross-compilation test
## [1.2.1] - 2020-04-17
### Changed
- increase cert buf size to cope with long identifiers
- fix gcc8 -Wstringop-truncation warning
## [1.2] - 2020-04-15
### Added
- uacme OCSP certificate status check
- ualpn OpenSSL/mbedTLS implementations
### Changed
- add key usage to ualpn challenge certificate
- ensure top bit of ualpn certificate S/N is 0 with OpenSSL
- fix ualpn memory leaks and corner case bugs
- minor cosmetic code/documentation changes
## [1.1.2] - 2020-03-12
### Changed
- fix configure.ac typo affecting LDFLAGS
- fix missing PIPE_BUF when building on hurd-386
## [1.1.1] - 2020-03-12
### Changed
- fix typo breaking build without HAVE_SPLICE
- fix addr_t name collision on s390x
## [1.1] - 2020-03-11
### Added
- IP identifier support (RFC8738)
- tls-alpn-01 (RFC8737) challenge responder (ualpn)
## [1.0.22] - 2020-02-01
### Changed
- relax account status check (compatibility with buypass.no)
- allow client challenge retry requests (RFC8555 section 7.1.6)
- add wildcard clarification in manpage
## [1.0.21] - 2020-01-12
### Changed
- Quote variables in uacme.sh
- Added LFS support (AC_SYS_LARGEFILE)
## [1.0.20] - 2019-10-03
### Changed
- improved HTTP header parsing to fix problem that
can happen when retrieving directory over HTTP/2
## [1.0.19] - 2019-09-30
### Changed
- fix configure script bug when using explicit
PKG_CONFIG environment variable
- explicitly set key usage in certificate request
## [1.0.18] - 2019-08-29
### Added
- support for OCSP Must-Staple (-m, --must-staple)
### Changed
- explicitly set key usage constraints with mbedTLS
- fix compilation warning with gcc7 on solaris
## [1.0.17] - 2019-07-03
### Changed
- fix pedantic compilation warning
- configure fails if pkg-config isn't found
## [1.0.16] - 2019-06-17
### Changed
- configure script checks for libcurl HTTPS support
- minor manpage corrections
## [1.0.15] - 2019-06-15
### Changed
- exit with error if both -a and -s are specified
- avoid depending on libtasn1 if gnutls_decode_rs_value is
available (requires gnutls 3.6.0 or later)
## [1.0.14] - 2019-06-12
### Changed
- Fix deprecated API when building with OpenSSL v1.1.1c
## [1.0.13] - 2019-06-05
### Changed
- Disable mbedTLS runtime version check if not available
## [1.0.12] - 2019-05-18
### Changed
- Ensure EC key params are always properly padded
- Improved hook_run error checking
## [1.0.11] - 2019-05-17
### Added
- Key rollover (https://tools.ietf.org/html/rfc8555#section-7.3.5)
### Changed
- Revoked cert files now renamed to 'revoked-TIMESTAMP.pem'
- Key auth contains SHA256 digest for tls-alpn-01 (like dns-01)
- Minor logging improvements
## [1.0.10] - 2019-05-12
### Added
- secp384r1 EC key support
### Changed
- -b, --bits option accepts 256 or 384 for EC keys
- enforce multiple of 8 RSA key size
- improved acme_get and acme_post verbose logging
- retry upon badNonce response according to RFC8555 6.5
## [1.0.9] - 2019-05-09
### Added
- EC key/cert support (-t, --type=EC, default RSA)
- RSA key length option (-b, --bits=BITS, default 2048)
## [1.0.8] - 2019-05-05
### Added
- OpenSSL support (./configure --with-openssl)
### Changed
- exit codes: 0=success, 1=cert issuance skipped, 2=error
- mbedtls: dynamically grow buffers when needed
## [1.0.7] - 2019-04-29
### Added
- HTTP User-Agent: header in all requests
- --disable-docs configure option
### Changed
- manpage version now updated automatically
## [1.0.6] - 2019-04-27
### Changed
- fixed uninitialized variable in authorize() function
## [1.0.5] - 2019-04-27
### Changed
- autoconf maintainer mode
- cosmetic change to json primitive dump
## [1.0.4] - 2019-04-26
### Added
- debian packaging
## [1.0.3] - 2019-04-25
### Changed
- fixed gcc -pedantic warnings
## [1.0.2] - 2019-04-24
### Added
- support for mbedTLS (./configure --with-mbedtls)
## [1.0.1] - 2019-04-21
### Changed
- minor fixes to links in documentation
## [1.0] - 2019-04-21
### Added
- first public release