forked from CESNET/canl-c
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ChangeLog
139 lines (114 loc) · 4.14 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
1.0.0-1
- Initial version of the module
1.0.1-1
- Using pre-cooked lexical analyser instead of having it generated at build time
- Build cleanups
- Improvements throughout the code
1.0.2-1
- Building certificate delegation samples
- Making use of canl_mech_ssl to include openssl header files
- Examples added: canl-proxy-init
- Client can give cert and key paths explicitly
- Recognition of command line args
- License string as recognized by rpmlint and packaging guidelines
- Truly independent of auth. mechanism
- Cert, key in mech. context
- Writing proxy to file with restrictive permissions
- Duplicating only existing certificates
- Set CA directory and CRL directory to context
- Compatiblity with FIPS openssl releases
1.0.3-1
- Examples extended
- Storing certificate + chain of approp. certs in context
- Duplicate certificates instead of using pointers in cred handling
- Delegation sample made truly funcional
- Setting CA directory and CRL directory is X509 authn. mechanism specific
- Preparation for OCSP support
- Using proxy cert file (chain of certs) as easy as user cert
1.0.4-1
- Build dependency on krb5-devel added
- Better error codes
- Refuse to sign certificate if key size is not long enough
- Using default key size of 1024 bits
- canl_cert_req object not used anymore
- Preparing implementation of OCSP support
- Fixed Vulnerability in Voms CRL processing
2.0.0-1
- OCSP support
- PKCS11 support
- Preparation for Fedora & EPEL packaging
- Features and bugfixes
2.0.0-2
- Update debian packaging due to major version bump
- Module rebuilt
2.0.1-1
- License and packaging fixes
2.0.2-1
- Memory handling fixes
2.0.3-1
- Minor changes of error messages in caNl examples
- Library sonames tracked in rpm
- caNl API documentation located only in canl-devel subpackage
- proxy_verify_desc and proxy_verify_ctx_desc structures taken care of
- New parameter to setup_SSL_proxy_handler (gridsite speciality)
- New error codes added
- Older error descriptions revised
2.0.4-1
- Changes based on Fedora reviews
- More than one return code from newer c-ares handled (fixes possible problem for IPv6 only machines)
- fixed vulnerability reported in EGI RT ticket #4781 1)
- SSL_CTX_set_cipher_list(ssl_ctx, "ALL") set to chosen ciphers
2.0.5-1
- Spec macros fixed, building canl-c documentation on Fedora 18
- Fixes to follow recent Debian updates
2.0.6-1
- Support multilib for canl-c-devel
- Fixes for EGI RT ticket #4781, section 2
- Detecting Limited proxies in (pre-)RFC proxies fixed
- Distinguish between proxy sub-types
- Detect path lenght restriction violation
2.0.7-1
- Get peer's certificate if asked for
2.0.8-1
- Optionally turn on OCSP in examples
- OCSP off by default, can be switched of by setting CANL_SSL_OCSP_VERIFY_ALL as a flag to canl_ctx_set_ssl_flags()
2.0.9-1
- proxy_verify... renamed to canl_proxy_verify, may solve GGUS ticket 91208
- New funcions added to doc
2.0.10-1
- Debugging packages for subpackages in Debian
- Sensitive exported functions renamed to prevent collisions
- API enhancement, let the user choose ocsp responder url
2.1.0-1
- There was an API enhancement -- minor version bump is appropriate
2.1.1-1
- Uninitialized context variable fixed
2.1.2-1
- Proxy type honoured in the signing function
2.1.3-1
- Fixed Makefile dependencies
- Adjustment to Fedora packaging guidelines
- Some build-time warnings fixed
- Parallel build support
- Reactions to Fedora review
- Support for EPEL 7 (Fedora 20)
2.1.4-1
- Fixing Certificate chain validation error (GH Issue #3)
2.1.5-1
- Memory handling issues
- Fixin upgrade from older debug package
- Polishing makefile rules usage for bison files
- Fixing build issues (LDFLAGS)
- Moving ChangeLogs from project subdirectory to module root directory
- Removing Debian VCS fields
- Simplified Debian packaging
- Updating debian.control according to current Debian "downstream"
2.1.6-1
- Fixing build errors with newer compilers
- Adding missing ptherad library for Debian 8
- Calling OpenSSL init routines exactly once (Fixes Issue #7)
- Makes the first byte of SN always 0x01 (Fixes GGUS #113418)
2.1.7-1
- Quick fix to prevent RFC Proxy DN forgery (RT #11476)
3.0.0-1
- Migrate to openssl 1.1.0