- Avoid Logger.warn deprecation warning on recent Elixir versions
- Compatibility with Elixir 1.15
- Compatibility with Erlang/OTP 25.3
- [X509.Test.Server] Use
:ssl.handshake/3
if available
- [X509.RDNSequence] Fix handling of surname attribute
- [X509.PublicKey] Support 'engine' reference for private keys in
derive/1
- [X509.CSR] Support 'engine' reference for private keys in
new/2,3
- [X509.CSR] Add
:public_key
option fornew/3
- Support for Elixir v1.11
- [X509.Certificate] Support both 'plain' and 'otp'
rdnSequence
records - [X509.CSR] Support both 'plain' and 'otp'
rdnSequence
records
- [X509.CSR] Add support for extension requests
- [X509.Certificate.Template] Add OCSP responder template
- [X509.Certificate.Extension] Add support for Authority Information Access and OCSP Nocheck extensions
- [X509.RDNSequence] Handle
teletexString
encoding (7-bit only, for now) - [X509.PrivateKey] Documentation fixes
- [X509.PrivateKey] Allow encryption of PEM output
- [X509.Test.Suite] Include 'localhost' in all certifictes
- [X509.Test.Suite] Generate client certificate and associated key
- [X509.Test.Server] Add 'client-cert' endpoint for testing with client certificate
- [
x509.gen.suite
Mix task] Add --force option - [
x509.gen.suite
Mix task] Add --password option - [
x509.gen.suite
Mix task] Generate 'ca_and_chain.pem' file - [
x509.gen.selfsigned
Mix task] Add --force option
- [X509.RDNSequence] Relax length restriction on
countryName
attribute
- [X509.RDNSequence] Support more attribute types in
to_string/1
- [X509.Certificate] Add
version/1
,subject/2
andissuer/2
- [X509.RDNSequence] Add
get_attr/2
- [X509.Certificate.Validity] The record type returned for GeneralizedTime, used for dates from 2050 forward, was not recognized by OTP, causing certificate creation and encoding to fail (#24)
- [X509.CRL] New module for generating and parsing Certificate Revocation Lists (CRLs)
- [X509.CRL.Entry] New module: CRL entries
- [X509.CRL.Extension] New module: CRL extensions
- [X509.Certificate.Extension] Add support for the CRL Distribution Point extension
- [X509.Test.Suite] New module for generating test suites for TLS client testing
- [X509.Test.Server] New module: simple server for hosting test suites
- Add
x509.gen.suite
Mix task - Add
x509.test_server
Mix task
- [X509.Certificate.Validity] The
days_from_now/2
function used to calculate thenot_after
timestamp relative to thenot_before
value (including thebackdate_seconds
shift); it is now set relative to the current time
All from_der
and from_pem
functions now return an :error
tuple on failure
instead of nil
, and wrap their result in a :ok
tuple in case of success.
The only exception is the from_pem
function in X509, which returns a
(possibly empty) list.
- [X509] Removed
to_der/1
,to_pem/1
andfrom_der/2
- [X509.Certificate] Changed the return values of
from_der/1
andfrom_pem/1,2
, as described above
- Add
x509.gen.selfsigned
Mix task - The various
from_pem
andfrom_pem!
functions are now more lenient: they scan for the first PEM entry of an appropriate type instead of requiring that it be the only entry - [X509.Certificate] Add
serial/1
to extract a certificate's serial number - [X509.Certificate.Template] The length of randomly generated serial numbers
can now be specified using a
{:random, n}
tuple in the:serial
field, wheren
is the length in bytes; the default is{:random, 8}
, equivalent to the previous default
- [X509.Certificate] Fixed the typespec for second parameter of
from_der!/2
,from_der/2
,from_pem!/2
andfrom_pem/2
- [X509.Certificate] Extract the correct RDN from issuer certificate (#13)
- [X509.Certificate.Extensions]
subject_key_identifier/1
returned an AKI record rather than SKI record for ECC keys (#10) - [X509.PublicKey] Documentation: corrected the default value for the
wrap
option for RSA keys into_der/1
andto_pem/1
This release paves the way for some changes in the way PEM and DER
decoding works. Eventually there will be six functions in each module, as
implemented in X509.CSR
in this version. The generic functions in the X509
module will eventually be removed, with the exception of theX509.from_pem/2
function, which returns a (possibly filtered) list of entities found in the
PEM string.
In the next version, all from_der
and from_pem
functions (except for the
one in X509
) will return :ok
/ :error
tuples, so please update existing
code to use the new from_der!
and from_pem!
functions instead: their return
value on success will always be just the module's primary record type.
- [X509.Certificate]
from_der/2
andfrom_pem/2
now returnnil
in case of failure, for consistency with the current behaviour of other modules; use the newfrom_der!/2
andfrom_pem!/2
to get the old behaviour of raising an exception
- [X509.Certificate] Add
from_der!/2
andfrom_pem!/2
- [X509.CSR] Add
to_der/1
,to_pem/1
,from_der!/1
,from_der/1
,from_pem!/1
andfrom_pem/1
- [X509.PrivateKey] Add
from_der!/2
andfrom_pem!/2
- [X509.PublicKey] Add
from_der!/2
andfrom_pem!/2
- Support Elixir v1.7 and ExDoc v0.19
The to_der
, to_pem
and from_der
functions in the X509 top-level module
have been deprecated. Please use their entity-specific functions in the
appropriate module instead. The deprecated functions will be removed in an
upcoming release, prior to v1.0.
- [X509.Certificate] Primary type has been changed from
:Certificate
to:OTPCertificate
; thenew/[4,5]
andself_signed/[2,3]
functions now return an:OTPCertificate
record
- [X509]
to_der
andto_pem
now delegate now support:OTPCertificate
records, by delegating toX509.Certificate
- [X509.Certificate] Added certificate-specific implementations of
to_der
,to_pem
,from_der
andfrom_pem
First public release