diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/index.html | 12 | ||||
| -rw-r--r-- | doc/s6-tlsc.html | 8 | ||||
| -rw-r--r-- | doc/s6-tlsd.html | 14 | ||||
| -rw-r--r-- | doc/upgrade.html | 12 |
4 files changed, 24 insertions, 22 deletions
diff --git a/doc/index.html b/doc/index.html index e19457e..48fed00 100644 --- a/doc/index.html +++ b/doc/index.html @@ -44,22 +44,22 @@ compiled with IPv6 support, s6-networking is IPv6-ready. <li> A POSIX-compliant system with a standard C development environment </li> <li> GNU make, version 3.81 or later </li> <li> <a href="http://skarnet.org/software/skalibs/">skalibs</a> version -2.4.0.2 or later. It's a build-time requirement. It's also a run-time +2.5.0.0 or later. It's a build-time requirement. It's also a run-time requirement if you link against the shared version of the skalibs library. </li> <li> <a href="http://skarnet.org/software/execline/">execline</a> version -2.2.0.0 or later. It's a build-time and run-time requirement. </li> +2.3.0.0 or later. It's a build-time and run-time requirement. </li> <li> <a href="http://skarnet.org/software/s6/">s6</a> version -2.4.0.0 or later. It's a build-time and run-time requirement. </li> +2.5.0.0 or later. It's a build-time and run-time requirement. </li> <li> <a href="http://skarnet.org/software/s6-dns/">s6-dns</a> version -2.1.0.0 or later. It's a build-time requirement. It's also a run-time +2.2.0.0 or later. It's a build-time requirement. It's also a run-time requirement if you link against the shared version of the s6-dns libraries. </li> <li> If you want to build the secure communication tools: <ul> <li> Either <a href="http://libressl.org/">LibreSSL</a> version 2.4.4 or later </li> - <li> Or <a href="http://bearssl.org/">BearSSL</a> version 0.1 + <li> Or <a href="http://bearssl.org/">BearSSL</a> version 0.2 or later. <strong>This is experimental.</strong> </li> </ul> The chosen library is a build-time requirement, and also a run-time requirement if you link against its shared version. </li> @@ -76,7 +76,7 @@ run-time requirement if you link against its shared version. </li> <ul> <li> The current released version of s6-networking is -<a href="s6-networking-2.2.1.0.tar.gz">2.2.1.0</a>. </li> +<a href="s6-networking-2.3.0.0.tar.gz">2.3.0.0</a>. </li> <li> Alternatively, you can checkout a copy of the <a href="http://git.skarnet.org/cgi-bin/cgit.cgi/s6-networking/">s6-networking git repository</a>: diff --git a/doc/s6-tlsc.html b/doc/s6-tlsc.html index d40820c..39f4680 100644 --- a/doc/s6-tlsc.html +++ b/doc/s6-tlsc.html @@ -126,10 +126,7 @@ two more environment variables: <tt>KEYFILE</tt> contains the path to a file containing the private key, DER- or PEM-encoded; and <tt>CERTFILE</tt> contains the path to a file containing the client certificate, DER- or -PEM-encoded. Please note that for now, support for client -certificates is experimental, and only works -with the <a href="https://www.libressl.org/">LibreSSL</a> -backend (BearSSL does not support client certificates yet). +PEM-encoded. </p> <p> @@ -229,8 +226,7 @@ and break the connection when <em>prog</em> sends EOF. </li> <li> <tt>-s</tt> : transmit EOF by half-closing the TCP connection without using <tt>close_notify</tt>. This is the default. </li> <li> <tt>-Y</tt> : Do not send a client certificate. This is the default. </li> - <li> <tt>-y</tt> : Send a client certificate. This is experimental and -for now unsupported by BearSSL. </li> + <li> <tt>-y</tt> : Send a client certificate. </li> <li> <tt>-k <em>servername</em></tt> : use Server Name Indication, and send <em>servername</em>. The default is not to use SNI, which may be a security risk. </li> diff --git a/doc/s6-tlsd.html b/doc/s6-tlsd.html index 16f13ec..cda5038 100644 --- a/doc/s6-tlsd.html +++ b/doc/s6-tlsd.html @@ -147,13 +147,6 @@ of trust anchors, PEM-encoded. </li> </ul> <p> -Please note that for now, support for client -certificates is experimental, and only works -with the <a href="https://www.libressl.org/">LibreSSL</a> -backend (BearSSL does not support client certificates yet). -</p> - -<p> If <tt>s6-tlsd</tt> is run as root, it can also read two more environment variables, <tt>TLS_UID</tt> and <tt>TLS_GID</tt>, which contain a numeric uid and a numeric gid; <tt>s6-tlsd</tt> @@ -251,9 +244,10 @@ This is the default. </li> and break the connection when <em>prog</em> sends EOF. </li> <li> <tt>-s</tt> : transmit EOF by half-closing the TCP connection without using <tt>close_notify</tt>. This is the default. </li> - <li> <tt>-Y</tt> : Do not require a client certificate. This is the default. </li> - <li> <tt>-y</tt> : Require a client certificate. This is experimental and -for now unsupported by BearSSL. </li> + <li> <tt>-Y</tt> : Require an optional client certificate. </li> + <li> <tt>-y</tt> : Require a mandatory client certificate. +The default, with neither the <tt>-Y</tt> nor the <tt>-y</tt> option, +is not to require a client certificate at all. </li> <li> <tt>-K <em>kimeout</em></tt> : close the connection if <em>kimeout</em> milliseconds elapse without any data being received from either side. The default is 0, which means diff --git a/doc/upgrade.html b/doc/upgrade.html index dfd90f0..1cbd9b7 100644 --- a/doc/upgrade.html +++ b/doc/upgrade.html @@ -18,6 +18,18 @@ <h1> What has changed in s6-networking </h1> +<h2> in 2.3.0.0 </h2> + +<ul> + <li> BearSSL dependency bumped to 0.2. </li> + <li> skalibs dependency bumped to 2.5.0.0. </li> + <li> execline dependency bumped to 2.3.0.0. </li> + <li> s6 dependency bumped to 2.5.0.0. </li> + <li> s6-dns dependency bumped to 2.2.0.0. </li> + <li> The meaning of the <tt>-Y</tt> option in <a href="s6-tlsd.html">s6-tlsd</a> +has changed. Now it means "ask for an optional client certificate". </li> +</ul> + <h2> in 2.2.1.0 </h2> <ul> |