Changelog for s6-networking. In 2.5.1.2 ---------- - Bugfixes. In 2.5.1.1 ---------- - Adaptation to skalibs-2.12.0.0. In 2.5.1.0 ---------- - SNI wildcarding support in s6-tlsd-io. - New sbearssl_*_set_tain(n)_g convenience macros. - Bugfixes. In 2.5.0.0 ---------- - Adaptation to skalibs-2.11.0.0. - minidentd removed. - Full client certificate support. - Server-side SNI support. - s6-ucspitls[cd] -v2 now logs whether TLS is activated or not. In 2.4.1.1 ---------- - Bugfixes. In 2.4.1.0 ---------- - Bugfixes. - Handshake timeout now also works with the libtls backend. - The SNI server name is now exported after the handshake in the SSL_TLS_SNI_SERVERNAME variable. In 2.4.0.0 ---------- - Can be built against OpenSSL + libretls. - execline is now optional. - s6-tlsc and s6-tlsd rewrite. They're now wrappers around new binaries: s6-tlsc-io and s6-tlsd-io, which establish and run a TLS tunnel over already existing fds. - New functionality: s6-ucspitlsc and s6-ucspitlsd, for an implementation of delayed encryption. In 2.3.2.0 ---------- - New -e option to s6-tlsserver, to invoke s6-tcpserver-access unconditionally. In 2.3.1.2 ---------- - Bugfixes. In 2.3.1.1 ---------- - Bugfixes. In 2.3.1.0 ---------- - Adaptation to skalibs-2.9.0.0. In 2.3.0.4 ---------- - Compatibility with skalibs-2.8.0.0. - Conforming to the documentation, s6-tcpserver[46]d now prints its local port to stdout when it is ready, as a notification message. - Everything builds as PIC by default. In 2.3.0.3 ---------- - Compatibility with skalibs-2.7.0.0. - Optional nsss support added. In 2.3.0.2 ---------- - Bugfix release. - Compatibility with skalibs-2.6.0.0. In 2.3.0.1 ---------- - Bugfix release. In 2.3.0.0 ---------- - Added this NEWS file. :) - Major types overhaul to make them more POSIXly correct: compatibility with skalibs-2.5.0.0. - Fixed the "s6-tls[cd] does not die and the zombie application hangs around" bug. (It's really a workaround for a TCP bug.) - s6-tls[cd] ported to bearssl-0.3. Client certificates still not supported with BearSSL because Thomas is slooooooow at implementing the high-level server functions I asked him for :P - The meaning of the -Y option in s6-tlsd has changed: it now means "ask for an optional client certificate". Only valid with a LibreSSL backend for now.