path: root/NEWS

Changelog for s6-networking.

In 2.4.1.0
----------

 - Bugfixes.
 - Handshake timeout now also works with the libtls backend.
 - The SNI server name is now exported after the handshake in
the SSL_TLS_SNI_SERVERNAME variable.


In 2.4.0.0
----------

 - Can be built against OpenSSL + libretls.
 - execline is now optional.
 - s6-tlsc and s6-tlsd rewrite. They're now wrappers around new
binaries: s6-tlsc-io and s6-tlsd-io, which establish and run a
TLS tunnel over already existing fds.
 - New functionality: s6-ucspitlsc and s6-ucspitlsd, for an
implementation of delayed encryption.


In 2.3.2.0
----------

 - New -e option to s6-tlsserver, to invoke s6-tcpserver-access
unconditionally.


In 2.3.1.2
----------

 - Bugfixes.


In 2.3.1.1
----------

 - Bugfixes.


In 2.3.1.0
----------

 - Adaptation to skalibs-2.9.0.0.


In 2.3.0.4
----------

 - Compatibility with skalibs-2.8.0.0.
 - Conforming to the documentation, s6-tcpserver[46]d now prints
its local port to stdout when it is ready, as a notification message.
 - Everything builds as PIC by default.


In 2.3.0.3
----------

 - Compatibility with skalibs-2.7.0.0.
 - Optional nsss support added.


In 2.3.0.2
----------

 - Bugfix release.
 - Compatibility with skalibs-2.6.0.0.


In 2.3.0.1
----------

 - Bugfix release.


In 2.3.0.0
----------

 - Added this NEWS file. :)
 - Major types overhaul to make them more POSIXly correct:
compatibility with skalibs-2.5.0.0.
 - Fixed the "s6-tls[cd] does not die and the zombie application
hangs around" bug. (It's really a workaround for a TCP bug.)
 - s6-tls[cd] ported to bearssl-0.3. Client certificates still
not supported with BearSSL because Thomas is slooooooow at
implementing the high-level server functions I asked him for :P
 - The meaning of the -Y option in s6-tlsd has changed: it now
means "ask for an optional client certificate". Only valid with
a LibreSSL backend for now.