blob: 8fbe693ff7f0df5da38b05da5ce8a68bb86f7ea0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
|
Changelog for s6-networking.
In 2.6.0.0
----------
- Bugfixes.
- s6-tcpserver has been unified! no ipv4 and ipv6 separation anymore.
* the only programs in the superserver chain are now s6-tcpserver,
s6-tcpserver-socketbinder, and s6-tcpserverd.
* s6-tcpserver-access still exists, should now run under s6-tcpserverd,
still invoked once per connection. Doesn't spam the log anymore when
invoked with no ruleset.
* Options -4 and -6 removed from s6-tcpserver and s6-tlsserver.
Protocol detection happens when the cmdline address is scanned.
* Option -e removed from s6-tlsserver. It should now always invoke
s6-tcpserver-access when needed (and only then).
- Major performance improvements. s6-tcpserverd does not fork on
systems that support posix_spawn. Also, its lookups are now logarithmic
instead of linear (which only matters on *heavy* loads).
In 2.5.1.3
----------
- Bugfixes.
In 2.5.1.2
----------
- Bugfixes.
- Adaptation to skalibs-2.13.0.0.
In 2.5.1.1
----------
- Adaptation to skalibs-2.12.0.0.
In 2.5.1.0
----------
- SNI wildcarding support in s6-tlsd-io.
- New sbearssl_*_set_tain(n)_g convenience macros.
- Bugfixes.
In 2.5.0.0
----------
- Adaptation to skalibs-2.11.0.0.
- minidentd removed.
- Full client certificate support.
- Server-side SNI support.
- s6-ucspitls[cd] -v2 now logs whether TLS is activated or not.
In 2.4.1.1
----------
- Bugfixes.
In 2.4.1.0
----------
- Bugfixes.
- Handshake timeout now also works with the libtls backend.
- The SNI server name is now exported after the handshake in
the SSL_TLS_SNI_SERVERNAME variable.
In 2.4.0.0
----------
- Can be built against OpenSSL + libretls.
- execline is now optional.
- s6-tlsc and s6-tlsd rewrite. They're now wrappers around new
binaries: s6-tlsc-io and s6-tlsd-io, which establish and run a
TLS tunnel over already existing fds.
- New functionality: s6-ucspitlsc and s6-ucspitlsd, for an
implementation of delayed encryption.
In 2.3.2.0
----------
- New -e option to s6-tlsserver, to invoke s6-tcpserver-access
unconditionally.
In 2.3.1.2
----------
- Bugfixes.
In 2.3.1.1
----------
- Bugfixes.
In 2.3.1.0
----------
- Adaptation to skalibs-2.9.0.0.
In 2.3.0.4
----------
- Compatibility with skalibs-2.8.0.0.
- Conforming to the documentation, s6-tcpserver[46]d now prints
its local port to stdout when it is ready, as a notification message.
- Everything builds as PIC by default.
In 2.3.0.3
----------
- Compatibility with skalibs-2.7.0.0.
- Optional nsss support added.
In 2.3.0.2
----------
- Bugfix release.
- Compatibility with skalibs-2.6.0.0.
In 2.3.0.1
----------
- Bugfix release.
In 2.3.0.0
----------
- Added this NEWS file. :)
- Major types overhaul to make them more POSIXly correct:
compatibility with skalibs-2.5.0.0.
- Fixed the "s6-tls[cd] does not die and the zombie application
hangs around" bug. (It's really a workaround for a TCP bug.)
- s6-tls[cd] ported to bearssl-0.3. Client certificates still
not supported with BearSSL because Thomas is slooooooow at
implementing the high-level server functions I asked him for :P
- The meaning of the -Y option in s6-tlsd has changed: it now
means "ask for an optional client certificate". Only valid with
a LibreSSL backend for now.
|