blob: 3ce529208a7deab0f4e08c5772b455ef75b78479 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
Changelog for s6-networking.
In 2.6.0.0
----------
- Bugfixes.
- Major performance improvements.
- Removed extra warning on s6-tcpserver-access with no ruleset.
In 2.5.1.3
----------
- Bugfixes.
In 2.5.1.2
----------
- Bugfixes.
- Adaptation to skalibs-2.13.0.0.
In 2.5.1.1
----------
- Adaptation to skalibs-2.12.0.0.
In 2.5.1.0
----------
- SNI wildcarding support in s6-tlsd-io.
- New sbearssl_*_set_tain(n)_g convenience macros.
- Bugfixes.
In 2.5.0.0
----------
- Adaptation to skalibs-2.11.0.0.
- minidentd removed.
- Full client certificate support.
- Server-side SNI support.
- s6-ucspitls[cd] -v2 now logs whether TLS is activated or not.
In 2.4.1.1
----------
- Bugfixes.
In 2.4.1.0
----------
- Bugfixes.
- Handshake timeout now also works with the libtls backend.
- The SNI server name is now exported after the handshake in
the SSL_TLS_SNI_SERVERNAME variable.
In 2.4.0.0
----------
- Can be built against OpenSSL + libretls.
- execline is now optional.
- s6-tlsc and s6-tlsd rewrite. They're now wrappers around new
binaries: s6-tlsc-io and s6-tlsd-io, which establish and run a
TLS tunnel over already existing fds.
- New functionality: s6-ucspitlsc and s6-ucspitlsd, for an
implementation of delayed encryption.
In 2.3.2.0
----------
- New -e option to s6-tlsserver, to invoke s6-tcpserver-access
unconditionally.
In 2.3.1.2
----------
- Bugfixes.
In 2.3.1.1
----------
- Bugfixes.
In 2.3.1.0
----------
- Adaptation to skalibs-2.9.0.0.
In 2.3.0.4
----------
- Compatibility with skalibs-2.8.0.0.
- Conforming to the documentation, s6-tcpserver[46]d now prints
its local port to stdout when it is ready, as a notification message.
- Everything builds as PIC by default.
In 2.3.0.3
----------
- Compatibility with skalibs-2.7.0.0.
- Optional nsss support added.
In 2.3.0.2
----------
- Bugfix release.
- Compatibility with skalibs-2.6.0.0.
In 2.3.0.1
----------
- Bugfix release.
In 2.3.0.0
----------
- Added this NEWS file. :)
- Major types overhaul to make them more POSIXly correct:
compatibility with skalibs-2.5.0.0.
- Fixed the "s6-tls[cd] does not die and the zombie application
hangs around" bug. (It's really a workaround for a TCP bug.)
- s6-tls[cd] ported to bearssl-0.3. Client certificates still
not supported with BearSSL because Thomas is slooooooow at
implementing the high-level server functions I asked him for :P
- The meaning of the -Y option in s6-tlsd has changed: it now
means "ask for an optional client certificate". Only valid with
a LibreSSL backend for now.
|