blob: 97f601cc3aaf5024643377750ecc5736c6fd67c7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
|
Changelog for s6-networking.
In 2.7.0.2
----------
- Bugfixes.
In 2.7.0.1
----------
- Bugfixes.
In 2.7.0.0
----------
- Bugfixes.
- Better API for s6-tlsc-io: now "s6-tlsc-io 6 7" is the equivalent
of s6-ioconnect with TLS, and can be used interactively as a client
program to talk to TLS-tunneled services.
- The -K option for TLS programs now set a timeout for the whole handshake.
- The -h option for s6-tcpclient and s6-tcpserver-access now indicates
/etc/hosts should be consulted before DNS.
In 2.6.0.0
----------
- Bugfixes.
- s6-tcpserver has been unified! no ipv4 and ipv6 separation anymore.
* The only programs in the superserver chain are now s6-tcpserver,
s6-tcpserver-socketbinder, and s6-tcpserverd.
* s6-tcpserver-access still exists, should now run under s6-tcpserverd,
still invoked once per connection. Doesn't spam the log anymore when
invoked with no ruleset.
* Options -4 and -6 removed from s6-tcpserver and s6-tlsserver.
Protocol detection happens when the cmdline address is scanned.
* Option -e removed from s6-tlsserver. It should now always invoke
s6-tcpserver-access when needed (and only then).
- Major performance improvements. s6-tcpserverd does not fork on
systems that support posix_spawn. Also, its lookups are now logarithmic
instead of linear (which only matters on *heavy* loads).
In 2.5.1.3
----------
- Bugfixes.
In 2.5.1.2
----------
- Bugfixes.
- Adaptation to skalibs-2.13.0.0.
In 2.5.1.1
----------
- Adaptation to skalibs-2.12.0.0.
In 2.5.1.0
----------
- SNI wildcarding support in s6-tlsd-io.
- New sbearssl_*_set_tain(n)_g convenience macros.
- Bugfixes.
In 2.5.0.0
----------
- Adaptation to skalibs-2.11.0.0.
- minidentd removed.
- Full client certificate support.
- Server-side SNI support.
- s6-ucspitls[cd] -v2 now logs whether TLS is activated or not.
In 2.4.1.1
----------
- Bugfixes.
In 2.4.1.0
----------
- Bugfixes.
- Handshake timeout now also works with the libtls backend.
- The SNI server name is now exported after the handshake in
the SSL_TLS_SNI_SERVERNAME variable.
In 2.4.0.0
----------
- Can be built against OpenSSL + libretls.
- execline is now optional.
- s6-tlsc and s6-tlsd rewrite. They're now wrappers around new
binaries: s6-tlsc-io and s6-tlsd-io, which establish and run a
TLS tunnel over already existing fds.
- New functionality: s6-ucspitlsc and s6-ucspitlsd, for an
implementation of delayed encryption.
In 2.3.2.0
----------
- New -e option to s6-tlsserver, to invoke s6-tcpserver-access
unconditionally.
In 2.3.1.2
----------
- Bugfixes.
In 2.3.1.1
----------
- Bugfixes.
In 2.3.1.0
----------
- Adaptation to skalibs-2.9.0.0.
In 2.3.0.4
----------
- Compatibility with skalibs-2.8.0.0.
- Conforming to the documentation, s6-tcpserver[46]d now prints
its local port to stdout when it is ready, as a notification message.
- Everything builds as PIC by default.
In 2.3.0.3
----------
- Compatibility with skalibs-2.7.0.0.
- Optional nsss support added.
In 2.3.0.2
----------
- Bugfix release.
- Compatibility with skalibs-2.6.0.0.
In 2.3.0.1
----------
- Bugfix release.
In 2.3.0.0
----------
- Added this NEWS file. :)
- Major types overhaul to make them more POSIXly correct:
compatibility with skalibs-2.5.0.0.
- Fixed the "s6-tls[cd] does not die and the zombie application
hangs around" bug. (It's really a workaround for a TCP bug.)
- s6-tls[cd] ported to bearssl-0.3. Client certificates still
not supported with BearSSL because Thomas is slooooooow at
implementing the high-level server functions I asked him for :P
- The meaning of the -Y option in s6-tlsd has changed: it now
means "ask for an optional client certificate". Only valid with
a LibreSSL backend for now.
|