blob: 46b6cf2e049862dc4c5d2380304a888d7f226ef9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
Changelog for s6-networking.
In 2.5.1.1
----------
- Adaptation to skalibs-2.12.0.0.
In 2.5.1.0
----------
- SNI wildcarding support in s6-tlsd-io.
- New sbearssl_*_set_tain(n)_g convenience macros.
- Bugfixes.
In 2.5.0.0
----------
- Adaptation to skalibs-2.11.0.0.
- minidentd removed.
- Full client certificate support.
- Server-side SNI support.
- s6-ucspitls[cd] -v2 now logs whether TLS is activated or not.
In 2.4.1.1
----------
- Bugfixes.
In 2.4.1.0
----------
- Bugfixes.
- Handshake timeout now also works with the libtls backend.
- The SNI server name is now exported after the handshake in
the SSL_TLS_SNI_SERVERNAME variable.
In 2.4.0.0
----------
- Can be built against OpenSSL + libretls.
- execline is now optional.
- s6-tlsc and s6-tlsd rewrite. They're now wrappers around new
binaries: s6-tlsc-io and s6-tlsd-io, which establish and run a
TLS tunnel over already existing fds.
- New functionality: s6-ucspitlsc and s6-ucspitlsd, for an
implementation of delayed encryption.
In 2.3.2.0
----------
- New -e option to s6-tlsserver, to invoke s6-tcpserver-access
unconditionally.
In 2.3.1.2
----------
- Bugfixes.
In 2.3.1.1
----------
- Bugfixes.
In 2.3.1.0
----------
- Adaptation to skalibs-2.9.0.0.
In 2.3.0.4
----------
- Compatibility with skalibs-2.8.0.0.
- Conforming to the documentation, s6-tcpserver[46]d now prints
its local port to stdout when it is ready, as a notification message.
- Everything builds as PIC by default.
In 2.3.0.3
----------
- Compatibility with skalibs-2.7.0.0.
- Optional nsss support added.
In 2.3.0.2
----------
- Bugfix release.
- Compatibility with skalibs-2.6.0.0.
In 2.3.0.1
----------
- Bugfix release.
In 2.3.0.0
----------
- Added this NEWS file. :)
- Major types overhaul to make them more POSIXly correct:
compatibility with skalibs-2.5.0.0.
- Fixed the "s6-tls[cd] does not die and the zombie application
hangs around" bug. (It's really a workaround for a TCP bug.)
- s6-tls[cd] ported to bearssl-0.3. Client certificates still
not supported with BearSSL because Thomas is slooooooow at
implementing the high-level server functions I asked him for :P
- The meaning of the -Y option in s6-tlsd has changed: it now
means "ask for an optional client certificate". Only valid with
a LibreSSL backend for now.
|
