path: root/NEWS

Changelog for s6-networking.

In 2.7.0.0
----------

 - Bugfixes.
 - Better API for s6-tlsc-io: now "s6-tlsc-io 6 7" is the equivalent
of s6-ioconnect with TLS, and can be used interactively as a client
program to talk to TLS-tunneled services.
 - The -K option for TLS programs now set a timeout for the whole handshake.
 - The -h option for s6-tcpclient and s6-tcpserver-access now indicates
/etc/hosts should be consulted before DNS.


In 2.6.0.0
----------

 - Bugfixes.
 - s6-tcpserver has been unified! no ipv4 and ipv6 separation anymore.
   * The only programs in the superserver chain are now s6-tcpserver,
s6-tcpserver-socketbinder, and s6-tcpserverd.
   * s6-tcpserver-access still exists, should now run under s6-tcpserverd,
still invoked once per connection. Doesn't spam the log anymore when
invoked with no ruleset.
   * Options -4 and -6 removed from s6-tcpserver and s6-tlsserver.
Protocol detection happens when the cmdline address is scanned.
   * Option -e removed from s6-tlsserver. It should now always invoke
s6-tcpserver-access when needed (and only then).
 - Major performance improvements. s6-tcpserverd does not fork on
systems that support posix_spawn. Also, its lookups are now logarithmic
instead of linear (which only matters on *heavy* loads).


In 2.5.1.3
----------

 - Bugfixes.


In 2.5.1.2
----------

 - Bugfixes.
 - Adaptation to skalibs-2.13.0.0.


In 2.5.1.1
----------

 - Adaptation to skalibs-2.12.0.0.


In 2.5.1.0
----------

 - SNI wildcarding support in s6-tlsd-io.
 - New sbearssl_*_set_tain(n)_g convenience macros.
 - Bugfixes.


In 2.5.0.0
----------

 - Adaptation to skalibs-2.11.0.0.
 - minidentd removed.
 - Full client certificate support.
 - Server-side SNI support.
 - s6-ucspitls[cd] -v2 now logs whether TLS is activated or not.


In 2.4.1.1
----------

 - Bugfixes.


In 2.4.1.0
----------

 - Bugfixes.
 - Handshake timeout now also works with the libtls backend.
 - The SNI server name is now exported after the handshake in
the SSL_TLS_SNI_SERVERNAME variable.


In 2.4.0.0
----------

 - Can be built against OpenSSL + libretls.
 - execline is now optional.
 - s6-tlsc and s6-tlsd rewrite. They're now wrappers around new
binaries: s6-tlsc-io and s6-tlsd-io, which establish and run a
TLS tunnel over already existing fds.
 - New functionality: s6-ucspitlsc and s6-ucspitlsd, for an
implementation of delayed encryption.


In 2.3.2.0
----------

 - New -e option to s6-tlsserver, to invoke s6-tcpserver-access
unconditionally.


In 2.3.1.2
----------

 - Bugfixes.


In 2.3.1.1
----------

 - Bugfixes.


In 2.3.1.0
----------

 - Adaptation to skalibs-2.9.0.0.


In 2.3.0.4
----------

 - Compatibility with skalibs-2.8.0.0.
 - Conforming to the documentation, s6-tcpserver[46]d now prints
its local port to stdout when it is ready, as a notification message.
 - Everything builds as PIC by default.


In 2.3.0.3
----------

 - Compatibility with skalibs-2.7.0.0.
 - Optional nsss support added.


In 2.3.0.2
----------

 - Bugfix release.
 - Compatibility with skalibs-2.6.0.0.


In 2.3.0.1
----------

 - Bugfix release.


In 2.3.0.0
----------

 - Added this NEWS file. :)
 - Major types overhaul to make them more POSIXly correct:
compatibility with skalibs-2.5.0.0.
 - Fixed the "s6-tls[cd] does not die and the zombie application
hangs around" bug. (It's really a workaround for a TCP bug.)
 - s6-tls[cd] ported to bearssl-0.3. Client certificates still
not supported with BearSSL because Thomas is slooooooow at
implementing the high-level server functions I asked him for :P
 - The meaning of the -Y option in s6-tlsd has changed: it now
means "ask for an optional client certificate". Only valid with
a LibreSSL backend for now.