[9ee7549] | 1 | **TODO: |
---|
[460c048] | 2 | - Fix support for proxy termination |
---|
| 3 | - Handle Unclean Shutdowns |
---|
| 4 | - make session cache use generic apache caches |
---|
| 5 | |
---|
| 6 | ** Version 0.6 (2014-02-17) |
---|
| 7 | - Generating DH Params instead of using static ones. |
---|
| 8 | - Now considering ServerAlias Directives. |
---|
| 9 | - Major Legacy Code Cleanup. |
---|
| 10 | - html and pdf and manual documentation generated from markdown sources |
---|
| 11 | - support monkeysphere validation agent (MSVA) client-certificate verification |
---|
| 12 | - wider test suite |
---|
| 13 | - GnuTLSExportCertificates off by default |
---|
[9ee7549] | 14 | |
---|
| 15 | ** Version 0.5.10 (2011-07-12) |
---|
[460c048] | 16 | - Patched a bug responsible for excessive memory consumption by mod_gnutls. |
---|
| 17 | - Support for proxying from SSL to plain HTTP was added (ie. proxy termination). |
---|
[9ee7549] | 18 | |
---|
| 19 | ** Version 0.5.9 (2010-09-24) |
---|
| 20 | - GnuTLSCache none is now an allowed option. |
---|
| 21 | - Corrected behavior in Keep-Alive connections (do not |
---|
| 22 | terminate the connection prematurely) |
---|
| 23 | - The GnuTLSCache variable now can be given the specific |
---|
| 24 | option "gdbm" instead of "dbm". "dbm" will use the berkeley |
---|
| 25 | db type of libapr while gdbm will force gdbm to be used. |
---|
| 26 | sdbm is no longer being used due to serious limitations. |
---|
| 27 | |
---|
| 28 | ** Version 0.5.8 (2010-08-18) |
---|
| 29 | - Session tickets are enabled by default. |
---|
| 30 | - Fixes some segmentation faults noticed in some |
---|
| 31 | configurations. |
---|
| 32 | |
---|
| 33 | ** Version 0.5.7 (2010-07-01) |
---|
| 34 | - Force usage of SDBM. For some reason the default in |
---|
| 35 | my system had issues after reaching a limit of entries. |
---|
| 36 | SDBM seems stable so force it. |
---|
| 37 | - Optimizations in session caching. |
---|
| 38 | - Added support for session tickets. This allows a |
---|
| 39 | server to avoid using a session cache and still support |
---|
| 40 | session resumption. This is at the cost of transporting |
---|
| 41 | session data during handshake. New option |
---|
| 42 | GnuTLSSessionTickets [on|off] |
---|
| 43 | - Depend on gnutls 2.10.0 to force support for safe |
---|
| 44 | renegotiation. |
---|
| 45 | |
---|
| 46 | ** Version 0.5.6 (2010-03-24) |
---|
| 47 | - Corrected issue with firefox and long POST data (by |
---|
| 48 | handling EINTR and EAGAIN errors in read). |
---|
| 49 | - Added support for chained client certificates |
---|
| 50 | - Corrected more issues related to double frees |
---|
| 51 | http://issues.outoforder.cc/view.php?id=102 |
---|
| 52 | |
---|
| 53 | ** Version 0.5.5 (2009-06-13) |
---|
| 54 | - Removed limits on CA certificate loading. Reported by |
---|
| 55 | Sander Marechal and Jack Bates. |
---|
| 56 | - Do not allow sending empty TLS packets even when instructed to. |
---|
| 57 | This had the side effect of clients closing connection. |
---|
| 58 | |
---|
| 59 | ** Version 0.5.4 (2009-01-04) |
---|
| 60 | - mod_gnutls.h: modified definition to extern to avoid compilation |
---|
| 61 | errors in darwin. |
---|
| 62 | - Added patch to fix issue with mod_proxy. Investigation and patch by Alain |
---|
| 63 | Knaff. |
---|
| 64 | - libgnutls detection uses pkg-config. |
---|
| 65 | |
---|
| 66 | ** Version 0.5.3 (2008-10-16) |
---|
| 67 | - Corrected bug to allow having an OpenPGP-only web site. |
---|
| 68 | - Increased Max handshake tries due to interrupted system calls. |
---|
| 69 | |
---|
| 70 | ** Version 0.5.2 (2008-06-29) |
---|
| 71 | - Depend on gnutls 2.4 which has openpgp support in main library. |
---|
| 72 | |
---|
| 73 | ** Version 0.5.1 (2008-03-05) |
---|
| 74 | - Added --disable-srp configure option |
---|
| 75 | - Better check for memcache (patch by Guillaume Rousse) |
---|
| 76 | - Corrected possible memory leak in DBM support for resuming sessions. |
---|
| 77 | |
---|
| 78 | ** Version 0.5.0-alpha (2008-01-24) |
---|
| 79 | - Added support for OpenPGP keys. The new directives are: |
---|
| 80 | GnuTLSPGPKeyringFile, GnuTLSPGPCertificateFile, GnuTLSPGPKeyFile |
---|
| 81 | |
---|
| 82 | ** Version 0.4.2 (2007-12-10) |
---|
| 83 | - Added support for sending a certificate chain. |
---|
| 84 | - Corrected bug which did not allow the TLS session cache to be used. |
---|
| 85 | - Do not allow resuming sessions on different servers. |
---|
| 86 | |
---|
| 87 | ** Version 0.4.1 (2007-12-03) |
---|
| 88 | - Added support for subject alternative names in certificates. |
---|
| 89 | Only one per certificate is supported. |
---|
| 90 | - New enviroment variables: SSL_CLIENT_M_VERSION, SSL_CLIENT_S_SAN%, |
---|
| 91 | SSL_CLIENT_S_TYPE, SSL_SERVER_M_VERSION, SSL_SERVER_S_SAN%, SSL_SERVER_S_TYPE |
---|
| 92 | - The compatibility mode can now be enabled explicitely with the |
---|
| 93 | %COMPAT keyword at the GnuTLSPriorities string. It is no longer the default. |
---|
| 94 | - Check for GnuTLSPriorities directive. This corrects a segfault. Thanks |
---|
| 95 | to David Hrbáč. |
---|
| 96 | - Better handling of GnuTLSDHFile and GnuTLSRSAFile. |
---|
| 97 | - No longer default paths for RSA and DH parameter files. |
---|