source: mod_gnutls/CHANGELOG @ 401a0de

debian/masterdebian/stretch-backportsjessie-backportsupstream
Last change on this file since 401a0de was 71cac80, checked in by Thomas Klute <thomas2.klute@…>, 4 years ago

Release version 0.7.1

  • Property mode set to 100644
File size: 5.3 KB
Line 
1**TODO:
2- Handle Unclean Shutdowns
3- make session cache use generic apache caches
4
5** Version 0.7.1 (2015-10-18)
6- Improved handling of PKCS #11 modules: mod_gnutls now loads either
7  modules specified using GnuTLSP11Module, or the system defaults, but
8  not both. Thanks to Nikos Mavrogiannopoulos for the report and
9  initial patch!
10- Initialize variables to safe defaults during client certificate
11  verification. Certain error code paths did not set them, but they
12  should never be hit due to config validation. This adds another line
13  of defense.
14- Enable C99 support via autoconf
15- Test suite improvements. Most importantly, automake now handles
16  environment setup without any external make calls. Rules to build
17  the certificates are included from the old test makefile. Note that
18  the dependency on GNU make is not new (the test makefile always used
19  GNU make syntax), it just wasn't listed explicitly.
20
21** Version 0.7 (2015-07-12)
22- Security fix for TLS client authentication (CVE-2015-2091)
23- Bug fixes that enable support for reverse proxy operation
24- Various test suite improvements. Tests are configured through autoconf,
25  so the test suite now works for builds without Monkeysphere support.
26- Add support for TLS connections to back end servers when operating as a
27  reverse proxy (X.509 authentication only at the moment).
28- PKCS #11 support for server keys and certificates
29- Use strict compiler arguments by default (-Wall -Werror -Wextra)
30- Allow limiting the size of certificates exported as SSL_SERVER_CERT
31  and SSL_CLIENT_CERT through the GnuTLSExportCertificates directive
32
33** Version 0.6 (2014-02-17)
34- Generating DH Params instead of using static ones.
35- Now considering ServerAlias Directives.
36- Major Legacy Code Cleanup.
37- html and pdf and manual documentation generated from markdown sources
38- support monkeysphere validation agent (MSVA) client-certificate verification
39- wider test suite
40- GnuTLSExportCertificates off by default
41
42** Version 0.5.10 (2011-07-12)
43- Patched a bug responsible for excessive memory consumption by mod_gnutls.
44- Support for proxying from SSL to plain HTTP was added (ie. proxy termination).
45
46** Version 0.5.9 (2010-09-24)
47- GnuTLSCache none is now an allowed option.
48- Corrected behavior in Keep-Alive connections (do not
49  terminate the connection prematurely)
50- The GnuTLSCache variable now can be given the specific
51  option "gdbm" instead of "dbm". "dbm" will use the berkeley
52  db type of libapr while gdbm will force gdbm to be used.
53  sdbm is no longer being used due to serious limitations.
54
55** Version 0.5.8 (2010-08-18)
56- Session tickets are enabled by default.
57- Fixes some segmentation faults noticed in some
58  configurations.
59
60** Version 0.5.7 (2010-07-01)
61- Force usage of SDBM. For some reason the default in
62  my system had issues after reaching a limit of entries.
63  SDBM seems stable so force it.
64- Optimizations in session caching.
65- Added support for session tickets. This allows a
66  server to avoid using a session cache and still support
67  session resumption. This is at the cost of transporting
68  session data during handshake. New option
69  GnuTLSSessionTickets [on|off]
70- Depend on gnutls 2.10.0 to force support for safe
71  renegotiation.
72
73** Version 0.5.6 (2010-03-24)
74- Corrected issue with firefox and long POST data (by
75  handling EINTR and EAGAIN errors in read).
76- Added support for chained client certificates
77- Corrected more issues related to double frees
78http://issues.outoforder.cc/view.php?id=102
79
80** Version 0.5.5 (2009-06-13)
81- Removed limits on CA certificate loading. Reported by
82  Sander Marechal and Jack Bates.
83- Do not allow sending empty TLS packets even when instructed to.
84  This had the side effect of clients closing connection.
85
86** Version 0.5.4 (2009-01-04)
87- mod_gnutls.h: modified definition to extern to avoid compilation
88  errors in darwin.
89- Added patch to fix issue with mod_proxy. Investigation and patch by Alain
90  Knaff.
91- libgnutls detection uses pkg-config.
92
93** Version 0.5.3 (2008-10-16)
94- Corrected bug to allow having an OpenPGP-only web site.
95- Increased Max handshake tries due to interrupted system calls.
96
97** Version 0.5.2 (2008-06-29)
98- Depend on gnutls 2.4 which has openpgp support in main library.
99
100** Version 0.5.1 (2008-03-05)
101- Added --disable-srp configure option
102- Better check for memcache (patch by Guillaume Rousse)
103- Corrected possible memory leak in DBM support for resuming sessions.
104
105** Version 0.5.0-alpha (2008-01-24)
106- Added support for OpenPGP keys. The new directives are:
107  GnuTLSPGPKeyringFile, GnuTLSPGPCertificateFile, GnuTLSPGPKeyFile
108
109** Version 0.4.2 (2007-12-10)
110- Added support for sending a certificate chain.
111- Corrected bug which did not allow the TLS session cache to be used.
112- Do not allow resuming sessions on different servers.
113
114** Version 0.4.1 (2007-12-03)
115- Added support for subject alternative names in certificates.
116Only one per certificate is supported.
117- New enviroment variables: SSL_CLIENT_M_VERSION, SSL_CLIENT_S_SAN%,
118SSL_CLIENT_S_TYPE, SSL_SERVER_M_VERSION, SSL_SERVER_S_SAN%, SSL_SERVER_S_TYPE
119- The compatibility mode can now be enabled explicitely with the
120%COMPAT keyword at the GnuTLSPriorities string. It is no longer the default.
121- Check for GnuTLSPriorities directive. This corrects a segfault. Thanks
122to David Hrbáč.
123- Better handling of GnuTLSDHFile and GnuTLSRSAFile.
124- No longer default paths for RSA and DH parameter files.
Note: See TracBrowser for help on using the repository browser.