| 1 | **TODO: |
|---|
| 2 | - Handle Unclean Shutdowns |
|---|
| 3 | - make session cache use generic apache caches |
|---|
| 4 | |
|---|
| 5 | ** Version 0.7 beta (2015-06-27) |
|---|
| 6 | - Security fix for TLS client authentication (CVE-2015-2091) |
|---|
| 7 | - Bug fixes that enable support for reverse proxy operation |
|---|
| 8 | - Various test suite improvements. Tests are configured through autoconf, |
|---|
| 9 | so the test suite now works for builds without Monkeysphere support. |
|---|
| 10 | - Add support for TLS connections to back end servers when operating as a |
|---|
| 11 | reverse proxy (X.509 authentication only at the moment). |
|---|
| 12 | - PKCS #11 support for server keys and certificates |
|---|
| 13 | - Use strict compiler arguments by default (-Wall -Werror -Wextra) |
|---|
| 14 | - Allow limiting the size of certificates exported as SSL_SERVER_CERT |
|---|
| 15 | and SSL_CLIENT_CERT through the GnuTLSExportCertificates directive |
|---|
| 16 | |
|---|
| 17 | ** Version 0.6 (2014-02-17) |
|---|
| 18 | - Generating DH Params instead of using static ones. |
|---|
| 19 | - Now considering ServerAlias Directives. |
|---|
| 20 | - Major Legacy Code Cleanup. |
|---|
| 21 | - html and pdf and manual documentation generated from markdown sources |
|---|
| 22 | - support monkeysphere validation agent (MSVA) client-certificate verification |
|---|
| 23 | - wider test suite |
|---|
| 24 | - GnuTLSExportCertificates off by default |
|---|
| 25 | |
|---|
| 26 | ** Version 0.5.10 (2011-07-12) |
|---|
| 27 | - Patched a bug responsible for excessive memory consumption by mod_gnutls. |
|---|
| 28 | - Support for proxying from SSL to plain HTTP was added (ie. proxy termination). |
|---|
| 29 | |
|---|
| 30 | ** Version 0.5.9 (2010-09-24) |
|---|
| 31 | - GnuTLSCache none is now an allowed option. |
|---|
| 32 | - Corrected behavior in Keep-Alive connections (do not |
|---|
| 33 | terminate the connection prematurely) |
|---|
| 34 | - The GnuTLSCache variable now can be given the specific |
|---|
| 35 | option "gdbm" instead of "dbm". "dbm" will use the berkeley |
|---|
| 36 | db type of libapr while gdbm will force gdbm to be used. |
|---|
| 37 | sdbm is no longer being used due to serious limitations. |
|---|
| 38 | |
|---|
| 39 | ** Version 0.5.8 (2010-08-18) |
|---|
| 40 | - Session tickets are enabled by default. |
|---|
| 41 | - Fixes some segmentation faults noticed in some |
|---|
| 42 | configurations. |
|---|
| 43 | |
|---|
| 44 | ** Version 0.5.7 (2010-07-01) |
|---|
| 45 | - Force usage of SDBM. For some reason the default in |
|---|
| 46 | my system had issues after reaching a limit of entries. |
|---|
| 47 | SDBM seems stable so force it. |
|---|
| 48 | - Optimizations in session caching. |
|---|
| 49 | - Added support for session tickets. This allows a |
|---|
| 50 | server to avoid using a session cache and still support |
|---|
| 51 | session resumption. This is at the cost of transporting |
|---|
| 52 | session data during handshake. New option |
|---|
| 53 | GnuTLSSessionTickets [on|off] |
|---|
| 54 | - Depend on gnutls 2.10.0 to force support for safe |
|---|
| 55 | renegotiation. |
|---|
| 56 | |
|---|
| 57 | ** Version 0.5.6 (2010-03-24) |
|---|
| 58 | - Corrected issue with firefox and long POST data (by |
|---|
| 59 | handling EINTR and EAGAIN errors in read). |
|---|
| 60 | - Added support for chained client certificates |
|---|
| 61 | - Corrected more issues related to double frees |
|---|
| 62 | http://issues.outoforder.cc/view.php?id=102 |
|---|
| 63 | |
|---|
| 64 | ** Version 0.5.5 (2009-06-13) |
|---|
| 65 | - Removed limits on CA certificate loading. Reported by |
|---|
| 66 | Sander Marechal and Jack Bates. |
|---|
| 67 | - Do not allow sending empty TLS packets even when instructed to. |
|---|
| 68 | This had the side effect of clients closing connection. |
|---|
| 69 | |
|---|
| 70 | ** Version 0.5.4 (2009-01-04) |
|---|
| 71 | - mod_gnutls.h: modified definition to extern to avoid compilation |
|---|
| 72 | errors in darwin. |
|---|
| 73 | - Added patch to fix issue with mod_proxy. Investigation and patch by Alain |
|---|
| 74 | Knaff. |
|---|
| 75 | - libgnutls detection uses pkg-config. |
|---|
| 76 | |
|---|
| 77 | ** Version 0.5.3 (2008-10-16) |
|---|
| 78 | - Corrected bug to allow having an OpenPGP-only web site. |
|---|
| 79 | - Increased Max handshake tries due to interrupted system calls. |
|---|
| 80 | |
|---|
| 81 | ** Version 0.5.2 (2008-06-29) |
|---|
| 82 | - Depend on gnutls 2.4 which has openpgp support in main library. |
|---|
| 83 | |
|---|
| 84 | ** Version 0.5.1 (2008-03-05) |
|---|
| 85 | - Added --disable-srp configure option |
|---|
| 86 | - Better check for memcache (patch by Guillaume Rousse) |
|---|
| 87 | - Corrected possible memory leak in DBM support for resuming sessions. |
|---|
| 88 | |
|---|
| 89 | ** Version 0.5.0-alpha (2008-01-24) |
|---|
| 90 | - Added support for OpenPGP keys. The new directives are: |
|---|
| 91 | GnuTLSPGPKeyringFile, GnuTLSPGPCertificateFile, GnuTLSPGPKeyFile |
|---|
| 92 | |
|---|
| 93 | ** Version 0.4.2 (2007-12-10) |
|---|
| 94 | - Added support for sending a certificate chain. |
|---|
| 95 | - Corrected bug which did not allow the TLS session cache to be used. |
|---|
| 96 | - Do not allow resuming sessions on different servers. |
|---|
| 97 | |
|---|
| 98 | ** Version 0.4.1 (2007-12-03) |
|---|
| 99 | - Added support for subject alternative names in certificates. |
|---|
| 100 | Only one per certificate is supported. |
|---|
| 101 | - New enviroment variables: SSL_CLIENT_M_VERSION, SSL_CLIENT_S_SAN%, |
|---|
| 102 | SSL_CLIENT_S_TYPE, SSL_SERVER_M_VERSION, SSL_SERVER_S_SAN%, SSL_SERVER_S_TYPE |
|---|
| 103 | - The compatibility mode can now be enabled explicitely with the |
|---|
| 104 | %COMPAT keyword at the GnuTLSPriorities string. It is no longer the default. |
|---|
| 105 | - Check for GnuTLSPriorities directive. This corrects a segfault. Thanks |
|---|
| 106 | to David Hrbáč. |
|---|
| 107 | - Better handling of GnuTLSDHFile and GnuTLSRSAFile. |
|---|
| 108 | - No longer default paths for RSA and DH parameter files. |
|---|
