Changeset b6ce8ad in mod_gnutls for CHANGELOG


Ignore:
Timestamp:
Aug 14, 2021, 7:54:22 AM (2 months ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
master
Parents:
7677448
git-author:
Fiona Klute <fiona.klute@…> (08/14/21 07:53:27)
git-committer:
Fiona Klute <fiona.klute@…> (08/14/21 07:54:22)
Message:

Release version 0.12.0

File:
1 edited

Legend:

Unmodified
Added
Removed
  • CHANGELOG

    r7677448 rb6ce8ad  
    1 ** Version 0.12.0 (UNRELEASED)
     1** Version 0.12.0 (2021-08-14)
     2
     3- Three fixes that make mod_gnutls compatible with the Let's Encrypt
     4  OCSP responder for OCSP stapling:
     5
     6  1. Support OCSP responses that are signed directly with the private
     7     key of the CA and do not embed a signer certificate.
     8
     9  2. If the path part of OCSP URI provided in the certificate is
     10     empty, use "/".
     11
     12  3. Use SHA1 for issuer name hash and issuer key hash in OCSP
     13     requests. Support for that is required by RFC 5019 and referenced
     14     in CAB Forum Baseline Requirements, too. This particular hash
     15     doesn't need to be cryptographically secure.
    216
    317- Remove insecure algorithms that are still included in the GnuTLS
    418  priority set "NORMAL" from the default priorities: plain RSA key
    519  exchange, TLS 1.0, TLS 1.1
     20
     21- Fix virtual host references when retrieving OCSP responses for
     22  stapling.
    623
    724- Share server instances for tests where reasonably possible with the
     
    1229  coverage at least as good as before.
    1330
    14 - Some minor cleanup of tests and logging infrastructure.
     31- Various improvements to tests and logging infrastructure.
    1532
    1633** Version 0.11.0 (2020-06-27)
Note: See TracChangeset for help on using the changeset viewer.