uacme NEWS
Copyright (C) 2019-2024 Nicola Di Lieto <nicola.dilieto@gmail.com>

## [1.7.6] - 2024-12-29
### Changed
- Fix OpenSSL 3.x deprecated APIs
- Fix cross compilation
  Closes https://github.com/ndilieto/uacme/issues/79
- uacme: Add environment variables
  Closes https://github.com/ndilieto/uacme/issues/63
- uacme: Add support for ACME Renewal Information (ARI)
  Closes https://github.com/ndilieto/uacme/issues/67
- uacme: Try obtaining new Reply-Nonce if server doesn't supply one
  Closes https://github.com/ndilieto/uacme/issues/82
- uacme: Add hook environment variables
  Closes https://github.com/ndilieto/uacme/issues/83
- uacme: Allow matching alternative chain by Authority Key Id
  Closes https://github.com/ndilieto/uacme/issues/85
- Documentation update
- Add link to linode api hook

## [1.7.5] - 2024-01-28
### Changed
- fix ualpn exit code in client mode
  Fixes https://github.com/ndilieto/uacme/issues/76
- fix build with autoconf version 2.71
  See https://github.com/ndilieto/uacme/pull/70
- uacme: nsupdate.sh overhaul and DNAME redirection support
- add link to deSEC.io DNS integration
- minor documentation changes including copyright year

## [1.7.4] - 2023-02-15
### Changed
- uacme: Validate token from ACME server. Fixes
         https://github.com/ndilieto/uacme/issues/64
- minor documentation changes including copyright year

## [1.7.3] - 2022-09-20
### Changed
- better compatibility with LibreSSL, require 3.4.2 or later
- uacme: Enable --must-staple support with LibreSSL > 3.5.0
- ualpn: Fix build issue with mbedTLS 2.x
	 see https://github.com/ndilieto/uacme/pull/61

## [1.7.2] - 2022-07-20
### Added
- uacme: exponential backoff for status polling instead of
         constant 5s delay, to reduce load on server
- uacme: -r option to allow specifying revocation code
- compatibility with mbedTLS v3.2
- compatibility with LibreSSL (with some limitations,
  see https://github.com/ndilieto/uacme/commit/32546c7c

### Changed
- uacme: fix silent failure in nsupdate.sh
         closes https://github.com/ndilieto/uacme/issues/45
- uacme: replace 'echo' with 'printf' in uacme.sh
         closes https://github.com/ndilieto/uacme/issues/48
- uacme: fix compilation warning
- embed ax_check_compile_flag.m4 from autoconf-archive as
  requested in https://github.com/ndilieto/uacme/pull/57
- minor documentation changes including copyright year

## [1.7.1] - 2021-06-04
### Changed
- uacme: fix issue when running from inaccessible directory
         closes https://github.com/ndilieto/uacme/issues/41
- ualpn: use default user group when -u <user> is specified

## [1.7] - 2021-01-17
### Added
- uacme: alternate chain selection by certificate fingerprint
- uacme: print copyright with version
- ualpn: print copyright with version
- ualpn: add notice with version on startup

### Changed
- ualpn: reject duplicate options where appropriate
- ualpn: make ualpn.sh always outputs to stderr
- ualpn: fix compilation warning
- minor changes (typos)
- update copyright years

## [1.6] - 2020-12-06
### Added
- uacme: support for RFC8555 External Account Binding
         closes https://github.com/ndilieto/uacme/issues/40

### Changed
- uacme: fix use after free in surrogate strcasestr function
- uacme: make nsupdate.sh accept quoted TXT challenge values
- uacme: minor cosmetic changes to log messages

## [1.5] - 2020-07-26
### Added
- uacme: -l option to allow selecting alternate chain
- ualpn: mbedtls_x509_crt_parse_der_with_ext_cb support
         fixes https://github.com/ndilieto/uacme/issues/23

### Changed
- ualpn: move signal calls to beginning

## [1.4.1] - 2020-05-30
### Changed
- fix SIGPIPE of parent process in daemon mode
  https://github.com/ndilieto/uacme/issues/36

## [1.4] - 2020-05-30
### Changed
- fix nsupdate.sh
  https://github.com/ndilieto/uacme/issues/32
- uacme: warn that --must-staple is ignored with CSRFILE
- ualpn: swap -p and -P command line switches
- ualpn: increase key buffer size as required by OpenSSL 3.x
- ualpn: fix minor OpenBSD portability issues
- ualpn: fix library link order when using built-in libev
- minor cosmetic code/documentation changes
- README.md now included in distribution

## [1.3] - 2020-05-08
### Added
- support for issuing certificates based on a CSR
- mbedTLS implementation of OCSP check
- nsupdate.sh dns-01 authentication script

### Changed
- allow signing revocation requests with certificate key
- improved handling of RFC8738 with OpenSSL/mbedTLS
- fix memory leak in csr_gen upon some OpenSSL errors

## [1.2.4] - 2020-04-25
### Changed
- improve mbedTLS detection in configure.ac
- check format string arguments with GCC
- ualpn: fix incorrect message arguments

## [1.2.3] - 2020-04-22
### Changed
- fix Content-Type header parsing
  https://github.com/ndilieto/uacme/issues/22

## [1.2.2] - 2020-04-18
### Changed
- fix ualpn socket type bug on uClibc based systems
- fix configure.ac MAP_ANON cross-compilation test

## [1.2.1] - 2020-04-17
### Changed
- increase cert buf size to cope with long identifiers
- fix gcc8 -Wstringop-truncation warning

## [1.2] - 2020-04-15
### Added
- uacme OCSP certificate status check
- ualpn OpenSSL/mbedTLS implementations

### Changed
- add key usage to ualpn challenge certificate
- ensure top bit of ualpn certificate S/N is 0 with OpenSSL
- fix ualpn memory leaks and corner case bugs
- minor cosmetic code/documentation changes

## [1.1.2] - 2020-03-12
### Changed
- fix configure.ac typo affecting LDFLAGS
- fix missing PIPE_BUF when building on hurd-386

## [1.1.1] - 2020-03-12
### Changed
- fix typo breaking build without HAVE_SPLICE
- fix addr_t name collision on s390x

## [1.1] - 2020-03-11
### Added
- IP identifier support (RFC8738)
- tls-alpn-01 (RFC8737) challenge responder (ualpn)

## [1.0.22] - 2020-02-01
### Changed
- relax account status check (compatibility with buypass.no)
- allow client challenge retry requests (RFC8555 section 7.1.6)
- add wildcard clarification in manpage

## [1.0.21] - 2020-01-12
### Changed
- Quote variables in uacme.sh
- Added LFS support (AC_SYS_LARGEFILE)

## [1.0.20] - 2019-10-03
### Changed
- improved HTTP header parsing to fix problem that
  can happen when retrieving directory over HTTP/2

## [1.0.19] - 2019-09-30
### Changed
- fix configure script bug when using explicit
  PKG_CONFIG environment variable
- explicitly set key usage in certificate request

## [1.0.18] - 2019-08-29
### Added
- support for OCSP Must-Staple (-m, --must-staple)

### Changed
- explicitly set key usage constraints with mbedTLS
- fix compilation warning with gcc7 on solaris

## [1.0.17] - 2019-07-03
### Changed
- fix pedantic compilation warning
- configure fails if pkg-config isn't found

## [1.0.16] - 2019-06-17
### Changed
- configure script checks for libcurl HTTPS support
- minor manpage corrections 

## [1.0.15] - 2019-06-15
### Changed
- exit with error if both -a and -s are specified
- avoid depending on libtasn1 if gnutls_decode_rs_value is
  available (requires gnutls 3.6.0 or later)

## [1.0.14] - 2019-06-12
### Changed
- Fix deprecated API when building with OpenSSL v1.1.1c

## [1.0.13] - 2019-06-05
### Changed
- Disable mbedTLS runtime version check if not available

## [1.0.12] - 2019-05-18
### Changed
- Ensure EC key params are always properly padded
- Improved hook_run error checking

## [1.0.11] - 2019-05-17
### Added
- Key rollover (https://tools.ietf.org/html/rfc8555#section-7.3.5)

### Changed
- Revoked cert files now renamed to 'revoked-TIMESTAMP.pem'
- Key auth contains SHA256 digest for tls-alpn-01 (like dns-01)
- Minor logging improvements

## [1.0.10] - 2019-05-12
### Added
- secp384r1 EC key support

### Changed
- -b, --bits option accepts 256 or 384 for EC keys
- enforce multiple of 8 RSA key size
- improved acme_get and acme_post verbose logging
- retry upon badNonce response according to RFC8555 6.5

## [1.0.9] - 2019-05-09
### Added
- EC key/cert support (-t, --type=EC, default RSA)
- RSA key length option (-b, --bits=BITS, default 2048)

## [1.0.8] - 2019-05-05
### Added
- OpenSSL support (./configure --with-openssl)

### Changed
- exit codes: 0=success, 1=cert issuance skipped, 2=error
- mbedtls: dynamically grow buffers when needed

## [1.0.7] - 2019-04-29
### Added
- HTTP User-Agent: header in all requests
- --disable-docs configure option

### Changed
- manpage version now updated automatically

## [1.0.6] - 2019-04-27
### Changed
- fixed uninitialized variable in authorize() function

## [1.0.5] - 2019-04-27
### Changed
- autoconf maintainer mode
- cosmetic change to json primitive dump

## [1.0.4] - 2019-04-26
### Added
- debian packaging

## [1.0.3] - 2019-04-25
### Changed
- fixed gcc -pedantic warnings

## [1.0.2] - 2019-04-24
### Added
- support for mbedTLS (./configure --with-mbedtls)

## [1.0.1] - 2019-04-21
### Changed
- minor fixes to links in documentation

## [1.0] - 2019-04-21
### Added
- first public release
