1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
|
2026-01-25 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.8.0
- uacme: Add support for dns-persist-01 challenge
See https://datatracker.ietf.org/doc/draft-ietf-acme-dns-persist/
- uacme: Add support for certificate profiles
Closes https://github.com/ndilieto/uacme/issues/90
See also https://letsencrypt.org/2025/01/09/acme-profiles/
- uacme: Use Retry-After header when server sends it
- uacme: Add method to check certificate existence and validity
Closes https://github.com/ndilieto/uacme/issues/93
- uacme: Parse RFC3339 timestamps directly
Closes https://github.com/ndilieto/uacme/issues/91
- uacme: Omit Common Name in certificate for IP identifiers
See https://github.com/ndilieto/uacme/pull/96
- uacme: Add support for certificate key rotation
Closes https://github.com/ndilieto/uacme/issues/92
- uacme: Add support for HMAC-SHA-{384,512} in EAB Signatures
Closes https://github.com/ndilieto/uacme/issues/98
- uacme: Support settings from environment in nsupdate.sh
- ualpn: Check that authorization isn't missing
- ualpn: Bump embedded libev to version 4.33
- Documentation update including copyright year
2024-12-29 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.7.6
- Fix OpenSSL 3.x deprecated APIs
- Fix cross compilation
Closes https://github.com/ndilieto/uacme/issues/79
- uacme: Add environment variables
Closes https://github.com/ndilieto/uacme/issues/63
- uacme: Add support for ACME Renewal Information (ARI)
Closes https://github.com/ndilieto/uacme/issues/67
- uacme: Try obtaining new Reply-Nonce if server doesn't supply one
Closes https://github.com/ndilieto/uacme/issues/82
- uacme: Add hook environment variables
Closes https://github.com/ndilieto/uacme/issues/83
- uacme: Allow matching alternative chain by Authority Key Id
Closes https://github.com/ndilieto/uacme/issues/85
- Documentation update
- Add link to linode api hook
2024-01-28 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.7.5
- fix ualpn exit code in client mode
Fixes https://github.com/ndilieto/uacme/issues/76
- fix build with autoconf version 2.71
See https://github.com/ndilieto/uacme/pull/70
- uacme: nsupdate.sh overhaul and DNAME redirection support
- add link to deSEC.io DNS integration
- minor documentation changes including copyright year
2023-02-15 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.7.4
- uacme: Validate token from ACME server. Fixes
https://github.com/ndilieto/uacme/issues/64
- minor documentation changes including copyright year
2022-09-20 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.7.3
- better compatibility with LibreSSL, require 3.4.2 or later
- uacme: Enable --must-staple support with LibreSSL > 3.5.0
- ualpn: Fix build issue with mbedTLS 2.x
see https://github.com/ndilieto/uacme/pull/61
2022-07-20 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.7.2
- uacme: exponential backoff for status polling instead
of constant 5s delay (reduces load on server)
- uacme: new -r option to allow specifying revocation code
- uacme: fix silent failure in nsupdate.sh
closes https://github.com/ndilieto/uacme/issues/45
- uacme: replace 'echo' with 'printf' in uacme.sh
closes https://github.com/ndilieto/uacme/issues/48
- uacme: fix -Wsign-compare warning
- compatibility with mbedTLS v3.2
- compatibility with LibreSSL (with some limitations)
see https://github.com/ndilieto/uacme/commit/32546c7c
- embed ax_check_compile_flag.m4 from autoconf-archive as
requested in https://github.com/ndilieto/uacme/pull/57
- minor documentation changes including copyright year
2021-06-04 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.7.1
- uacme: fix issue when running from inaccessible directory
closes https://github.com/ndilieto/uacme/issues/41
- ualpn: use default user group when -u <user> is specified
2021-01-17 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.7
- uacme: alternate chain selection by certificate fingerprint
- uacme: print copyright with version
- ualpn: print copyright with version
- ualpn: add notice with version on startup
- ualpn: reject duplicate options where appropriate
- ualpn: make ualpn.sh always outputs to stderr
- ualpn: fix compilation warning
- minor changes (typos)
- master branch builds must autoreconf
- update copyright year
2020-12-06 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.6
- uacme: add support for RFC8555 External Account Binding
closes https://github.com/ndilieto/uacme/issues/40
- uacme: fix use after free in surrogate strcasestr function
- uacme: make nsupdate.sh accept quoted TXT challenge values
- uacme: minor cosmetic changes to log messages
2020-07-26 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.5
- uacme: add -l option to allow selecting alternate chain
- ualpn: move signal calls to beginning
- ualpn: add mbedtls_x509_crt_parse_der_with_ext_cb support
fixes https://github.com/ndilieto/uacme/issues/23
2020-05-30 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.4.1
- fix SIGPIPE of parent process in daemon mode
https://github.com/ndilieto/uacme/issues/36
2020-05-30 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.4
- fix nsupdate.sh
https://github.com/ndilieto/uacme/issues/32
- uacme: warn that --must-staple is ignored with CSRFILE
- ualpn: swap -p and -P command line switches
- ualpn: remove redundant memset
- ualpn: increase key buffer size as required by OpenSSL 3.x
- ualpn: fix minor OpenBSD portability issues
- ualpn: fix typo in warning message
- ualpn: fix library link order when using built-in libev
- README.md now included in distribution
2020-05-08 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.3
- allow signing revocation requests with certificate key
- add support for issuing certificates based on a CSR
- add mbedTLS implementation of OCSP check
- add nsupdate.sh dns-01 authentication script
- improve handling of RFC8738 with OpenSSL/mbedTLS
- fix memory leak in csr_gen upon some OpenSSL errors
2020-04-25 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.2.4
- improve mbedTLS detection in configure.ac
- check format string arguments with GCC
- ualpn: fix incorrect message arguments
2020-04-22 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.2.3
- fix Content-Type header parsing
https://github.com/ndilieto/uacme/issues/22
2020-04-18 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.2.2
- fix ualpn socket type bug on uClibc based systems
- fix configure.ac MAP_ANON cross-compilation test
2020-04-17 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.2.1
- increase cert buf size to cope with long identifiers
- fix gcc8 -Wstringop-truncation warning
2020-04-15 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.2
- add uacme OCSP certificate status check
- add ualpn OpenSSL/mbedTLS implementations
- add key usage to ualpn challenge certificate
- ensure top bit of ualpn certificate S/N is 0 with OpenSSL
- fix ualpn memory leaks and corner case bugs
- minor cosmetic code and documentation changes
2020-03-12 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.1.2
- fix configure.ac typo affecting LDFLAGS
- fix missing PIPE_BUF when building on hurd-386
2020-03-12 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.1.1
- fix typo breaking build without HAVE_SPLICE
- fix addr_t name collision on s390x
2020-03-11 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.1
- added IP identifier support (RFC8738)
- added tls-alpn-01 (RFC8737) challenge responder (ualpn)
2020-02-01 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.0.22
- relax account status check (compatibility with buypass.no)
- allow client challenge retry requests (RFC8555 sec. 7.1.6)
- pass -L flag to a2x in order to avoid depending on xmllint
- add wildcard clarification in manpage
2020-01-12 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.0.21
- Fixed uacme.sh: https://github.com/ndilieto/uacme/pull/12
- Added LFS support (AC_SYS_LARGEFILE)
2019-10-03 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.0.20
- improved HTTP header parsing to fix problem that
can happen when retrieving directory over HTTP/2
2019-09-30 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.0.19
- Fix configure script bug when using explicit
PKG_CONFIG environment variable
- explicitly set key usage in certificate request
2019-08-29 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.0.18
- support for OCSP Must-Staple (-m, --must-staple)
- explicitly set key usage constraints with mbedTLS
- fix compilation warning with gcc7 on solaris
2019-07-03 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.0.17
- fix pedantic compilation warning
- configure fails if pkg-config isn't found
2019-06-17 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.0.16
- Configure script checks for libcurl HTTPS support
- Minor man page corrections
2019-06-15 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.0.15
- Exit with error if both -a and -s are specified
- Avoid depending on libtasn1 if gnutls_decode_rs_value is available
2019-06-12 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.0.14
- Fix deprecated API when building with OpenSSL v1.1.1c
2019-06-05 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.0.13
- Disable mbedTLS runtime version check if not available
2019-05-18 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.0.12
- Ensure EC key params are always properly padded
- Improved hook_run error checking
2019-05-17 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.0.11
- Key rollover (https://tools.ietf.org/html/rfc8555#section-7.3.5)
- Revoked cert files now renamed to 'revoked-TIMESTAMP.pem'
- Key auth contains SHA256 digest for tls-alpn-01 (like dns-01)
- Minor logging improvements
2019-05-12 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.0.10
- added secp384r1 EC key support
- -b, --bits option accepts 256 or 384 for EC keys
- enforce multiple of 8 RSA key size
- improved acme_get and acme_post verbose logging
- retry upon badNonce response according to RFC8555 6.5
- mbedtls: fixed incorrect size of EC signature
2019-05-09 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.0.9
- added EC key/cert support (-t, --type=EC, default RSA)
- added RSA key length option (-b, --bits=BITS, default 2048)
2019-05-04 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.0.8
- added OpenSSL support (./configure --with-openssl)
- check libraries versions at both compile and run time
- exit codes: 0=success, 1=cert issuance skipped, 2=error
- mbedtls: dynamically grow buffers when needed
2019-04-29 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.0.7
- added HTTP User-Agent: header to all requests
- added --disable-docs configure option
- manpage version now updated automatically
2019-04-27 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.0.6
- fix uninitialized variable in authorize()
2019-04-27 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.0.5
- add AM_MAINTAINER_MODE to configure.ac
- minor cosmetic change to json primitive dump
2019-04-26 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.0.4
- debian packaging
- fix potential uninitialized var access in acme_get()
- fix fprintf format string in _json_dump()
- copy doc/index.html on demand only
2019-04-25 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.0.3
- fixed more -pedantic gcc warnings
- html manpage in html5; copy as doc/html for github hosting
2019-04-24 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.0.2
- allow choosing between GnuTLS and mbedTLS at compile time
- improved directory existence check
- fixed -Wall -pedantic gcc warnings
2019-04-21 Nicola Di Lieto <nicola.dilieto@gmail.com>
* Release 1.0.1
- fix acme challenge web server path
- fix spelling in help text
2019-04-21 Nicola Di Lieto <nicola.dilieto@gmail.com>
* First public release (1.0)
|
