forked from OpenVPN/easy-rsa
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ChangeLog
196 lines (155 loc) · 7.42 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
Easy-RSA 3 ChangeLog
3.1.1 (TBD)
* Expand 'show-renew', include 'renewed/certs_by_serial' (#700)
* Introduce 'renew' (version 3). Only renew cert (#688)
* Require 'openssl-easyrsa.cnf' is up to date (#695}
* Always ensure X509-types files exist (#581 #696)
* Remove renew-req (#684)
* Re-enable use of '--vars=FILE init-pki' #640 (Revert #566)
* Introduce --keep-tmp, keep temp files for debugging (#667)
* Introduce Quiet mode option -q|--quiet, disable information output
8b7e79096b18afc5c61bfbaee204c1f7401f0019
* Introduce renew-req, create a new CSR for an existing key (#616)
Superseded by #684
* Add serialNumber (OID 2.5.4.5) to DN 'org' mode (#606)
* Support ampersand and dollar-sign in vars file (#590)
* Introduce 'rewind-renew' (#579)
* Expand status reports to include checking a single cert (#577)
* update OpenSSL for Windows to 3.0.5
3.1.0 (2022-05-18)
* Introduce basic support for OpenSSL version 3 (#492)
* Update regex in grep to be POSIX compliant (#556)
* Introduce status reporting tools (#555 & #557)
* Display certificates using UTF8 (#551)
* Allow certificates to be created with fixed date offset (#550)
* Add 'verify' to verify certificate against CA (#549)
* Add PKCS#12 alias 'friendlyName' (#544)
* Disallow use of '--vars=FILE init-pki' (#566)
* Support multiple IP-Addresses in SAN (#564)
* Add option '--renew-days=NN', custom renew grace period (#557)
* Add 'nopass' option to the 'export-pkcs' functions (#411)
* Add support for 'busybox' (#543)
* Add option '--tmp-dir=DIR' to declare Temp-dir (Commit f503a22)
3.0.9 (2022-05-17)
* Upgrade OpenSSL from 1.1.0j to 1.1.1o (#405, #407)
- We are buliding this ourselves now.
* Fix --version so it uses EASYRSA_OPENSSL (#416)
* Use openssl rand instead of non-POSIX mktemp (#478)
* Fix paths with spaces (#443)
* Correct OpenSSL version from Homebrew on macOs (#416)
* Fix revoking a renewed certificate (Original PR #394)
Follow-up commit: ef22701878bb10df567d60f2ac50dce52a82c9ee
* Introduce 'show-crl' (d1993892178c5219f4a38d50db3b53d1a972b36c)
* Support Windows-Git 'version of bash' (#533)
* Disallow use of single quote (') in vars file, Warning (#530)
* Creating a CA uses x509-types/ca and COMMON (#526)
* Prefer 'PKI/vars' over all other locations (#528)
* Introduce 'init-pki soft' option (#197)
* Warnings are no longer silenced by --batch (#523)
* Improve packaging options (#510)
* Update regex for POSIX compliance (#556)
* Correct date format for Darwin/BSD (#559)
3.0.8 (2020-09-09)
* Provide --version option (#372)
* Version information now within generated certificates like on *nix
* Fixed issue where gen-dh overwrote existing files without warning (#373)
* Fixed issue with ED/EC certificates were still signed by RSA (#374)
* Added support for export-p8 (#339)
* Clarified error message (#384)
* 2->3 upgrade now errors and prints message when vars isn't found (#377)
3.0.7 (2020-03-30)
* Include OpenSSL libs and binary for Windows 1.1.0j
* Remove RANDFILE environment variable (#261)
* Workaround for bug in win32 mktemp (#247, #305, PR #312)
* Handle IP address in SAN and renewals (#317)
* Workaround for ash and no set -o echo (#319)
* Shore up windows testing framework (#314)
* Provide upgrade mechanism for older versions of EasyRSA (#349)
* Add support for KDC certificates (#322)
* Add support for Edward Curves (#354, #350)
* Add support for EASYRSA_PASSIN and EASYRSA_PASSOUT env vars (#368)
* Add support for RID to SAN (#362)
3.0.6 (2019-02-01)
* Certificates that are revoked now move to a revoked subdirectory (#63)
* EasyRSA no longer clobbers non-EASYRSA environment variables (#277)
* More sane string checking, allowing for commas in CN (#267)
* Support for reasonCode in CRL (#280)
* Better handling for capturing passphrases (#230, others)
* Improved LibreSSL/MacOS support
* Adds support to renew certificates up to 30 days before expiration (#286)
- This changes previous behavior allowing for certificate creation using
duplicate CNs.
3.0.5 (2018-09-15)
* Fix #17 & #58: use AES256 for CA key
* Also, don't use read -s, use stty -echo
* Fix broken "nopass" option
* Add -r to read to stop errors reported by shellcheck (and to behave)
* Remove overzealous quotes around $pkcs_opts (more SC errors)
* Support for LibreSSL
* EasyRSA version will be reported in certificate comments
* Client certificates now expire in 3 year (1080 days) by default
3.0.4 (2018-01-21)
* Remove use of egrep (#154)
* Integrate with Travis-CI (#165)
* Remove "local" from variable assignment (#165)
* Other changes related to Travis-CI fixes
* Assign values to variables defined previously w/local
* Finally(?) fix the subjectAltName issues I presented earlier (really
fixes #168)
3.0.3 (2017-08-22)
* Include mktemp windows binary
* copy CSR extensions into signed certificate
3.0.2 (2017-08-21)
* Add missing windows binaries
3.0.1 (2015-10-25)
* Correct some packaging errors
3.0.0 (2015-09-07)
* cab4a07 Fix typo: Hellman
(ljani: Github)
* 171834d Fix typo: Default
(allo-: Github)
* 8b42eea Make aes256 default, replacing 3des
(keros: Github)
* f2f4ac8 Make -utf8 default
(roubert: Github)
3.0.0-rc2 (2014/07/27)
* 1551e5f docs: fix typo
(Josh Cepek <[email protected]>)
* 7ae44b3 Add KNOWN_ISSUES to stage next -rc release
(Josh Cepek <[email protected]>)
* a0d58b2 Update documentation
(Josh Cepek <[email protected]>)
* 5758825 Fix vars.example with proper path to extensions.temp
(Josh Cepek <[email protected]>)
* 89f369c Add support to change private key passphrases
(Josh Cepek <[email protected]>)
* 49d7c10 Improve docs: add Upgrade-Notes; add online support refs
(Josh Cepek <[email protected]>)
* fcc4547 Add build-dist packaging script; update Building docs
(Josh Cepek <[email protected]>)
* f74d08e docs: update Hacking.md with layout & git conventions
(Josh Cepek <[email protected]>)
* 0754f23 Offload temp file removal to a clean_temp() function
(Josh Cepek <[email protected]>)
* 1c90df9 Fix incorrect handling of invalid --use-algo option
(Josh Cepek <[email protected]>)
* c86289b Fix batch-mode handling with changes in e75ad75
(Josh Cepek <[email protected]>)
* e75ad75 refine how booleans are evaluated
(Eric F Crist <[email protected]>)
* cc19823 Merge PKCS#7 feature from pull req #14
(Author: Luiz Angelo Daros de Luca <[email protected]>)
(Modified-By: Josh Cepek <[email protected]>)
* 8b1fe01 Support OpenSSL-0.9.8 with the EXTRA_EXTS feature
(Josh Cepek <[email protected]>)
* d5516d5 Windows: make builds easier by using a matching dir structure
(Josh Cepek <[email protected]>)
* dc2e6dc Windows: improve external checks and env-var help
(Josh Cepek <[email protected]>)
3.0.0-rc1 (2013/12/01)
* The 3.x release is a nearly complete re-write of the 2.x codebase
* Initial 3.x series code by Josh Cepek <[email protected]> -- continuing
maintenance by the OpenVPN community development team and associated
contributors
* Add ECDSA (elliptic curve) support, thanks to Steffan Karger