Merge tag 'v0.5.4' into debian/latest

Release version 0.5.4

1 files changed, 26 insertions, 0 deletions

diff --git a/Changelog b/Changelog
index 4d9b9a4..28a1ef4 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,29 @@
+interimap (0.5.4) upstream;
+
+ * libinterimap: make SSL_verify also checks that the certificate
+   Subject Alternative Name (SAN) or Subject CommonName (CN) matches the
+   hostname or IP literal specified by the 'host' option.  Previously it
+   was only checking the chain of trust.  This bumps the minimum
+   Net::SSLeay version to 1.83 and OpenSSL version 1.0.2.
+ * libinterimap: add support for the TLS SNI (Server Name Indication)
+   extension, controlled by the new 'SSL_hostname' option.  The default
+   value of that option is the value of the 'host' option when it is
+   hostname, and the empty string (which disables SNI) when it is an IP
+   literal.
+ + libinterimap: show the matching pinned SPKI in --debug mode.
+ + test suite: always generate new certificates on `make test`.  Hence
+   running `make test` now requires OpenSSL 1.1.1 or later.
+ + test suite: sign all test certificates with the same root CA.
+ + libinterimap: factor out hostname/IP parsing.
+ + document that enclosing 'host' value in square brackets forces its
+   interpretation as an IP literal (hence skips name resolution).
+ + Makefile: new 'release' target; also, change the tag format from
+   upstream/$VERSION to v$VERSION.
+ - documentation: replace example.org with example.net for consistency.
+ - rename 'debian' branch to 'debian/latest' for DEP-14 compliance.
+
+ -- Guilhem Moulin <guilhem@fripost.org>  Fri, 11 Dec 2020 11:21:17 +0100
+
 interimap (0.5.3) upstream;
 
  * libinterimap: SSL_fingerprint now supports a space-separate list of