diff options
Diffstat (limited to 'Changelog')
-rw-r--r-- | Changelog | 26 |
1 files changed, 26 insertions, 0 deletions
@@ -1,3 +1,29 @@ +interimap (0.5.4) upstream; + + * libinterimap: make SSL_verify also checks that the certificate + Subject Alternative Name (SAN) or Subject CommonName (CN) matches the + hostname or IP literal specified by the 'host' option. Previously it + was only checking the chain of trust. This bumps the minimum + Net::SSLeay version to 1.83 and OpenSSL version 1.0.2. + * libinterimap: add support for the TLS SNI (Server Name Indication) + extension, controlled by the new 'SSL_hostname' option. The default + value of that option is the value of the 'host' option when it is + hostname, and the empty string (which disables SNI) when it is an IP + literal. + + libinterimap: show the matching pinned SPKI in --debug mode. + + test suite: always generate new certificates on `make test`. Hence + running `make test` now requires OpenSSL 1.1.1 or later. + + test suite: sign all test certificates with the same root CA. + + libinterimap: factor out hostname/IP parsing. + + document that enclosing 'host' value in square brackets forces its + interpretation as an IP literal (hence skips name resolution). + + Makefile: new 'release' target; also, change the tag format from + upstream/$VERSION to v$VERSION. + - documentation: replace example.org with example.net for consistency. + - rename 'debian' branch to 'debian/latest' for DEP-14 compliance. + + -- Guilhem Moulin <guilhem@fripost.org> Fri, 11 Dec 2020 11:21:17 +0100 + interimap (0.5.3) upstream; * libinterimap: SSL_fingerprint now supports a space-separate list of |