v1.1.2

What's Changed

• Add option to get-tls-cert and attested-get commands to allow self signed certificates by @ameba23 in #134
• Use updated TCB override fix for DCAP qvl by @ameba23 in #133
• attested-tls-proxy --version should report git revision rather than crate version number by @ameba23 in #132
• Cap attestation payload size at 64kb by @ameba23 in #135
• Remove unneeded dependencies by @ameba23 in #136
• Fix normalization bug when handling quote provider urls by @ameba23 in #137
• Fix input data checks for azure attestation by @ameba23 in #138
• Add additional logging of remote measurements at the point of connecting or accepting connection by @ameba23 in #139
• Run cargo fmt after fixing editor settings by @ameba23 in #140
• Fix dcap-qvl feature flag name to match convention by @ameba23 in #141
• Add json measurement output option and generic TDX attestation type to make CLI similar to cvm-reverse-proxy by @ameba23 in #142
• Bump time from 0.3.44 to 0.3.47 by @dependabot[bot] in #146
• Refactor attestation generation, verification and measurement logic to separate crate by @ameba23 in #148
• Default to http2 for proxy-client to proxy-server connections by @ameba23 in #151

New Contributors

• @dependabot[bot] made their first contribution in #146

Full Changelog: v1.1.1...v1.1.2

v1.1.1

What's Changed

• Only download needed arifacts in release workflow by @ameba23 in #131
• attested-tls-proxy should not use default features of attested-tls by @ameba23 in #129

Full Changelog: v1.1.0...v1.1.1

v1.0.2

What's Changed

• Refactor attested-tls into separate crate by @ameba23 in #95
• Make attested tls server / client constructors sync functions by @ameba23 in #125
• Bump dcap-qvl to 0.3.12 by @ameba23 in #127

Full Changelog: v1.0.1...v1.0.2

v1.0.1

What's Changed

• Support attestation provider servers which do not wrap messages in an AttestationExchangeMessage by @ameba23 in #120
• Pin dcap-qvl to 0.3.10 by @ameba23 in #122
• CI: on release, push docker image by @metachris in #123

New Contributors

• @metachris made their first contribution in #123

Full Changelog: v1.0.0...v1.0.1

v1.0.0

What's Changed

• Add attested RPC client by @ameba23 in #88
• Add basic support for using self-signed TLS certificates by @ameba23 in #97
• Add accept method to AttestedTlsServer to provide similar API to tokio_rustls::TlsAcceptor by @ameba23 in #104
• Remove the dependency on OpenSSL by @ameba23 in #105
• Remove ring feature of tokio_rustls to be CryptoProvider agnostic by @ameba23 in #108
• [Breaking] HTTPS proxy - support http1.1 and do HTTP version protocol negotiation. by @ameba23 in #106
• Add test demonstrating nested TLS by @ameba23 in #103
• Bump bytes to 1.11.1 due to vulnerability in previously used version by @ameba23 in #113
• Small change to #110 for simplicity by @ameba23 in #112
• Allow multiple measurements per register with expected_any by @bakhtin in #110
• Only allow TLS 1.3 by @ameba23 in #114
• Replace dummy attestation with attestation-provider by @ameba23 in #111
• Bump major version following breaking change in #106 by @ameba23 in #115

New Contributors

• @bakhtin made their first contribution in #110

Full Changelog: v0.0.2...v1.0.0

v0.0.2

What's Changed

• Use git version of dcap_qvl by @ameba23 in #62
• Fix DCAP verification tests following upgrade of dcap-qvl by @ameba23 in #96
• Fix re-connection logic for proxy-client and add keepalive on HTTP2 connections by @ameba23 in #98

Full Changelog: v0.0.1...v0.0.2

v0.0.1

What's Changed

• Add simple CI to run cargo test by @ameba23 in #3
• Add support for client attestation by @ameba23 in #2
• Add error handling by @ameba23 in #6
• Add get-tls-cert command by @ameba23 in #7
• Improve handling of hostnames by @ameba23 in #9
• Add quote generation / verification by @ameba23 in #10
• Include measurements in HTTP headers by @ameba23 in #17
• Add missing CLI arguments from cvm-reverse-proxy by @ameba23 in #22
• Allow the client to pass in accepted remote TLS roots by @ameba23 in #24
• Add MIT license by @ameba23 in #29
• Re-use proxy-client to proxy-server connections, and use HTTP2 for proxy-client to proxy-server by @ameba23 in #25
• Rm uneeded field from Cargo.toml file by @ameba23 in #31
• Use SCALE rather than JSON for encoding attestation payloads by @ameba23 in #32
• Add logging - trying to give similar logging behaviour / options as cvm-reverse-proxy by @ameba23 in #28
• Add ALPN protocol negotiation by @ameba23 in #36
• Add additional tests and fix attesation verification by @ameba23 in #40
• Allow PCCS url to be passed as a command line argument by @ameba23 in #39
• Accept various CLI options as environment variables by @ameba23 in #41
• Add protocol specification to README by @ameba23 in #37
• Verify azure attestation locally - not using MAA API by @ameba23 in #42
• Add helper script for generating mock certificate chain when testing by @ameba23 in #46
• Optionally log quotes to file when verifying by @ameba23 in #45
• Measurement policy allowing particular attestation types to be allowed or rejected by @ameba23 in #47
• Azure attestation test without vtmp by @ameba23 in #50
• Add section to README with CLI differences to cvm-reverse-proxy by @ameba23 in #49
• Add dummy attestation server/client by @ameba23 in #44
• Refactor DCAP code into a module and update dummy server by @ameba23 in #52
• For azure, measurments should be PCRs, not registers from TDX quote by @ameba23 in #56
• The option --log-debug should only enable debug logging for this crate by @ameba23 in #48
• Add simple static file server and attested-get to access it by @ameba23 in #53
• Add support for Microsoft Azure Attestation (MAA) by @ameba23 in #19
• Improve logic for test DCAP verification by @ameba23 in #61
• Fix get-tls-cert to accept custom CA and gracefully close connection by @ameba23 in #70
• Add demonstration instructions to readme by @ameba23 in #67
• Add health check server for proxy server and client by @ameba23 in #58
• Add attestation type detection by @ameba23 in #57
• Add test which verifies DCAP attestation by @ameba23 in #71
• feat: add docker support by @igladun in #74
• Improve reconnection / backoff logic by @ameba23 in #73
• Allow client attestation without client authentication by @ameba23 in #66
• Bump tdx_quote to 0.0.5 to remove dependency on rsa and num-bigint-dig by @ameba23 in #78
• Allow giving measurement file as url, and improve measurement checking logic by @ameba23 in #77
• Refactor to expose the attested TLS functionality separately from the HTTPS proxy functionality by @ameba23 in #81
• Make attested-TLS server/client transport agnostic by @ameba23 in #83
• Add simple attested websocket server/client by @ameba23 in #84
• Improve doccomments for publishing as library by @ameba23 in #85
• Remove unwraps in file server and health check server by @ameba23 in #87
• Accept hostnames as target server for proxy server by @ameba23 in #90
• Normalize non-PKCS8 private keys by @ameba23 in #89
• Add github release workflow for reproducibly-built debian package by @ameba23 in #76
• Azure attestation tdx-quote must be based on td_report with input data by @ameba23 in #91
• Proxy server: Set http request headers appropriately when proxying requests by @ameba23 in #93

New Contributors

• @ameba23 made their first contribution in #3
• @igladun made their first contribution in #74

Full Changelog: https://github.com/flashbots/attested-tls-proxy/commits/v0.0.1

vtest08

Full Changelog: vtest07...vtest08