|
| 1 | +1.1.0 - 2015-08-04 |
| 2 | + |
| 3 | +ADDED: |
| 4 | + - Revocation now checks OCSP status. |
| 5 | + - Authenticated endpoints are now supported using HMAC tags. |
| 6 | + - Bundle can verify certificates against a domain or IP. |
| 7 | + - OCSP subcommand has been added. |
| 8 | + - PKCS #11 keys are now supported; this support is now the default. |
| 9 | + - OCSP serving is now implemented. |
| 10 | + - The multirootca tool is now available for multiple signing |
| 11 | + keys via an authenticated API. |
| 12 | + - A scan utility for checking the quality of a server's TLS |
| 13 | + configuration. |
| 14 | + - The certificate bundler now supports PKCS #7 and PKCS #12. |
| 15 | + - An info endpoint has been added to retrieve the signers' |
| 16 | + certificates. |
| 17 | + - Signers can now use a serial sequence number for certificate |
| 18 | + serial numbers; the default remains randomised serial numbers. |
| 19 | + - CSR whitelisting allows the signer to explicitly distrust |
| 20 | + certain fields in a CSR. |
| 21 | + - Signing profiles can include certificate policies and their |
| 22 | + qualifiers. |
| 23 | + - The multirootca can use Red October-secured private keys. |
| 24 | + - The multirootca can whitelist CSRs per-signer based on an |
| 25 | + IP network whitelist. |
| 26 | + - The signer can whitelist SANs and common names via a regular- |
| 27 | + expression whitelist. |
| 28 | + - Multiple fallback remote signers are now supported in the |
| 29 | + cfssl server. |
| 30 | + - A Docker build script has been provided to facilitate building |
| 31 | + CFSSL for all supported platforms. |
| 32 | + - The log package includes a new logging level, fatal, that |
| 33 | + immediately exits with error after printing the log message. |
| 34 | + |
| 35 | +CHANGED: |
| 36 | + - CLI tool can read from standard input. |
| 37 | + - The -f flag has been renamed to -config. |
| 38 | + - Signers have been refactored into local and remote signers |
| 39 | + under a single universal signer abstraction. |
| 40 | + - The CLI subcommands have been refactored into separate |
| 41 | + packages. |
| 42 | + - Signing can now extract subject information from a CSR. |
| 43 | + - Various improvements to the certificate ubiquity scoring, |
| 44 | + such as accounting for SHA1 deprecation. |
| 45 | + - The bundle CLI tool can set the intermediates directory that |
| 46 | + newly found intermediates can be stored in. |
| 47 | + - The CLI tools return exit code 1 on failure. |
| 48 | + |
| 49 | +CONTRIBUTORS: |
| 50 | + Alice Xia |
| 51 | + Dan Rohr |
| 52 | + Didier Smith |
| 53 | + Dominic Luechinger |
| 54 | + Erik Kristensen |
| 55 | + Fabian Ruff |
| 56 | + George Tankersley |
| 57 | + Harald Wagener |
| 58 | + Harry Harpham |
| 59 | + Jacob H. Haven |
| 60 | + Jacob Hoffman-Andrews |
| 61 | + Joshua Kroll |
| 62 | + Kyle Isom |
| 63 | + Nick Sullivan |
| 64 | + Peter Eckersley |
| 65 | + Richard Barnes |
| 66 | + Sophie Huang |
| 67 | + Steve Rude |
| 68 | + Tara Vancil |
| 69 | + Terin Stock |
| 70 | + Thomaz Leite |
| 71 | + Travis Truman |
| 72 | + Zi Lin |
0 commit comments