-
Notifications
You must be signed in to change notification settings - Fork 9
/
NEWS
259 lines (228 loc) · 11 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
v1.9.1 (2022-05-03)
* Improve error message when HTTP approval is not configured.
v1.9.0 (2021-09-07)
* Client-side DNS approval handlers have been deprecated and will be removed
in SSLMate 2. To continue automatically approving certificates using DNS,
please integrate your SSLMate account with your DNS provider by visiting the
following page: https://sslmate.com/account/integrations
* The Route 53 approval handler now uses Python 3.
v1.8.0 (2021-06-22)
* buy: add --no-auto-san option to disable addition of an alt name for the
base domain or www. sub-domain.
* edit: allow the automatic alt name (for the base domain or www. sub-domain)
to be removed with --rm-name just like any other alt name.
* show: always show the alt names, even if they have the default values.
* Deprecate --multi and --no-multi options. There is no longer a distinction
between multi-hostname and single-hostname certificates.
* Remove import sub-command.
* Remove support for EV certificates.
* buy, renew: fix bug that would display the wrong price for multi-hostname
certificates that contained the same SANs as a standard, non-multi cert.
* reissue, rekey: eliminate spurious "this certificate is not active" errors.
v1.7.1 (2019-03-08)
* Bugfix release.
* sslmate download: don't prevent further downloads if there is an error
with just one certificate.
v1.7.0 (2018-06-20)
* Add support for wildcards in multi-hostname certificates.
v1.6.0 (2017-08-03)
* Add support for HTTP approval (see https://sslmate.com/help/approval/http).
* Fix compatibility bug with OpenSSL 1.1 affecting elliptic curve certificates.
* Fix invalid argument error when setting file ownership under Perl 5.24.
* Various refinements and documentation improvements.
v1.5.2 (2017-07-14)
* Bugfix release.
* Fix pagination bug in digitalocean DNS handler.
* Ensure NS records are properly handled by DNS handlers.
* Ensure parent directories are created by documentroot HTTP handler.
* Check for missing argument to retry-approval.
* Clarify some unclear error and warning messages.
* Fix typo in man page.
v1.5.1 (2015-12-10)
* Bugfix release.
* Fix bug with renewing multi-hostname certs where it said
"Error: the price of this certificate has changed".
* Fix bug where single-hostname certs were sometimes treated
as multi-hostname certs incorrectly.
v1.5.0 (2015-09-22)
* Replace 'sslmate resend-email' with 'sslmate retry-approval', which
supports non-email approval. 'resend-email' will be removed in
SSLMate 2.0.
* Rebrand "multi-domain" certs as "multi-hostname" certs.
* Add '--multi' option to 'sslmate buy' to force the purchase of a
multi-hostname certificate with just a single hostname.
* Add '--multi' and --no-multi options to 'sslmate edit' to convert
between a multi-hostname and single-hostname certificate.
* Improve user experience when using DNS approval.
v1.4.0 (2015-07-02)
* Add support for multi-domain certificates.
- Specify multiple hostnames on command line to 'sslmate buy'.
- Use 'sslmate edit' to add/remove alternative names.
- Use 'sslmate reissue --same-key' to reissue after adding/removing
names.
* Add 'sslmate rekey' option to generate a new key and reissue.
* Add '--same-key' option to 'sslmate reissue' to reissue without
generating a new key. IMPORTANT: starting with SSLMate 2.0,
--same-key will be implied when running 'sslmate reissue'.
Please start using 'sslmate rekey' if you want to reissue with a
new key.
* Add 'sslmate show' command to show detailed information about a
certificate.
* Fix bug when importing certificates with upper case common names.
v1.3.0 (2015-06-18)
* Add support for creating certificate files in alternative
formats. To enable a format, put "cert_formats.FORMAT yes"
in your config file, where FORMAT is one of:
- chained (Certificate by chain) (enabled by default)
- combined (Key, cert, and chain concatenated together)
- p12 (PKCS#12 file)
- jks (Java Keystore file)
- root (Root certificate)
- chain+root (Chain and root concatenated together)
* Preserve existing filesystem permissions of key and certificate files.
* Minor bug fixes/enhancements.
v1.2.3 (2015-06-13)
* Bugfix release.
* Correctly display unhandled subjectAltNames when importing.
* Fix Makefile so it works with FreeBSD make.
v1.2.2 (2015-05-29)
* Bugfix release.
* Don't try to use LWP for HTTPS if LWP::Protocol::https not installed.
* Document that LWP::Protocol::https is required in addition to LWP.
* Properly report errors from LWP.
v1.2.1 (2015-05-26)
* Fix certificate errors on OS X by preferring curl over LWP Perl module.
v1.2.0 (2015-05-26)
* Install strong Diffie-Hellman parameters to /usr/share/sslmate.
* Add support for Diffie-Hellman parameters in mkconfig config templates.
* If available, use LWP Perl module for HTTPS client instead of
spawning a curl process.
v1.1.1 (2015-05-13)
* Avoid a warning message if WWW::Curl::Perl is not installed.
v1.1.0 (2015-05-12)
* Support DNS approval with CloudFlare, DigitalOcean, and DNSimple.
* Allow DNS approval to be selected from approver email list.
* Allow type of cert (dv/ev) to be changed by `sslmate edit`.
* Add --timeout option to buy, reissue, renew
* Minor bug fixes/enhancements.
v1.0.1 (2015-04-22)
* Minor bug fixes.
* Fix segfault on Ubuntu 14.10 by using external curl command for
HTTP client.
v1.0.0 (2015-04-20)
* Add `sslmate import` command for importing existing certificates to
your account.
* Add `sslmate list` command for listing your account's certificates.
* Add `sslmate edit` command for changing the settings of a certificate
(e.g. auto-renew, approver email address).
* Add `sslmate resend-email` command for resending the approval email
for a pending certificate.
* Add support for DNS approval.
* Add support for EV certs.
* Add support for ECDSA keys and certs.
* Add support for daily purchase limit.
* Add wildcard_filename config option for setting the character used
in a wildcard cert filename, instead of '*'.
* buy/reissue/renew now exit with status 12 if cert is not downloaded
and --no-wait is not used.
* Print path to private key when buy/reissue terminates before cert
can be downloaded.
* Improve display of key and cert paths.
* Preserve permissions of original .key file when reissuing.
* Deprecate honor_umask config option.
* Better support for non-ASCII domain names.
* Require --force to buy a certificate when an active certificate with
that name already exists in your account.
* Fix bug where reissue and renew commands could exit with a non-zero
status upon success.
* Add global --batch option.
* Add global --verbose option.
* Add support for alternative key/certificate formats, such as PKCS#12
(experimental).
* Add support for HTTP approval (experimental).
v0.6.2 (2014-12-18)
* Include recommended security settings when running `sslmate
mkconfig`, unless --no-security option is specified.
Recommendations are from the Mozilla Server Side TLS Guide.
* Fix bug that could prevent full key/cert paths from appearing in
mkconfig output.
* Display a tip about mkconfig and test commands after buying a cert.
v0.6.1 (2014-12-03)
* Fix an error with newer versions of Perl.
v0.6.0 (2014-12-03)
* Add `sslmate test` command for testing the installation of a
certificate.
* Add `sslmate mkconfig` command for generating server configuration
for a certificate.
* Add --temp option to `sslmate buy` and `sslmate download`. If
specified, a temporary, self-signed, certificate will be installed
instead of waiting for the real cert to be issued. This temporary
cert won't be trusted by clients, but can be used for configuring
your server while you wait for your real cert to be issued.
* Add --invoice-note and --email-invoice-to options to `sslmate buy`
for customizing invoices.
* Output non-error informational messages to stdout instead of stderr.
stderr is now reserved for error messages only.
* Strip private key and other cruft from certificate before importing.
* Minor bug fixes.
v0.5.0 (2014-11-05)
* Allow buy, import, and renew commands to be used non-interactively:
- The --batch option disables prompting for confirmation.
- The --email=ADDRESS option specifies the desired approver address.
- The --no-wait option tells sslmate to return immediately
instead of waiting for the new certificate to be issued.
* Better support for key rollover in `sslmate reissue`:
- The new key file is initially written to CN.key.new and the
existing key file is only overwritten (by either `sslmate reissue`
or `sslmate download`) once the new certificate is ready.
- Existing .key and .crt files are overwritten even without the
--force option, but only once the reissue completes successfully.
* renew now overwrites existing .crt files even without the --force
option. A safety check has been added to ensure that renew only
installs a certificate if it matches the .key file.
* API credentials are now saved to disk only if `sslmate link` is run
explicitly. Other commands no longer implicitly link the system.
* Minor bug fixes and internal improvements.
v0.4.5 (2014-10-27)
* Support Perl when installed in a directory other than /usr/bin.
v0.4.4 (2014-10-27)
* Add `sslmate req` command for generating a key and CSR.
* Minor bug fixes.
v0.4.3 (2014-10-24)
* Create cert files with a umask of 022 unless honor_umask config
option set to 'yes'.
* Re-license under the X11 license.
* Minor bug fixes.
v0.4.2 (2014-10-20)
* Fix bug that prevented 'sslmate link' from working with
passwords containing '0'.
v0.4.1 (2014-10-18)
* Fix warning when run with newer versions of Perl.
v0.4.0 (2014-10-15)
* Allow multiple certs, or all certs, to be downloaded with
`sslmate download`.
* Add sslmate(1) man page.
* Ensure that `sslmate download` only downloads certs that
match the corresponding private keys.
* Improve usage messages.
* Add support for configuration profiles.
* Check for newer version when running `sslmate version`.
* Rewrite in Perl.
v0.3.0 (2014-09-12)
* Add `sslmate renew` and `sslmate download` commands, and
--auto-renew and --no-auto-renew options to `sslmate buy`.
See https://sslmate.com/blog/post/automating_renewals
* Make years argument optional in `sslmate buy`; default to 1 year.
* Add key_directory and cert_directory config options to set the
location of purchased/downloaded files. Defaults to $PWD for
non-root users and /etc/sslmate for root.
* Read default config options from /etc/sslmate.conf if it exists.
* Add --force as an alias for -f option, and --all as alias for -a.
* For consistency, always write a .chain.crt and .chained.crt file
even if chain is empty.
* Miscellaneous bug fixes and usability improvements.
v0.2.1 (2014-09-03)
* When prompting for password, treat DEL as erase in addition to BS.
v0.2.0 (2014-08-21)
* Add `sslmate revoke` command.
* Add `sslmate version` command.