summaryrefslogtreecommitdiffstats
path: root/dirmngr/ONEWS
blob: 154d8e0bfc2465262cc8c2c47093410aec24cd10 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
These are NEWS entries from the old separate dirmngr package

Noteworthy changes in version 1.1.0 (unreleased)
------------------------------------------------

 * Fixed a resource problem with LDAP CRLs.

 * Fixed a bad EOF detection with HTTP CRLs.

 * Made "dirmngr-client --url --load-crl URL" work.

 * New option --ignore-cert-extension.

 * Make use of libassuan 2.0 which is available as a DSO.


Noteworthy changes in version 1.0.3 (2009-06-17)
------------------------------------------------

 * Client based trust anchors are now supported.

 * Configured certificates with the suffix ".der" are now also used.

 * Libgcrypt 1.4 is now required.


Noteworthy changes in version 1.0.2 (2008-07-31)
------------------------------------------------

 * New option --url for the LOOKUP command and dirmngr-client.

 * The LOOKUP command does now also consults the local cache.  New
   option --cache-only for it and --local for dirmngr-client.

 * Port to Windows completed.

 * Improved certificate chain construction.

 * Support loading of PEM encoded CRLs via HTTP.


Noteworthy changes in version 1.0.1 (2007-08-16)
------------------------------------------------

 * The option --ocsp-signer may now take a filename to allow several
   certificates to be valid signers for the default responder.

 * New option --ocsp-max-period and improved the OCSP time checks.

 * New option --force-default-signer for dirmngr-client.

 * Ported to Windows.


Noteworthy changes in version 1.0.0 (2006-11-29)
------------------------------------------------

 * Bumped the version number.

 * Removed included gettext.  We now require the system to provide a
   suitable installation.


Noteworthy changes in version 0.9.7 (2006-11-17)
------------------------------------------------

 * Internal cleanups.

 * Fixed updating of DIR.txt.  Add additional diagnostics.

 * Updated gettext package.


Noteworthy changes in version 0.9.6 (2006-09-04)
------------------------------------------------

 * A couple of bug fixes for OCSP.

 * OCSP does now make use of the responder ID and optionally included
   certificates in the response to locate certificates.

 * No more lost file descriptors when loading CRLs via HTTP.

 * HTTP redirection for CRL and OCSP has been implemented.

 * Man pages are now build and installed from the texinfo source.


Noteworthy changes in version 0.9.5 (2006-06-27)
------------------------------------------------

 * Fixed a problems with the CRL caching and CRL certificate
   validation.

 * Improved diagnostics.


Noteworthy changes in version 0.9.4 (2006-05-16)
------------------------------------------------

 * Try all names of each crlDP.

 * Don't shutdown the socket after sending the HTTP request.


Noteworthy changes in version 0.9.3 (2005-10-26)
------------------------------------------------

 * Minor bug fixes.


Noteworthy changes in version 0.9.2 (2005-04-21)
------------------------------------------------

 * Make use of authorityKeyidentifier.keyIdentifier.

 * Fixed a possible hang on exit.


Noteworthy changes in version 0.9.1 (2005-02-08)
------------------------------------------------

 * New option --pem for dirmngr-client to allow requesting service
   using a PEM encoded certificate.

 * New option --squid-mode to allow using dirmngr-client directly as a
   Squid helper.

 * Bug fixes.


Noteworthy changes in version 0.9.0 (2004-12-17)
------------------------------------------------

 * New option --daemon to start dirmngr as a system daemon.  This
   switches to the use of different directories and also does
   CRL signing certificate validation on its own.

 * New tool dirmngr-client.

 * New options: --ldap-wrapper-program, --http-wrapper-program,
   --disable-ldap, --disable-http, --honor-http-proxy, --http-proxy,
   --ldap-proxy, --only-ldap-proxy, --ignore-ldap-dp and
   --ignore-http-dp.

 * Uses an external ldap wrapper to cope with timeouts and general
   LDAP problems.

 * SIGHUP may be used to reread the configuration and to flush the
   certificate cache.

 * An authorithyKeyIdentifier in a CRL is now handled correctly.


Noteworthy changes in version 0.5.6 (2004-09-28)
------------------------------------------------

 * LDAP fix.

 * Logging fixes.

 * Updated some configuration files.


Noteworthy changes in version 0.5.5 (2004-05-13)
------------------------------------------------

 * Fixed the growing-dir.txt bug.

 * Better LDAP error logging.


Noteworthy changes in version 0.5.4 (2004-04-29)
------------------------------------------------

 * New commands --ocsp-responder and --ocsp-signer to define a default
   OCSP responder if a certificate does not contain an assigned OCSP
   responder.


Noteworthy changes in version 0.5.3 (2004-04-06)
------------------------------------------------

 * Basic OCSP support.


Noteworthy changes in version 0.5.2 (2004-03-06)
------------------------------------------------

 * New Assuan command LISTCRLS.

 * A couple of minor bug fixes.


Noteworthy changes in version 0.5.1 (2003-12-23)
------------------------------------------------

* New options --faked-system-time and --force.

* Changed the name of the cache directory to $HOMEDIR/dirmngr-cache.d
  and renamed the dbcontents file.  You may delete the now obsolete
  cache/ directory and the dbcontents file.

* Dropped DB2 or DB4 use.  There is no need for it because a constant
  database fits our needs far better.

* Experimental support for retrieving CRLs via http.

* The --log-file option may now be used to print logs to a socket.
  Prefix the socket name with "socket://" to enable this.  This does
  not work on all systems and falls back to stderr if there is a
  problem with the socket.


Noteworthy changes in version 0.5.0 (2003-11-17)
------------------------------------------------

* Revamped the entire thing.

* Does now require Libgcrypt 1.1.90 or higher, as well as the latest
  libksba and libassuan.

* Fixed a bug in the assuan inquire processing.


Noteworthy changes as of 2002-08-21
------------------------------------

* The default home directory is now .gnupg


 Copyright 2003, 2004, 2005 g10 Code GmbH

 This file is free software; as a special exception the author gives
 unlimited permission to copy and/or distribute it, with or without
 modifications, as long as this notice is preserved.

 This file is distributed in the hope that it will be useful, but
 WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
 implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.