forked from openca/openca-ocspd
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathChangeLog
250 lines (199 loc) · 10.3 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
* Jun 3 2018 Massimiliano Pala <[email protected]>
- Improved handling of non OCSP requests (i.e., HTTP w/out OCSP payload)
* May 25 2018 Massimiliano Pala <[email protected]>
- Fixed warnings under strict compiling options
- Fixed aclocal, automake, and autoconf warnings
- Removed 'addResponderId' option from the default config file
- Fixed ResponderID generation
- Fixed checking condition for CRL validity. Improved logging for non-verbose case
- Fixed possible memory leaks and overall improved logging for config processing and error handling
- Improved CRL check and reload process and logging
- Fixed processing of CRLs and improved logging for CRL check and reload process
* Nov 7 2017 Massimiliano Pala <[email protected]>
- Fixed incosistency in OCSP_CACHE_Entry_idx() signature. Fixed call to PKI_RWLOCK_init()
- Added forward declaration for OCSPD_CACHE data structure
* Oct 31 2017 Massimiliano Pala <[email protected]>
- Added initial skeleton for caching of responses
- Added configuration example for reverse proxy on Apache
- Fix for post-install init.d links generation for RPM
- Fixed RPM generation and post-install options
- Fixed issue with ocspd man page generation
- Removed unused variables in source code to fix strict compile option
* Oct 19 2017 Massimiliano Pala <[email protected]>
- Added startup option for memory debugging
- Memory leak fix and updated to the last libpki master branch
* Oct 18 2017 Massimiliano Pala <[email protected]>
- Fixed memory leak in URL entry for OCSPD_build_ca_list()
* Mar 25 2015 Massimiliano Pala <[email protected]>
- Added the responderIdType option for CA configuration
- Removed not-used addResponderKeyID option for OCSP responder config
- Updated requirement for LibPKI v0.8.9+
* Mar 24 2015 Massimiliano Pala <[email protected]>
- Modified behavior by providing normal responses if crlValidityCheck is 0
* Aug 09 2014 Massimiliano Pala <[email protected]>
- Added check for the same pubkey in cert and keypair (debug mode)
- Added better support for CRL status checking when building responses
* Aug 08 2014 Massimiliano Pala <[email protected]>
- Cleaned up main thread handling code
* Aug 04 2014 Massimiliano Pala <[email protected]>
- Updated to LibPKI 0.8.7 interface
- Fixed a double-free issue with HTTP GET requests
- Added proper pthread SIGPIPE handling
* May 10 2014 Massimiliano Pala <[email protected]>
- Fixed issue with generating responses with hardware tokens
- Updated support for LibPKI 0.8.5+
* Oct 07 2013 Massimiliano Pala <[email protected]>
- Fixed ocsp-genreq.sh script to correctly handle signing algorithm
* Oct 07 2013 Massimiliano Pala <[email protected]>
- Updated support for libpki 0.8.2
- Added extra checks option for the configure (--enable-extra-checks)
- Fixed all reported warnings
* Sep 24 2013 Massimiliano Pala <[email protected]>
- Fixed using ca-specific OCSPD server certificate (option was ignored)
- Updated support for libpki 0.8.2 to fix HTTP GET method support
- Updated configure.in to configure.ac script
* Aug 07 2013 Massimiliano Pala <[email protected]>
- Updated API for using OCSPD with libpki 0.8.0
- Added signatureDigestAlgorithm option in ocspd.xml config file to force signing digest algoritm
* Jun 13 2013 Massimiliano Pala <[email protected]>
- Updated API for using OCSPD with libpki 0.7.0+
- Improved logging for startup sequence (better report of errors during token loading)
* Jul 21 2011 Massimiliano Pala <[email protected]>
-Fixed a memory issue related to inappropriate usage of syslog() instead of
PKI_log()
* Mar 15 2011 Massimiliano Pala <[email protected]>
-Added '-testmode' switch to set the OCSP as a test responder: all signatures are invalidated by flipping the first bit in the signature
* Feb 10 2011 Massimiliano Pala <[email protected]>
-Updated default configuration files (default passin set to none)
-Enhanced support for ECDSA support
* Feb 9 2011 Massimiliano Pala <[email protected]>
-Updated thread management with builtin support from LibPKI 0.6.3
-Fixed start/stop script
-Added new method for token configuration passin -> none to avoid password
promptin at startup
* Feb 9 2011 Massimiliano Pala <[email protected]>
-Fixed a memory error in config.c causing segfault on CRL reload
-Set new requirements for libpki (0.6.3+)
* Jan 22 2011 Massimiliano Pala <[email protected]>
-Deleted extra two bytes sent out after the DER encoding of the response is written (that was causing Firefox/Thunderbird not to validate the answer)
* Jan 14 2011 Massimiliano Pala <[email protected]>
-Fixed an error in return code check for PKI_NET_listen.
-Due to bug fixing in Libpki, new Requirements for libpki is v0.6.2+
-Fixed error in config parsing when no bind address is provided
* Nov 17 2010 Massimiliano Pala <[email protected]>
-Small bug fixing
-Tested with libpki v0.6.0
* Oct 23 2010 Massimiliano Pala <[email protected]>
-Fixed support for libpki 0.5.1
-Fixed some errors in init scripts and default configuration files
* Jun 22 2010 Massimiliano Pala <[email protected]>
-Fixed support for LibPKI 0.5.0
-Fixed thread-scheduling issues
-Finished support for HTTP GET method
-Initial support for server-side SSL support
-Fixed certificate request script
-Fixed default configuration options and startup script
* Sep 7 2009 Massimiliano Pala <[email protected]>
- Full support for LibPKI (4.0+)
- Updated configuration files to XML format
- Started to add support for GET HTTP method
* Sep 03 2009 Massimiliano Pala <[email protected]>
- Initial support for LibPKI
- Changed configuration files (added token.d/ hsm.d/ private/ dirs)
- Added ocspd.xml config file
- Added separate configuration files for different CAs (in ca.d/ dir)
* Dec 17 2008 Massimiliano Pala <[email protected]>
- Fixed thread problem with OpenSSL
- Fixed compatibilities with Java 1.6.0
* Dec 3 2006 Massimiliano Pala <[email protected]>
-Added exit message on stderr when server aborts during startup (useful
for interactive startup of the server)
-Added support for HTTP/1.1 "Host: <addr>" header when making HTTP
requests in order to get data via HTTP protocol
* Sun Oct 15 2006 Massimiliano Pala <[email protected]>
-Fixed HTTP HEADERS parsing problem
-Tested behind an Apache Proxy
-Added '-debug' startup option to output the HTTP head and additional
informations to be pushed to stderr
* Fri Oct 13 2006 Massimiliano Pala <[email protected]>
-Completely changed the codebase in order to use threads instead
of fork().
-Fixed compilation under Solaris (SunOS 5.11)
-Added chroot() capabilities
-Added options to set the number of threads to be pre-spawned
-Fixed Socket creation under Solaris (Accept)
-Moved from BIO_* interface to pure socket implementation for
better Network options management
* Tue Jul 18 2006 Massimiliano Pala <[email protected]>
-Removed required index file option in the configuration file (was not
used)
* Mon Apr 24 2006 Massimiliano Pala <[email protected]>
-Fixed invalidity date problem (no more empty ext added to responses)
-Added log reporting of returned status about a response when the
verbose switch is used (before it was enabled only in DEBUG mode)
* Mon Dec 19 2005 Massimiliano Pala <[email protected]>
-Added chroot facility to enhance server security
* Thu Nov 3 2005 Massimiliano Pala <[email protected]>
-Fixed compile against OpenSSL 0.9.8a
-Fixed HTTP downloading routines for CRLs and CA certs
-Fixed Solaris Port for Signal Handling on CRLs check and reloading
* Thu Oct 20 2005 Massimiliano Pala <[email protected]>
-Added extra checking on initialization of variables to avoid errors
for ldap/http address parsing and usage
* Thu Oct 6 2005 Massimiliano Pala <[email protected]>
-Fixed variables init (for Solaris) and code cleanup
* Mon Aug 29 2005 Massimiliano Pala <[email protected]>
-Added 3rd header in response to solve a CiscoIOS problem
* Wed Jun 1 2005 Massimiliano Pala <[email protected]>
-Modified the privilege management to allow for the server to run on
ports < 1024 under not privileged user/group
-Fixed some Solaris signal-handling definitions
* Thu Apr 28 2005 Massimiliano Pala <[email protected]>
-Fixed RPM installation of man pages
* Tue Apr 19 2005 Massimiliano Pala <[email protected]>
-Spec file updated
-Man pages updated with new configuration options
-Fixed child re-spawning when HSM is active
-Added support for CA/CRL downloading via HTTP
* Fri Jan 28 2005 Massimiliano Pala <[email protected]>
-Fixed SIGHUP problem when auto_crl_reload was enabled
-Fixed Solaris include for flock usage instead of semaphores
-Added --enable-flock and --enable-semaphores in configure script
* Tue Jan 18 2005 Massimiliano Pala <[email protected]>
-Fixed bug for nextUpdate and lastUpdate fields setting when reloading
CRLs.
-Added CA certificate loading from LDAP.
-Added multiple CA certificate from the same cACertificate entry in LDAP.
-Fixed Solaris putenv issues in configure.c
-Added OS architecture specific targes in makefiles
* Wed May 19 2004 Massimiliano Pala <[email protected]>
-First support for new data structure for CRL lookup and multi CAs
support (not working now)
-Fixed configure.in for correct generation of config.h
-Fixed configure.in for openldap ld options (for non-standard directories)
* Mon May 17 2004 Massimiliano Pala <[email protected]>
-Fixed compilation problems on Solaris
-Added support for exclusion of ldap usage (--disable-openldap)
-Added support for openldap directory specification
-Fixed signal handling and correct children death
-Added pre-spawning of processes()
* Thu May 13 2004 Massimiliano Pala <[email protected]>
-Fixed miscreation of responses when certificate is revoked
-Fixed crl loading checking (segmentation fault on loading fixed)
* Fri Jan 17 2003 Massimiliano Pala <[email protected]>
-Correclty lookup using loaded CRL
-Added extensions management from CRL to OCSP response
* Mon Jan 13 2003 Massimiliano Pala <[email protected]>
-Updated the sample (contrib/) configuration file
-Added CRL retrivial from LDAP server
-Added LDAP support (needs OpenLDAP libraries)
-Added CRL retrivial from file
* Oct 16 2002 Massimiliano Pala <[email protected]>
-Added multi child spawning (max_childs_num)
-Fixed zombi child presence
* Feb 25 2002 Massimiliano Pala <[email protected]>
-Fixed response generation
-Added verbose information to syslog
-Support for the index.txt db file
-Addedd response generation related keywords in the configuration
file