263 lines
6.1 KiB
Plaintext
263 lines
6.1 KiB
Plaintext
CHANGELOG
|
|
|
|
v1.15.6 - 2025-11-19
|
|
certlib: add FileKind function to determine file type.
|
|
|
|
v1.15.5 - 2025-11-19
|
|
certlib/bundler: add support for crt files that are pem-encoded.
|
|
|
|
v1.15.4 - 2025-11-19
|
|
Quality of life fixes for CSR generation.
|
|
|
|
v1.15.3 - 2025-11-19
|
|
Minor bug fixes.
|
|
|
|
v1.15.2 - 2025-11-19
|
|
Minor bug fixes.
|
|
|
|
v1.15.1 - 2025-11-19
|
|
|
|
Changed:
|
|
- linter fixes.
|
|
|
|
Removed:
|
|
- mnd removed from linter.
|
|
|
|
v1.15.0 - 2025-11-19
|
|
|
|
Changed:
|
|
- lib: fetcher and dialer moved to separate packages.
|
|
- cmd/ca-signed: cleaned up code internally.
|
|
- lib: add base64 encoding to HexEncode.
|
|
- linter fixes.
|
|
|
|
Added:
|
|
- certlib/certgen: add support for generating and signing certificates.
|
|
|
|
v1.14.6 - 2025-11-18
|
|
|
|
Added:
|
|
- certlib: move tlskeypair functions into certlib.
|
|
|
|
v1.14.5 - 2025-11-18
|
|
|
|
Changed:
|
|
- certlib/verify: fix a nil-pointer dereference.
|
|
|
|
v1.14.4 - 2025-11-18
|
|
|
|
Added:
|
|
- certlib/ski: add support for return certificate SKI.
|
|
- certlib/verify: add support for verifying certificates.
|
|
|
|
Changed:
|
|
- certlib/dump: moved more functions into the dump package.
|
|
- cmd: many certificate-related commands had their functionality moved into
|
|
certlib.
|
|
|
|
v1.14.3 - 2025-11-18
|
|
|
|
Added:
|
|
- certlib/dump: the certificate dumping functions have been moved into
|
|
their own package.
|
|
|
|
Changed:
|
|
- cmd/certdump: refactor out most of the functionality into certlib/dump.
|
|
- cmd/kgz: add extended metadata support.
|
|
|
|
v1.14.2 - 2025-11-18
|
|
|
|
Added:
|
|
- lib: add tooling for generating baseline TLS configs.
|
|
|
|
Changed:
|
|
- cmd: update all commands to allow the use strict TLS configs. Note that
|
|
many of these tools are intended for debugging broken or insecure TLS
|
|
systems, and the ability to support insecure TLS configurations is
|
|
important in this regard.
|
|
|
|
v1.14.1 - 2025-11-18
|
|
|
|
Added:
|
|
- build: add missing Dockerfile.
|
|
|
|
v1.14.0 - 2025-11-18
|
|
|
|
Added:
|
|
- lib/dialer: introduce proxy-aware dialers and helpers:
|
|
- NewNetDialer and NewTLSDialer honoring SOCKS5_PROXY, HTTPS_PROXY, HTTP_PROXY
|
|
(case-insensitive) with precedence SOCKS5 > HTTPS > HTTP.
|
|
- DialTCP and DialTLS convenience functions; DialTLS performs a TLS handshake
|
|
and returns a concrete *tls.Conn.
|
|
- NewHTTPClient: returns a proxy-aware *http.Client. Uses SOCKS5 proxy when
|
|
configured (disables HTTP(S) proxying to avoid double-proxying); otherwise
|
|
relies on http.ProxyFromEnvironment (respects HTTP(S)_PROXY and NO_PROXY).
|
|
- build: the releasse-docker.sh builds and pushes the correct Docker images.
|
|
|
|
Changed:
|
|
- cmd: migrate tools to new proxy-aware helpers where appropriate:
|
|
- certchain, stealchain, tlsinfo: use lib.DialTLS.
|
|
- cert-revcheck: use lib.DialTLS for site connects and a proxy-aware
|
|
HTTP client for OCSP/CRL fetches.
|
|
- rhash: use proxy-aware HTTP client for downloads.
|
|
- lib/fetch: migrate from certlib/fetch.go to lib/fetch.go and use DialTLS
|
|
under the hood.
|
|
- go.mod: add golang.org/x/net dependency (for SOCKS5 support) and align x/crypto.
|
|
|
|
Notes:
|
|
- HTTP(S) proxy CONNECT supports optional basic auth via proxy URL credentials.
|
|
- HTTPS proxies are TLS-wrapped prior to CONNECT.
|
|
- Timeouts apply to TCP connects, proxy handshakes, and TLS handshakes; context
|
|
cancellation is honored.
|
|
- Some commands retain bespoke dialing (e.g., IPv6-only or unix sockets) and
|
|
were intentionally left unchanged.
|
|
|
|
v1.13.6 - 2025-11-18
|
|
|
|
Changed:
|
|
- build: removing gitea stuff.
|
|
|
|
v1.13.5 - 2025-11-18
|
|
|
|
Changed:
|
|
- build: updating goreleaser config.
|
|
|
|
v1.13.4 - 2025-11-18
|
|
|
|
Changed:
|
|
- build: updating goreleaser config.
|
|
|
|
v1.13.3 - 2025-11-18
|
|
|
|
Added:
|
|
- certlib: introduce `Fetcher` for retrieving certificates.
|
|
- lib: `HexEncode` gains a byte-slice output variant.
|
|
- build: add GoReleaser configuration.
|
|
|
|
Changed:
|
|
- cmd: migrate programs to use `certlib.Fetcher` for certificate retrieval
|
|
(includes `certdump`, `ski`, and others).
|
|
- cmd/ski: update display mode.
|
|
|
|
Misc:
|
|
- repository fixups and small cleanups.
|
|
|
|
v1.13.2 - 2025-11-17
|
|
|
|
Add:
|
|
- certlib/bundler: refactor certificate bundling from cmd/cert-bundler
|
|
into a separate package.
|
|
|
|
Changed:
|
|
- cmd/cert-bundler: refactor to use bundler package, and update Dockerfile.
|
|
|
|
v1.13.1 - 2025-11-17
|
|
|
|
Add:
|
|
- Dockerfile for cert-bundler.
|
|
|
|
v1.13.0 - 2025-11-16
|
|
|
|
Add:
|
|
- cmd/certser: print serial numbers for certificates.
|
|
- lib/HexEncode: add a new hex encode function handling multiple output
|
|
formats, including with and without colons.
|
|
|
|
v1.12.4 - 2025-11-16
|
|
|
|
Changed:
|
|
|
|
- Linting fixes for twofactor that were previously masked.
|
|
|
|
v1.12.3 erroneously tagged and pushed
|
|
|
|
v1.12.2 - 2025-11-16
|
|
|
|
Changed:
|
|
|
|
- add rsc.io/qr dependency for twofactor.
|
|
|
|
v1.12.1 - 2025-11-16
|
|
|
|
Changed:
|
|
- twofactor: Remove go.{mod,sum}.
|
|
|
|
v1.12.0 - 2025-11-16
|
|
|
|
Added
|
|
- twofactor: the github.com/kisom/twofactor repo has been subtree'd
|
|
into this repo.
|
|
|
|
v1.11.2 - 2025-11-16
|
|
|
|
Changed
|
|
- cmd/ski, cmd/csrpubdump, cmd/tlskeypair: centralize
|
|
certificate/private-key/CSR parsing by reusing certlib helpers.
|
|
This reduces duplication and improves consistency across commands.
|
|
- csr: CSR parsing in the above commands now uses certlib.ParseCSR,
|
|
which verifies CSR signatures (behavioral hardening compared to
|
|
prior parsing without signature verification).
|
|
|
|
v1.11.1 - 2025-11-16
|
|
|
|
Changed
|
|
- cmd: complete linting fixes across programs; no functional changes.
|
|
|
|
v1.11.0 - 2025-11-15
|
|
|
|
Added
|
|
- cache/mru: introduce MRU cache implementation with timestamp utilities.
|
|
|
|
Changed
|
|
- certlib: complete overhaul to simplify APIs and internals.
|
|
- repo: widespread linting cleanups across many packages (config, dbg, die,
|
|
fileutil, log/logging, mwc, sbuf, seekbuf, tee, testio, etc.).
|
|
- cmd: general program cleanups; `cert-bundler` lint fixes.
|
|
|
|
Removed
|
|
- rand: remove unused package.
|
|
- testutil: remove unused code.
|
|
|
|
|
|
v1.10.1 — 2025-11-15
|
|
|
|
Changed
|
|
- certlib: major overhaul and refactor.
|
|
- repo: linter autofixes ahead of release.
|
|
|
|
|
|
v1.10.0 — 2025-11-14
|
|
|
|
Added
|
|
- cmd: add `cert-revcheck` command.
|
|
|
|
Changed
|
|
- ci/lint: add golangci-lint stage and initial cleanup.
|
|
|
|
|
|
v1.9.1 — 2025-11-15
|
|
|
|
Fixed
|
|
- die: correct calls to `die.With`.
|
|
|
|
|
|
v1.9.0 — 2025-11-14
|
|
|
|
Added
|
|
- cmd: add `cert-bundler` tool.
|
|
|
|
Changed
|
|
- misc: minor updates and maintenance.
|
|
|
|
|
|
v1.8.1 — 2025-11-14
|
|
|
|
Added
|
|
- cmd: add `tlsinfo` tool.
|
|
|
|
|
|
v1.8.0 — 2025-11-14
|
|
|
|
Baseline
|
|
- Initial baseline for this changelog series.
|