2021-12-11 23:48:14 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Dec 9 12:14:19 UTC 2021 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
|
|
|
|
|
|
|
|
|
- Update to version 0.10.14
|
|
|
|
|
* Remove Windows.h from header
|
|
|
|
|
+ Removed Windows.h from public header
|
|
|
|
|
+ Improved error reporting when getaddrinfo() fail
|
|
|
|
|
+ Set default cpu_id on thread_options
|
|
|
|
|
+ Better use of const in aws_tls_ctx_pkcs11_options
|
|
|
|
|
- from version 0.10.13
|
|
|
|
|
* Support PKCS#11 for mutual TLS on Unix platforms
|
|
|
|
|
+ Support PKCS#11 for mutual TLS on Unix platforms (#451)
|
|
|
|
|
- from version 0.10.12
|
|
|
|
|
* Path API updates
|
|
|
|
|
+ Moved aws_path_exist checks over to the safe variant. (#448)
|
|
|
|
|
- from version 0.10.11
|
|
|
|
|
* Updated S2N PQ Crypto cipher preference list
|
|
|
|
|
+ Add Round 3 Cipher Pref List to Allowlist (#447)
|
|
|
|
|
- from version 0.10.10
|
|
|
|
|
* Removed file utils, moved to common
|
|
|
|
|
+ Replace tls double channel (#441)
|
|
|
|
|
- Remove test first
|
|
|
|
|
- Add codebuild job spec that will run downstream integration
|
|
|
|
|
tests (aws-c-http) that exercise double tls
|
|
|
|
|
- Add channel API to read from initial handler
|
|
|
|
|
- Rename devel package to "devel"
|
|
|
|
|
- Switch BuildRequires to use cmake() and pkgconfig() macros
|
|
|
|
|
|
2021-10-12 11:20:16 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Oct 11 07:47:07 UTC 2021 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
|
|
|
|
|
|
|
|
|
- Update to version 0.10.9
|
|
|
|
|
+ TLS 1.3 Support
|
|
|
|
|
* Linux support for tls1.3 and switch to CRT-specific tls
|
|
|
|
|
configurations when using s2n
|
|
|
|
|
* Refactor pipe signal suppression to avoid logging spurious errors
|
|
|
|
|
- from version 0.10.8
|
|
|
|
|
+ Use ephemeral credentials for TLS on Windows
|
|
|
|
|
* Update secure channel configuration to use credentials in an ephemeral manner
|
|
|
|
|
- from version 0.10.7
|
|
|
|
|
+ Fix CA override functions
|
|
|
|
|
* This fixes the issue where "override_default_trust_store" functions did
|
|
|
|
|
not actually override the system trust store on Linux and Apple platforms.
|
|
|
|
|
|
2021-07-08 09:35:58 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jul 7 11:30:20 UTC 2021 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
|
|
|
|
|
|
|
|
|
- Update to version 0.10.6
|
|
|
|
|
+ Managed thread handle release
|
|
|
|
|
* Updates the managed thread system to properly release Windows thread
|
|
|
|
|
handles. Requires an associated change in aws-c-common as well.
|
|
|
|
|
|
2021-06-22 06:35:20 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jun 21 12:07:26 UTC 2021 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
|
|
|
|
|
|
|
|
|
- Update to version 0.10.5
|
|
|
|
|
+ Fix SNI check when custom root-CA used on Apple devices.
|
|
|
|
|
* Validate hostname on Mac when custom root-CA is used. (#396)
|
|
|
|
|
- from version 0.10.4
|
|
|
|
|
+ Revert Windows CRL checks on root CA override
|
|
|
|
|
* On Windows only, reverts the cached CRL check when validating a server
|
|
|
|
|
certificate chain using a root CA override. This check was added as part
|
|
|
|
|
of a larger change performing SNI validation with a root CA override (#385).
|
|
|
|
|
The SNI check remains in place. The CRL check was breaking tls connections
|
|
|
|
|
for multiple customers and appears to be subject to properties of the host
|
|
|
|
|
beyond the CRT's control.
|
|
|
|
|
- from version 0.10.3
|
|
|
|
|
+ Inconsistent trust store override behavior logged
|
|
|
|
|
* Added warning statement when trust store override is used (#394)
|
|
|
|
|
|
2021-06-10 20:30:09 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jun 10 11:03:51 UTC 2021 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
|
|
|
|
|
|
|
|
|
- Update to version 0.10.2
|
|
|
|
|
+ iOS fix
|
|
|
|
|
* Removed call to sanitize pems on iOS (#391)
|
|
|
|
|
- from version 0.10.1
|
|
|
|
|
+ Fix Windows verify_peer = false issue in client mode
|
|
|
|
|
* Previously on Windows, we were not properly translating "verify_peer = false"
|
|
|
|
|
into a secure channel configuration that would actually skip peer verification
|
|
|
|
|
in client mode. We were always verifying the certificate no matter what the
|
|
|
|
|
setting's value.
|
|
|
|
|
- from version 0.10.0
|
|
|
|
|
+ All uses of aws_off_t replaced with int64_t
|
|
|
|
|
* CHANGE: All uses of aws_off_t replaced with int64_t. aws_off_t used to be 32 or
|
|
|
|
|
64 bits, depending on a project's compiler flags. This was leading to bugs when
|
|
|
|
|
projects had different flags. Now in64_t is used instead. Beginning in aws-c-common
|
|
|
|
|
v0.6.0, aws_off_t is simply a typedef for int64_t, so hopefully this change is painless
|
|
|
|
|
for consumers.
|
|
|
|
|
- from version 0.9.14
|
|
|
|
|
+ Windows warnings
|
|
|
|
|
* Fix some Windows compile warnings that are not currently being caught by local CI and
|
|
|
|
|
only showing up in the publishing pipeline
|
|
|
|
|
- from version 0.9.13
|
|
|
|
|
+ Improve SNI validation, socket read error checking
|
|
|
|
|
* On Windows, properly do SNI and server cert chain verification when the
|
|
|
|
|
root CA has been overridden
|
|
|
|
|
* On Posix systems, check socket read error before making any potential log
|
|
|
|
|
calls which could overwrite the error info via internal sys calls
|
|
|
|
|
|
2021-05-15 19:56:19 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri May 14 12:05:24 UTC 2021 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
|
|
|
|
|
|
|
|
|
- Update to version 0.9.12
|
|
|
|
|
+ TLS Context Initialization fix
|
|
|
|
|
* Fixes an issue where TLS context initialization could fail on
|
|
|
|
|
Linux due to passing in buffers that weren't properly zero-
|
|
|
|
|
terminated at their final length
|
|
|
|
|
- from version 0.9.11
|
|
|
|
|
+ Path URI Encoding Bugfix
|
|
|
|
|
* Fix for some characters not being correctly URI-encoded in the path
|
|
|
|
|
URI encode function.
|
|
|
|
|
- from version 0.9.10
|
|
|
|
|
+ Bugfix for shutdown race condition
|
|
|
|
|
* Fix for shutdown crash when peer hangs up immediately
|
|
|
|
|
following first non-TLS write (#379)
|
|
|
|
|
* Fixed ownership semantics in SecureTransport read_message
|
|
|
|
|
- from version 0.9.9
|
|
|
|
|
+ Support non-ascii file path
|
|
|
|
|
* Use aws_fopen to support non-ASCII file path for file stream
|
|
|
|
|
|
2021-04-29 08:00:12 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Apr 26 10:36:48 UTC 2021 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
|
|
|
|
|
|
|
|
|
- Update to version 0.9.8
|
|
|
|
|
+ Mac TLS API update
|
|
|
|
|
* Small update to Mac TLS keychain API signature
|
|
|
|
|
- from version 0.9.7
|
|
|
|
|
+ Fixing bug with aws_input_stream_new_from_file
|
|
|
|
|
* Changing fopen flags used by aws_input_stream_new_from_file to r+b
|
|
|
|
|
instead of r, which fixes a Windows issue where the stream may terminate
|
|
|
|
|
early due to an EOF character.
|
|
|
|
|
- from version 0.9.6
|
|
|
|
|
+ Windows ECC platform synchronization
|
|
|
|
|
* (Windows only) Synchronizes ECC import logic with the compilation/cmake
|
|
|
|
|
switch that links NCrypt in aws-c-cal
|
|
|
|
|
- from version 0.9.5
|
|
|
|
|
+ Mac Keychain and Windows ECC certs
|
|
|
|
|
* Hardened Windows certificate import process
|
|
|
|
|
* Added support for importing ECC certs/keys in Windows
|
|
|
|
|
* Added support for overriding the keychain on Macintosh
|
|
|
|
|
- from version 0.9.4
|
|
|
|
|
+ PEM comments support
|
|
|
|
|
* Support comments in PEM file.
|
|
|
|
|
- from version 0.9.3
|
|
|
|
|
+ Platform compiler fixes and TLS shutdown delay
|
|
|
|
|
* Misc compiler fixes on Windows
|
|
|
|
|
* Improve Mac foundation library integration
|
|
|
|
|
* honor s2n's tls shutdown delay on linux when applicable
|
|
|
|
|
* ASAN CI integration and resulting fixes
|
|
|
|
|
- from version 0.9.2
|
|
|
|
|
+ Support for bring your own crypto TLS implementation on Unix platforms
|
|
|
|
|
* Added support for bring your own crypto via the cmake -DBYO_CRYPTO flag
|
|
|
|
|
- from version 0.9.1
|
|
|
|
|
+ Removed dependency on lib crypto in aws-c-cal/s2n
|
|
|
|
|
* Updated builder version of s2n to latest release (#361)
|
|
|
|
|
* Updated to builder v0.8.4
|
|
|
|
|
* Fixed build-deps to avoid compile issues from aws-lc
|
|
|
|
|
- from version 0.9.0
|
|
|
|
|
+ New managed thread API
|
|
|
|
|
* Convert to new managed thread system for threads that cannot be
|
|
|
|
|
reliably explicitly joined
|
|
|
|
|
|
2021-02-18 09:53:41 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Feb 15 11:21:16 UTC 2021 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
|
|
|
|
|
|
|
|
|
- Update to version 0.8.3
|
|
|
|
|
+ Socket write callbacks are always async
|
|
|
|
|
* Socket write callbacks are always async. Fixes bugs
|
|
|
|
|
in websocket an MQTT when writing large payloads.
|
|
|
|
|
- from version 0.8.2
|
|
|
|
|
+ Nested TLS support
|
|
|
|
|
* Fix per-platform TLS channel handler issues for channels
|
|
|
|
|
using nested TLS
|
|
|
|
|
- from version 0.8.1
|
|
|
|
|
+ Win32 fix
|
|
|
|
|
* Fix the build issue on Win32 targets
|
|
|
|
|
|
2021-01-11 12:18:58 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jan 8 12:04:21 UTC 2021 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
|
|
|
|
|
|
|
|
|
- Update to version 0.8.0
|
|
|
|
|
+ NUMA-aware event-loops
|
|
|
|
|
+ Host resolver improvements
|
|
|
|
|
+ Best of two event-loop load balancing
|
|
|
|
|
+ Windows build fix for iocp event loop (#346)
|
|
|
|
|
|
2020-12-16 13:18:38 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Dec 16 11:30:42 UTC 2020 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
|
|
|
|
|
|
|
|
|
- Update to version 0.7.1
|
|
|
|
|
+ Host resolver creation update
|
|
|
|
|
* Modifies the default host resolver creation function to take an options struct
|
|
|
|
|
|
2020-11-26 17:37:23 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Nov 26 15:50:49 UTC 2020 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
|
|
|
|
|
|
|
|
|
- Initial build
|
|
|
|
|
+ Version 0.7.0
|
