------------------------------------------------------------------- Thu Dec 9 12:14:19 UTC 2021 - John Paul Adrian Glaubitz - Update to version 0.10.14 * Remove Windows.h from header + Removed Windows.h from public header + Improved error reporting when getaddrinfo() fail + Set default cpu_id on thread_options + Better use of const in aws_tls_ctx_pkcs11_options - from version 0.10.13 * Support PKCS#11 for mutual TLS on Unix platforms + Support PKCS#11 for mutual TLS on Unix platforms (#451) - from version 0.10.12 * Path API updates + Moved aws_path_exist checks over to the safe variant. (#448) - from version 0.10.11 * Updated S2N PQ Crypto cipher preference list + Add Round 3 Cipher Pref List to Allowlist (#447) - from version 0.10.10 * Removed file utils, moved to common + Replace tls double channel (#441) - Remove test first - Add codebuild job spec that will run downstream integration tests (aws-c-http) that exercise double tls - Add channel API to read from initial handler - Rename devel package to "devel" - Switch BuildRequires to use cmake() and pkgconfig() macros ------------------------------------------------------------------- Mon Oct 11 07:47:07 UTC 2021 - John Paul Adrian Glaubitz - Update to version 0.10.9 + TLS 1.3 Support * Linux support for tls1.3 and switch to CRT-specific tls configurations when using s2n * Refactor pipe signal suppression to avoid logging spurious errors - from version 0.10.8 + Use ephemeral credentials for TLS on Windows * Update secure channel configuration to use credentials in an ephemeral manner - from version 0.10.7 + Fix CA override functions * This fixes the issue where "override_default_trust_store" functions did not actually override the system trust store on Linux and Apple platforms. ------------------------------------------------------------------- Wed Jul 7 11:30:20 UTC 2021 - John Paul Adrian Glaubitz - Update to version 0.10.6 + Managed thread handle release * Updates the managed thread system to properly release Windows thread handles. Requires an associated change in aws-c-common as well. ------------------------------------------------------------------- Mon Jun 21 12:07:26 UTC 2021 - John Paul Adrian Glaubitz - Update to version 0.10.5 + Fix SNI check when custom root-CA used on Apple devices. * Validate hostname on Mac when custom root-CA is used. (#396) - from version 0.10.4 + Revert Windows CRL checks on root CA override * On Windows only, reverts the cached CRL check when validating a server certificate chain using a root CA override. This check was added as part of a larger change performing SNI validation with a root CA override (#385). The SNI check remains in place. The CRL check was breaking tls connections for multiple customers and appears to be subject to properties of the host beyond the CRT's control. - from version 0.10.3 + Inconsistent trust store override behavior logged * Added warning statement when trust store override is used (#394) ------------------------------------------------------------------- Thu Jun 10 11:03:51 UTC 2021 - John Paul Adrian Glaubitz - Update to version 0.10.2 + iOS fix * Removed call to sanitize pems on iOS (#391) - from version 0.10.1 + Fix Windows verify_peer = false issue in client mode * Previously on Windows, we were not properly translating "verify_peer = false" into a secure channel configuration that would actually skip peer verification in client mode. We were always verifying the certificate no matter what the setting's value. - from version 0.10.0 + All uses of aws_off_t replaced with int64_t * CHANGE: All uses of aws_off_t replaced with int64_t. aws_off_t used to be 32 or 64 bits, depending on a project's compiler flags. This was leading to bugs when projects had different flags. Now in64_t is used instead. Beginning in aws-c-common v0.6.0, aws_off_t is simply a typedef for int64_t, so hopefully this change is painless for consumers. - from version 0.9.14 + Windows warnings * Fix some Windows compile warnings that are not currently being caught by local CI and only showing up in the publishing pipeline - from version 0.9.13 + Improve SNI validation, socket read error checking * On Windows, properly do SNI and server cert chain verification when the root CA has been overridden * On Posix systems, check socket read error before making any potential log calls which could overwrite the error info via internal sys calls ------------------------------------------------------------------- Fri May 14 12:05:24 UTC 2021 - John Paul Adrian Glaubitz - Update to version 0.9.12 + TLS Context Initialization fix * Fixes an issue where TLS context initialization could fail on Linux due to passing in buffers that weren't properly zero- terminated at their final length - from version 0.9.11 + Path URI Encoding Bugfix * Fix for some characters not being correctly URI-encoded in the path URI encode function. - from version 0.9.10 + Bugfix for shutdown race condition * Fix for shutdown crash when peer hangs up immediately following first non-TLS write (#379) * Fixed ownership semantics in SecureTransport read_message - from version 0.9.9 + Support non-ascii file path * Use aws_fopen to support non-ASCII file path for file stream ------------------------------------------------------------------- Mon Apr 26 10:36:48 UTC 2021 - John Paul Adrian Glaubitz - Update to version 0.9.8 + Mac TLS API update * Small update to Mac TLS keychain API signature - from version 0.9.7 + Fixing bug with aws_input_stream_new_from_file * Changing fopen flags used by aws_input_stream_new_from_file to r+b instead of r, which fixes a Windows issue where the stream may terminate early due to an EOF character. - from version 0.9.6 + Windows ECC platform synchronization * (Windows only) Synchronizes ECC import logic with the compilation/cmake switch that links NCrypt in aws-c-cal - from version 0.9.5 + Mac Keychain and Windows ECC certs * Hardened Windows certificate import process * Added support for importing ECC certs/keys in Windows * Added support for overriding the keychain on Macintosh - from version 0.9.4 + PEM comments support * Support comments in PEM file. - from version 0.9.3 + Platform compiler fixes and TLS shutdown delay * Misc compiler fixes on Windows * Improve Mac foundation library integration * honor s2n's tls shutdown delay on linux when applicable * ASAN CI integration and resulting fixes - from version 0.9.2 + Support for bring your own crypto TLS implementation on Unix platforms * Added support for bring your own crypto via the cmake -DBYO_CRYPTO flag - from version 0.9.1 + Removed dependency on lib crypto in aws-c-cal/s2n * Updated builder version of s2n to latest release (#361) * Updated to builder v0.8.4 * Fixed build-deps to avoid compile issues from aws-lc - from version 0.9.0 + New managed thread API * Convert to new managed thread system for threads that cannot be reliably explicitly joined ------------------------------------------------------------------- Mon Feb 15 11:21:16 UTC 2021 - John Paul Adrian Glaubitz - Update to version 0.8.3 + Socket write callbacks are always async * Socket write callbacks are always async. Fixes bugs in websocket an MQTT when writing large payloads. - from version 0.8.2 + Nested TLS support * Fix per-platform TLS channel handler issues for channels using nested TLS - from version 0.8.1 + Win32 fix * Fix the build issue on Win32 targets ------------------------------------------------------------------- Fri Jan 8 12:04:21 UTC 2021 - John Paul Adrian Glaubitz - Update to version 0.8.0 + NUMA-aware event-loops + Host resolver improvements + Best of two event-loop load balancing + Windows build fix for iocp event loop (#346) ------------------------------------------------------------------- Wed Dec 16 11:30:42 UTC 2020 - John Paul Adrian Glaubitz - Update to version 0.7.1 + Host resolver creation update * Modifies the default host resolver creation function to take an options struct ------------------------------------------------------------------- Thu Nov 26 15:50:49 UTC 2020 - John Paul Adrian Glaubitz - Initial build + Version 0.7.0