/[pdpsoft]/nl.nikhef.pdp.fetchcrl/trunk/CHANGES
ViewVC logotype

Diff of /nl.nikhef.pdp.fetchcrl/trunk/CHANGES

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

fetchcrl/CHANGES revision 1758 by davidg, Fri Jun 11 15:39:04 2010 UTC nl.nikhef.pdp.fetchcrl/trunk/CHANGES revision 3178 by davidg, Tue Apr 11 07:16:27 2017 UTC
# Line 5  The fetch-crl utility will retrieve cert Line 5  The fetch-crl utility will retrieve cert
5  a set of installed trust anchors, based on crl_url files or IGTF-style info  a set of installed trust anchors, based on crl_url files or IGTF-style info
6  files. It will install these for use with OpenSSL, NSS or third-party tools.  files. It will install these for use with OpenSSL, NSS or third-party tools.
7    
8    Changes in 3.0.20-1
9    ----------------------
10    * network connection failure messages are pre-filtered and only primary
11      status lines shown in logs for download and head requests (bugzilla #29)
12    
13    Changes in 3.0.19-1
14    ----------------------
15    * Do not add spurious newline to DER-format files (fixes report 201670320-01)
16    * run a script after the completion of every fetch-crl run (uses postexec
17      directive in config file)
18    
19    Changes in 3.0.17-1
20    ----------------------
21    * Add optional cache-control max-age headers in all requests to hint a
22      maximum caching time to intermediate servers (bugzilla #26)
23    
24    Changes in 3.0.16-1
25    ----------------------
26    * Added cache state freshness constraints (default maxcachetime set to 96hrs)
27    * Re-set cache expiry of state data if CRL nextUpdate is within or beyond
28      7 hrs (config "expirestolerance") claimed URL Expiry or Cache-control max-age
29    
30    Changes in 3.0.15-1
31    ----------------------
32    * Fixed issues resulting in undefined attribute values to be returned for CRL
33    
34    Changes in 3.0.14-1
35    ----------------------
36    * Requesting CRL retrieval for an empty trust anchor store is now a warning
37      and no longer an error
38    
39    Changes in 3.0.13-1
40    ----------------------
41    * Supplied system init script for boot phase will not re-run inadvertently
42    * Add rcmode config option (added differentiated reporting and success-on-
43      solely-retrieval-errors)
44    * Add --define key=val command line argument to augment configuration data
45    * Setting FETCHCRL_OPTIONS in /etc/sysconfig/fetch-crl will add these
46      options to the commandline of fetch-crl on start from cron or at boot time
47      Setting FETCHCRL_BOOT_OPTIONS adds them to the boot init script only
48      (e.g. FETCHCRLBOOTOPTIONS="--define rcmode=differentiated")
49      and FETCHCRL_CRON_OPTIONS does the same only for the cron job script
50    
51    Changes in 3.0.12-1
52    ----------------------
53    * PEM formatted CRLs now always include a final newline character (fix
54      provided by Harald Barth <haba@kth.se>)
55    
56    Changes in 3.0.11-1
57    ----------------------
58    * Added reference to /etc/fetch-crl.d/ to the man page, used shortened URL
59      to full documentation in man page
60    * Added version information to help output and added -V option
61    * Added a dangerous clean-crl script to remove stale .r* files (beware!)
62    
63    Changes in 3.0.10-1
64    ----------------------
65    * Added a "noquiet" option in the configuration file that will override
66      the default single "-q" option in the cro-job that is shipped with
67      the fetch-crl3 init scripts (feature request by Ryan Taylor)
68    * Added option "--inet6glue" and "inet6glue" config setting to load
69      the Net::INET6Glue perl module (if it is available) to use IPv6
70      connections in LWP to download CRLs
71    
72    Changes in 3.0.8-1
73    ----------------------
74    * Trust anchor name inferrence based on retrieved-CRL added as option (at cost
75      of retrieving CRL even if there is no accompanying trust anchor found later)
76      Option is disabled by default, but can be enabled by using @HASH@ in the
77      ca-template name list. (feature request by Rob van der Wal, SARA, NL)
78    
79    Changes in 3.0.7-1
80    ----------------------
81    * CRL modofication time heuristic inadvertently modified file name templates
82      (solves issue kindly reported by Elan Ruusamae)
83    * Expanded representation of tokenisation characters in strings to work
84      around bug in file(1) (rhbz#699546, works around RedHat Bugzilla 699548)
85    
86    Changes in 3.0.6-1
87    ----------------------
88    * Response parsing disabled to suppress superfluous warning on unexpected
89      UTF-8 respons when retrieving a CRL (solves RedHat Bugzilla 688902)
90    
91    Changes in 3.0.5-1
92    ----------------------
93    * CRLs for multiple similarly-named trust anchors might not all be downloaded.
94      This is fixed in this release.
95    * Spurious "restoreLogMode" internal errors are no longer raised
96    
97    Changes in 3.0.4-1
98    ----------------------
99    * Add support for directory based drop-in configuration in /etc/fetch-crl.d/
100    * Only use cached CRL contents if the nextUpdate time of the cached CRL is
101      still in the future. This will ensure that a new download is attempted
102      each and everytime for CRLs that have already expired.
103    
104    Changes in 3.0.3-1
105    ----------------------
106    * Clean up of man page format macro PU (reported by Mattias Ellert)
107    
108    Changes in 3.0.2-1
109    ----------------------
110    * Clean up of man page format macro PU (reported by Mattias Ellert)
111    
112    Changes in 3.0.1-1
113    ----------------------
114    * hunts through more places to find the latest successful CRL download to
115      set the latest local modification time for a CRL
116      (resolves a comparison error in case output and infodir are unset)
117    
118    Changes in 3.0.0-0.RC4
119    ----------------------
120    * the config file name has changed to fetch-crl.conf, although a
121      fetch-crl.cnf file will also be used when present
122    * symlinked meta-data files can be ignored with the --nosymlinks option
123      (or nosymlinks in the configuration file). This allows fetch-crl to be
124      used effectively with new-format IGTF distribution before 1.37
125    * infinite loop for non-indexed CA file names fixed
126    
127  Changes in fetch-crl 3.0  Changes in fetch-crl 3.0
128  ------------------------  ------------------------
129  * fetch-crl 3.0 is a complete re-write, and shares no code with the 1.x and  * fetch-crl 3.0 is a complete re-write, and shares no code with the 1.x and

Legend:
Removed from v.1758  
changed lines
  Added in v.3178

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28