2019-01-06 06:46:07 +05:30
|
|
|
1.3 - Added write_nss_db() and write_java_p12() functions to eliminate
|
|
|
|
duplicate code
|
|
|
|
- Corrected version string
|
2019-01-02 01:38:35 +05:30
|
|
|
1.2 - Use md5sum values for anchors.txt to detect p11-kit changes
|
2019-01-06 06:46:07 +05:30
|
|
|
- Added get_p11_label() function to get reliable label values
|
2019-01-02 02:05:23 +05:30
|
|
|
- Added get_trust_values(), get_p11_trust(), and write_anchor()
|
|
|
|
functions to eliminate duplicate code
|
2019-01-02 07:05:19 +05:30
|
|
|
- Fix certificate label in local certificates
|
2019-01-02 07:30:04 +05:30
|
|
|
- Changed default name of anchors list to use md5sums extension
|
|
|
|
- Added copy-trust-modifcations script for use by p11-kit
|
2018-12-28 12:11:01 +05:30
|
|
|
1.1 - Add anchorlist for use by p11-kit to utilize LOCALDIR
|
2018-12-02 03:37:58 +05:30
|
|
|
1.0 - Move bundle defaults to /etc/pki/tls/{certs,java}/
|
2018-12-02 03:33:19 +05:30
|
|
|
- Fix invalid test cases on command line processing
|
2018-12-02 03:35:08 +05:30
|
|
|
- Remove -c/--cadir flags, replace with -b/--bundledir to store
|
2018-12-02 04:37:13 +05:30
|
|
|
all bundles in same location
|
|
|
|
- Perform system installation of update service files
|
|
|
|
- Separate installation step for other consumers
|
2018-12-02 04:51:37 +05:30
|
|
|
- Install default configuration file
|
2018-09-02 13:29:25 +05:30
|
|
|
0.9 - Use P11-Kit trust module to generate alternate certificate stores
|
|
|
|
from trust policy
|
2018-09-05 08:49:40 +05:30
|
|
|
- Only generate the trust store (and optionally NSSDB and Java PKCS#12)
|
|
|
|
when using DESTDIR - you now must run the installed script as part of
|
|
|
|
your post-installation proceedure, with P11-Kit trust available, to
|
|
|
|
generate the alternate certificate stores - only the trust store (and
|
|
|
|
optionally NSSDB and Java P12 stores) are distributed
|
2018-09-02 13:42:44 +05:30
|
|
|
- Added "Wants=network-online.target" to update-pki.service - Thanks to
|
|
|
|
Brendan L for the fix
|
2018-09-05 08:49:40 +05:30
|
|
|
- No longer generate Java p12 format cacerts by default
|
|
|
|
- No longer generate NSSDB store by default
|
2018-09-02 13:29:25 +05:30
|
|
|
0.8 - Use 'openssl rehash' instead of c-rehash script
|
2018-02-08 10:19:55 +05:30
|
|
|
0.7 - Generate both PKCS#12 and JKS stores for Java
|
|
|
|
- Local certs keep out of band trust when copied to system certs
|
2018-02-19 08:05:03 +05:30
|
|
|
- Remove use of .old files/directories
|
2017-10-14 10:37:58 +05:30
|
|
|
0.6 - Allow use of proxy with OpenSSL s_client
|
|
|
|
- Really check revision before download
|
|
|
|
- Make sure download was successful before testing values
|
2017-09-30 13:10:10 +05:30
|
|
|
0.5 - Install systemd timer and service units
|
|
|
|
- Add uninstall and clean targets
|
2017-09-27 11:02:19 +05:30
|
|
|
0.4 - Add email and code signing flat file certificate stores
|
2017-09-25 07:21:49 +05:30
|
|
|
0.3 - Generate single file stores (Java and GNUTLS) using main OpenSSL
|
|
|
|
store as source to avoid duplicates
|
2017-09-21 08:59:03 +05:30
|
|
|
0.2 - Install source certdata.txt file
|
2017-09-21 10:47:24 +05:30
|
|
|
- Provide -r/--rebuild option
|
|
|
|
- Add -g/--get option to download using only s_client
|
2017-09-21 11:04:41 +05:30
|
|
|
- Always add REVISION value to installed certdata.txt
|
2017-09-22 22:20:47 +05:30
|
|
|
- Use HG revision value (fall back to date for local files)
|
2017-09-23 03:07:00 +05:30
|
|
|
- Allow rebuid within DESTDIR
|
2017-09-23 06:27:31 +05:30
|
|
|
- Complete manpage
|
2017-09-19 11:08:45 +05:30
|
|
|
0.1 - Check executable bit for CERTUTIL, KEYTOOL, and OPENSSL
|
2017-09-19 11:01:40 +05:30
|
|
|
- Allow global configuration file
|
|
|
|
- Use correct license text (MIT)
|
|
|
|
20170425 - Use p11-kit format anchors
|
|
|
|
- Add CKA_NSS_MOZILLA_CA_POLICY attribute for p11-kit anchors
|
|
|
|
- Add clientAuth OpenSSL attribute and (currently unused) NSS
|
|
|
|
CKA_TRUST_CLIENT_AUTH
|
|
|
|
20170119 - Show trust bits on local certs
|
|
|
|
- Add version output for help2man
|
|
|
|
20161210 - Add note about --force swich when same version
|
|
|
|
20161126 - Add -D/--destdir switch
|
|
|
|
20161124 - Add -f/--force switch to bypass version check
|
|
|
|
- Add multiple switches to allow for alternate localtions
|
|
|
|
- Add help text
|
|
|
|
20161118 - Drop make-cert.pl script
|
|
|
|
- Add support for Java and NSSDB
|
|
|
|
|