Changes with v1.0.0 *) mod_ca_disk: When the ca_certstore hook is fired to save the certificate, but the index has not yet been updated because the ca_makeserial hook was not used, update the index while make sure this happens just once. [Graham Leggett] *) Add ca_reqauthz hook to mod_ca_disk to verify the case where the renewal or reissue was signed by a previously issued certificate. [Graham Leggett] *) Add constants for proof of possession. [Graham Leggett] *) Add mod_ca_provider to support the provider mechanism on OpenSSL v3+. [Graham Leggett] *) mod_ca_engine: Add workaround to build on RHEL10 where the openssl/engine.h file was truncated. [Graham Leggett] *) mod_ca_simple: Remove const warnings. [Graham Leggett] *) mod_ca: Remove stray semicolons on macros. [Graham Leggett] Changes with v0.2.4 *) mod_ca_engine: Fix signedness warnings related to bitwise flags. [Graham Leggett] *) mod_ca_engine: Allow the module to build and give a warning when OpenSSL ENGINE support is not present in OpenSSL. [Graham Leggett] *) mod_ca_disk: Fix signedness warnings related to bitwise flags. [Graham Leggett] *) mod_ca_ldap: Allow the module to build and give a warning when LDAP support is not present in APR-util. [Graham Leggett] *) mod_ca_simple: Fix signedness warnings related to bitwise flags. [Graham Leggett] *) mod_ca_ldap: Fix a stack overflow when escaping an LDAP distinguished name with characters outside the ASCII set. [Graham Leggett] Changes with v0.2.3 *) Use the AP_DECLARE_MODULE() macro so that per-module logging works properly. [Graham Leggett] *) Make sure the signer certificate is included as the first intermediate certificate in the chain for mod_ca_simple and mod_ca_engine. Clearly log the certificate chain. [Graham Leggett] Changes with v0.2.2 *) apr_file_link() is not supported on apr < 1.4. [Graham Leggett] *) Support platforms where apr_crypto_clear() is not present. [Graham Leggett] *) Remove unnecessary ap_state_query call. [Graham Leggett] *) RPM spec file: build natively on Redhat, SUSE and Mageia. [Graham Leggett] Changes with v0.2.1 *) Initial Redwax release. *) Allow install time redirection of libexec (for the modules) and the incude files that differs from the APXS location (where the rest of the modules and include live. This lets us work with the NixOS build and package system that keeps thse religiously separate. [Dirk-Willem van Gulik] Changes with v0.2.0 *) Alphabetise the hook implemetations to make them easier to document. [Graham Leggett] *) Make sure that extensions are added with X509V3_CTX. [Graham Leggett] *) Updates to compile with openssl v1.1.0. [Graham Leggett] *) Add an implementation of the ca_makekey hook to mod_ca_simple. [Graham Leggett] *) Add the ca_makekey hook. [Graham Leggett] *) Allow the challengePassword to be a UTF8 string. [Graham Leggett] *) Distinguish between a certificate not found error and an LDAP error so we don't print "Success" next to a failure. [Graham Leggett] *) Add a workaround for https://github.com/openssl/openssl/issues/8618 that causes PKCS7 DER encoded objects to not be decoded correctly. [Graham Leggett] *) Wire through the module names in log messages. [Graham Leggett] *) Honour CFLAGS during build. [Graham Leggett] *) Initial import of mod_ca. [Graham Leggett]