uacme NEWS
Copyright (C) 2019,2020 Nicola Di Lieto <nicola.dilieto@gmail.com>

## [1.0.22] - 2020-02-01
### Changed
- relax account status check (compatibility with buypass.no)
- allow client challenge retry requests (RFC8555 section 7.1.6)
- add wildcard clarification in manpage

## [1.0.21] - 2020-01-12
### Changed
- Quote variables in uacme.sh
- Added LFS support (AC_SYS_LARGEFILE)

## [1.0.20] - 2019-10-03
### Changed
- improved HTTP header parsing to fix problem that
  can happen when retrieving directory over HTTP/2

## [1.0.19] - 2019-09-30
### Changed
- fix configure script bug when using explicit
  PKG_CONFIG environment variable
- explicitly set key usage in certificate request

## [1.0.18] - 2019-08-29
### Added
- support for OCSP Must-Staple (-m, --must-staple)

### Changed
- explicitly set key usage constraints with mbedTLS
- fix compilation warning with gcc7 on solaris

## [1.0.17] - 2019-07-03
### Changed
- fix pedantic compilation warning
- configure fails if pkg-config isn't found

## [1.0.16] - 2019-06-17
### Changed
- configure script checks for libcurl HTTPS support
- minor manpage corrections 

## [1.0.15] - 2019-06-15
### Changed
- exit with error if both -a and -s are specified
- avoid depending on libtasn1 if gnutls_decode_rs_value is
  available (requires gnutls 3.6.0 or later)

## [1.0.14] - 2019-06-12
### Changed
- Fix deprecated API when building with OpenSSL v1.1.1c

## [1.0.13] - 2019-06-05
### Changed
- Disable mbedTLS runtime version check if not available

## [1.0.12] - 2019-05-18
### Changed
- Ensure EC key params are always properly padded
- Improved hook_run error checking

## [1.0.11] - 2019-05-17
### Added
- Key rollover (https://tools.ietf.org/html/rfc8555#section-7.3.5)

### Changed
- Revoked cert files now renamed to 'revoked-TIMESTAMP.pem'
- Key auth contains SHA256 digest for tls-alpn-01 (like dns-01)
- Minor logging improvements

## [1.0.10] - 2019-05-12
### Added
- secp384r1 EC key support

### Changed
- -b, --bits option accepts 256 or 384 for EC keys
- enforce multiple of 8 RSA key size
- improved acme_get and acme_post verbose logging
- retry upon badNonce response according to RFC8555 6.5

## [1.0.9] - 2019-05-09
### Added
- EC key/cert support (-t, --type=EC, default RSA)
- RSA key length option (-b, --bits=BITS, default 2048)

## [1.0.8] - 2019-05-05
### Added
- OpenSSL support (./configure --with-openssl)

### Changed
- exit codes: 0=success, 1=cert issuance skipped, 2=error
- mbedtls: dynamically grow buffers when needed

## [1.0.7] - 2019-04-29
### Added
- HTTP User-Agent: header in all requests
- --disable-docs configure option

### Changed
- manpage version now updated automatically

## [1.0.6] - 2019-04-27
### Changed
- fixed uninitialized variable in authorize() function

## [1.0.5] - 2019-04-27
### Changed
- autoconf maintainer mode
- cosmetic change to json primitive dump

## [1.0.4] - 2019-04-26
### Added
- debian packaging

## [1.0.3] - 2019-04-25
### Changed
- fixed gcc -pedantic warnings

## [1.0.2] - 2019-04-24
### Added
- support for mbedTLS (./configure --with-mbedtls)

## [1.0.1] - 2019-04-21
### Changed
- minor fixes to links in documentation

## [1.0] - 2019-04-21
### Added
- first public release
