-*- coding: utf-8 -*-
Changes with Apache 2.4.52
+ *) mod_md: Fix memory leak in case of failures to load the private key.
+ PR 65620 [ Filipe Casal <filipe.casal@trailofbits.com> ]
+
+ *) mod_md: adding v2.4.8 with the following changes
+ - Added support for ACME External Account Binding (EAB).
+ Use the new directive `MDExternalAccountBinding` to provide the
+ server with the value for key identifier and hmac as provided by
+ your CA.
+ While working on some servers, EAB handling is not uniform
+ across CAs. First tests with a Sectigo Certificate Manager in
+ demo mode are successful. But ZeroSSL, for example, seems to
+ regard EAB values as a one-time-use-only thing, which makes them
+ fail if you create a seconde account or retry the creation of the
+ first account with the same EAB.
+ - The directive 'MDCertificateAuthority' now checks if its parameter
+ is a http/https url or one of a set of known names. Those are
+ 'LetsEncrypt', 'LetsEncrypt-Test', 'Buypass' and 'Buypass-Test'
+ for now and they are not case-sensitive.
+ The default of LetsEncrypt is unchanged.
+ - `MDContactEmail` can now be specified inside a `<MDomain dnsname>`
+ section.
+ - Treating 401 HTTP status codes for orders like 403, since some ACME
+ servers seem to prefer that for accessing oders from other accounts.
+ - When retrieving certificate chains, try to read the repsonse even
+ if the HTTP Content-Type is unrecognized.
+ - Fixed a bug that reset the error counter of a certificate renewal
+ and prevented the increasing delays in further attempts.
+ - Fixed the renewal process giving up every time on an already existing
+ order with some invalid domains. Now, if such are seen in a previous
+ order, a new order is created for a clean start over again.
+ See <https://github.com/icing/mod_md/issues/268>
+ - Fixed a mixup in md-status handler when static certificate files
+ and renewal was configured at the same time.
+
+ *) mod_md: values for External Account Binding (EAB) can
+ now also be configured to be read from a separate JSON
+ file. This allows to keep server configuration permissions
+ world readable without exposing secrets.
+ [Stefan Eissing]
+
*) mod_proxy_uwsgi: Remove duplicate slashes at the beginning of PATH_INFO.
PR 65616. [Ruediger Pluem]
+++ /dev/null
- *) mod_md: adding v2.4.8 with the following changes
- - Added support for ACME External Account Binding (EAB).
- Use the new directive `MDExternalAccountBinding` to provide the
- server with the value for key identifier and hmac as provided by
- your CA.
- While working on some servers, EAB handling is not uniform
- across CAs. First tests with a Sectigo Certificate Manager in
- demo mode are successful. But ZeroSSL, for example, seems to
- regard EAB values as a one-time-use-only thing, which makes them
- fail if you create a seconde account or retry the creation of the
- first account with the same EAB.
- - The directive 'MDCertificateAuthority' now checks if its parameter
- is a http/https url or one of a set of known names. Those are
- 'LetsEncrypt', 'LetsEncrypt-Test', 'Buypass' and 'Buypass-Test'
- for now and they are not case-sensitive.
- The default of LetsEncrypt is unchanged.
- - `MDContactEmail` can now be specified inside a `<MDomain dnsname>`
- section.
- - Treating 401 HTTP status codes for orders like 403, since some ACME
- servers seem to prefer that for accessing oders from other accounts.
- - When retrieving certificate chains, try to read the repsonse even
- if the HTTP Content-Type is unrecognized.
- - Fixed a bug that reset the error counter of a certificate renewal
- and prevented the increasing delays in further attempts.
- - Fixed the renewal process giving up every time on an already existing
- order with some invalid domains. Now, if such are seen in a previous
- order, a new order is created for a clean start over again.
- See <https://github.com/icing/mod_md/issues/268>
- - Fixed a mixup in md-status handler when static certificate files
- and renewal was configured at the same time.
-
projects / thirdparty / apache / httpd.git / commitdiff
