1.0.0-1
- Initial version of the module

1.0.1-1
- Using pre-cooked lexical analyser instead of having it generated at build time
- Build cleanups
- Improvements throughout the code

1.0.2-1
- Building certificate delegation samples
- Making use of canl_mech_ssl to include openssl header files
- Examples added: canl-proxy-init
- Client can give cert and key paths explicitly
- Recognition of command line args
- License string as recognized by rpmlint and packaging guidelines
- Truly independent of auth. mechanism
- Cert, key  in mech. context
- Writing proxy to file with restrictive permissions
- Duplicating only existing certificates
- Set CA directory and CRL directory to context
- Compatiblity with FIPS openssl releases

1.0.3-1
- Examples extended
- Storing certificate + chain of approp. certs in context
- Duplicate certificates instead of using pointers in cred handling
- Delegation sample made truly funcional
- Setting CA directory and CRL directory is X509 authn. mechanism specific
- Preparation for OCSP support
- Using proxy cert file (chain of certs) as easy as user cert

1.0.4-1
- Build dependency on krb5-devel added
- Better error codes
- Refuse to sign certificate if key size is not long enough
- Using default key size of 1024 bits
- canl_cert_req object not used anymore
- Preparing implementation of OCSP support
- Fixed Vulnerability in Voms CRL processing

2.0.0-1
- OCSP support
- PKCS11 support
- Preparation for Fedora & EPEL packaging
- Features and bugfixes

2.0.0-2
- Update debian packaging due to major version bump
- Module rebuilt

2.0.1-1
- License and packaging fixes

2.0.2-1
- Memory handling fixes

2.0.3-1
- Minor changes of error messages in caNl examples
- Library sonames tracked in rpm
- caNl API documentation located only in canl-devel subpackage
- proxy_verify_desc and proxy_verify_ctx_desc structures taken care of
- New parameter to setup_SSL_proxy_handler (gridsite speciality)
- New error codes added
- Older error descriptions revised

2.0.4-1
- Changes based on Fedora reviews
- More than one return code from newer c-ares handled (fixes possible problem for IPv6 only machines)
- fixed vulnerability reported in EGI RT ticket #4781 1)
  - SSL_CTX_set_cipher_list(ssl_ctx, "ALL") set to chosen ciphers

2.0.5-1
- Spec macros fixed, building canl-c documentation on Fedora 18
- Fixes to follow recent Debian updates

2.0.6-1
- Support multilib for canl-c-devel
- Fixes for EGI RT ticket #4781, section 2
  - Detecting Limited proxies in (pre-)RFC proxies fixed
  - Distinguish between proxy sub-types
  - Detect path lenght restriction violation

2.0.7-1
- Get peer's certificate if asked for

2.0.8-1
- Optionally turn on OCSP in examples
- OCSP off by default, can be switched of by setting CANL_SSL_OCSP_VERIFY_ALL as a flag to canl_ctx_set_ssl_flags()

2.0.9-1
- proxy_verify... renamed to canl_proxy_verify, may solve GGUS ticket 91208
- New funcions added to doc

2.0.10-1
- Debugging packages for subpackages in Debian
- Sensitive exported functions renamed to prevent collisions
- API enhancement, let the user choose ocsp responder url

2.1.0-1
- There was an API enhancement -- minor version bump is appropriate

2.1.1-1
- Uninitialized context variable fixed

2.1.2-1
- Proxy type honoured in the signing function

2.1.3-1
- Fixed Makefile dependencies
- Adjustment to Fedora packaging guidelines
- Some build-time warnings fixed
- Parallel build support
- Reactions to Fedora review
- Support for EPEL 7 (Fedora 20)

2.1.4-1
- Fixing Certificate chain validation error (GH Issue #3)

2.1.5-1
- Memory handling issues
- Fixin upgrade from older debug package
- Polishing makefile rules usage for bison files
- Fixing build issues (LDFLAGS)
- Moving ChangeLogs from project subdirectory to module root directory
- Removing Debian VCS fields
- Simplified Debian packaging
- Updating debian.control according to current Debian "downstream"

2.1.6-1
- Fixing build errors with newer compilers
- Adding missing ptherad library for Debian 8
- Calling OpenSSL init routines exactly once (Fixes Issue #7)
- Makes the first byte of SN always 0x01 (Fixes GGUS #113418)

2.1.7-1
- Quick fix to prevent RFC Proxy DN forgery (RT #11476)

3.0.0-1
- Migrate to openssl 1.1.0
