< Previous by Date Date Index Next by Date >
  Thread Index  

[reSIProcate] closer to 1.12.0 release

Hi all,

I made up a 1.12.0~beta8 tag last night

One of the main reasons I didn't make a stable 1.12.0 release already is
that the async Common Name lookups was only implemented for repro's
CertificateAuthenticator and not in DUM's TlsPeerAuthManager.  For
consistency, I felt the release needs to support both.  I tweaked
TlsPeerAuthManager so that it now does the same async lookup and tested
it with registration in repro.

I had also been contemplating replacement of the existing SQL code to
support more backends, async lookups in more tables and maybe some other
benefits.  This also requires some more thought about strategy and I
don't want that to hold up the release.  So I came up with an
interesting hack: using SQL views to let us see inside the previously
opaque attr and value columns of the legacy tables.  It is only
implemented for PostgreSQL right now but if somebody wants to mimic the
code for MySQL then we can include it.  I'll send a more detailed email
about the way it works.  This should allow people to start writing
directly to all the tables and even creating alternative web interfaces.

One other thing I'm looking at and may commit in the coming days:
reloading the certificates without a restart.  This is important with
lots of people using Lets Encrypt and WebSocket transports now.

Apart from these issues, does anybody else have any ideas about things
that should be brought in before 1.12.0 is tagged?

Is there anything that anybody wants to test before the tag?  If there
are particular regressions you want to avoid you are very welcome to
submit unit tests.