v1.3.0
Welcome to the next release of VaulTLS. This release adds Key Revocation Lists (KRL) for OpenSSL certificates and the ability to import TLS CAs and certificates,
Key Revocation Lists
When adding support for TLS Certificate Revocation Lists I completely forgot about my dear SSH users. For some reason I thought it wasn't really possible which is of course wrong! To implement KRLs I had to manually implement the KRL protocol since the SSH cert library I used in Rust didn't support it.
You can check if a certificate is revoked for example with ssh-keygen:
❯ ssh-keygen -Q -f test.krl user.pub
user.pub (user.pub): REVOKEDImport TLS CAs and Certificates
As requested in #193 you can now import existing TLS CAs (including CRL) and certificates to VaulTLS. Please make sure any data you import is sane. If you find any issues, please don't hesitate to open an issue.
Others
- @jordanruthe fixed a bug with the ACME server in #200
- Added proper SIGTERM handling as requested in #215
- Added some default SSH extensions for certificates as requested in #198
- Updated dependencies