Skip to content

v1.3.0

Latest

Choose a tag to compare

@7ritn 7ritn released this 10 Jul 20:49

v1.3.0

Welcome to the next release of VaulTLS. This release adds Key Revocation Lists (KRL) for OpenSSL certificates and the ability to import TLS CAs and certificates,

Key Revocation Lists

image

When adding support for TLS Certificate Revocation Lists I completely forgot about my dear SSH users. For some reason I thought it wasn't really possible which is of course wrong! To implement KRLs I had to manually implement the KRL protocol since the SSH cert library I used in Rust didn't support it.

You can check if a certificate is revoked for example with ssh-keygen:

❯ ssh-keygen -Q -f test.krl user.pub
user.pub (user.pub): REVOKED

Import TLS CAs and Certificates

image

As requested in #193 you can now import existing TLS CAs (including CRL) and certificates to VaulTLS. Please make sure any data you import is sane. If you find any issues, please don't hesitate to open an issue.

Others

  • @jordanruthe fixed a bug with the ACME server in #200
  • Added proper SIGTERM handling as requested in #215
  • Added some default SSH extensions for certificates as requested in #198
  • Updated dependencies