Skip to content

Tags: sp-andwei/pebble

Tags

v2.3.0

Toggle v2.3.0's commit message 
Pebble v2.3.0

Features:

* Added an ACME account "orders list" endpoint for finding order URLs
  associated with an account. See RFC 8555 §7.1.2.1.
* Updated pebble-challtestsrv with an API for mocking DNS `SERVFAIL` responses
  for a hostname.
* Added support for ACME external account binding (EAB) for new account
  requests. See RFC 8555 §7.3.4.

Bug-fixes:

* The `pebble-challtestsrv`'s mock CNAME delete API is fixed to remove the
  CNAME mock record instead of the CAA mock record for the given hostname.
* Changed `PEBBLE_ALTERNATE_ROOTS` intermediate certificates to have the same
  subject, matching the issuer of issued leaf certificate's.
* Fixed key rollover request handling for requests that fail inner JWS
  verification.
* Finalize requests that include a CSR that specifies a certificate public key
  already used by an ACME account now receive a `badCSR` type problem. See RFC
  8555 §11.1.
* Authorizations for ACME-IP identifiers are fixed to only contain HTTP-01 and
  TLS-ALPN-01 challenges, not DNS-01. See draft-ietf-acme-ip §7.
* Added support for POST-as-GET requests in addition to GET/HEAD for directory
  and newNonce endpoints. See RFC §6.3
* Fixed handling of HTTP-01 validation requests that are redirected to a
  different port (e.g. `443`).

Misc:

* A Subject Key Identifier value is now included in all issued certificates. See
  RFC 5280 §4.2.1.2.
* The Pebble ACME API and management API ports (`14000` and `15000`) are now
  marked exposed in Dockerfile metadata.
* TLS 1.3 for Pebble's validation requests is explicitly enabled by env var in
  the Docker environment.
* The project and CI now use Go 1.13 and `golangci-lint` v1.21.0

New configuration options:

* The `PEBBLE_WFE_ORDERS_PER_PAGE` env var can be used to control the account
  orders list endpoint's pagination. By default up to 15 order URLs are
  returned per response.
* The `"externalAccountBindingRequired"` config file boolean field can be used
  to control whether all `newAccount` requests must use external account binding.
* The `"externalAccountMACKeys"` config file key/value object field can be used
  to specify external account binding key IDs and encoded MAC keys  See
  `test/config/pebble-config-external-account-binding.json` for an example.

Heartfelt thanks to @felixfontein, @sergioaugrod, @0pq76r, @Drakezul, @JoshVanL
and @munnerz for their contributions to this release.

v2.2.2

Toggle v2.2.2's commit message 
Pebble v2.2.2

Bug-fixes:

* fix TLS-ALPN-01 with custom -dnsserver (thanks @adferrand)

Misc:

* updated project .gitignore (thanks @eggsampler)

v2.2.1

Toggle v2.2.1's commit message 
Pebble release v2.2.1.

The v2.2.0 release mistakenly tagged the wrong commit. Apologies for the
mistake. The v2.2.1 fixes this issue.

* separate HTTP management interface/listener.
* cert-status-by-serial management endpoint for checking revocation status.
* probabilistic valid authorization reuse.

* fix missing returns in WFE error paths.
* fix WFE rendering of empty contact/authz challenge arrays.
* fix custom DNS resolver on Windows.

* update docker-compose.yml to use latest image tags.
* update docker base images to use Go 1.12.
* WFE "marshaling" typo fixes/consistency.

Heartfelt thanks to @adferrand, @alexzorin, @eggsampler and @felixfontein for
their contributions to this release.

v2.2.0

Toggle v2.2.0's commit message 
Pebble release v2.2.0

features:
* separate HTTP management interface/listener.
* cert-status-by-serial management endpoint for checking revocation status.
* probabilistic valid authorization reuse.

bug-fixes:
* fix missing returns in WFE error paths.
* fix WFE rendering of empty contact/authz challenge arrays.
* fix custom DNS resolver on Windows.

misc:
* update docker-compose.yml to use v2.1.0.
* WFE "marshaling" typo fixes/consistency.

Heartfelt thanks to @adferrand, @alexzorin, @eggsampler and @felixfontein for
their contributions to this release.

v2.1.0

Toggle v2.1.0's commit message 
v2.1.0

features:

* support for draft-ietf-acme-ip-06 (thanks @orangepizza for impl, @felixfontein
  for bug fixes!)
* issuer/intermediate key/cert are accessible over HTTP (thanks @adferrand!)
* support for specifying EE cert OCSP Responder URL (thanks @adferrand!)
* support for creating and offering alternative cert. chains (thanks
  @felixfontein!)
* -strict support for rejecting legacy JWS requests

misc:

* CI release asset publication pipeline (thanks @adferrand!)

bug-fixes:

* wfe: unlocking order in updateChallenge after read (thanks @dopey!)

v2.0.2

Toggle v2.0.2's commit message 
v2.0.2

* Bug fixes for data races between wfe/va.

v2.0.1

Toggle v2.0.1's commit message

Verified

This tag was signed with the committer’s verified signature. The key has expired.
jsha Jacob Hoffman-Andrews
GPG key ID: DF1CF8BC65AA7E3A
Expired
Learn about vigilant mode 
Release v2.0.1

- Always send Link: rel="index"
- Implement orderNotReady and badPublicKey errors
- Add linting, test coverage, code of conduct and make lint fixes
- Use pre-built release versions of pebble and pebble-challtestsrv in
docker-compose.yml
- Add AppVeyor support to auto-publish Windows Docker images

2.0.0

Toggle 2.0.0's commit message 
WFE: Check ownership on certificate before returning it (letsencrypt#207

)

Fixes letsencrypt#205

v2.0.0

Toggle v2.0.0's commit message 
Pebble 2.0.0 release.

This release enables all of the behaviour previously gated behind `-strict` as
defaults. If you were not running Pebble 1.0.x with `-strict` already you may
find this is a breaking release that requires client bugfixes. If you were
previously running Pebble 1.0.x with `-strict` you should find 2.0.0 is
a drop-in upgrade.

v1.0.1

Toggle v1.0.1's commit message 
CI: fix publish on Docker. (letsencrypt#199)