1.0.0-1
- Initial version of the module

1.0.1-1
- Using pre-cooked lexical analyser instead of having it generated at build time
- Build cleanups
- Improvements throughout the code

1.0.2-1
- Building certificate delegation samples
- Making use of canl_mech_ssl to include openssl header files
- Examples added: canl-proxy-init
- Client can give cert and key paths explicitly
- Recognition of command line args
- License string as recognized by rpmlint and packaging guidelines
- Truly independent of auth. mechanism
- Cert, key  in mech. context
- Writing proxy to file with restrictive permissions
- Duplicating only existing certificates
- Set CA directory and CRL directory to context
- Compatiblity with FIPS openssl releases

1.0.3-1
- Examples extended
- Storing certificate + chain of approp. certs in context
- Duplicate certificates instead of using pointers in cred handling
- Delegation sample made truly funcional
- Setting CA directory and CRL directory is X509 authn. mechanism specific
- Preparation for OCSP support
- Using proxy cert file (chain of certs) as easy as user cert

1.0.4-1
- Build dependency on krb5-devel added
- Better error codes
- Refuse to sign certificate if key size is not long enough
- Using default key size of 1024 bits
- canl_cert_req object not used anymore
- Preparing implementation of OCSP support
- Fixed Vulnerability in Voms CRL processing

2.0.0-1
- OCSP support
- PKCS11 support
- Preparation for Fedora & EPEL packaging
- Features and bugfixes

2.0.0-2
- Update debian packaging due to major version bump
- Module rebuilt

2.0.1-1
- License and packaging fixes

2.0.2-1
- Memory handling fixes

2.0.3-1
- Minor changes of error messages in caNl examples
- Library sonames tracked in rpm
- caNl API documentation located only in canl-devel subpackage
- proxy_verify_desc and proxy_verify_ctx_desc structures taken care of
- New parameter to setup_SSL_proxy_handler (gridsite speciality)
- New error codes added
- Older error descriptions revised

2.0.4-1
- Changes based on Fedora reviews
- More than one return code from newer c-ares handled (fixes possible problem for IPv6 only machines)
- fixed vulnerability reported in EGI RT ticket #4781 1)
  - SSL_CTX_set_cipher_list(ssl_ctx, "ALL") set to chosen ciphers

2.0.5-1
- Spec macros fixed, building canl-c documentation on Fedora 18
- Fixes to follow recent Debian updates

2.0.6-1
- Support multilib for canl-c-devel
- Fixes for EGI RT ticket #4781, section 2
  - Detecting Limited proxies in (pre-)RFC proxies fixed
  - Distinguish between proxy sub-types
  - Detect path lenght restriction violation

2.0.7-1
- Get peer's certificate if asked for

2.0.8-1
- Optionally turn on OCSP in examples
- OCSP off by default, can be switched of by setting CANL_SSL_OCSP_VERIFY_ALL as a flag to canl_ctx_set_ssl_flags()

