github 7ritn/VaulTLS v1.3.0

6 hours ago

v1.3.0

Welcome to the next release of VaulTLS. This release adds Key Revocation Lists (KRL) for OpenSSL certificates and the ability to import TLS CAs and certificates,

Key Revocation Lists

image

When adding support for TLS Certificate Revocation Lists I completely forgot about my dear SSH users. For some reason I thought it wasn't really possible which is of course wrong! To implement KRLs I had to manually implement the KRL protocol since the SSH cert library I used in Rust didn't support it.

You can check if a certificate is revoked for example with ssh-keygen:

❯ ssh-keygen -Q -f test.krl user.pub
user.pub (user.pub): REVOKED

Import TLS CAs and Certificates

image

As requested in #193 you can now import existing TLS CAs (including CRL) and certificates to VaulTLS. Please make sure any data you import is sane. If you find any issues, please don't hesitate to open an issue.

Others

  • @jordanruthe fixed a bug with the ACME server in #200
  • Added proper SIGTERM handling as requested in #215
  • Added some default SSH extensions for certificates as requested in #198
  • Updated dependencies

Don't miss a new VaulTLS release

NewReleases is sending notifications on new releases.