All notable changes to this project will be documented in this file. Each new release typically also includes the latest modulesync defaults. These should not affect the functionality of the module.
v4.1.0 (2024-10-01)
Implemented enhancements:
Fixed bugs:
- Correctly pass secrets via environment variables to avoid them being visible in process lists #228 (ekohl)
v4.0.0 (2024-07-19)
Breaking changes:
- Drop DSA key support #222 (ekohl)
- password encryption: switch from des3->aes-256-cbc #221 (bastelfreak)
- Drop EoL CentOS 6,7,8 support #212 (bastelfreak)
- Drop EoL RedHat 6 and 7 support #211 (bastelfreak)
- Drop EoL Ubuntu 14.04,16.04,18.04 #208 (bastelfreak)
- Drop EoL Debian 8,9,10 support #207 (bastelfreak)
- Use OpenSSL::PKey.read to read private keys #190 (ekohl)
Implemented enhancements:
- Support OpenSSL 3 #223 (ekohl)
- Add Archlinux support #217 (bastelfreak)
- Add OracleLinux 8 & 9 support #216 (bastelfreak)
- Add Rocky Linux 8 & 9 support #215 (bastelfreak)
- Allow passing a CA key password when signing a cert #214 (bastelfreak)
- Add AlmaLinux 8 & 9 support #213 (bastelfreak)
- Add EL9 support #210 (bastelfreak)
- Add Ubuntu 22.04 support #209 (bastelfreak)
- Add Debian 12 support #206 (bastelfreak)
- Add Debian 11 support #205 (bastelfreak)
- Add basic acceptance tests for the existing examples #192 (ekohl)
- Add Ubuntu 24.04 support #191 (ekohl)
- Add Puppet 8 support #167 (bastelfreak)
Fixed bugs:
- Use private_key parameter when creating certificate #186 (vasilevalex)
v3.2.0 (2024-07-18)
Implemented enhancements:
- feat: refreshable exports #202 (pavelkovtunov)
v3.1.1 (2024-07-11)
Fixed bugs:
- r10k generate types fails #197
- export/{pem_cert,pem_key,pkcs12}:
passin,passout: useshellquote()instead of single quotation marks #199 (pavelkovtunov) - Add missing require so that generate types works. #198 (ncstate-daniel)
- fix logic bug with extkeyusage and altnames #195 (rtib)
v3.1.0 (2024-05-02)
Implemented enhancements:
Fixed bugs:
- Release 3.0.0 broken #178
- Fix handling of request extensions in x509_cert type and provider #180 (rtib)
- Fix config template issues and add some improvements #179 (rtib)
v3.0.0 (2024-03-19)
Breaking changes:
- Require puppetlabs-stdlib 9.x #165 (smortex)
- moves config management to config provider for X509 certificate; moves certificate from v1 to v3 #164 (zilchms)
- Drop Puppet 6 support #163 (zilchms)
- add puppet7 support; namespace all functions #162 (zilchms)
- enable single config file support #159 (zilchms)
- Enlarge key size based on new security requirement #143 (Vampouille)
Implemented enhancements:
- move from own regex to stdlib ip type adding ipv6 support for SANS #166 (zilchms)
- refactor x509_request to be consistent with x509_cert provider #155 (zilchms)
- add ability to certificate provider to get signed against a CA cert #153 (zilchms)
- Allow cert_file to download certificates via https #146 (rtib)
Fixed bugs:
- templates/cert.cnf.erb should use @, not $ #149 (mikerenfro)
- fix openssl_version on EL8 OpenSSL 1.1.1k #135 (fraenki)
Closed issues:
Merged pull requests:
v2.0.1 (2022-03-09)
Fixed bugs:
Closed issues:
- openssl_version fact resolves to nil #134
Merged pull requests:
- Rework README.md/add correct badges #141 (bastelfreak)
- Tests: Use modern rspec syntax #140 (bastelfreak)
- puppet-lint: fix current violations #138 (bastelfreak)
- init: fix Puppet Strings docs syntax #137 (kenyon)
- puppet-lint: fix top_scope_facts warnings #133 (bastelfreak)
- allow stdlib 8.0.0 #130 (kenyon)
2.0.0 (2021-05-04)
Breaking changes:
Implemented enhancements:
- add cert_file type #124 (rtib)
- Allow DER certificates to be converted to PEM format #122 (n3mawashi)
- function to extract caIssuers URL from authorityInfoAccess extension #120 (rtib)
- Allow openssl_version regex to match more FIPS versions #112 (runejuhl)
Closed issues:
- Parameters for openssl.cnf #41
Merged pull requests:
- readd dependencies to class to generate configs #119 (trefzer)
- add autorequire for file path to all defined types #117 (trefzer)
- add class to generate configs #116 (trefzer)
- add support for OpenBSD #115 (trefzer)
- fix spec test, failing Time.now is not executed in same second #114 (trefzer)
- allow for numeric owner and group IDs for file resources #113 (kenyon)
1.14.0 (2020-03-05)
Breaking changes:
Implemented enhancements:
Closed issues:
- 1.13.0 introduced bug in
openssl::export::pkcs12#110
1.13.0 (2020-01-07)
Implemented enhancements:
- Rubocop #108 (raphink)
- Port specs to rspec 3 #107 (raphink)
- Port cert_date_valid function to Puppet 4.x API #106 (raphink)
- Convert to PDK #105 (raphink)
- Manifests cleanup #104 (raphink)
1.12.0 (2019-04-17)
Implemented enhancements:
1.11.0 (2019-03-01)
Implemented enhancements:
- Ability to generate x509 certificates with extKeyUsage #96 (madchap)
- Add the x509_extensions directive to support SAN in certificate #89 (johnbillion)
- Changes to support unencrypted CSRs #84 (WetHippie)
Closed issues:
- dhparam doesn't work without 'ensure' #90
- Request for ability to create unencrypted private key #83
- Can't add SAN records #44
Merged pull requests:
1.10.0 (2017-04-18)
Breaking changes:
- Make the $fastmode parameter for openssl::dhparam default to false. #86 (rpasing)
- Fastmode, Default Keysize increased, path defaults to name #80 (c33s)
Implemented enhancements:
- Data types #87 (raphink)
- Add definitions to export PEM cert/key from PKCS12 container #85 (michalmiddleton)
Closed issues:
1.9.0 (2017-01-10)
Implemented enhancements:
Closed issues:
- x509_request doesn't handle refresh #71
Merged pull requests:
- Error: Unknown authentication type 'dsa' when setting authentication #72 (christophelec)
1.8.2 (2016-08-19)
1.8.1 (2016-08-19)
Closed issues:
- Error "failure to load inifile" resulting in failed Puppet run #63
Merged pull requests:
1.8.0 (2016-08-18)
Merged pull requests:
- Add argument key_size to openssl::certificate::x509 #55 (kronos-pbrideau)
1.7.2 (2016-06-29)
Closed issues:
- dhparam generation fails #58
Merged pull requests:
1.7.1 (2016-03-30)
Closed issues:
- Error: Facter: error while resolving custom fact "openssl_version" #62
Merged pull requests:
- fixes #62 - error resolving openssl_version on RHEL 6 #66 (mike-es)
- altnames can represent ip addresses #61 (garrettrowell)
1.7.0 (2016-03-18)
Closed issues:
- Add openssl_version fact #57
Merged pull requests:
1.6.1 (2016-02-22)
Merged pull requests:
1.6.0 (2016-02-18)
Implemented enhancements:
- dhparam: add #53 (josephholsten)
- Change cert existance logic #51 (sorrowless)
1.5.1 (2015-11-17)
Implemented enhancements:
- packages: switch to stlib ensure_packages() to play nice with other modules which install ca-certificates #52 (josephholsten)
- Manage ca-certificates package on redhat too #49 (edestecd)
Closed issues:
- ca-certificates package is available in redhat also #47
1.5.0 (2015-09-23)
Implemented enhancements:
1.4.0 (2015-09-15)
Merged pull requests:
- Fix san use in certificate #50 (sorrowless)
1.3.10 (2015-08-21)
Closed issues:
- No way to set desired openssl package version #35
Merged pull requests:
1.3.9 (2015-06-26)
1.3.8 (2015-05-28)
1.3.7 (2015-05-26)
1.3.6 (2015-05-26)
Merged pull requests:
1.3.5 (2015-05-25)
1.3.4 (2015-05-13)
1.3.3 (2015-05-12)
1.3.2 (2015-04-27)
1.3.1 (2015-04-17)
1.3.0 (2015-04-03)
Closed issues:
- Google has depreciated sha1 for certs #36
Merged pull requests:
1.2.8 (2015-03-24)
1.2.7 (2015-03-10)
Merged pull requests:
1.2.6 (2015-02-18)
1.2.5 (2015-01-19)
1.2.4 (2015-01-07)
1.2.3 (2015-01-05)
1.2.2 (2014-12-18)
1.2.1 (2014-12-18)
1.2.0 (2014-12-09)
1.1.0 (2014-11-25)
Closed issues:
- Generating pkcs12 Certificate #33
Merged pull requests:
- Pkcs12 modifications #34 (cjeanneret)
1.0.1 (2014-11-17)
1.0.0 (2014-10-20)
Closed issues:
- Improve doc to show how to generate password-free certs #30
Merged pull requests:
0.3.2 (2014-09-23)
0.3.1 (2014-07-04)
Merged pull requests:
0.3.0 (2014-07-02)
Closed issues:
- RANDFILE not correct on ubuntu 12.04.04 #29
- Add the ability to specify the version of openssl that you want installed #24
- Push new version to the Forge #22
- Fix dependency issue with puppetlabs-stdlib (version number wrong) #17
- creating a cert doesn't include altnames #13
0.2.0 (2014-03-03)
Closed issues:
- Replace has_variable? test with simple if @var test in templates/cert.cnf.erb #16
- incorrect check against undef in default template #15
- Wrong command called #1
Merged pull requests:
- Fix bug with x509_Request not having the cnf template present #28 (jrnt30)
- Document 'group' parameter #27 (pataquets)
- Add 'group' parameter to x509 certificate. #26 (pataquets)
- Added certificate signing request dependency on configuration template #25 (tylerwalts)
- Fix for issue 16 #21 (ghost)
- Ignore Gemfile.lock #20 (ghost)
- Deprecation warnings when running rake spec #19 (ghost)
- Deprecation warning when running bundle install #18 (ghost)
- Add cnf_tpl param to openssl::certificate::x509. #12 (Sliim)
- Fix puppet-lint link in README.md #11 (Sliim)
- Update Modulefile to work with other modules requiring stdlib #10 (LarsFronius)
- Add x509_cert and x509_csr types and providers #9 (raphink)
- Export pkcs12 without password #8 (raphink)
- openssl: added support for various distributions. #5 (mfournier)
- openssl::export::pkcs12 - new definition. name says it all #3 (cjeanneret)
- openssl::certificate::x509 - corrected call to script #2 (cjeanneret)
* This Changelog was automatically generated by github_changelog_generator