0.6.0

Enhancements

• Support remote signers like aaasvc (#58)
• Add a generic Rego helper for OPA integration (#62)

0.5.0

Enhancements

• pkcs11 security provider (#52)

0.4.3

Enhancements

• Support go mod

0.4.2

Enhancements

• Support Email SANs in certificates (#34)

Bug Fixes

• Only log privileged certificate cache notices when it's actually being cached (#43)

0.4.0

Enhancements

• Check a user certificate before privileged certificates to hopefully spam the logs less (#38)
• Only update user certificates if they change when SecurityAlwaysOverwriteCache is set (#36)

Bug Fixes

• Support SecurityAlwaysOverwriteCache in the Puppet provider (#40)

0.3.0

Bug Fixes

• Validate privileged certificates using their expected name instead of the claimed caller (#27)

Enhancements

• Allow callerid schemes other than choria= (#28)
• When checking cert validations check privileged ones first (#29)

0.2.1

Bug Fixes

• Support /foo/ style regular expressions in certname patterns (#22)

0.2.0

Enhancements

• Support intermediate certificates during validation (#13)
• Validate certificates before caching to ensure future policy changes are re-evaluated (#16)
• Allow caching to always overwrite cached certificates to deal with short lived certificates (#18)

0.1.0

Bug Fixes

• Do not confuse the concepts of certname and identity (#8)

0.0.2

Bug Fixes

• Handle errors returned from the Option functions (#5)