This is the changelog for this fork of OMI. It documents the changes in each of the tagged releases
- Fix Kerberos auth with username but no password set
- Fix
Install-WSManon PowerShell 7.3.x for macOS
- Added universal build for macOS to work with both x86_64 and arm64 processes
- Fixed up logic used to determine what OpenSSL library is used on macOS
- Changed
PSWSManto be a hybrid module for more robust loading and unloading behaviour in the future
- Created universal builds to be used across the various nix distributions
glibcis based on CentOS 7 and is designed for most GNU/Linux distributions, EL/Debian/Arch/etcmuslis based on Alpine 3 and is designed for busybox/Linux distributions, AlpinemacOSis based on macOS- These universal builds is designed to reduce the number of
libmibuilds being distributed and automatically support future distribution releases as they are made
- Deprecated the
-Distributionparameter ofInstall-WSManas it no longer does anything - Removed support for Debian 8 and Fedora 31 due to the age of the distribution
- Added initial support for OpenSSL 3.x for glibc, musl, and macOS based distributions
- Added support for using OpenSSL installed from
portifbrewis not used on macOS- One of them must be installed but you are no longer limited to just
brew
- One of them must be installed but you are no longer limited to just
- Use
@loader_pathon macOS instead of@executable_pathfor loadinglibmito support relative paths from the library itself rather thanpwsh Register-TrustedCertificatewill now create a file with a determinable name to avoid creating duplicate entries
- Added the following distributions
fedora33ubuntu20.04
- Make a backup of the original library files in the PowerShell dir before installing the forked copies
- Merge in upstream changes to stay in sync
- Upstream changes were based on server side configuration updates and logging and not something that affects PowerShell's WSMan client code
- GitHub release artifacts are now a
.tar.gzfor each distribution containinglibmiandlibpsrp - Removed the script
tools/Get-OmiVersion.ps1in favour ofGet-WSManVersionthat is included in the newPSWSManmodule
- Created
PSWSManwhich is a PowerShell module uploaded to the PowerShell Gallery that can install and manage the OMI libraries for you - Build
libpsrpclientas well and add it to the release artifacts - Added Alpine 3 to the build matrix
- Added support for reading
New-PSSessionOption -SkipCACheck -SkipCNCheckfrom PowerShell instead of relying on the env vars- Requires PowerShell v7.2.0
- v7.2.0 and later do not need to have
-SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck)set - Those options can now also control cert verification behaviour per session
- Older versions must still set those session options and use the env vars to skip cert verification
- Fix build for macOS to link against OpenSSL 1.1 and not 1.0.2
- Added support for channel binding tokens to work with
Auth/CbtHardeningLevel = Strict - Improved error messages displayed when dealing with OpenSSL errors
- Turned on HTTPS certificate validation by default ignoring whatever is set from PowerShell
- You still need to specify
-SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck)when creating the session in PowerShell - These session options are ignored in this OMI library, to disable cert verification here, set the env vars
OMI_SKIP_CA_CHECK=1andOMI_SKIP_CN_CHECK=1 - A future version may respect the
-SessionOptionskip checks in the future but until that data is actually sent to the library we opt for a safer default by always checking unless our env vars are set
- You still need to specify
- Added Archlinux as a known distribution
- Increased password length limit to allow connecting with JWT tokens to Exchange Online that routinely exceed 1KiB in size.
- Take back point about NTLM working on macOS, while it can work when you use HTTPS, it will fail with the message encryption due to a flaw in macOS NTLM through SPNEGO mechanism
Initial release.