Skip to content

v0.20.0
Compare
Choose a tag to compare
@mholt mholt released this 06 Dec 20:52
· 72 commits to master since this release
v0.20.0
This tag was signed with the committer’s verified signature.
mholt Matt Holt
GPG key ID: 2A349DD577D586A5
Learn about vigilant mode.
707ebd9
This commit was signed with the committer’s verified signature.
mholt Matt Holt
GPG key ID: 2A349DD577D586A5
Learn about vigilant mode.

This release vastly improves storage cleaning as well improving a few smaller things. There is a minor breaking change as we get ever closer to v1.0.

  • ⚠️ The DecisionFunc for On-Demand TLS now takes a context.Context value as its first argument. The context carries the ClientHelloInfo value (keyed by ClientHelloInfoCtxKey) for logging purposes.
  • Storage cleaning is now synchronized across the cluster, including process restarts. The state of cleaning expired certificates and OCSP staples is written to storage, and distributed locking is used to ensure that only 1 instance does it at a time. This greatly reduces costs for expensive storage backends! Cleaning is also done less often when the process is frequently restarted because the state is written to storage, so it is not forgotten after shutting down.
  • .home.arpa is now considered an internal suffix.
  • Backoff timings have been tuned based on real-world experience.

What's Changed

  • README: Add hint about NextProtos for certmagic.TLS by @oliverpool in #251
  • Bump golang.org/x/net from 0.11.0 to 0.17.0 by @dependabot in #253
  • Optionally pass the context argument down to the OnDemand decision func by @ankon in #255
  • Retain the error stack if checkIfCertShouldBeObtained returns an error by @ankon in #256
  • Add OCSP stapling unit tests by @kenjenkins in #259

New Contributors

Full Changelog: v0.19.2...v0.20.0

Contributors

ankon, oliverpool, and 2 other contributors
Assets 2
Loading