Certigo Versions Save

Fixes

• Fix issues with certificates that have DNS name constraints (b0d0880)

Features

• Display SPIFFE URI names on certificates that have them (#146, #147)
• Add HTTP(S) CONNECT proxy support to the connect command (15a4a95)
• Show OCSP and AIA info when dumping certificates (1929b65)
• Add warning for certs w/o subject alt names (897051b)

Note that this release requires Go 1.9 to build.

Fixed version number reported in --version. Added a new OID in lib/oids.go.

New features

• Support setting SMTP EHLO name via --identity flag in connect (#136)
• Can show requested client certificate info from remote servers (#137)

Fixes

• Fix a bug in the PKCS#7 sub-package and handle errors better (#138)

New features

• Human-readable TLS cipher strings (#124)
• Support Start-TLS for FTPS in explicit mode (#125)
• Make default output less verbose (#127, #130)
• Support timeouts for connect command (#128)

The new default output for dump and connect is less verbose than before, in an effort to make it easier to read for humans. A new --verbose flag will bring back the old, more verbose output with all the details. Text output is not guaranteed to be stable and screen-scraping certigo is not recommended. For scraping, use the --json flag instead.

New features Show TLS version and cipher suite in connect (#119) Added support for StartTLS for SMTP (#113) Added support for StartTLS for LDAP (#115) Added short options for flags (#123) Support colored output on Windows (#117)

Note that certigo now requires Go 1.8 to build from source. However, pre-built binaries are available for Linux, macOS (Darwin) and Windows on amd64 (see below).

New features Support for StartTLS for MySQL (#108) Support for StartTLS for PostgreSQL (#109)

Fixes Don't write to stderr in lib (#103) Better RDN printing, e.g. for EV certs (#104) Avoid panic in in jceks package (#105)

New features Support for client certificates in certigo connect (#100, 0fcec90) Include encoded cert PEM in JSON output (#98, fc82546)

Other changes Factor out useful functions into library (#99, d9d52c5)

New features Add JSON output for commands, can be enabled with --json flag (#94, #96) Add new verify command to allow validating a cert chain from a file (#95)

Other changes Strip PEM headers when writing PEM blocks, as OpenSSL doesn't like them (#91) Use Go 1.7 for target build, add more output/layout tests (95965e19)

Notable changes Support for PKCS7 container format (#87, #88) Support multiple X.509 certificates in DER streams (#88) Small changes to make Certigo build with Go 1.5 (#86)

Notable changes Update connect command to verify server certificates and display results (#77, 69d0b78) Drop pem command in favor of --pem flag (works for all commands) (#80, c54d766) Add --password flag to allow automating dumps of PKCS12/JCEKS key stores (#81, c6c7dac)