@(#) $Id: CHANGES 75 2025-12-31 22:17:22Z leres $ (LBL)

v2.12 Wed Dec 31 11:10:41 PST 2025

 - Try to avoid leaking temp files after switching to mktemp.

 - getopt -> getopts

 - Cleanup key if cert creation fails.

 - Update to autoconf 2.72.

 - Prefer "openssl rehash" (newer openssl) to c_rehash (sometimes
   missing) using a patch from Michael Proto.

 - Minor consession to ubuntu (where /bin/sh is dash).

v2.11 Sun Jan 21 12:47:39 PST 2024

 - Remove unconditional FreeBSD mandir hack.

v2.10 Tue May  9 16:07:51 PDT 2023

 - Disallow FQDNs to end with .key or .pem (-f overrides).

 - Update to autoconf 2.71.

v2.9 Sat Mar 27 16:05:31 PDT 2021

 - Add missing line escape for multiline conditional.

 - Add support for Subject Alt Names including IP addresses.

 - Install in ${exec_prefix}/bin if it exists and ${exec_prefix}/sbin
   does not (concession to OSX suggested by Stephen Casner).

v2.8 Sat Dec 26 00:08:23 PST 2020

 - Add overrides for size of the key (-b bits), the certificate
   duration (-d days), and the digest (-D digest).

 - Fix a bug that ignored config file certificate duration and
   always used 3650 days.

v2.7 Fri Feb 16 17:21:19 PST 2018

 - Enable additional cert usage types otherwise the generated certs
   can't be used for servers.

v2.6 Thu Feb 15 15:11:58 PST 2018

 - Add subjectAltName to the v3_req section as per RFC 2818.

v2.5 Mon Oct  6 10:19:36 PDT 2014

 - Fix a bug that ignored digest and used the openssl default.

 - Changed default digest to sha256.

v2.4 Sat May  3 15:24:21 PDT 2014

 - Update to support -C with openssl 1.X.

 - Enforce the 2 character country code length requirement.

 - Update copyright notices with the July 22, 1999 BSD-new version.

 - Remove -o and -g from install commands to be FreeBSD ports staging
   friendly.

v2.3 Wed Apr 17 19:34:38 PDT 2013

 - Add "days" to the config file.

 - Document config file options in the man page.

v2.2 Sun Oct 30 15:36:32 PDT 2011

 - Add "bits" and "digest" to the config file.

 - Change default bits from 1024 to 2048.

 - Change default digest from md5 to sha1.

v2.1 Mon Apr 25 19:41:38 PDT 2011

 - Add -C flag which creates a create-cert.conf by parsing an
   existing pem file.  This is a handy way to bootstrap a config
   from an old tree of self-signed certs.

 - Add -f flag which allows non-FQDNs.

v2.0 Thu Feb 24 15:05:31 PST 2011

 - Initial public release; previously part of acld.
