Release note for NAREGI-CA 3.3
==============================

[2020.02.29]

* aicrypto - Version 3.6 that supports TLS 1.3.
           - Fix a buffer overflow. [#448]
* certreq-aissl - Disabled in default.

Release note for NAREGI-CA 3.2.3
================================

[2019.02.28]

* aicrypto - Version 3.5.
           - Fix an EC private key handling in PKCS#8. [#403]

Release note for NAREGI-CA 3.2.2
================================

[2018.09.21]

* aicrypto - Version 3.4.
           - Support ChaCha20 stream cipher, Poly1305 authenticator,
             RSASSA-PSS signature algorithm, and HMAC-based KDF.
           - Add unit tests for NRGTLS that use Check
             <https://libcheck.github.io/check/>
           - Conform to RFC 5915 that defines the syntax for an EC
             private key. [#328]
* certconv - Add a new option -rfc5915. [#397]

Release note for NAREGI-CA 3.2.1
================================

[2017.12.25]

* aienroll - Fix the mail sending bug. [#349]
* aicrypto/rc2 - Fix the endian problem on PowerPC platform. [#360]

Release note for NAREGI-CA 3.2.0
================================

[2017.08.11]

* aicrypto - Support digital signature algorithms with SHA-3 family.
           - Use CKM_RSA_PKCS as default mechanism instead of
             CKM_RSA_X_509 for signing with an HSM. See also the
	     NRG_CKM_SIGNING macro in ok_pkcs11.h. [#353]
* LCMP - Update profiles so as to issue SHA-2 based certificates. [#362]
* enrollcgi - Disable the module in default. However, the aicrlupload
  	      program still work. See also README_cgi. [#19]
* grid-certreq - No longer supported as well as grid-hostreq. [#72]

Release note for NAREGI-CA 3.1.0
================================

[2016.11.02]

* aicrypto - Support PFS (Perfect Forward Secrecy) and fix bugs.
* aica - Fix a bug in managing CA operators. [#318]

Release note for NAREGI-CA 3.0.2
================================

[2016.07.07]

* aicrlpub, aienroll - Fix a critical bug in handling a set of TLS
                       session information. Thanks to the KEK GRID CA
                       for the report. [#339]

Release note for NAREGI-CA 3.0.1
================================

[2016.05.31]

* certreq - Improve the option --alt-dns-fqdn to handle multiple
            dNSNames like '(login|server).example.org'. [#317]
* aica - Fix a bug in handling an encrypted string value in
         the [default CA] section in a configuration file.
         Thanks to the KEK GRID CA for the report. [#336]
* libcommon.a - Fix a bug in handling a salt. [#338]

Release note for NAREGI-CA 3.0.0
================================

[2016.02.14]

* aicrypto - Support TLS 1.2 as new module (but not full support).
           - Support SHA-3, but digital signature with SHA-3 is not
             supported yet. The Keccak Code Package is used as SHA-3
             implementation. See README.keccak for more information. [#197]
           - Add SHA-512/224 and SHA-512/256. [#188]
           - Re-implement DSA domain parameter generation according to
             FIPS 186-4. [#238]
           - Disable un-recommended algorithms such as MD2 and ARC4,
             but these can be still used with the configure options,
             --enable-md2 and --enable-arc4. [#145, #150]
           - Add more CipherSuites such as TLS_RSA_WITH_AES_*_CBC_SHA*
             to AiSSL. [#206]
* LCMP - Improve the certificate renewal process so as to
         automatically revoke old certificate in the re-key operation
         of certreq(1). [#192] 
* certreq - Support old-style command-line syntax of v2.4 or earlier
            with the configure option --enable-old-style-certreq. Note
            that this old-style does NOT coexist with new style of
	    v2.5 or later. [#236]
* aienroll - Support a new useful "smtp_from" key in the "RAd RegInfo
             X" section, which sets the value to the "From" tag.
* aissview - Integrated into aira(1) and equivalent to `aira list -f'. [#154]
* mdgst - New utility that computes a message digest with a hash
          algorithm supported by AiCrypto.
* An "Autoconfiscated" package with Automake and Libtool.
* Lots of bug fixes and internal improvements.

Release note for NAREGI-CA 2.6.2
================================

[2013.12.24]

* certreq - Add new option -inkey so as to save a file in PKCS#12
            format in the `issue' operation specifying a CSR. [#182]
* aira - Fix a bug of the "list" operation. [#152]
* aicrlupload - Support CRL output in DER encoded form in addition to
                PEM. [#161]
* airaop - Fix an overflow problem. [#176]
* aicrypto/lnm - Fix a bug in the function LN_long_zadd(). [#162]
* gridmapgen - Fix an insecure temporal file creation issue. [#167]

Release note for NAREGI-CA 2.6.1
================================

[2013.08.30]

* certreq - Do not need a group information in the `csr' operation.

Release note for NAREGI-CA 2.6.0
================================

[2013.06.28]

* aicrypto - Extend the large-number module to handle the length of
  	     key to 8192 bit.
	     Fix the problem of LN_mod_sqrt(), so that you can use the
  	     digital signature algorithm, ecdsa-with-SHA224. [#57]

Release note for NAREGI-CA 2.5.0
================================

[2013.06.21]

* aicad, airad - Add the new renewal period support. See README_renewal
  	 	 for more information.
* aica - Change two operation names concerning renewal of CA certificate. 
* certreq - Add new operation (`rekey') that does not need revocation
	    with the new renewal period support. See also README_renewal.
	    The command-line syntax was changed and distinguishes
	    between operation and option.
* configure - Support site-specific environment variables,
  	      DEFAULT_SIG_TYPE and DEFAULT_KEY_SIZE. [#55]

Release note for NAREGI-CA 2.4.0
================================

[2012.06.26]

* SHA-2 family support.
* IPv6 support.
* etc/redhat - Support init scripts on Red Hat compatible Linux.
* aicad, airad - Fix the problem that zombie process increases in *BSD
                 platform. [#5]
* certreq - Change the behavior of command-line options so that they
            override parameters defined in the configuration files,
            aica.cnf. [#20]
	    New options, -alt-dns and -alt-dns-fqdn were added. [#42]
* aissview - Support 64bit platform. [#50]

Release note for NAREGI-CA 2.3.4
================================

[2010.11.29]

* aicad, airad, aicrlpub, gridmapgen - Improve preprocessing for setpgrp().
* aicrypto - Fix the compiling error of the test suite on Mac OS X.

Release note for NAREGI-CA 2.3.3
================================

[2010.4.22]

* aica - Add support for including only the OID of policyIdentifier
         in PolicyInformation. 
