CHANGELOG

v0.14 (2020-12-17)
------------------
- Respect X-Forwarded-Proto header for method selection
  (Contributed by Ludek Navratil)

- Build via automake (Contributed by @rmacd)

- Fix OpenSSL compatibility issues (Contributed by @rmacd)

- PHP login: Fix occasional invalid signature (suggested by @michelcve)

- PHP login: Fix bauth when password contains ':' (suggested by @ggramaize)

- Maximum uid length increased to 255 chars (to match Apache spec)
  (Contributed by @rmacd)

v0.13 (2018-10-15)
------------------
- Add compatibility with OpenSSL 1.1 API (Contributed by Vulpeculus)

v0.12 (2018-03-15)
------------------
- Add TKTAuthRequireMultifactor and TKTAuthMultifactorURL.
  These can be used to protect certain Directory/Location directives 
  with an additional login factor to achieve multifactor. Like the original
  login, the multifactor method is left up to the ticket generation 
  application, only requiring an attestation that multifactor has been 
  supplied. (Contributed by Nick Ramser)

v0.11 (2017-02-28)
------------------
- Fixes selection of digest algorithm when using TKTAuthDigest.

v0.10 (2016-12-16)
------------------
- New option TKTAuthDigest allowing selection of the digest algorithm.
  If not configured, the old defaults of SHA1 (for RSA privkey) and DSS1
  (for DSA privkey) will be used.  SHA224, SHA256, SHA384, and SHA512 are
  the additional valid algorithm values.  (Contributed by Jake Buchholz)

v0.9 (09/07/2015)
-----------------
- New option TKTAuthHeader allowing custom header(s) to be used instead
  of a just a Cookie.

v0.8 (06/28/2012)
-----------------
- new option TKTAuthPassthruBasicAuth and corresponding field in ticket
  ("bauth") makes it possible to specify the Basic authorization
  username/password in the ticket (e.g. when reverse proxying to a
  third party system that cannot use mod_auth_pubtkt).
  The credentials can optionally be encrypted in the ticket (AES-128-CBC).


v0.7 (06/04/2012)
-----------------
- TKTAuthPublicKey can now be set per directory/location (it is
  still possible to set a global default key, so existing configurations
  do not need to be changed)
  (contributed by Ivo De Decker).

- TKTAuthLoginURL is now optional; if not provided, users without
  a valid ticket will simply get an HTTP forbidden error
  (contributed by Ivo De Decker).

- Added Perl ticket generation module
  (contributed by Assaf Gordon).

- Module now compiles with Apache 2.4.

- Added TKTAuthBadIPURL option
  (contributed by John Wittkoski).

- Increased max. UID length to 64 (from 32); can be changed by
  modifying MAX_UID_SIZE.


v0.6a (02/23/2010)
------------------
- Fixed XSS vulnerability in example php-login/login.php.
  (reported by Thomas Hug).


v0.6 (09/12/2009)
-----------------
- Fixed inheritance of TKTAuthCookieName and TKTAuthBackArgName
  configuration directives
  (reported by Iaroslav Vassiliev).

- Improved compatibility with HTTP 1.0 (redirect)
  (contributed by Frederic Planchon <frederic@planchon.org>).


v0.5 (01/22/2009)
-----------------
- Fixed parsing of cookies with escaped spaces ('+')
  (reported by Iaroslav Vassiliev).

- Fixed errors in login.php example.


v0.4 (01/18/2009)
-----------------
- Replaced TKTAuthGracePeriod directive by graceperiod key in ticket
  (contributed by Frederic Planchon <frederic@planchon.org>).

- Updated example PHP login page to support ticket refreshing/grace periods
  (contributed by Frederic Planchon <frederic@planchon.org>).


v0.3 (01/13/2009)
-----------------
- Added TKTAuthFakeBasicAuth option (when enabled, adds an Authorization
  header to prevent problems with username logging for requests that are
  handled by PHP), contributed by Frederic Planchon <frederic@planchon.org>.

- Added support for ticket refreshing (TKTAuthRefreshURL and
  TKTAuthGracePeriod configuration directives), contributed by
  Frederic Planchon <frederic@planchon.org>.


v0.2 (02/03/2008)
-----------------
- Initial public release.