All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
- module with bundled CAs to latest as of 2024/12/31, 04:12 UTC (source: https://curl.se/ca/cacert.pem)
- [certificate authority] securesign rootca11
- [certificate authority] security communication rootca3
- [certificate authority] entrust root certification authority - g4
- OTP 27.1 to CI
- [certificate authority] globaltrust 2020
- module with bundled CAs to latest as of 2024/11/26, 13:58 UTC (source: https://curl.se/ca/cacert.pem)
- problematic lack of unix permissions for 'other' among some of the source
files, affecting environments that preserve said permissions and import,
process or in other ways depend on
tls_certificate_checkunder a different user account & group from those that own the file (thanks https://github.com/kivra-pauoli, closes issue #52)
- [certificate authority] securesign root ca12
- [certificate authority] securesign root ca14
- [certificate authority] securesign root ca15
- [certificate authority] twca cyber root ca
- module with bundled CAs to latest as of 2024/09/24, 03:12 UTC (source: https://curl.se/ca/cacert.pem)
- [certificate authority] FIRMAPROFESIONAL CA ROOT-A WEB
- OTP 27.0 to CI
- module with bundled CAs to latest as of 2024/07/02, 03:12 UTC (source: https://curl.se/ca/cacert.pem)
- [certificate authority] globaltrust 2020
- README
- [certificate authority] Telekom Security TLS ECC Root 2020
- [certificate authority] Telekom Security TLS RSA Root 2023
- OTP 26.2 to CI
- module with bundled CAs to latest as of 2024/03/11, 15:25 UTC (source: https://curl.se/ca/cacert.pem)
- Elixir example of how to use
tls_certificate_checkwithssl:connect/4(thanks https://github.com/macifell)
- [certificate authority] CommScope Public Trust ECC Root-01
- [certificate authority] CommScope Public Trust ECC Root-02
- [certificate authority] CommScope Public Trust RSA Root-01
- [certificate authority] CommScope Public Trust RSA Root-02
- [certificate authority] TrustAsia Global Root CA G3
- [certificate authority] TrustAsia Global Root CA G4
- OTP 26.1 to CI
- module with bundled CAs to latest as of 2023/12/12, 04:12 UTC (source: https://curl.se/ca/cacert.pem)
- [certificate authority] Autoridad de Certificacion Firmaprofesional CIF A62634068
- [certificate authority] security communication rootca1
- [certificate authority] Atos TrustedRoot Root CA ECC TLS 2021
- [certificate authority] Atos TrustedRoot Root CA RSA TLS 2021
- [certificate authority] SSL.com TLS ECC Root CA 2022
- [certificate authority] SSL.com TLS RSA Root CA 2022
- [certificate authority] sectigo public server authentication root e46
- [certificate authority] sectigo public server authentication root r46
- module with bundled CAs to latest as of 2023/08/22, 03:12 UTC (source: https://curl.se/ca/cacert.pem)
- [certificate authority] e-tugra global root ca ecc v3
- [certificate authority] e-tugra global root ca rsa v3
- OTP 26.0 to CI
- [certificate authority] BJCA Global Root CA2
- [certificate authority] BJCA Global Root CA1
- CI to use latest rebar3 version that's compatible with each covered OTP release
- module with bundled CAs to latest as of 2023/05/30, 03:12 UTC (source: https://curl.se/ca/cacert.pem)
- [certificate authority] hongkong post root ca 1
- [certificate authority] E-Tugra Certification Authority
- import of
ssl_verify_funto match latest allowed 1.x version
- failing tests and checks on macOS ventura (maybe ARM specific)
- explicit SNI, to account for TCP sockets upgraded to
sslwithssl:connect/3 - OTP 25.3 to CI
- CI deprecation warnings
- error starting application when OS-trusted CAs fail to load on OTP 25 [present since 1.17.0]
- (rare?) crash after reading OS-trusted CAs
- listing of private modules and functions in generated reference
- unreleased version in change log
- ability to override trusted CAs
- Windows to CI
- OTP 25.2 to CI
- default CAs to the ones trusted by OTP (typically provided by the OS), when available, on OTP 25+
- shared state owner to not erase its
persistent_terms when crashing - module with bundled CAs to latest as of 2023/01/10, 04:12 UTC (source: https://curl.se/ca/cacert.pem)
- [certificate authority] network solutions certificate authority
- [certificate authority] TrustCor ECA-1
- [certificate authority] TrustCor RootCert CA-1
- [certificate authority] Staat der Nederlanden EV Root CA
- [certificate authority] TrustCor RootCert CA-2
- OTP 25.1 to CI
- [certificate authority] security communication ecc rootca1
- [certificate authority] security communication rootca3
- module with bundled CAs to latest as of 2022/10/11, 03:12 UTC (source: https://curl.se/ca/cacert.pem)
- OTP 25 to CI
- [certificate authority] certainly root e1
- [certificate authority] digicert tls ecc p384 root g5
- [certificate authority] e-tugra global root ca ecc v3
- [certificate authority] certainly root r1
- [certificate authority] digicert tls rsa4096 root g5
- [certificate authority] e-tugra global root ca rsa v3
- module with bundled CAs to latest as of 2022/07/19, 03:12 UTC (source: https://curl.se/ca/cacert.pem)
- [certificate authority] hellenic academic and research institutions rootca 2011
- fragile automated CHANGELOG updates
- flaky test case
- [certificate authority] d-trust ev root ca 1 2020
- [certificate authority] d-trust br root ca 1 2020
- [certificate authority] Telia Root CA v2
- module with bundled CAs to latest as of 2022/04/26, 03:12 UTC (source: https://curl.se/ca/cacert.pem)
- module with bundled CAs to latest as of 2022/03/18, 12:30 UTC (source: https://curl.se/ca/cacert.pem)
- [certificate authority] ec-acc
- [certificate authority] vtrus ecc root ca
- [certificate authority] isrg root x2
- [certificate authority] vtrus root ca
- [certificate authority] HiPKI Root CA - G1
- [certificate authority] Autoridad de Certificacion Firmaprofesional CIF A62634068
- module with bundled CAs to latest as of 2022/02/01, 04:12 UTC (source: https://curl.se/ca/cacert.pem)
- [certificate authority] gts root r4
- [certificate authority] gts root r3
- [certificate authority] gts root r1
- [certificate authority] gts root r2
- [certificate authority] GlobalSign ECC Root CA - R4
- [certificate authority] GlobalSign Root CA - R2
- [certificate authority] cybertrust global root
- [certificate authority] HARICA TLS ECC Root CA 2021
- [certificate authority] HARICA TLS RSA Root CA 2021
- [certificate authority] TunTrust Root CA
- module with bundled CAs to latest as of 2021/10/26, 03:12 UTC (source: https://curl.se/ca/cacert.pem)
- module with bundled CAs to latest as of 2021/09/30, 21:42 UTC (source: https://curl.se/ca/cacert.pem)
- [certificate authority] dst root ca x3
- test coverage of certificates yet-to-be valid
- test coverage of misordered certificate chains
- partial chain validation to prepare for DST Root CA X3 expiration
- documentation from edoc to ExDoc
- dependency on badssl.com for important test cases
- automated PR-based update of bundled CAs through GHA
- app description to tentatively improve it
- [certificate authority] certum ec-384 ca
- [certificate authority] globaltrust 2020
- [certificate authority] certum trusted root ca
- [certificate authority] anf secure server root ca
- module with bundled CAs to latest as of 2021/07/05, 21:35 UTC (source: https://curl.se/ca/cacert.pem)
- [certificate authority] sonera class2 ca
- [certificate authority] trustis fps root ca
- [certificate authority] quovadis root certification authority
- module with bundled CAs to latest as of 2021/05/25, 03:12 UTC (source: https://curl.se/ca/cacert.pem)
- [certificate authority] global chambersign root - 2008
- [certificate authority] chambers of commerce root - 2008
- OTP 24 to CI targets
- compatibility with OTP 21
- [certificate authority] globalsign root e46
- [certificate authority] AC RAIZ FNMT-RCM SERVIDORES SEGUROS
- [certificate authority] globalsign root r46
- module with bundled CAs to latest as of 2021/04/13, 03:12 UTC (source: https://curl.se/ca/cacert.pem)
- [certificate authority] geotrust primary certification authority - g2
- [certificate authority] verisign universal root certification authority
- [certificate authority] Staat der Nederlanden Root CA - G3
tls_certificate_check:trusted_authorities/0to API
- list of authoritative certificates, from hardcoded to one that's generated on application boot
and stored on
persistent_term - set of trusted public keys, from hardcoded to one that's generated on application boot
and stored on
persistent_term
- compatibility with OTP 19
- compatibility with OTP 20
- compatibility with OTP 21.0 and 21.1
- priv/cacerts.pem
- unwarranted and risky hardcoding of record values
- elements for easily updating bundled CAs
- [certificate authority] NAVER Global Root Certification Authority
- module with bundled CAs to latest as of 2021/01/19, 04:12 UTC (source: https://curl.se/ca/cacert.pem)
- [dependency]
certifi - [dependency]
parse_trans - [certificate authority] thawte primary root ca - g2
- [certificate authority] geotrust global ca
- [certificate authority] geotrust primary certification authority
- [certificate authority] verisign class 3 public primary certification authority - g4
- [certificate authority] geotrust primary certification authority - g3
- [certificate authority] thawte primary root ca
- [certificate authority] thawte primary root ca - g3
- [certificate authority] verisign class 3 public primary certification authority - g5
- [certificate authority] geotrust universal ca
- [certificate authority] geotrust universal ca 2
- misuse of
tls_certificate_namespace (all modules start withtls_certificate_checknow)
- compilation errors on OTP 20.1+ when on top of macOS Big Sur
- CA bundles, based on the latest mkcert.org full CA list as of Nov 13, 2020
- misdetection of Mix as being rebar 2 and the erronous compilation warning that followed it
- missing links to source code in application metadata
:optionsfunction to API, for easily securing connections