Automated cacert.pem management for PHP projects
OTHER License
Bot releases are visible (Hide)
The device that contained the signing key has been destroyed, so we have promoted our backup key to the primary one and generated a new backup keypair.
Published by paragonie-security 6 months ago
Full Changelog: https://github.com/paragonie/certainty/compare/v2.8.2...v2.8.3
Published by paragonie-security about 3 years ago
Published by paragonie-security over 3 years ago
Published by paragonie-security about 4 years ago
Published by paragonie-security over 4 years ago
Published by paragonie-security almost 5 years ago
Published by paragonie-scott about 5 years ago
We had to reinstall the server. Bgcc1QfkP0UNgMZuHzi0hC1hA1SoVAyUrskmSkzRw3E=
is the public key of the new default Chronicle server.
Published by paragonie-scott about 5 years ago
Previously, the default behavior of RemoteFetch
was to check a Chronicle instance (i.e. the one at php-chronicle.pie-hosted.com
), regardless of whether or not the bundle was already fetched and verified.
This was wasteful, and led to an accidental stress test of the Chronicle instance for the PHP community.
Now, the default behavior of RemoteFetch
is to only query Chronicle instances on freshly-downloaded bundles, rather than every time getLatestBundle()
is invoked.
We've already done a lot of work to ensure our server is stable even under the tremendous load we were seeing previously, but we do ask everyone to update to the latest version to improve the performance of your code that uses Certainty.
Published by paragonie-scott about 5 years ago
Published by paragonie-scott about 5 years ago
Updated minimum version of sodium_compat to version 1.11.0
Published by paragonie-scott almost 6 years ago
Per #25: We've made it substantially easier to specify a different Chronicle URL and Public Key in case the one we operate ever goes down.
There is a table located at https://github.com/paragonie/certainty/blob/master/docs/README.md#php-chronicle-replicas-for-certainty which contains (currently only one) replica instances of the PHP Chronicle.
Published by paragonie-scott almost 6 years ago
NEW: Trust Channels
To better support Enterprise users that want to manage their own internal certificate authorities, we've marked each bundle with its respective trust channel. Since our CA bundles come from Mozilla, the JSON file we provide is populated with "trust-channel": "Mozilla"
.
NEW: Composer Integration
You can now have Certainty request an up-to-date bundle at runtime by ensuring you add this entry to your composer.json file:
{
"scripts": {
"post-autoload-dump": [
"ParagonIE\\Certainty\\Composer::postAutoloadDump"
]
}
}
Then, you can simply use the local Fetch
class instead of RemoteFetch
in your application code. Every time you run composer update
, it will fetch the latest bundles from Certainty.
This is a great way to reduce your runtime performance overhead while guaranteeing that you have the latest CACert bundle.
Note: You can create your own script that does the same thing. This is probably desirable if you'd like to put your configuration in a nonstandard location.
UPDATED: Psalm v2 will now be used on PHP 7 projects.
This ensures we'll have better visibility into type safety issues as Psalm adds more checks over time.
FIXED: #22
Prevent infinite loops when trying to fetch newer bundles by using the locally installed CACert.pem bundles. Fix provided by @credomane.
Published by paragonie-scott over 6 years ago
Published by paragonie-scott over 6 years ago
Fixes #18
Published by paragonie-scott over 6 years ago
Version 1.x is deprecated and we will not be providing noncommercial support. Please upgrade to v2 as soon as you can.
Published by paragonie-scott over 6 years ago
Fixed #16
Published by paragonie-scott over 6 years ago
ParagonIE_Sodium_Compat
instead of ParagonIE_Sodium_File
.CURLOPT_SSLVERSION
.Published by paragonie-scott over 6 years ago
Published by paragonie-scott almost 7 years ago