We’ve released ncdns v0.2. This release adds layer-2 TLS via Encaya, and overhauls the build system.

Full changelog of what’s new since v0.1.2:

  • ncdns
    • Code quality improvements.
  • generate_nmc_cert
    • Rebase against Go 1.14.
    • Set ExtKeyUsage on CA.
    • Use compressed ECDSA public keys. Thanks to Filippo Valsorda.
    • Support AIA.
    • Add chain.pem and caChain.pem output files.
    • Support certs with multiple hostnames.
    • Code quality improvements.
  • Windows installer
    • Enable TLS by default in silent installs.
    • Add Encaya (layer-2 positive TLS overrides for CryptoAPI).
    • Fix NSIS logging in silent mode.
    • Code quality improvements.
  • Linux
    • setuid/setgid no longer require cgo. Thanks to Hugo Landau.
  • Build system:
    • Windows installer is now built in RBM.
    • GNU/Linux and macOS binaries are built again.
    • RBM builds now run on Cirrus CI.
    • Add projects:
      • certinject.
      • encaya.
      • generate_nmc_cert.
      • qlib.
    • Bump dependencies:
      • tor-browser-build.
      • BIND.
      • goansicolor.
      • gobtcd.
      • gobtcutil.
      • goconfigurable.
      • godexlogconfig.
      • godns.
      • gogroupcache.
      • goisatty.
      • gomadns.
      • gopflag.
      • gopretty.
      • goservice.
      • gosvcutils
      • gosystemd.
      • gotext.
      • gotlsrestrictnss.
      • gounits.
    • Switch to tar.xz output to match upstream Tor.
    • Generate rbm.conf from upstream Tor at build time.
    • Auto-create GitHub PR for dependency bumps.
    • Code quality improvements.

As usual, you can download it at the Beta Downloads page.

This work was funded by NLnet Foundation’s Internet Hardening Fund.