- Version of dependency
assert-plusupdated: old version was missing some license information
- Corrected examples in
http_signing.md, added auto-tests to automatically validate these examples
- Bump version of
sshpkdependency, remove peerDependency on it since it now supports exchanging objects between multiple versions of itself where possible
- Bump min version of
jsprimdependency, to include fixes for using http-signature with
- Bump minimum version of
sshpkdependency, to include fixes for whitespace tolerance in key parsing.
- First semver release.
- #36: Ensure verifySignature does not leak useful timing information
- #42: Bring the library up to the latest version of the spec (including the request-target changes)
- Support for ECDSA keys and signatures.
- Now uses
sshpkfor key parsing, validation and conversion.
- Fixes for #21, #47, #39 and compatibility with node 0.8
- Split up HMAC and Signature verification to avoid vulnerabilities where a key intended for use with one can be validated against the other method instead.
- Updated versions of most dependencies.
- Utility functions exported for PEM => SSH-RSA conversion.
- Improvements to tests and examples.