
Version: 24.09.24
### NOTE
    This release is again a major redesign (refactoring) of the project.

    * some legacy options have been removed
    * bugs fixed reported as [issue](https://github.com/OWASP/O-Saft/issues)
    * many bugs which occurred rarely (special combination of options) are fixed
    * using openssl for detecting ciphers must be enabled by options
    * handles openssl 3.x
    * handles DTLS 1.2
    * Dockerfile build with openssl provided by alpine:3.20 (is default now)
    * Dockerfile builds image for Docker or Podman
    * new Dockerfile.openssl to build image with own openssl 1.0.2-chacha
    * new commands and options for o-saft-docker (supports Podman)
    * SBOM o-saft.rel added which contains SIDs and sha256sums
    * --v behaves as a simple "info"-option
    * tracing improved in general
    * improved INSTALL.sh with --check* options (for example checking SBOM)
    * usr/o-saft-standalone.pl mainly working without perl warnings
    * documentation addapted to changed and new functionality
    * more descriptive documentation according cipher, cipher ranges etc.

### BUGFIX
    * usr/INSTALL-template.sh BF: must use literal TAB instead of \t in echo (problem in BusyBox)
    * usr/get-SIDs.sh: BF: using expr on STDIN improved (bug with BusyBox v1.36.1)
    * o-saft.pl: BF: check_dh() called if +logjam given (instead of +check)
    * o-saft.pl: BF: normalise command only, not assigned value (was a problem with +test* commands only)
    * o-saft.pl: BF: don't print command-line for option --help=gen* (used in make context only)
    * o-saft.pl: BF: print SSLv2 in "Ciphers: Summary"
    * o-saft.pl: BF: detect POODLE for TLSv1 (issue 146)
    * o-saft.pl: BF: +cbc, +edh, +adh check cipher suite constant names also (issue 144)
    * o-saft.pl: BF: avoid "Use of uninitialized value $v in scalar chomp .." (issue 14
    * o-saft.pl: BF: avoid "Undefined subroutine &SSLinfo::do_ssl_open ..." for some cipher check commands like +cbs (issue 140)
    * o-saft.pl: BF: print <<undef>> for unknown cipher suite found with +cipher
    * o-saft.pl: BF: bare word after qr// removed (error in modern perl)
    * o-saft.tcl: BF: pass +commands and --option to o-saft.pl (issue 153)F: bare word after qr// removed (error in modern perl)
    * o-saft-docker: BF: argument hacker and usage do not need docker executable
    * lib/SSLhello.pm: BF: use binmode(.., ":raw") to avoid perl error: send() isn't allowed on :utf8 handles (in stand-alone mode)
    * lib/SSLinfo.pm: BF: avoid printing undefined value (issue 141)
    * lib/OTrace.pm: BF: use pre Perl 5.22 RegEx syntax (issue 142)
    * lib/OCfg.pm: BF: avoid Perl warning about regex match in hint()
    * lib/OCfg.pm: BF: 0x03005600 (TLS_FALLBACK_SCSV) added to 'range'->'rfc'
    * lib/OCfg.pm: BF: cipher_adh cipher_null added to cfg{need-chsckssl} (issue 140)
    * lib/OMan.pm: BF: use correct version when generating -cgi.html
    * lib/OMan.pm: BF: --help=command lists all commands from RC-file
    * lib/OMan.pm: BF: bare word after qr// removed (error in modern perl)
    * HTML-table.awk: BF: HTML syntax corrected
    * HTML-simple.awk: BF: HTML syntax corrected
    * usr/XML-value.awk: BF: XML syntax corrected
    * usr/XML-attribute.awk: BF: XML syntax corrected
    * t/Makefile.mod: BF: definition of SRC.pm adapted to Makefile
    * t/Makefile.testssl: ET: target examples corrected
    * usr/INSTALL-template.sh BF: special handling when called by make in own test directory
    * Makefile: BF: use ./$SRC.pl when generating own help files
### CHANGES
    * usr/get-SIDs.sh: EF: check for gawk and md5sum; exit if missing
    * Dockerfile: EF: using docker BuildKit; OSAFT_VM_SRC_OSAFT can be local file
    * Dockerfile: EF: uses standard openssl
    * usr/INSTALL-template.sh ED: new documentation section CHECKS, UPDATES
    * usr/INSTALL-template.sh EF: allow all --check* option in container image
    * usr/INSTALL-template.sh EF: installation with --cgi improved
    * usr/INSTALL-template.sh EF: --install checks md5sum of installed files
    * usr/INSTALL-template.sh EF: --check=SIDs and --check=SID --changes implemented
    * usr/INSTALL-template.sh EF: --checkdev improved (checks execute permissions)
    * usr/INSTALL-template.sh EF: INSTALL.sh.lock implemented
    * usr/INSTALL-template.sh EF: each part of --check can be checked individually with --check*
    * usr/install_openssl.sh: EF: use Net-SSLeay-1.94.tar.gz
    * t/Makefile.dev: ET: TEST.tmpdir, TEST.tmp.rc added
    * t/Makefile.warnings: ET: TEST.tmp.rc removed (now in Makefile.inc)
    * t/Makefile.inc: ET: TEST.tmpdir, TEST.tmp.rc added
    * t/Makefile*: ET: all O-*.dir renamed to O-DIR.*
    * t/Makefile*: ET: option --trace-CLI removed; now passed via OSAFT_OPTIONS=--trace-CLI
    * t/Makefile: ET: target testcmd-test.internal improved
    * t/Makefile: ET: include Makefile.inst
    * t/Makefile: ET: do not set PATH in recursive makeT: option --trace-CLI removed; now passed via OSAFT_OPTIONS=--trace-CLI
    * Makefile: ET: podman.* targets added
    * Makefile: ET: target docker.test added
    * Makefile: ET: variable TEST.Makefiles completed
    * lib/Ciphers.pm: EF: is_valid_key() handles keys for internal use also
    * lib/OTrace.pm: EF: --trace print environment variables
    * lib/OTrace.pm: EF: use OCfg, use OData, use Ciphers (partial fix for issue 137)
    * lib/OData.pm: EF: use OCfg included; _init_checks_val() implemented (partial fix for issue 137)
    * lib/OCfg.pm: EF: resumption_psk added to cfg{data_hex}
    * lib/OCfg.pm: EF: h2-16 added for ALPN, NPN
    * lib/OCfg.pm: EF: define and export _dbx(); @EXPORT_OK improved; define warn(), hint()
    * lib/OCfg.pm: EF: cipherrange and cipherpattern 'openssl' added
    * lib/OCfg.pm: EF: some RegEx simplified
    * lib/OCfg.pm: EF: hint for Lucky13 added
    * lib/OCfg.pm: EF: initialisation and export improved (partial fix for issue 137)
    * lib/ODoc.pm: EF: use full qualified $OCfg:: (partial fix for issue 137)
    * lib/OMan.pm: EF: man_warnings() prints used file with --v
    * lib/OMan.pm: EF: --help=command lists internal defined summary commands also
    * lib/OMan.pm: EF: "use Ciphers" improved (partial fix for issue 137)
    * o-saft-docker: EF: option -name=pattern for kill operation added
    * o-saft-docker: EF: update implemented
    * o-saft-docker: EF: options -OSAFT_VM_SRC_OSAFT= and -OSAFT_VM_SHA_OSAFT= added
    * o-saft-docker: ED: documentation improved (note about xhost and xauth)
    * .o-saft.pl: ED: description improved; description added to all redefined commands
    * o-saft.tcl: EF: options --v behaves like in o-saft.pl
    * o-saft.tcl: EF: +info results are show as Text, not TK-table (issue 154)
    * o-saft.tcl: EF: "Start" button added to layout=tablet (for simple usage)
    * o-saft.tcl: EF: check for version number improved (hack for use of OSAFT_OPTIONS=--trace-CLI with make)
    * o-saft.pl: EF: EF: parsing commands and options unified
    * o-saft.pl: EF: _dbx() defined in OCfg.pm
    * o-saft.pl: EF: --cipherrange=openssl implemented
    * o-saft.pl: EF: -ciphermode= not supported for +cipher-dh
    * o-saft.pl: EF: own openssl instead of SSLinfo::do_openssl() for +cipher
    * o-saft.pl: EF: check Net::SSLeay<1.92
    * o-saft.pl: EF: handle all --help* options/commands after reading all arguments
    * o-saft.pl: ED: texts improved for "Ciphers: Summary"; for --version output
    * o-saft.pl: EF: abort execution when using invalid/unknown ciphers with --cipher=
    * o-saft.pl: EF: individual _is_ssl_*() now in generic _is_vulnerable() and _is_compliant()
    * o-saft.pl: EF: --v prints info when OSAFT_CONFIG, OSAFT_OPTIONS used
    * o-saft.pl: EF: check ENV{'OSAFT_OPTIONS'} if command line should be printed
    * o-saft.pl: EF: use shebang -CADSio; descriptions according Unicode, UTF-8 and binmode() adapted
    * o-saft.pl: EF: use OCfg, use OData improved (partial fix for issue 137)
    * o-saft.pl: EF: die() doesn't print line number; keep make targets *.log happy
    * t/Makefile*: ED: _SID renamed to O-SID, _MYSELF* renamed to O-SELF*
    * t/Makefile.inc: ET: make file simplified
    * t/Makefile.docker: ET: variables and targets for mbedtls removed (now in Makefile.testssl*)
    * t/Makefile.cipher: ET: new target testarg-cipher-+cipher---test-missing_  
    * t/Makefile.cipher: ET: more targets for --cipher* options
    * lib/OTrace.pm: EF: __trac() support data type "Regexp"
    * doc/help.txt: ED: section UPDATES added
    * doc/help.txt: ED: new section "Individual check values"
    * doc/help.txt: ED: description about checking/scanning ciphers improved
    * doc/help.txt: ED: documentation about warnings and hints improved
    * doc/help.txt: ED: more attacks added in section CHECKS
    * doc/help.txt: ED: description for POODLE improved
    * doc/help.txt: ED: KNOWN PROBLEM "Old, deprecated cipher suites" added
    * doc/glossary.txt: ED: formal changes ; more acronyms added
    * doc/rfc.txt: ED: more RFCs added; link for SSLv2 added
    * usr/gen_standalone.sh: EF: sequence of included files from lilb/ changed; formal changes
    * usr/INSTALL-template.sh: EF: avoid error message if wish is missing
    * o-saft.pl: EF: +version prints own unique SID
    * o-saft-docker: EF: avoid errors if docker program missing
### NEW
    * o-saft-docker: NF: kill command added
    * Dockerfile.openssl: NF: renamed from Dockerfile
    * t/Makefile.inst: NF: new Makefile.inst for testing INSTALL.sh
    * .o-saft.pl: NF: resumption_psk added
    * o-saft.pl: NF: check for BREACH vulnerability
    * lib/Cipher.pm: NF: is_adh(), is_cbc(), is_edh() implemented
    * lib/SSLinfo.pm: NF: exract HTTPS header Content-Encoding and Transfer-Encoding
    * lib/SSLinfo.pm: ED: internal %CST renamed to %SSLINFO to avoid name conflicts
    * lib/SSLinfo.pm: NF: resumption_psk implemented
    * lib/OData.pm: NF: data{resumption_psk} added
    * lib/OData.pm: NF: $data{https_content_enc} and $data{transfer_enc} add
    * lib/OCfg.pm: NF: new regex->BREACH
    * lib/OCfg.pm: EF: cfg{cipherranges}{iana} added
    * t/Makefile.mod: NT: new targets testing Cipher::is_* added
    * t/Makefile.cipher: NT: new targets for cipher check command (like +adh) added

Version: 24.06.24
### NOTE
### BUGFIX
    * o-saft-docker: BF: wrong markup corrected (minor issue with -help only)
    * usr/checkAllCiphers.pl: BF: adaptet to changes in lib/error_handler.pm 3.6 (OERR_* constants are %OERR hash now)
    * doc/help.txt: BD: wrong option --trace=FILE, it is --rc=FILE
    * t/Makefile.misc: ET: variables for targets docs.subs and docs.anno improved
    * Makefile: EF: target docs depends on generated o-saft.pl.--help* files
    * lib/Cipher.pm: BF: get_key() searches for name in all constants
    * lib/Cipher.pm: BF: show_getter() prints all defined constants and aliases
    * lib/OMan.pm: BF: output for help=info
    * lib/OMan.pm: BF: _VERSION() from main must be called ::_VERSION()
    * lib/ODoc.pm: BF: list of paths in _get_standalone() corrected
    * o-saft.tcl: BF: ignore errors, warnings lines when building window with ciphers
    * o-saft.tcl: BF: alias names corrected
    * o-saft.tcl: BF: change layout button corrected in "tablet" layout
    * o-saft.pl: BF: avoid " "Use of uninitilized value $ssl ..." with --legacy=sslscan
    * o-saft.pl: BF: +sigkey_value needs special handling with --format=hex
    * o-saft.pl: BF: --cipher accepts cipher constants, suite names, or aliases
    * o-saft.pl: BF: special error check for +sstp (response from wolfSSL is slightly different)
    * o-saft.pl: BF: reading from RC-FILE also if no --trace given
    * o-saft.pl: BF: syntax corrected (bug since 3.14 only)
### CHANGES
    * o-saft.cgi: EF: use own %STR variable (to be compatible with various Makefiles)
    * lib/OCfg.pm: EF: more values added to be handled by --format=hex
    * lib/OCfg.pm: EF: hasdtls1 hasdtls12 hasdtls13 added some list of commands
    * lib/OCfg.pm: EF: cipher 0x030000FE (WDM-NULL-SHA256) added to some ranges
    * lib/Cipher.pm: EF: cipher -WDM-NULL-SHA256 (wolfSSL DTLS Multicast) added
    * doc/help.txt: ED: description for --cipherrange=RANGE improved
    * doc/help.txt: ED: KNOWN PROBLEM "+cipher hangs" added
    * t/gen-graph-annotations.sh: EF: sub-directories adapted to new directory structure
    * usr/INSTALL-template.sh: EF: option --instdev implemented
    * usr/INSTALL-template.sh: EF: list of file "not to be installed" and moved with --clean improved
    * usr/INSTALL-template.sh: EF: $dirs__ancient implemented; messages improved
    * usr/INSTALL-template.sh: EF: messages and documentation improved
    * usr/INSTALL-template.sh: EF: checking ancient files improved; checking ancient directories
    * usr/INSTALL-template.sh: EF: accept environment variable OSAFT_Dir as installation directory
    * usr/INSTALL-template.sh: EF: special handlicg for o-saft-docker
    * t/Makefile.dev: ET: targets for testing INSTALL.sh moved to Makefile.inst
    * t/Makefile.cmd: ET: some targets use filter to remove random data in generated .log
    * Makefile: EF: EXE.docker renamed to EXE.o_docker; EXE.docker=docker added
    * Makefile: EF: target INSTALL.sh depends on Makefile.misc
    * Makefile: EF: checkAllCiphers.pl is now usr/checkAllCiphers.pl
    * o-saft.cgi: EF: do not allow --inc= and --no-inc=
    * o-saft.pl: EF: options --no-tls and --no-dtls added (aliases)
    * o-saft.pl: EF: --ignore-warning= implemented
    * o-saft.pl: EF: printversion() prints all own modules
    * o-saft.pl: ED: --v output improved
    * o-saft.pl: EF: security checks implemented and documented for use of qx()
    * o-saft.pl: EF: +version prints Perl version also
    * o-saft.pl: EF: some warning messages about ::VERSION improved; warning 127 and 130 removed
    * lib/Cipher.pm: ED: output format of gett03() is the same as of show_getter()
    * lib/SSLhello.pm: ED: message printed by error_handler->reset_err() unified
    * lib/SSLinfo.pm: EF: --testopenssl also prints openssl executable which returned capabilities/options
    * lib/OTrace.pm: EF: --test-memory prints sorted data
    * lib/OTrace.pm: EF: simplified use of Exporter module
    * lib/OText.pm: EF: simplified use of Exporter module
    * lib/OData.pm: EF: simplified use of Exporter module
    * lib/ODoc.pm: EF: simplified use of Exporter module
    * lib/OCfg.pm: EF: simplified use of Exporter module
    * lib/OMan.pm: EF: simplified use of Exporter module
    * lib/OMan.pm: EF: man_warnings() simplified
    * lib/OMan.pm: EF: documentation improved; --pod=* and --file=* option implemented
    * lib/OMan.pm: EF: click outside menu closes menu in navigation bar on website
    * lib/SSLinfo.pm: ED: output format for --test-* options unified
    * lib/OTrace.pm: EF: calling SSLinfo::test_openssl() for --test-openssl
    * doc/help.txt: ED: environment variables OSAFT_CONFIG and OSAFT_OPTIONS added; description of reading RC-FILE and options
    * doc/help.txt: ED: documentation improved
    * doc/devel.txt: ED: documentation improved
    * doc/coding.txt: ED: documentation improved
    * doc/coding.txt: ED: note about qx() security added
    * t/.perlcriticrc: EF: some pragmas and description improved
    * t/Makefile.mod: ET: more targets for --test-* options
    * usr/install_openssl.sh: EF: handle errors returnd by find
    * usr/install_openssl.sh: EF: dependency changed: libidn2-0-dev -> libidn2-dev
### NEW
    * t/Makefile.docker: NF: targets mbedtls.* for Mbed TLS server docker image
    * t/Makefile.docker: ET: target for command hacker added
    * t/Makefile.docker: NT: target testarg-docker- added
    * lib/Cipher.pm: NF: new functions find_consts() find_keys_any() and find_names_any()
    * lib/OData.pm: NF: hasdtls1, hasdtls12, hasdtls13 added to %check_conn
    * lib/OTEXT.pm: NF: general function usage_show() for printing --usage
    * lib/OData.pm: NF: --usage implemented
    * lib/OCfg.pm: NF: --usage implemented
    * o-saft.tcl: NF: option --rc=FILE added
    * o-saft.tcl: NF: --no-rc option implemented
    * o-saft.pl: NF: option --silent (shortcut for --nowarning --nohint) added
    * o-saft.pl: NF: hasdtls1, hasdtls12, hasdtls13 checks implemented
    * o-saft.pl: NF: environment variable OSAFT_CONFIG, OSAFT_OPTIONS implemented
    * o-saft.pl: NF: --inc=* and --no-inc=* added

Version: 24.02.24
### NOTE
### BUGFIX
    * lib/OMan.pm: BF: avoid Perl's "Use of uninitialized value $OMan::cfg{"me"} ..." (in o-saft-standalone.pl only)
    * usr/INSTALL-template.sh: BF: script can be executed in any directory
    * lib/SSLhello.pm: BF: use full qualified %error_handler::OERR in standalone mode
### CHANGES
    * usr/o-saft-standalone.pl: EF: remove POD and comments from generated code
    * lib/OMan.pm: EF: +VERSION implemented
    * lib/OText.pm: EF: +VERSION implemented
    * lib/SSLhello.pm: EF: +VERSION implemented
    * usr/INSTALL-template.sh: EF: echo_info() implemented
    * lib/SSLhello.pm: EF: constants OERR_* replaced be variable $OERR (adaption to erro_handler 3.8)
    * lib/SSLinfo.pm: EF: constants SSLINFO* replaced by hash %CST
    * lib/error_handler: EF: OERR_* constants are %OERR hash now; %ERROR_TYPE_RHASH_REF replaced by %OERR_map
    * t/Makefile.tcl: ET: --trace-CLI added to o-saft.tcl calls
### NEW
    * o-saft.tcl: ET: --trace-CLI added to o-saft.tcl calls
    * usr/INSTALL-template.sh: EF: --v option (instead of logging)

Version: 24.01.24
### NOTE
    This release is a major redesign (refactoring) of the project. The top
    directory now contains the main tools only. All modules, documentations and
    (user) contributed tools are in sub-directories.
    These changes are also reflected in the directories available at github.

    If older versions should be used, please get the correspondig `o-saft.tgz`
    from that version, see below.

    Functionally the options `--v`  and  `--trace`  behave different now.

    Beside many formal changes, following bugfixes and changes have been done.

### BUGFIX
    * o-saft.pl: BT: print sorted list of ciphers for --ciphermode=dump (important for testing only)
    * o-saft.pl: BF: avoid "Use of ..." for --legacy=testsslserver
      output for --legacy=testsslserver  may now miss some informations values
    * t/Makefile.warnings: BT: duplicate target warning-141 removed
    * OSaft/Ciphers: BD: description for $cipher_results adapted to new definitions
    * Net/SSLhello.pm: BF: typos in cipher suite names corrected
    * o-saft-dbx.pm: BF: avoid "Use of uninitialized value in join or string ..."; output for --trace=3 improved
    * o-saft-man.pm: BF: <details> tag with overflow-y:auto
    * o-saft-man.pm: BF: <aside> tag with higher z-index
### CHANGES
    * o-saft-man.pm: EF: man_src_grep() improved and adapted to new syntax for --help=exit
    * t/Makefile.warnings: ET: warning-061 and warning-145 added
    * t/Makefile.exit: ET: targets adapted to changes in o-saft.pl 2.163
    * t/Makefile.cmd: ET: adapted to changes in o-saft.pl 2.163: --trace-CMD is now --v
    * t/Makefile.dev: ET: testarg-dev-grep_subs improved
    * t/Makefile.dev: EF: additional filter in target testcmd-dev-grep_desc
    * t/Makefile: ET: environment variable PERL5LIB and PERL_HASH_SEED are set for all test* targets
    * t/Makefile: ED: OSAFT.pm renamed to LIB.pm; o-saft-usr.pm renamed to OSaft/Usr.pm
    * OSaft/Data.pm: EF: text fpr cnt_ciphers, cnt_totals improved
    * OSaft/Doc/devel.txt: ED: OVERVIEW section added
    * Net/SSLinfo.pm: EF: definition of variables and subs done at begnning; trace output improved
    * Net/SSLhello.pm: EF: using _trace_* functions for some output with --trace*
    * Net/SSLhello.pm: EF: definition of variables and subs done at begnning; trace output improved
    * Net/SSLhello.pm: EF: using normalised timestamp for --trace-time
    * Net/SSLhello.pm: EF: format of timestamp for --trace-time adapted to main
    * Net/SSLhello.pm: EF: print %SSLINFO with --trace instead of --v
    * Net/SSLhello.pm: ED: formal changes for trace output
    * Net/SSLhello.pm: EF: don't pass -nextprotoneg together with -tls1_3 to openssl
    * o-saft-dbx.pm: EF: output of HASH for --trace=3 improved
    * osaft.pm: EF: DTLSv1* enabled
    * osaft.pm: EF: hints 'openssl3' and 'openssl3c' added
    * osaft.pm: EF: regex for 'OWASP_D' and 'OWASP_NA' improved
    * osaft.pm: EF: get_ciphers_range() improved
    * o-saft.pl: EF: --v and --trace improved (_y_CMD() repleced by_vprint())
    * o-saft.pl: EF: sort some values for +check output
    * o-saft.pl: EF: "local $\ =" removed to avoid unexpected behaviour in subs
    * o-saft.pl: EF: avoid PFS checks with --ciphermode=openssl; may lead to wrong PFS output
    * o-saft.pl: EF: --tracekey does not print "= reading file ..." information
    * o-saft.pl: EF: check --legacy= option for +cipher; print warning
    * o-saft.pl: EF: print hint when using openssl >2.0 and --ciphermode=openssl
    * o-saft.pl: _get_cipherlist_*() replace by _get_cipherslist()
    * o-saft.pl: EF: _eval_cipherranges() replaced by osaft::get_ciphers_range()
    * o-saft.pl: EF: checking openssl's protocol options adapated to OpenSSL 3.0.11
    * o-saft.pl: EF: printing "Total number of ciphers" 'cnt_totals' unified
    * o-saft.pl: EF: +cipher-sh reimplemented
    * OSaft/Ciphers: EF: sort_results() improved
    * OSaft/Ciphers: EF: cipher 0x02FFFFFF added for internal use
    * OSaft/Ciphers: EF: find_names() allows OpenSSL-style patterns
    * OSaft/Ciphers: EF: sort_names() adapted to new ciphers (added in 2.89)
    * OSaft/Ciphers: EF: aliases for some ciphers added
    * OSaft/Doc/rfc.txt: ED: more RFCs added
    * OSaft/Doc/help.txt: ED: HTML layout for some list items improved
    * o-saft.pm EF: openssl configuration cfg{openssl} improved
    * o-saft-man.pm EF: EF: support --trace option; --v supported for tool itself only
    * o-saft-man.pm EF: parent caller defines file to retrieve (grep) data from
    * o-saft-man.pm ED: <li> tags improved
    * o-saft-dbx.pm EF: _vprintme() removed
### NEW
    * OSaft/Doc/openssl.txt: ND: file for internal (developer) documentation
    * Net/SSLinfo.pm: EF: test_openssl() for --test-openssl implemented
    * t/Makefile.mod: ET: target testarg-mod-Net-SSLinfo.pm_--test-openssl added
    * t/Makefile.cipher: ET: targets added to test +cipher --trace*
    * t/Makefile.cipher: ET: target testcmd-cipher-+cipher---openssl-local_ added
    * t/Makefile.warnings: ET: warning-015 implemented, warning-413 implemented
    * osaft.pm EF: cfg{openssl_version} added
    * OSaft/Ciphers: EF: cophers TLS13_GOSTR341112_256* added
    * OSaft/Trace.pm: NF: added (replace o-saft-dbx.pm 2.44)
    * OSaft/USR.pm: NF: added (replace o-saft-usr.pm 2.8)

Version: 23.11.23
  BUGFIX
    * o-saft-dbx.pm BF: avoid Perl's "Use of uninitialized value ..." when printing values
    * OSaft/Ciphers.pm: BF: ckeck for own commands improved; fully handle --test-ciphers-* options
    * Net/SSLhello.pm: BF: proper parameter type for Net::SSLeay::CTX_set_options() to avoid perl warning
    * Makefile: BF: more dependencies for targets generating static help files $(DOC.dir)/$(SRC.pl).% improved
    * t/Makefile.warnings: BT: macro EXE.extract_warn to extract warnings and errors corrected
    * t/Makefile: BT: compute _SID.pod directly
    * t/Makefile: BT: help.test.targets corrected
    * Net/SSLinfo.pm: BF: Net::SSLeay::set_tlsext_host_name() behaves strange for openssl>2.0; dirty workaround implemented
    * Net/SSLinfo.pm: BF: send HTTP verb line with \r to avoid "\n" in the logfiles
    * osaft.pm: BF: +compression needs to call checkdest()
    * osaft.pm: BF: OWASP scoring for TLS13-* ciphers corrected
    * o-saft.pl: BF: implementation of need_netinfo improved
    * o-saft.pl: BF: check for given command improved (avoid ambiguity)
    * o-saft.tcl: BF: using correct widget for saving results
    * o-saft.tcl: BF: Config Tool window has no Save button
    * o-saft.tcl: BF: tooltip for Save button in Options tab corrected
    * o-saft.tcl: BF: Save button for configuration settings corrected
    * o-saft.tcl: BF: key bindings disabled, because they also apply for entry widgets, where they should not
    * o-saft-man.pm: BF: remove internal markup in output for --h
  CHANGES
    * o-saft.cgi: EF: option --format=html4 --format=html5 renamed to --html4 --html5 (--format= already used by o-saft.pl)
    * o-saft: EF: -log improved
    * o-saft: ET: use non-random logfile name to avoid diff results with make
    * OSaft/Ciphers.pm: EF: unified format for warn() messages
    * OSaft/Data.pm: EF: adapted to modern TLS: use of TLSv1 or TLSv11 not considered good
    * o-saft.pl: EF: --test-ciphers* options simplified; --traceCMD improved
    * o-saft.pl: EF: adapted to modern TLS: use of TLSv1 or TLSv11 not considered good
    * o-saft.pl: EF: warning if +cipher-dh --ciphermode=intern
    * o-saft.pl: EF: checking for identified PFS ciphers improved (for --ciphermode=intern only)
    * Net/SSLinfo.pm: EF: print Hint if server does not support protocol
    * Net/SSLinfo.pm: EF: Net::SSLeay make HTTP requests with User-Agent header
    * o-saft-dbx.pm: ED: description for --test-data improved
    * o-saft-dbx.pm: EF: use texts from OSaft::Text
    * OSaft/Doc/help.txt: ED: ENVIRONMENT section improved
    * OSaft/Doc/help.txt: ED: o-saft.cgi's option --format=html4 --format=html5 renamed to --html4 --html5 (--format= already used by o-saft.pl)
    * OSaft/Doc/help.txt: ED: DEBUG section removed, now available with --help=development
    * t/Makefile.dev: ET: target testarg-dev-o-saft_-log improved
    * t/Makefile.dev: ET: _EXE.log-filterarg improved (to compare results)
    * t/Makefile.make: ET: ALL.testmake completed
    * Makefile: EF: enforce LC_CTYPE=C.UTF-8 (necessary at least for o-saft.tcl)
    * o-saft.tcl: ED: sequence of menu items as in o-saft.cgi
    * o-saft.tcl: EF: missing Save button to Commands tab added
    * o-saft.tcl: EF: debug (really trace) output improvd for --d=2
  NEW
    * o-saft-dbx.pm EF: --test-vars implemented; _yeast_test_vars()
    * o-saft.pl: EF: --http-user-agent= added
    * osaft.pm: EF: set_user_agent() implemented
    * Net/SSLinfo.pm: EF: $Net::SSLinfo::user_agent added
    * osaft.pm: EF: cfg{use}{user_agent} added
    * OSaft/Doc/devel.txt: ND: new file
    * Makefile: ET: release.here added; GEN.rel is now in docs/; generated tgz contains $(GEN.rel)
    * o-saft: EF: mode -log implemented

Version: 23.04.23
  BUGFIX
    * contrib/INSTALL-template.sh: BF: overlong message corrected when modules are missing
    * contrib/HTML-table.awk: BF: generating HTML comment corrected
    * t/Makefile.misc: BF: target nytprof.html generates output in t/nytprof
    * Makefile: BT: target pdf for generating PDF corrected
    * o-saft.pl: BF: extracting message number in _warn() corrected (used to avoid printing duplicate messages)
    * o-saft.pl: BF: avoid "Use of uninitialized value $_no ..."; issues/133
    * o-saft-man.pm: BF: value attribute for generated checkbox corrected
  CHANGES
    * OSaft/Doc/help.txt: ED: documentation for developers moved to other files
    * contrib/HTML-table.awk: EF: generate HTML4 or HTML5 depending on scriptname; default: HTML5
    * contrib/HTML-table.awk: EF: comment added; h1 tag added
    * Net/SSLinfo.pm: ED: using =head3 for method description in POD
    * Net/SSLhello.pm: ED: using =head3 for method description in POD
    * t/Makefile.dev: EF: using EXE.log-filterarg in testarg*pod.log targets (not yet fully working)
    * Makefile: EF: INSERTED_BY_MAKE_OSAFT_PM: give INSTALL.sh list of own perl modules
    * Makefile: ET: DOC.src renamed to DOC.odg; SRC.doc to SRC.odg
    * o-saft-man.pm: EF: TOC added to generated HTML using <aside> tag (needs to be improved)
    * o-saft-man.pm: EF: provide options --format=html4 and --format=html5
    * o-saft-man.pm: EF: use linear-gradient background for help buttons in cgi.html
    * o-saft-man.pm: EF: --no-tlsv13 removed from default settings in .cgi.html
  NEW
    * t/Makefile.misc: NF: targets docs.anno docs.subs added
    * t/gen-graph-annotations.sh new
    * t/gen-graph-sub-calls.sh: new

Version: 22.11.22
  BUGFIX
    * Net/SSLhello.pm: BF: correct use of %cfg (instead of %{$osaft::cfg...}
    * Net/SSLinfo.pm: BF: avoid "Use of uninitialized value ..." in datadump()
    * OSaft/Ciphers.pm: BF: using string '0 ' if value is 0 in _ciphers_init()
    * OSaft/Data.pm: BF: string <<internal>> changed to internal to avoid conflict in HTML
    * o-saft.pl: BF: output for --ciphermode=dump corrected
    * o-saft.cgi: BF: seting PATH corrected
    * o-saft.cgi: BF: regex for arguments to be ignored corrected
    * o-saft.tcl: BF: using undefined array variable corrected
    * o-saft.tcl: BF: generating content for "help" improved
    * o-saft-man.pm: BF: avoid "Use of uninitalized ..." (bug since 2.80)
    * o-saft-man.pm: BF: print STRENGTH for --test-ciphers-list
    * t/Makefile: ET: name of targets unified: testarg-hlp-*
    * t/Makefile.dev: BT: duplicate targets in ALL.test.dev removed
    * t/Makefile.misc: BT: report only first occurrence of shebang in testarg-misc_shebang (still not perfect)
    * t/Makefile.help: BT: EXE.pl = ../$(SRC.pl)
    * t/Makefile.cipher: BT: targets testcmd-cipher-+test-ciphers-list-* corrected (are testarg-* now)
    * contrib/gen_standalone.sh: BF: better check for include of o-saft-dbx.pm
  CHANGES
    * o-saft.pl: EF: print number of checked ciphers for each protocol
    * o-saft.pl: EF: print warning if no ciphers specified
    * o-saft-man.pm: EF: use linear-gradient background for help buttons in cgi.html
    * o-saft-man.pm: EF: --no-tlsv13 removed from default settings in .cgi.html
    * o-saft-man.pm: EF: use shebang /usr/bin/perldoc instead of /usr/bin/env in generated files
    * o-saft-man.pm: EF: EF: CSS for --help=gen-cgi and help page improved
    * o-saft-man.pm: EF: new design for o-saft.cgi.html
    * o-saft-man.pm: EF: man_docs_write() (writes --help=ciphers-text also)
    * o-saft-dbx.pm: EF: osaft::test_regex() -> osaft::test_cipher_regex()
    * o-saft-dbx.pm: EF: printing list of ciphers improved
    * o-saft.cgi: EF: regex for illegal commands and options improved
    * o-saft.tcl: EF: destroy_window(): wrapper to destroy toplevel window
    * o-saft.tcl: ED: "Key Bindings" documented
    * o-saft.tcl: EF: osaft_write_docs() used "o-saft.pl --help=gen-docs" to generate files
    * OSaft/Doc/help.txt: EF: description for --cipherrange=RANGE improved; --cipherpattern=PATTERN added
    * OSaft/Ciphers.pm: EF: cipher suites SM4-GCM-SM3 and SM4-CCM-SM3 added
    * OSaft/Ciphers.pm: EF: security for ciphers *PSK*CBC* set mediu
    * OSaft/Ciphers.pm: ET: test functionality improved
    * OSaft/Ciphers.pm: EF: @cipher_iana_recomended added (list of ciphers suites recommended by IANA)
    * t/Makefile.docker: EF: testarg-%.log uses $(EXE.arg-logfilter)
    * t/Makefile.cipher: ET: tests for --ciphermode=dump added
    * t/Makefile.misc: ET: target testarg-misc_hashbang renamed to testarg-misc_shebang
    * t/Makefile.tcl: ET: use testarg% instead of testcmd%; generate targets with GEN.targets macro
    * t/Makefile.pod: ED: section Make:macros added; consistent use of "macro" and "variable"
    * t/Makefile.pod: ET: new makefiles added to section O-Saft Makefile Includes
    * t/Makefile.dev: ET: new Targets to test INSTALL.sh
    * t/Makefile.hlp: ET: useless $(eval ...) removed
    * t/Makefile.inc: EF: new text for TEST.logtxt; EXE.arg-logfilter and EXE.cmd-logfilter added
    * t/Makefile.etc: EF: EXE.log-filtercmd added to testcmd-etc-testssl.s%.log
    * t/Makefile.cmd: EF: EXE.log-filterarg, EXE.log-filtercmd for some targets added
    * t/Makefile: EF: enforce LANG=C environment for all tests
    * t/Makefile: EF: include t/Makefile.gen t/Makefile.mod
    * t/Makefile: EF: include t/Makefile.gen t/Makefile.mod
    * t/Makefile: ET: remove useless environment variables
    * t/Makefile: EF: renamed: EXE.arg-logfilter -> EXE.log-filterarg; EXE.cmd-logfilter -> EXE.log-filtercmd
    * t/Makefile.*: ET: use GEN.targets-args macro to generate targets
    * Makefile: ET: INSTALL.sh added to ALL.tgz
    * Makefile: EF: Makefile.gen added
    * Makefile: EF: enforce LANG=C environment for all tests
    * Makefile: EF: remove useless environment variables
    * Makefile: EF: include t/Makefile.gen t/Makefile.mod
    * Makefile: ET: target docs and do.data improved
    * contrib/HTML-table.awk: EF: improved for cipher lists; some header lines handled special
    * contrib/*_completion_o-saft: EF: completion for make added
    * checkAllCiphers.pl: EF: trace variable assignment improved
  NEW
    * o-saft.pl: EF: --cipher=CIPHER implemented
    * OSaft/Ciphers.pm: NF: get(pfs) implemented
    * t/Makefile: NT: target commands of testarg-%.log and testcmd-%.log piped to filter
    * t/Makefile.gen: NF: new Makefilewith user defined functions
    * t/Makefile.pod: EF: new section Make:target generation
    * t/Makefile.inc: EF: new text for TEST.logtxt; EXE.arg-logfilter and EXE.cmd-logfilter added
    * t/Makefile.dev: NT: targets for get_keys_list and get_names_list added
    * t/Makefile.dev: ET: targets for testng OSaft/Ciphers.pm functions added
    * t/Makefile.dev: ET: targets testarg-dev-o-saft-sh--post-* added
    * t/Makefile.misc: NT: new target testarg-misc_hashbang
    * t/Makefile.mod: NF: targets for testing module functionality
    * contrib/INSTALL-template.sh: EF: copy_file implemented with --useenv; descrition for --useenv added

Version: 22.06.22
  BUGFIX
    * o-saft-man.pm: BF: check if no parameter given corrected
    * osaft.pm: BF: avoid "Use of uninitialized value $cipher" in get_cipher_owasp()
    * osaft.pm: BF: syntax (, instead of .) in cipheranges corrected
    * o-saft.pl: BF: avoid "Use of uninitialized value $cipher" in _sort_cipher_results()
    * o-saft.pl: BF: avoid "Use of uninitialized value $key" in checkciphers()
    * o-saft.pl: BF: match for valid --cipher-pattern corrected
    * o-saft.pl: BF: my -> our for simplified variables
    * o-saft.pl: BF: printversion() improved (avoid "Use uninitialized value")
    * o-saft.tcl: BF: add and delete of entry widgets for target names corrected
    * OSaft/Ciphers.pm: BF: missing cipher suite names DHE-PSK-AES18-CBC-SHA and DHE-PSK-AES256-CBC-SHA added
    * OSaft/Ciphers.pm: BF: missing ciphers in sequence of sort_cipher_names() added
    * contrib/INSTALL-template.sh: BF: "check for openssl executable used by O-Saft" improved
  CHANGES
    * o-saft.pl: EF: use _eval_cipherranges() instead of eval() directly
    * o-saft.pl: EF: more compatibility options from testssl.sh added
    * o-saft.pl: EF: _get_ciphers_range --> osaft::get_ciphers_range
    * o-saft.pl: EF: verbosity for cipher_selected with +cipher improved
    * o-saft.pl: EF: printing header line for all +cipher checks improved
    * o-saft.pl, *.pm: EF: @INC improved
    * o-saft.pl, *pm: EF: use OSaft::Text
    * o-saft-man.pm: EF: honor --v from caller
    * o-saft-man.pm: EF: JavaScript in man_ciphers() improved
    * o-saft-man.pm: EF: o-saft.cgi.html improved
    * o-saft-man.pm: ED: man_warnings() improved
    * contrib/INSTALL-template.sh: EF: check for O-Saft programs improved
    * contrib/o-saft_bench.sh: ED: pretty printed results
    * o-saft.tcl: EF: improved for AndroidWish
    * o-saft.tcl: EF: detect header line for SSL/TLS protocol od ciphers
    * o-saft.pl: EF: print header line for all +cipher checks (to map cipher suite names properly to pprotocols)
    * o-saft.pl: EF: redisign OSaft/Ciphers.pm: branch moved to trunk
    * osaft.pm: EF: get_ciphers_range() (moved from o-saft.pl)
    * osaft.pm: EF: redisign OSaft/Ciphers.pm: branch 1.270.1.4 moved to trunk
    * OSaft/Ciphers.pm: BF: all ciphers with 3DES are 112 bits only
    * OSaft/Ciphers.pm: BF: RMD replaced by RIPEMD for cipher MACs
    * OSaft/Ciphers.pm: EF: sort_cipher_results() moved from o-saft.pl
    * OSaft/Ciphers.pm: EF: set_sec() implemented
    * OSaft/Ciphers.pm: EF: redisign OSaft/Ciphers.pm: branch moved to trunk
    * OSaft/Doc/glossary.txt: EF: formal changes, some typos fixed; new XChaCha*, AESCCM*
    * OSaft/Doc/help.txt: ED: only historic references to +cipherall  and  +cipherraw
    * OSaft/Doc/help.txt: ED: documentation of --test-ciphers-* options improved
    * OSaft/Doc/rfc.txt: 
    * o-saft-dbx.pm: ED: documentation for --test-ciphers-* options improved
    * o-saft-dbx.pm: EF: unused methods removed; some methods moved to Ciphers.pm
    * contrib/INSTALL-template.sh: ED: text about generation improved
    * Makefile*: ET: generated target names improved; more targets for --test-*
    * Makefile: EF: README replaced by README.md
    * Makefile: ED: text about generation improved
    * Makefile: EF: _CIPHER and related sources removed
    * Makefile.dev: ET: some summary target added
    * Makefile.dev: ET: --test-regex moved from osaft.pm to o-saft.pl
    * Makefile.dev: ET: adapted to new --test-ciphers* options in various tools
    * Makefile.dev: ET: adapted to changes in Ciphers.dev; more tests for Ciphers.pm
    * Makefile.dev: ET: *osaft-cipher --> *.osaft-ciphers
    * Makefile.opt: ET: target testarg-opt-alias--test-ciphers-list added
    * Makefile.misc: ET: redesign OSaft/Ciphers.pm: target keys.* and values.* are no longer needed; removed
    * Makefile.misc: ET: target cloc.stat.log added
    * Makefile.cipher: ET: targets added for: +test-ciphers-list --range=*
    * Makefile.cipher: ET: more --range= checks added
    * Makefile.warnings: ET: target warning-009 removed
    * Makefile.warnings: ET: warning-521, warning-522, warning-504, warning-505, warning-862 added
  NEW
    * o-saft-man.pm: EF: man_ciphers() implemented; options --help=gen-cipher-text --help=gen-cipher-html
    * Makefile: EF: o-saft-docker added to INSTALL.sh
    * o-saft.tcl: EF: "Open window with list of cipher suites" implemeted
    * o-saft.tcl: EF: --tkpod added
    * o-saft.tcl: EF: menu/window for configuration settings added
    * o-saft.tcl: EF: tool layout optimized for use on tablet; --gui-layout=tables is default now
    * o-saft-docker: EF: option +VERSION added for compatibility with other tools

Version: 22.02.22
  BUGFIX
    * Net/SSLhello.pm: BF: avoid "Use of uninitialized value $ENV{"PWD"} in ..."
    * o-saft*, OSaft/Ciphers.pm: BF: avoid "Use of uninitialized value $ENV{"PWD"} in ..."
    * INSTALL.sh: BF: improved check for Perl modules
    * INSTALL.sh: BF: create required directories
    * contrib/gen_standalone.sh: BF: avoid overwriting generated code when used with -t option
    * o-saft.cgi: BF: checks for bad IPs improved
    * o-saft: BF: --port= handling for single host argument corrected
    * o-saft: BF: output for --legacy=testssl-g corrected
    * o-saft: BF: do not start GUI on CLI when output is redirected; detect GUI if STDIN is missing
    * contrib/install_openssl.sh: BF: conflicting variable names and check for libidn.so corrected
    * contrib/gen_standalone.sh: BF: avoid perl warning "Unescaped left brace in regex is deprecated" (in newer perl versions)
    * contrib.bunt.pl: BF: missing space in substitution corrected
    * contrib.bunt.pl: BF: colourizing cipher rating improved
    * contrib.bunt.pl: BF: detecting host:port corrected
    * t/o-saft_bench.sh: BF: +VERSION corrected
    * t/o-saft_bench.sh: BF: redirect output of time command (from tty) correctly
    * osaft.pm: BF: some cipher names corrected
    * osaft.pm: BF: TLS 1.3 cipher-suites corrected
    * osaft.pm: BF: ciphers 0x00,0x7x corrected (ciphers for openpgp extension)
    * osaft.pm: BF: cipher rating (OWASP A) adapted to OWASP TLS Cheat Sheet (DHE*)
    * osaft.pm: BF: avoid **WARNING: 412: for INFO_SCSV
    * osaft.pm: BF: sorting ciphers according strength improved (added some CHACHA*, FZA*,
    * o-saft*: BF: settings in @INC improved; set . instead ./ in @INC
    * o-saft.pl: BF: check for --trace* option improved
    * o-saft.pl: BF: check for +ocsp_uri and +ocsp_valid corrected
    * o-saft.pl: BF: set default CA file if none found (--ca-file)
    * o-saft.pl: BF: duplicate warning 042 corrected
    * o-saft.pl: BF: ignore unknown options (new warning 029); avoids using its value as target
    * o-saft.pl: BF: avoid perl error: "Undefined subroutine &Time::Local::timelocal ..."
    * o-saft.pl: BF: check for +cipher_pfsall corrected
    * o-saft.pl: BF: check for +logjam corrected (use $cipher instead of $c)
    * o-saft.pl: BF: better ckeck for ancient Net:SSLeay < 1.49 functionality to avoid crash
    * o-saft.pl: EF: better check vor valid hostname arguments
    * o-saft.pl: BF: --exitcode does not count missing PFS if no ciphers offered
    * o-saft.pl: BF: --exitcode does not count TLSv13
    * o-saft.pl: BF: --exitcode-v corrected
    * o-saft.pl: BF: setting cfg{'ca_file'} corrected
    * o-saft.pl: BF: description of some ciphers corrected (according openssl description)
    * Net/SSLinfo.pm: EF: output for --trace improved and unified
    * Net/SSLinfo.pm: BT: test_ssleay() avoids using undefined functions which results in perl's "Can't locate .." error
    * Net/SSLinfo.pm: documentation for --test-* corrected
    * Net/SSLinfo.pm: avoid Perl warning "used only once: possible typo"
    * Net/SSLinfo.pm: BF: get session information from Net::SSLeay (avoid perl warnings)
    * Net/SSLinfo.pm: BF: avoid confusing message in servers access.log like: "\n" 400 750 "-" "-"
    * Net/SSLhello.pm: BF: avoid "Use of uninitialized value $ENV{"PWD"} in ..."
    * OSaft/Doc/Data.pm: BF: avoid some POD link syntax L<
    * OSaft/Doc/Data.pm: BF: warnings have a message number
    * OSaft/Ciphers.pm: BF: extend @INC (for internal use; @INC depends on OS and distribution)
    * OSaft/Ciphers.pm: BF: sorting of strong ciphers improved
    * OSaft/Ciphers.pm: BF: numbers for warning messages
    * o-saft.tcl: EF: generating Tcl-markup for help improved (still not perfect)
    * o-saft.tcl: BF: syntax corrected when --rc used
    * o-saft.tcl: BF: UP and DOwn button in help window aktivated
    * o-saft.tcl: BF: avoid searching for empty strings in help window
    * o-saft.tcl: BF: result from +version not shown as table data
    * Makefile.dev: BT: test with gen_standalone.sh improved
    * Makefile.warning: BT: duplicate warning 042 corrected
    * Makefile.cipher: BT: typo in target name corrected
    * Makefile: BF: GEN.man depends on GEN.pod
    * Makefile: BF: generation of files depending on OSaft/Doc/help.txt corrected
    * o-saft-dbx.pm: BF: print content of %cfg{targets} instead of array ref
    * o-saft-man.pm: BF: avoid "Use of uninitialized value ..." in man_warnings()
    * o-saft-man.pm: BF: detect o-saft as one of our own commands in help texts
    * o-saft-man.pm: BF: dirty hack to find proper .pod file for gen-man
    * o-saft-man.pm: BF: generation of links in POD and HTML improved
    * o-saft-man.pm: BF: _main renamed to _main_man (because this file is not yet a Perl package)
    * o-saft-man.pm: BF: setting default options in generated .html corrected
  CHANGES
    * contrib/HTML-table.awk: EF: print table header for each table
    * Makefile: ET: t/cloc-total.awk added as source file; list of documentation files improved
    * o-saft.cgi: EF: --format=html implemented (experimental)
    * o-saft.cgi: EF: parameter sanitation improved (trailing = in names removed)
    * o-saft-man.pm: ED: output for --help=warnings in man_warnings() improved
    * o-saft-man.pm: ED: idention in HTML <li> lists improved
    * o-saft-man.pm: EF: --help=warnings implemented
    * o-saft-man.pm: EF: --format=html option generated for --help=gen-cgi (o-saft.cgi.html)
    * o-saft-man.pm: EF: --cgi-no-header added to quick options for o-saft.cgi.html
    * t/Makefile.tcl: ET: target testcmd-tclinteractive-* and test.GUI added; testcmd-tcl---gui-* added
    * t/Makefile.tcl: ET: new test targets
    * t/Makefile.dev: ET: more individual targets for EXE.osaft (calling contrib/bunt.pl)
    * t/Makefile.misc: ET: targets test.keys and test.values
    * t/Makefile.misc: ET: targets cloc.csv and cloc.total added
    * t/cloc-total.awk: EF: check calculated vs. reported values
    * t/cloc-total.awk: EF: print comments reported by cloc
    * o-saft.tcl: EF: read configuration from static files; new option --no-docs
    * o-saft.tcl: EF: --stdin (reading data from STDIN) implemented
    * o-saft.tcl: EF: options --test=FILE --layout=table implemented
    * o-saft.tcl: EF: degugging improved; default configuration for Android improved
    * o-saft.tcl: ET: option --test-tcl added
    * INSTALL.sh: EF: --check and --install check for installed wish
    * INSTALL.sh: EF: use unique error numbers
    * INSTALL.sh: EF: use --install as default if no option given
    * INSTALL.sh: EF: check for optional executables
    * INSTALL.sh: EF: functionality and documentation improved
    * Dockerfile: EF: build with debian supported
    * Dockerfile: EF: using alpine:3.10
    * Dockerfile: EF: Workaround for docker/alpine (bug or race condition) added
    * contrib/o-saft.php: EF: moved to .
    * contrib.bunt.pl: EF: improved for ciphrs with OWASP rating
    * contrib.bunt.pl: ED: documentation improved
    * Makefile.cipher: EF: new targets for testing +cipher with options
    * Makefile.cmds: ET: renamed to Makefile.cmd
    * OSaft/Doc/tools.txt: ED: checkAllCiphers.pl and contrib/alertscript.pl added
    * OSaft/Doc/Data.pm: EF: fix for strange Perl behaviour on older Mac OSX
    * OSaft/Ciphers.pm: BF: list command returns sorted list of files
    * contrib/gen_standalone.sh: EF: check improved if source file exists
    * contrib/gen_standalone.sh: ET: less noisy "ls" if called by make (check OSAFT_MAKE variable)
    * contrib/gen_standalone.sh: ED: documentation for generated code improved
    * contrib/gen_standalone.sh: EF: handle comments with OSAFT_STANDALONE
    * contrib/o-saft.php: EF: improve: search for script to be called (no longer hardcoded)
    * contrib/INSTALL-template.sh: EF: options improved; --not-blind added, default is --blind
    * contrib/install_openssl.sh: EF: +VERSION and --version added
    * contrib/install_openssl.sh: EF: Install Perl modules using "perl -MCPAN" instead of building from .tgz
    * contrib/install_openssl.sh: EF: checking preconditions improved; building modules improved
    * contrib/install_openssl.sh: EF: option --m to install required Perl modules
    * contrib/install_openssl.sh: EF: adapting .o-saft.pl improved
    * o-saft-man.pm: EF: _man_squeeze() and _man_use_tty() implemented for --tty option
    * o-saft-man.pm: EF: output of man_help(), man_table() may have fixed width
    * o-saft-man.pm: EF: CSS improved for o-saft.cgi.html
    * o-saft: EF: option -line added
    * o-saft: EF: options -colour -blind and -prg=* added
    * o-saft*: EF: use print_pod() to print own help
    * o-saft-dbx.pl: EF: --test implemented
    * o-saft.pl: BF: allow $cfg{'ignore-out'} to set empty
    * o-saft.pl: BF: intended functionality of --enabled --disabled corrected
    * o-saft.pl: BF: initial time corrected if < 0: set $cfg{'time0'}
    * o-saft.pl: EF: use Encode::decode("UTF-8", ...) for all printed values
    * o-saft.pl: ED: formal changes in %ciphers (adaption to openssl 1.1.1k)
    * o-saft.pl: ED: useless debug output removed; avoid duplicate commands
    * o-saft.pl: EF: do not print same message (warning) multiple times; --warnings-dups added
    * o-saft.pl: EF: check for Extended master secret
    * o-saft.pl: EF: checking CA paths and files for Android improved
    * o-saft.pl: EF: options --format-* and --ty implemented
    * o-saft.pl: EF: TLS 1.3 cipher-suites added
    * o-saft.pl: EF: ciphers 0x00,0x7x added (ciphers for openpgp extension)
    * o-saft.pl: EF: warning and hint messages unified
    * o-saft.pl: EF: check for openssl executable only if openssl required
    * o-saft.pl: EF: --test implemented
    * o-saft.pl: EF: --test* options unified
    * o-saft.pl: EF: ECDHE-ECDSA-* ciphers are classified with "unknown" security
    * osaft.pm: EF: +http_body disabled by default
    * osaft.pm: EF: cfg{regex]{OWASP_AA} added; formal changes in %ciphers
    * osaft.pm: EF: cipher names adapted to openssl 1.1.1k
    * osaft.pm: EF: own _warn() and _dbx() if missing
    * osaft.pm: EF: export STR_MAKEVAL
    * osaft.pm: ED: formal changes; permanent hint texts defined here
    * osaft.pm: EF: cfg{warnings_no_dups} and cfg{warnings_printed} added
    * osaft.pm: EF: master_secret added to cmd-quick
    * osaft.pm: EF: ca_paths and ca_files improved for Android
    * osaft.pm: EF: new TLS_EXTENSIONS data structure
    * osaft.pm: EF: cipher suites from rfc6367 added
    * osaft.pm: EF: ca_paths[], openssl_cnfs[] improved
    * osaft.pm: EF: reserved ciphers removed from cipher ranges
    * osaft.pm: EF: ECDHE-ECDSA-* ciphers are classified with "unknown" security
    * osaft.pm: EF: primary and alias name of some RSA-PSK-AES* cipher changed
    * osaft.pm: ED: VERSION added for POD
    * o-saft: EF: cal o-saft.tcl if no STDOUT available
    * o-saft.cgi: EF: print all error for any invalid parameter
    * o-saft.cgi: ED: POD and internal documentation improved
    * o-saft.cgi: EF: pass parameter --format=html to o-saft.pl too
    * o-saft.cgi: EF: printing HTTP headers conditionally; --cgi-header and --cgi-no-header implemented
    * o-saft.cgi: EF: improved to check for invalid arguments without --*= prefix
    * o-saft.cgi: EF: disallow IPv4-mapped IPv6 addresses
    * o-saft.cgi: EF: disallow IPv4-mapped or incomplete  IPv6 addresses; disallow integer addresses
    * o-saft-*.pm: ED: documentation improved
    * t/Makefile*: ED: ALL.tests and ALL.tests.log are set in Makefile
    * t/Makefile*: ED: documentation improved
    * t/Makefile*: ET: --trace-CLI option added to most o-saft.pl calls 
    * t/Makefile*: ET: do not force setting of EXE.pl for testcmd-%
    * t/Makefile*: ET: qa.pod - check generated pod file
    * Makefile: EF: dependency on tags file improved
    * Makefile, t/Makefile*: ET: targets and documentation unified and improved
    * o-saft-dbx.pm: ED: description for ciphers_sorted and ciphers_overview improved
    * o-saft-dbx.pm: EF: avoid printing random value for cfg{time0} if OSAFT_MAKE ist set
    * o-saft-dbx.pm: EF: avoid printing random value for cfg{time0} if OSAFT_MAKE ist set
    * o-saft-dbx.pm: EF: $cfg{'trace*'} --> $cfg{'out'}->{'trace*'}
    * o-saft-dbx.pm: EF: $VERSION renamed to $mainsid to avoid conflicts withother modules
    * o-saft-dbx.pm: EF: output for --v improved (host:port/path)
    * o-saft-man.pm: EF: --h improved (remove internal markup)
    * o-saft-man.pm: EF: print own help if called without arguments
    * o-saft-man.pm: EF: mobile-friendly title= attributes in generated HTML
    * o-saft-man.pm: EF: help button to show o-saft.html for --help=cgi added
    * o-saft-man.pm: EF: setting document title in generated .html improved
    * o-saft.tcl: EF: docker_status_99x29_magenta.png added
    * o-saft.tcl: EF: filename for saving contains name of TAB
    * o-saft.tcl: EF: testing and debugging options --help-* renamed to --test-*
    * o-saft.tcl: EF: --help=opts option implemented
    * o-saft.tcl: EF: o-saft.pl initially called if +command arguments are given
    * o-saft.tcl: EF: --rc improved; contrib/.o-saft.tcl removed
    * o-saft.tcl: ED: searching for text starting with - in help text improved
    * o-saft.tcl: EF: debugging improved
    * o-saft.tcl: EF: avoid creating multiple option enty fields
    * o-saft.pl: EF: +traceSUB removed, is now --test-sub (see o-saft-dbx.pm 1.110)
    * o-saft.pl: EF: print ciphers for --no-enabled and --legacy=owasp also
    * o-saft.pl: EF: $VERSION renamed to $mainsid to avoid conflicts withother modules
    * o-saft.pl: EF: avoid duplicate settings in @INC; setting @INC simplified; set . but not ./
    * o-saft.pl: EF: --exitcode does not count "no (<<..>>)" results
    * o-saft.pl: ED: typos
    * o-saft.pl: EF: use URL if any to connect to target
    * Net/SSLhello.pm: $main::cfg{'trace*'} --> $Net::SSLhello::trace*
    * Net/SSLhello.pm: version string corrected
    * Net/SSLhello.pm: EF: usinag IANA constant names for cipher suites instead of openssl constant names
    * Net/SSLinfo.pm: ED: formal change: use $STR{WARN}
    * Net/SSLinfo.pm: EF: check for Extended master secret
    * Net/SSLinfo.pm: ET: improved verbose and debug messages
    * Net/SSLinfo.pm: EF: prepared for improved extracting of PEM data
    * Net/SSLinfo.pm: EF: empty headers in Net::SSLeay::get_http() removed
    * Net/SSLinfo.pm: EF: use URL if any to connect to target
    * Net/SSLinfo.pm: EF: --test-* and +VERSION options added
  NEW
    * t/Makefile: ET: set O-SAFT_MAKE
    * t/cloc-total.awk: EF: added
    * contrib/symbol.pl: new
    * contrib/*_completion_o-saft: EF: completion for o-saft.tcl added
    * contrib/INSTALL-template.sh: various adaptions to previous changes
    * t/Makefile: ET: set O-SAFT_MAKE
    * t/Makefile.misc: ET: testing CLI with *pm
    * t/Makefile.doc: ET: testing internal documentation
    * OSaft/Ciphers.pm: EF: --usage implemented
    * OSaft/Doc/help.txt: ED: --test* options added
    * OSaft/Doc/Data.pm: EF: --usage implemented
    * Net/SSLinfo.pm: EF: _verbose()
    * Net/SSLinfo.pm: EF: Net::SSLinfo::use_https and ::target_url added
    * o-saft.tcl: EF: --help=opts option implemented
    * o-saft.pl: EF: --use-https implemented
    * o-saft.pl: EF: new functionality: +public_key_len +session_id_ctx
    * o-saft.pl: EF: +sstp implemented
    * o-saft.pl: EF: print warning if --port used after host argument
    * o-saft-man.pm: EF: generate nroff format implemented
    * o-saft-man.pm: EF: message box for "CGI Usage Note" added to gen-cgi
    * o-saft-dbx.pm: ET: --test* option implemented
    * o-saft-dbx.pm: ET: write real date and time only if O-SAFT_MAKE environment variable does not exist

Version: 19.01.19
  BUGFIX
    * t/Makefile.*: BT: macro ALL.inc.type corrected
    * osaft.pm: BF: +fingerprint_sha2 honors --format=hex
    * o-saft.pl: BF: printing header (for list of ciphers) corrected
    * o-saft.pl: BF: "Ciphers: Summary" prints correct numbers if no ciphers found
    * o-saft.pl: BF: --legacy=key disabled; --label=key enabled (honors --header option)
  CHANGES
    * t/Makefile.*: ET: targets simplified and unified; critic345 implemented
    * o-saft.pl: EF: +cipher results are sorted according "severity/security risk"
  NEW
    * o-saft.pl: NF: --help=cmd and --help=cfg-cmd added
    * o-saft.pl: NT: +session_startdate and +session_starttime added
    * o-saft.pl: NF: new option --legacy=owasp for +cipher
    * o-saft.pl: NF: new option --label=long|short|key
    * o-saft.pl: NF: alias commands for CVEs added
    * t/Makefile.misc: targets for profiling

Version: 18.10.18
  BUGFIX
    * o-saft-docker: use correct VERSION in docker_build()
    * o-saft-man.pm: output for --help=cfg-text correctd
    * o-saft-man.pm: HTML encode << ; CSS improved
    * o-saft.pl: warning added if https request failed
    * o-saft.pl: --exit=MAIN corrected
    * o-saft.tcl: value None not highlighted
    * o-saft.tcl: --docker and --id=* handled correctly
    * t/Makefile.opt: added (missed at github)
    * t/Makefile: message-% rule description to avoid syntax errors
    * Makefile: missing files t/Makefile.exit, t/Makefile.FQDN added to ALL.Makefiles
    * Makefile: dependencies for generated files improved
  CHANGES
    * o-saft-docker: docker_build() uses OSAFT_VM_SHA_OSAFT environment variable
    * contrib/build_openssl.sh renamed to contrib/install_openssl.sh
    * o-saft-dbx.pm: trace and verbose output use cfg{prefix_trace} and cfg{prefix_verbose} instead of cfg{mename}
    * t/Makefile.*: various minor bugfixes
    * Makefile: install target improved
    * Net::SSLinfo.pm: set https_body to private string if https request fails
    * osaft: call other tools with proper path
    * osaft.pm: cipher suites for RFC 8446 (TLS 1.3) added
    * o-saft-man.pm: new button to change schema in generated o-saft.cgi.html
    * o-saft-man.pm: online documentation in generated html improved
    * --help: section TESTING added
    * o-saft.tcl: using o-saft.pl in docker container improved
    * t/o-saft_bench renamed to t/o-saft_bench.sh
    * t/Makefile* improved
  NEW
    * "help"-Button foreach --help=* in o-saft.cgi.html
    * --help=cipherpattern added
    * options -comp and -no_comp implemented (OP_NO_COMPRESSION)
    * Makefile.help: cloc* target added
    * o-saft-man.pm: cgi and html page provides discrete commands
    * o-saft-man.pm: cgi page provides input fields for options with values
    * o-saft-man.pm: "return to top" button in generated .cgi.html added

Version: 18.07.18
  BUGFIX
    * o-saft: pass $* instead of $@
    * o-saft-docker: check for image IDs corrected
    * o-saft-docker: ENTRYPOINT corrected; usage corrected
    * o-saft-docker: get correct number of ciphers from docker
    * o-saft.tcl: workaround for X error BadAlloc implemented
    * o-saft.tcl: highlight of code examples corrected
    * o-saft.tcl: size of help window adapted to larger font size
    * content of o-saft.tgz corrected (gernerated by makefile)
    * o-saft.pl: +cipher-dh requires openssl
    * o-saft.pl: use of $cfg{'openssl'}->{'-msg'} corrected
    * o-saft.pl: print warning when trying to read RC-file in cgi mode
    * o-saft.pl: avoid Use of uninitialized value in $CFG{sni_name}
    * o-saft.pl: avoid Use of uninitialized value in _init_openssldir()
    * o-saft-dbx.pm: avoid Use of uninitialized value $cfg{"sni_name"}
    * o-saft-man.pm: --help=html does not contain "start" buttons (like --help=cgi)
    * Net::SSLinfo.pm: initialize Net::SSLinfo::file_sclient
    * Net::SSLinfo.pm: verify_altname(); avoid uninitialized value
    * Net::SSLinfo.pm: verify_alias()
  CHANGES
    * +ocsp_response and +ocsp_stapling (check) implemented
    * print !!Hint when multiline data is not printed                                
    * "reading:" message only printed with --v or --warning
    * +vulns also contains: +compression +fallback +resumption +renegotiation
    * +compression is information (+info) and check (+check, +vulns)
    * o-saft-docker: build improved; build supports some environment variables
    * Dockerfile: handle master directory from github, move it to $OSAFT_DIR if found
    * Dockerfile: add -rpath flag to build SSLeay.so
    * o-saft_bench: write result on STDOUT instead of hardcoded file
    * o-saft_bench moved to test/
    * INSTALL.sh renamed to INSTALL-template.sh; INSTALL.sh generated by Makefile
    * LHS condition check
    * contrib/INSTALL-template.sh: improved (--check, --openssl)
    * contrib/Dockerfile.alpine:3.6 renamed to contrib/Dockerfile.alpine-3.6
    * Net::SSLhello.pm: better handling of SSL/TLS connection errors
    * prepared for +ccs
  NEW
    * o-saft.cgi: avoid infinite loop if no parameter given
    * o-saft.cgi: first parameter must be --cgi or --cgi=
    * contrib/build_openssl.sh
    * Makefile; complete test suite in test/Makefile*
    * INSTALL-template.sh
    * o-saft.tcl: +quit option (for usage in Makefiles)
    * o-saft.tcl: scrolling with keys and mouse whell in help window implemented
    * o-saft-man.pm: --help=exit implemented
    * o-saft-man.pm: POD added
    * o-saft: modes/options -gui -cli -docker added
    * o-saft-docker: mode sshx to tunnel X suing ssh

Version: 18.01.18
  BUGFIX
    * markup for generated documentation corrected
    * various Perl warnings (in rare runtime situations) fixed
    * hostname, SNI and certificate subject checks are case insensitive
  CHANGES
    * --help=tools added to give an overview of all tools comming with O-Saft
    * use of $cfg{'sni_name'} and $cfg{'usesni'} improved (--sni --no-sni --sniname= )
    * SSLv3 cipher checks are done without SNI (automatically disabled just for SSLv3)
    * simple connection check to avoid "hanging" connection
    * documentation moved from o-saft-man.pm to OSaft/Doc/help.txt
    * Net::SSLinfo.pm: treat "failed handshake" only as error when * Net::SSLinfo::ignore_handshake is not set
    * contrib/zap_config.xml: description improved
    * +version prints starting directory (PWD)
    * +sni command contains +certfqdn
    * detecting host and port improved
    * use relative instead of absolute timestamps for --traceTIME
  NEW
    * wrapper script: o-saft
    * --traceCLI option added
    * --std-format= options implemented (allows generating files with any charset)
    * o-saft.tcl: write result of o-saft.pl in Tcl table (experimental)
    * +robot ROBOT added
    * --ignore-handshake implemented
    * --time-absolut to write absolute timestamps for --traceTIME

Version: 17.11.17
  BUGFIX
    * o-saft.cgi: IPv6 addresses are not allowed
    * do not print prefered cipher for SSLv2, as it has no such cipher
    * no warning (401) for SSLv2 selected cipher
    * do not complain about cipher mismatch (warning 411) for SSLv2
    * missleading hint message for WARNING 126 corrected
    * check for bit-length of serial number corrected (approx aproach)
  CHANGES
    * --help=cgi generated HTML for cgi usage improved
    * +protocols and +vulns documentation added
    * warnings and hints improved if SNI used with/for SSLv3
    * remove non-printable characters from HTTPS Status line
    * Dockerfile: build Net::SSLeay and IO::Socket::SSL based on enhanced openssl-chacha
    * +cipherall uses same output format as +cipher
    * documentation improved
  NEW
    * o-saft.tcl: trace implemented; option --trace

Version: 17.09.17
  BUGFIX
    * bugfix: avoid sub-subdomain matching againt subdomain wildcard
    * bugfix: BEAST check (https://github.com/OWASP/O-Saft/pull/99)
    * Net::SSLinfo.pm: support timeout commands which require -t option (BusyBox)
    * Net::SSLinfo.pm: handle binary IP address in certificate's altname attribut
    * regex to detect port numbers in URL: {1,5} quantifier instead of {1-5}
    * Dockerfile: install perl-readonly for alpine also
  CHANGES
    * Dockerfile build openssl with GOST and KRB5 ciphers (for alpine:edge)
    * Dockerfile supports environment variables
    * Net::SSLinfo.pm: checking for Alt-Svc, X-Firefox-Spdy headers improved
  NEW
    * o-saft-docker: checks for proper installed images
    * o-saft-docker: rmi command implemented; status command improved

Version: 17.07.17
  BUGFIX
    * +tr-02102+ corrected (len_sigdump check)
    * check for redirect HTTP to HTTPs corrected (+http_https)
    * Net::SSLinfo.pm: do_ssl_new() improved (avoid "Segmentation fault" or "double free or corruption .. Abort" in rare cases)
    * o-saft.pl: setting ALPN and NPN options with Net::SSLeay improved (avoid "Segmentation fault" in rare cases)
    * warning message for --experimental corrected
    * avoid perl warning "Argument isn't numeric" for +tr_02102 checks
    * osaft.pm: export printhint()
    * print hint for +info commands also
  CHANGES
    * check for heartbleed only if requested
    * hint for DROWN check added
    * error and warning messages have a unique number
    * print warning for trailing spaces in options read from RC-file
    * contrib/gen_standalone.sh: generates working script
    * *.pl and *.om improved for use with contrib/gen_standalone.sh
    * o-saft-lib.pm: initialization of %cfg with dynamic data done in _osaft_init()
    * trace output improved
    * contrib/* more examples added
  NEW
    * --connect-delay implemented
    * --cipher-range=* implemented for +cipher command
    * OSaft/Doc/Glossary.pm, use OSaft::Doc::Rfc
    * contrib/JSON-*.awk
    * o-saft-lib.pm: new cipher-ranges: c0xx, ccxx, ecc
    * +host command (to display host and DNS information) added
    * --exit=WARN implemented
    * --v prints each checked cipher for +cipher
    * more aliases for commands and options added (mainly from testssl.sh)
    * new options: --hint-check and --hint-info

Version: 17.06.17
  BUGFIX
    * counting exitcode for -exitcode corrected
    * reading +commands from RC-FILE
  CHANGES
    * names of +cipher* commands unified
    * cfg{ciphers_openssl} --> cfg{ciphers_local}
  NEW
    * --rc=path/to/RC-FILE added
    * --cfg-cipher=CIPHER=TEXT added
    * +rfc_2818_names implemented
    * +subjectaltnames added (alias)

Version: 17.05.17
  BUGFIX
    * o-saft-lib.pm: missing commands added to need-cipher list
    * --protosnpn=, corrected
    * +selected does not need to check for all ciphers
    * enable ALPN and NPN when testeing for ciphers (+cipher)
    * NET::SSLinfo.pm: passing -alpn and -nextprotoneg option to openssl corrected
  CHANGES
    * missing ciphers and missing cipher descriptions added
    * +info does no onger complain for missing ALPN/NPN functionality
    * NET::SSLinfo.pm: checks improved to detect handshake fail for HTTPS
    * NET::SSLinfo.pm: ::next_protos replaced by ::alpn_protos and ::npn_protos
    * check and warning messages for available functionality improved
  NEW

Version: 17.04.17
  BUGFIX
    * NET::SSLinfo.pm: avoid "Segmentation fault" when connection fails
    * NET::SSLinfo.pm: pass errors from openssl to caller (simple workaround)
    * label texts corrected for modulus_size_oldssl and modulus_exp_oldssl
    * print correct OpenSSL version for +version
    * do not load NET::SSLinfo for +cipherraw
    * o-saft-lib.pm: +lucky13 requires a cipher check: added to list * 'need-cipher'
  CHANGES
    * NET::SSLinfo.pm: %_OpenSSL_opt and s_client_*() for openssl capabilities * implemented
    * NET::SSLinfo.pm: internal method _stcmd improved
    * o-saft.pl: warning message improved if connection without SNI fails
    * o-saft.pl: --ignore-no-reply option added for more proper +heartbleed check
    * o-saft.pl: +modulus_exp_size renamed to +modulus_exp_oldssl
    * o-saft.pl: +modulus_size renamed to +modulus_size_oldssl
    * o-saft.pl: -trace-time improved
    * o-saft.pl: +npn renamed to +hasnpn; label texts adapted
    * o-saft-lib.pm: @npn renamed to cfg{next_protos}; cfg{usealpn} and cfg{usenpn} added
    * documentation improved
    * _load_modules(), _check_versions(), _check_methods() implemented
  NEW
    * NET::SSLinfo.pm: new function _ssleay_ssl_np() to set ALPN and NPN option
    * NET::SSLinfo.pm: do_ssl_new() and do_ssl_free() implemented
    * --ssl-error --ssl-error-max --ssl-error-timeout implemented
    * o-saft.pl: +alpn and +npn implemented
    * o-saft.pl: remove leading spaces for options when reading .o-saft.pl
    * o-saft.pl: better checks for ancient perl modules; documentation improved
    * .o-saft.pl: new command +fingerprints
    * o-saft.tcl: --load=FILE option implemented

Version: 17.03.17
  BUGFIX
    * bugfix: remove eading spaces in some values
    * Net::SSLeay.pm: set NPN option when used with sockets
    * "use of uninitialized value" at _useopenssl() call
    * assume CGI mode with --cgi-exec
    * better check of cfg{ca_path} (avoid uninitialized value)
    * wrong ca_path instead of ca_paths in trace output
    * don't complain "need Time::Local module for this check"
  CHANGES
    * +ocsp (check) command renamed to +ocsp_uri
    * +ocsp-subject-hash +ocsp-public-hash
    * o-saft-man.pm: HTML generated by --help=cgi improved
    * o-saft-man.pm: improved for --help=cgi (Full GUI)
    * o-saft-man.pm: improved for --help=cgi (Simple GUI)
    * Net::SSLinfo::::protocols renamed to ::next_prots
    * check withh --yeast-data improved
    * better check for Time::Local
    * +version reports information about Time::Local
    * documentation for options improved
  NEW
    * +ocsp (in .o-saft.pl)
    * +fingerprint_sha2
    * osaft.pm: @npn - list for NPN added
Version: 17.01.17
  BUGFIX
    * avoid useless data checks for +info command
    * no heartbleed check for +info
    * output format for +ocspid corrected
    * Net::SSLinfo.pm: parsing and extracting data for ocsp* corrected
    * Net::SSLinfo.pm: ocspid fully returned (workaround for openssl problem with "x509 -ocspid")
    * +selfsigned returns correct value (yes) if not self signed
    * +fingerprint_type returns type without additional strings
    * using path for --ca-path corrected
  CHANGES
    * --exitcode counts weak ciphers and protocols also
    * .o-saft.pl: documentation improved
    * +fingerprint_sha is alias for +fingerprint_sha1
  NEW
    * options --exitcode-no-* implemented
    * options --file-sclient= and --file_pem= added
    * +fallback_protocol implemented
    * options -CAfile and -CApath (as alias) added

Version: 16.12.16
  BUGFIX
    * processing commands and options improved (more variations allowed)
    * avoid crash if IO::Socket::SSL::get_sslversion() is missing
    * close and open socket if SSL connection failed
    * avoid "Segmentation fault" when X509 data is missing
    * avoid "Segmentation fault" when $x509 is empty or undef
  CHANGES
    * checking for (default) selected cipher improved
    * better error handling if connection to target fails
    * o-saft-man.pm: layout for +help=* commands improved
    * o-saft-dbx.pm: print exitcode with --trace only
    * Net::SSLinfo.pm: set user-specified timout for TCP and SSL connection
  NEW
    * +fingerprint-sha2 implemented
    * +cipher-default implemented
    * --rc option implemented
    * --socket-reuse added and implemented
    * o-saft.tcl: STDOUT button added
    * contrib/zap_config.xml added

Version: 16.11.16
  BUGFIX
    * avoid perl warning when checking certificate dates
    * better check for ext_crl and ocsp_uri (avoid perl warnings)
    * osaft.pm: regex->TR-02102  corrected
    * .o-saft.pl: cmd-info should not contain selected
  CHANGES
    * o-saft-man.pm: description for TR-02102-2 (2016-01) instead of TR-02102-2 (2013-01)

Version: 16.11.14
  BUGFIX
    * Net::SSLinfo.pm: avoid "Segmentation fault" if $x509 is empty or undef
    * avoid "Use of uninitialized value ..." in some rare cases
    * *ARIA-* cipher descriptions improved
  CHANGES
    * Net::SSLinfo.pm: support modern Net::SSLeay::CTX_* methods
    * Net::SSLinfo.pm: better check if X509 certificate data is available
    * Net::SSLinfo.pm: test_ssleay -> ssleay_test
  NEW
    * Net::SSLinfo.pm: new ssleay_methods()

Version: 16.09.29
  BUGFIX
    * avoid "Use of uninitialized value ..." for $version::VERSION (see issue 51)
    * PSK-* cipher descriptions improved; PSK-* cipher descriptions improved
    * check for CN improved (DV and EV certificates)
    * contrib/.o-saft.tcl: syntax error corrected
    * some regex non-capturing groups corrected (parsing options only)
  CHANGES
    * commands for cipher checks unified (+*_cipher); alias commands added
    * check for CRIME improved (SPDY/3 is vulnerable)
    * Net/SSLinfo.pm: sequence for "nextprotoneg" reversed (weakest first)
  NEW
    * searching documentation improved
    * return exit status for checks with result with option --exitcode
    * +cnt_checks_no and +cnt_checks_yes implemented
    * +cbc_cipher and +des_cipher command added
    * ARIA ciphers descriptions added
    * cfg(TKPOD) added (external viewer for POD files)

Version: 16.09.16
  BUGFIX
    * filter scripts contrib/* adapted to new formats; print all lines
  CHANGES
    * files removed: generate_ciphers_hash, openssl_h-to-perl_hash, INSTALL-devel.sh
  NEW
    * INSTALL.sh

Version: 16.08.01
  BUGFIX
    * print warning if OPENSSLDIR is missing (see https://github.com/OWASP/O-Saft/issues/29 )
    * remove trailing path when compareing FQDNs
    * output for --legacy=compact corrected (bug since 1.407)
    * handle arguments after --trace option correctly
    * don't call openssl if not available
    * avoid "uninitalited value" in checks if no certificate data is available
  CHANGES
    * --v print performed cipher checks
    * better check of required versions; warning messages unified
    * o-saft-man.pm: "Using outdated modules" section added; documentation improved
  NEW
    * o-saft.tcl: quick access for O-Saft options added
    * Net::SSLinfo.pm: detect more SPDY protocols (h2c,npn-spdy/2) and X-Firefox-Spdy

Version: 16.08.01
  BUGFIX
    * handle missing data in .o-saft.tcl properly
    * bugfix: on some Mac OS X tk_getSaveFile has no -confirmoverwrite option
  CHANGES
    * use IO::Socket::SSL without version, but warn if not sufficient
    * o-saft.tcl: layout improved
  NEW
    * Sweet32 implemented and added to glossar
    * HEIST added to glossar

Version: 16.06.01
  BUGFIX
    * check for supported ciphers uses full match
    * parsing X509 data improved (avoids: Use of uninitialized value ...)
    * missing host and port parameter added in some check* functions added
    * +sts_maxage0d checks corrected (check if STS reset aka max-age=0)
    * o-saft.tcl: do not set tooltip if fontchooser misses
    * do not print Cipher Summary for legacy formats
    * print selected ciphers from --legacy=format only once
    * allow mixed case in customized texts (--cfg-*= options)
    * --legacy=sslscan without perl warnings
    * some texts corrected in o-saft.tcl
  CHANGES
    * o-saft.tcl: better detection of section header lines in help
    * o-saft.tcl: context sensitive help buttons
    * o-saft.tcl: hash-bang line improved
    * o-saft-README disabled as most people are not willing to read it
    * critic.sh: check for potential repository files and skipp check for them
  NEW
    * Sweet32 implemented and added to glossar
    * HEIST added to glossar
    * new commands can be added with --cfg-cmd=*
    * +hsts_httpequiv +hsts_preload added
    * o-saft.tcl: home, back, next button added

Version: 16.05.10
  BUGFIX
    * print properly aligned text for --help=cfg-*
    * output for "Total number of checked ciphers" corrected
    * +ciphers command honors --legacy option
    * avoid perl warning "Argument isn't numeric" when getting bits of a cipher
  CHANGES
    * --help=* simplified (formal change)
    * printing of internal data with --help=* simplified and unified
    * --cfg-* settings improved
    * print Hint for +renegotiation check
    * Net::SSLinfo.pm: new variables: starttls and proxy*
  NEW
    * --help=hint implemented
    * --hint and --no-hint implemented
    * man_alias() implemented for --help=alias
    * man_pod() implemented for --help=gen-pod
    *

Version: 16.04.14
  CHANGES
    * %cfg no defined in osaft.pm only
    * use !!Hint instead of **Hint
    * description for compliance checks improved
  NEW
    * +crl_valid, +ocsp_valid: check if CRL and OSCP from certificate are valid
    * +rfc7525 implemented
    * contrib/.o-saft.tcl

Version: 16.04.02
  CHANGES
    * perlcritic: eval, grep with block form
    * perlcritic: use lexical loop iterator
    * documentation improved
    * o-saft.tcl: table of content improved for help
    * o-saft.tcl: don't show button for empty configuration window
  NEW
    * --checks implemented (compatibility with TLS-Check.pl)
    * osaft_sleep() as wrapper for IO::select added
    * +sts_expired added: STS max-age < certificate's validity
    * new options --starttls-phase* and --starttls-error*
    * contrib/critic.sh added

Version: 16.03.30
  BUGFIX
    * Net/SSLinfo.pm: prototypes for do_openssl() and do_ssl_open() corrected
    * Net/SSLhello.pm: constants added; $me* variables removed
    * Net/SSLhello.pm: setting _trace variable in version() removed
  NEW
    * Net/SSLinfo.pm: dummy function net_sslinfo_done() added
    * Net/SSLhello.pm: dummy function net_sslhello_done() added

Version: 16.03.27
  CHANGES
    * o-saft.pl: configuration moved to osaft.pm
  NEW
    * +drown check for DROWN attack vulnerability

Version: 16.03.26
  CHANGES
    * o-saft.pl: configuration moved to osaft.pm

Version: 16.03.16
  BUGFIX
    * duplicate hint message for +quit corrected
  CHANGES
    * o-saft-dbx.pm: _yeast_args() improved
    * o-saft-man.pm: Program Code documentation improved
    * o-saft-man.pm: typos corrected and more glossar
  NEW
    * o-saft-man.pm: hint to check Net::SSLeay methods added to INSTALLATION
    * --slow-server-delayand --sni-toggle added

Version: 16.01.16
  BUGFIX
    * duplicate hint message for +quit corrected
  CHANGES
    * most configuration now in osaft.pm
  NEW
    * experimental: SLOTH check
    * contrib/bunt.pl: postprocess script to colourize shell output
    * contrib/bunt.sh: postprocess script to colourize shell output

Version: 30.12.15
  BUGFIX
    * do not print cipher summary if no ciphers were checked
    * --help=wiki prints wiki list items with leading : (colon)
    * pretty-print path in output for +version
  CHANGES
    * USAGE improved; no more +cipher as default command
    * checking DH parameters simplified
    * +version prints path of included (use) module
    * _trace_1arr() renamed to _trace_cmd()
    * INSTALLATION section improved
    * help: SECURITY section moved to top
    * collect *ARG* variables in %cfg for debugging
    * o-saft_bench: output format improved; accept host as parameter
  NEW
    * description for some more CHACHA cipher suites added
    * --exit=* for debugging implemted
    * --trace-me and --trace-not-me implemented
    * +cipher-sh implemented
    * o-saft-man.pm: INSTALLATION section

Version: 15.12.15
  BUGFIX
    * some command aliases corrected
    * label for protocols corrected
  CHANGES
    * report ciphers with DH parameters if possible
    * description of compatibility options improved
  NEW
    * description for KCI and Invalid Curve Attack
    * new options --format=0x and --format=\x
    * more command aliases

Version: 15.11.15
  BUGFIX
    * o-saft-dbx.pm: avoid infinite loop for trace>2
  CHANGES
    * avoid warning if protocol disabled: cannot get default cipher
    * warning if openssl does not return DH parameters
    * checking DH paramters improved
    * workaround to avoid perl (Net::SSLeay) warnings for unsupported protocols
  NEW
    * --help=error --help=warning --help=problem added

Version: 15.10.15
  BUGFIX
    * Net::SSLinfo.pm: call Net::SSLeay::CTX_set_ssl_version() corrected
    * Net::SSLinfo.pm: alpn(), next_protocol() added
    * Net::SSLinfo.pm: handling of hex conversion on poor 32-bit systems improved
    * o-saft.tcl: quick & dirty fix to simplefy startup on Mac OSX
  CHANGES
    * o-saft.pl: checking protocols (and default) cipher improved
    * o-saft-dbx.pm: debug output improved
    * o-saft.tcl: layout improved
    * Net::SSLinfo.pm: more alternate protocols
  NEW
    * --linux_debug and --slowly option (passed to Net::SSLeay)
    * o-saft.pl: print hint about using +cipherall
    * o-saft.tcl: new Filter TAB; more filter rules
    * o-saft.tcl: more verbose output added

Version: 15.09.15
  CHANGES
    * output for +version improved
    * use perl constants for some strings in o-saft.pl
    * o-saft.tcl improved
    * respect --no-header option for output of --help=*
    * documentation, glossar improved
  NEW
    * new command  +help=ourstr  to print regex for matching own strings
    * logjam implemented

Version: 15.06.19
  BUGFIX
    * handle checks for EC public keys correctly
    * DTLSv09 is 0x0100
    * missing shorttexts added
    * support serial number in hex format; use Math::BigInt if necessary
    * check for +sernumber corrected
  CHANGES
    * all o-saft-*.pm print help if called by themselfs
  NEW
    * dh_parameter implemented
    * detect id-ecPublicKey as known and good encryption
    * support public key with EC parameters
    * DTLSv1x added (experimental)
    * +modulus_exp_size +modulus_size and +pub_encryption implemented

Version: 15.06.09
  BUGFIX
    * setting of path for CAs corrected (when --openssl=Tool is used)
    * using --openssl=TOOL corrected
  CHANGES
    * use VERSION as string constants
    * using string constants
  NEW
    * _yeast_prot() implemented in o-saft-dbx.pm
    * +session_protocol added to +protocols
    * +session_protocol +session_timeout added
    * improved +version

Version: 15.05.15

Version: 15.04.15
  CHANGES
    * o-saft.tcl markup for help text improved
    * support proxy and STARTTLS (no longer experimental)
  NEW
    * prepared for RFC 7525 check

Version: 15.04.05
  CHANGES
    * some texts for compliance texts changed
  NEW
    * --ignore-{cmd,output, --no-{cmd,output} implemented

Version: 15.04.04
  CHANGES
    * o-saft-dbx.pm: added $cfg{'ignore-out'}

Version: 15.04.02
  BUGFIX
    * check for wildcards in certificate's CN also


Version: 15.01.07
  BUGFIX
    * avoid huge memory consumtion (fix for issue/39)
  CHANGES
    * command line parsing improved
  NEW
    * new files in contrib/

Version: 14.12.07
    * new tarball

Version: 14.11.23
  BUGFIX
    * text for checks{hostname} corrected (check was ok, but proided text not accurate)
  CHANGES
    * cipherrange vor SSLv2 improved
  NEW
    * pass --mx option to SSLhello
    * pass --starttls-delay=SEC option to SSLhello
    * Net::SSLinfo hostname for SNI can be specified in $Net::SSLinfo::use_SNI
    * --sni-name=NAME added

Version: 14.11.22
  BUGFIX
  CHANGES
    * o-saft-man.pm: generating various formats improved
  NEW
    * new check: Certificate private key signature is SHA2
    * .o-saft.pl new check sha2signature added to +check and +quick

Version: 14.11.21
  BUGFIX
    * missing useecc parameter passed to Net::SSLhello
    * --h same as --help
    * better handling of results for +sigkey_algorithm
  NEW
    * --use-ec-point option passed to Net::SSLhello

Version: 14.11.20
  CHANGES
    * get VERSION for --help from caller
  NEW
    * o-saft-man.pm

Version: 14.11.19
  CHANGES
    * documentation improved
  NEW
    * o-saft-man.pm

Version: 14.11.18
  CHANGES
    * markup in documentation improved

Version: 14.11.17
  BUGFIX
    * check version mismatch

Version: 14.11.16
  CHANGES
    * beast-default removed

Version: 14.11.15
  NEW
    * --help=opt and --help=options implemented

Version: 14.11.14
  NEW
    * check for Poodle attack
    * --trace-time implemented
    * o-saft-dbx.pm: trace command prints timestamp for --trace-time
    * options for +cipherraw command documented
  BUGFIX
    * --showhost  print host:port
    * keys in internal hashes in lower case letters
    * .o-saft.pl: duplicate commands in -cfg_cmd=check removed
  CHANGES
    * _yeast_init() prints SSL versions to be checked with --v
    * .o-saft.pl: list of commands for +quick improved

Version: 14.10.12
  NEW
    * --cipherrange=shifted

Version: 14.07.27
  CHANGES
    * formal changes

Version: 14.07.26
  BUGFIX
    * @INC set in BEGIN{}

Version: 14.07.25
  CHANGES
    * using (require) modules and files simplified; documentation improved
    * warnings unified and improved
    * o-saft-usr.pl: usr_version() and usr_pre_init() added; formal (name) changes
  NEW
    * +TLS_FALLBACK_SCSV added
    * +VERSION implemented

Version: 14.07.18
  CHANGES
    * +ciphers and +list command improved (handle different output formats)

Version: 14.07.17
  BUGFIX
    * corrected output (counts) for command  +list --v
  CHANGES
    * cipher descriptions improved; missing descriptions added
    * print version mismatch (openssl vs. Net::SSLeay)
    * lazy commands added

Version: 14.07.16
  BUGFIX
    * avoid uninitialized value and WARNING messages for some commands
  CHANGES
    * options -v and -V improved
    * formal changes

Version: 14.07.15
  BUGFIX
    * avoid uninitialized value in +list command

Version: 14.07.14
  CHANGES
    * cipher descriptions improved; security and score qualification adapted

Version: 14.07.07
  CHANGES
    * check for low memory
    * backticks replaced by qx()

Version: 14.06.30
  CHANGES
    * TECHNICAL INFORMATION added
  NEW
    * --starttls=PROT added (experimental)
    * --ssl-maxciphers added

Version: 14.06.16
  BUGFIX
    * printing warnings enabled
  CHANGES
    * --experimental option added

Version: 14.06.15
  CHANGES
    * formal changes

Version: 14.06.14
  BUGFIX
  CHANGES
    * printmediawiki() moved to o-saft-usr.pm::usr_printwiki()
    * commands unified: +gen-html +gen-wiki +gen-cgi

Version: 14.06.13
  BUGFIX
    * bugfix: parsing --trace (without argument) corrected (bug since 14.06.08)
    * honor --noSSL options for +cipherraw command
  CHANGES
    * improvements for CGI usage; internal option --cgi-exec
    * formal changes in documentation

Version: 14.06.12
  CHANGES
    * avoid error messages when gethostbyaddr() fails

Version: 14.06.11
  CHANGES
    * store all --usr* options and arguments in $cfg{'usr-args'}

Version: 14.06.10
  BUGFIX
    * avoid perl's uninitalized value after GET request
    * +cipher and cipherraw (commnad line parsing) corrected
    * no SNI for SSLv3 with +cipherraw

Version: 14.06.08
  CHANGES
    * --no-rc option added
    * scanning options and arguments from command line simplified and improved
  NEW
    * --help=range implemented
    * +quit command implemented

Version: 14.06.07
  CHANGES
    * -ssl-* options for +cipherraw command added; check with and without SNI for +checkraw

Version: 14.06.05
  CHANGES
    * +version improved (print more informations about Net::SSLeay)

Version: 14.06.04
  BUGFIX
    * bugfix: print usage with correct script name

Version: 14.06.01
  NEW
    * --cipherrange=RANGE implemented; +cipherall supports full range

Version: 14.05.31
  CHANGES
    * print $Net::SSLhello::VERSION with --trace and --version

Version: 14.05.27
  BUGFIX
    * using scalar() instead of length() for array

Version: 14.05.26
  NEW
    * --help=wiki implemented

Version: 14.05.25
  CHANGES
    * avoid some check warnings for +cipherall

Version: 14.05.24
  NEW
    * --no-md5-cipher implemented (avoids some error messages)

Version: 14.05.23
  BUGFIX
    * avoid some checks and connections if not required by given command

Version: 14.05.22
  CHANGES
    * better compatibility to ssldiagnose.exe
    * compatibility ssl-cert-check, THCSSLCheck
  NEW
    * +constraints check implemented
    * --protocol SSL implemented; better compatibility to ssldiagnose.exe
    * --printavailable as alias for +ciphers

Version: 14.05.21
  BUGFIX
    * +ciphers command re-enabled

Version: 14.05.21
  NEW
    * +tlsextensions implemented

Version: 14.05.20
  CHANGES
    * +ext_* commands enabled
    * more TLS extensions added

Version: 14.05.17
  BUGFIX
    * parsing command line argunents improved

Version: 14.05.16
  CHANGES
    * output for --legacy=compact improved

Version: 14.05.15
  CHANGES
    * output for --tracecmd improved
    * output for --no-http improved
    * passing options and arguments to openssl improved

Version: 14.05.14
  CHANGES
    * detect more TLS extensions; +heartbeat and --no-tlsextdebug implemented

Version: 14.05.13
  NEW
    * prepared for TLSv1.3

Version: 14.05.12
  NEW
    * +cipherall implemented with Net/SSLhello.pm; ALPHA version!
    * Net/SSLhello.pm

Version: 14.05.11
  CHANGES
    * some missing cipher descriptions added

Version: 14.05.10
  BUGFIX
    * "None" values are mainly treated as "no" for checks

Version: 14.05.09
  BUGFIX
    * setting default +cipher command corrected if no command given
    * bugfix: avoid "Broken Pipe" if connection fails

Version: 14.05.08
  BUGFIX
    *
  CHANGES
    * o-saft-dbx.pm: _yeast_init() improved

Version: 14.05.07
  BUGFIX
    * missing descriptions for KRB5* ciphers added

Version: 14.05.07
  CHANGES
    * print warning for invalid command combinations (defense, user-friendly programming)

Version: 14.05.06
  NEW
    * --ssl-lazy option implemented

Version: 14.05.05
  NEW
    * --no-warning implemented

Version: 14.04.28
  NEW
    * +cipherall ALPHA version implemented

Version: 14.04.27
  CHANGES
    * more _trace*() functions added

Version: 14.04.26
  NEW
    * --proxy* options added (but no functionality)

Version: 14.04.24
  BUGFIX
    * output corrected for  --showhost --legacy=full
  CHANGES
    * improved path settings for windows

Version: 14.04.10
  NEW
    * +heartbleed implemented

Version: 14.02.17
  BUGFIX
    * +sts implies --http
    * +sts command re-implemented

Version: 14.02.01
  BUGFIX
    * use SNI if possible for cipher checks (+cipher command)
  CHANGES
    * +version improved
  NEW
    * --force-sni added

Version: 14.1.31
  CHANGES
    * code cleanup

Version: 14.1.30
  CHANGES
    * --cipher no longer alias for +cipher so we can support "--cipher CIPHER" option

Version: 14.1.29
  CHANGES
    * code cleanup for checkciphers()
    * check Net::SSLeay::cipher_local() can return array
    * check Net::SSLeay::VERSION < 1.49

Version: 14.1.28
  CHANGES
    * +default can get cipher using openssl

Version: 14.1.27
  BUGFIX
    * parsing options and commands improved
  CHANGES
    * documentation improved
    * +quick command uses common output format (instead of --legacy=quick)

Version: 14.1.26
  CHANGES
    * typos documentation corrected
  NEW
    * --call=METHOD implemented

Version: 14.1.25
  CHANGES
    * allow --exe-path=PATH and --lib-path=PATH
    * --lib= and --exe= can be used multiple times
    * debugging improved; _yeast_args() added; _yeast_init() improved

Version: 14.1.24
  CHANGES
    * allow --exe-path=PATH and --lib-path=PATH
    * --lib= and --exe= can be used multiple times
    * debugging improved; _yeast_args() added; _yeast_init() improved

Version: 14.1.23
  BUGFIX
    * +pfs command enabled
  CHANGES
    * SSL protocol options (SSL version, cipher list) improved
    * collecting SSL information improved
  NEW
    * commands +options +sslversion +cert_type +error_verify +error_depth

Version: 14.1.22
  BUGFIX
    * +default command enabled
    * avoid uninitialized value
  CHANGES
    * set SSL protocol version for connections
    * Net::SSLinfo::do_ssl_close() with version list parameter

Version: 14.1.21
  NEW
    * existing socket for connection can be provided with $Net::SSLinfo::socket
    * usr_pre_open() added

Version: 14.1.12
  UPDATE
    * get list of ciphers improved: cipher_list() uses Net::SSLeay::new() to get list of ciphers
  NEW
    * new sub usr_pre_info() in o-saft-usr.pm

Version: 14.1.4
  BUGFIX
    * bugfix: regex for pubkey_value on windows
    * bugfix: empty len_public_key and len_sidump on windows corrected
  UPDATE
    * documentation improved

Version: 14.1.3
  BUGFIX
    * bugfix: avoid perl warning for +cipher
    * bugfix: avoid perl warning in Net::SSLinfo::do_openssl()

Version: 14.1.2
  BUGFIX
    * bugfix: avoid perl warning in Net::SSLinfo::do_openssl()

Version: 14.1.1
  NEW
    * option --win-CR implemented

Version: 13.12.31
  BUGFIX
    * bugfix: separator in output for --trace-corrected
    * bugfix: no checks for master_key and session_id to avoid perl warnings
    * bugfix: initialization of check values corrected
  UPDATE
    * Net::SSLeay initialization inside BEGIN{}
    * use Net::SSLeay::set_tlsext_host_name() for SNI

Version: 13.12.30
  BUGFIX
    * check for +ev improved
  NEW
    * +dv command and checks added

Version: 13.12.29
  BUGFIX
    * bugfix: missing \n added when printing checks with --legacy=full
  UPDATE
    * check for CN= in checkev()
    * +ev improved
    * special handling for +ev removed (use --legacy=full now)

Version: 13.12.28
  NEW
    * +chain_verify command added
    * documentation according +verify, +selsigned added

Version: 13.12.27
  NEW
    * options --ca-file  --ca-path --ca-depth implemented

Version: 13.12.26
  BUGFIX
    * print hostname correctly with --showhost
    * reset checks when multiple hosts are given
    * --tracekey and --showhost was missing for +check

Version: 13.12.25
  NEW
    * --usr option for o-saft-usr.pm implemented
    * new file o-saft-usr.pm

Version: 13.12.24
  NEW
    * --tab option added
    * contrib file

Version: 13.12.21
  UPDATE
    * --help=cfg_{check,data,text} and --cfg_{check,data,text}= implemented the same way

Version: 13.12.20
  UPDATE
    * don't read external files in CGI mode

Version: 13.12.19
  UPDATE
    * formal changes
    * --yeast implemented to call _yeast_data()
    * _yeast_data() improved; documentation improved in o-saft-dbx.pl
    * don't read external files in CGI mode

Version: 13.12.18
  UPDATE
    * --cfg_* configuration options implemented
    * CUSTOMIZATION description added

Version: 13.12.17
  UPDATE
    * samples to redefine texts in Deutsch added in .o-saft.pl
    * --cfg_text* implemented
    * print internal data with --help=* simplified
    * --set-score renamed to --cfg_score
Version: 13.12.16
Version: 13.12.15
  BUGFIX
    * (issue 16) define $_timeout variable when missing (Mac OS X problem)
    * reading score values from files corrected; allow + in score settings
  UPDATE
    * get subject_hash and issuer_hash from Net::SSLeay
    * commands issuer and issuer_hash added to --cfg_cmd-info in .o-saft.pl
  NEW
    * +chain to retrive Certificate Chain implemented
    * +protocols to retrive supported protocols by target (requres openssl
      with -nextprotoneg support)

Version: 13.12.14
  NEW
    * Serial Number <= 20 octets (RFC5280, 4.1.2.2. Serial Number)
    * new commands len_sernumber and sernumber added to --cfg_cmd-check in .o-saft.pl

Version: 13.12.13
  UPDATE
    * documentation improved (better English)

Version: 13.12.12
  BUGFIX
    * error handling for DNS corrected (if something failed)
    * no scoring for +info (avoids some "unitialised" warnings too)
    * avoid some warnings with --cmd-* in .o-saft.pl
    * reverse hostname computation corrected
    * --cfg_cmd-check withoud valid command in .o-saft.pl
  NEW
    * --cfg_cmd-quick added in .o-saft.pl

Version: 13.12.11
  BUGFIX
    * STS check corrected
  UPDATE
    * +http improved
    * huge code cleanup; checks improved; scoring now in sub scoring()
    * Net/SSLinfo.pm: hsts_pins renamed to https_pins; hsts renamed to https_sts
  NEW
    * o-saft-README file implemented
    * o-saft-dbx.pm with functions for debug, trace and verbose output
    * .o-saft.pl as local resource file implemented
    * --cfg_text-*  and --cfg_cmd-* options implemented

Version: 13.12.09
  UPDATE
    *  duplicate messages removed

Version: 13.12.08
  BUGFIX
    * bugfix: check for renegotiation and resumption corrected
  UPDATE
    * --no-header avoids printing most formating lines

Version: 13.12.07
  BUGFIX
    * --showhost works for +check too
    * checks corrected if --no-http was used
    * checks improved  if --no-cert was used
    * bugfix: missing (..) added in sub checkhttp
  UPDATE
    * code cleanup and simplified, all %check_* --> %checks
    * documentation improved
  NEW
    * --help=cmd, --help=commands, --help=intern

Version: 13.11.30
  UPDATE
    * _yeast_data() implemented; documentation improved for o-saft-dbx.pm
    * cleanup for texts

Version: 13.11.29
  BUGFIX
    * some warnings (perl -w) corrected (for --no-cert option)
  UPDATE
    * code cleanup for checkssl()
    * output for +check sorted
    * output improved for --no-cert option

Version: 13.11.28
  UPDATE
    * check hostname vs. certificate name improved

Version: 13.11.27
  UPDATE
    * omit cipher checks if protocoll not supported for BSI TR-02102

Version: 13.11.26
  BUGFIX
    * better extraction of certificate extensions details
  NEW
    * check invalid characters in extensions added

Version: 13.11.25
  BUGFIX
    * checks for CRL, OCSP corrected;
    * missing EV checks for AIA, CRL and OCSP added
    * ouput of certificate extensions corrected
  NEW
    * commands for details of certificate extensions added
      ext_authority, ext_cps, ext_crl, ...

Version: 13.11.23
  NEW
    * +extensions implemented; --header, --no-header implemented

Version: 13.11.22
  BUGFIX
    * print cipher totals for all versions; some texts unified

Version: 13.11.21
  BUGFIX
    * "Given hostname is same as reverse resolved hostname" ccorrected
    * check for wildcards in TR-02102-2 compliance corrected
    * +info--v command fixed; _dump() call
  UPDATE
    * texts and output layout unified; prepared for configurable texts
    * debug, trace and verbose functions are emty stubs, now in o-saft-dbx.pm
  NEW
    * o-saft-dbx.pm with functions for debug, trace and verbose output

Version: 13.11.20
  UPDATE
    * texts and output layout unified; prepared for configurable texts
    * certificate's date checks improved

Version: 13.11.19
  BUGFIX
    * some warnings (perl -w) corrected
    * perl warnings fixed for +version command
  UPDATE
    * --trace command improved
    * function calls unified
    * using temporary variables for better (human) readability
  NEW
    * --trace=VALUE implemented; --trace-cmd implemented

Version: 13.11.18
  UPDATE
    * function calls unified
    * using temporary variables for better (human) readability

Version: 13.11.17
  BUGFIX
    * missing labels in output added
    * +bsi does not inhibit other checks
    * +quick with more check (got lost with implementation of +bsi)
  UPDATE
    * some labels in output improved
    * +quick improved with labels

Version: 13.11.16
  UPDATE
    * missing security flag for some ciphers added; documentation improved

Version: 13.11.15
  UPDATE
    * RC4 ciphers degraded as weak

Version: 13.11.14
  UPDATE
    * documentation and glossar improved

Version: 13.11.13
  NEW
    * compliance check: BSI TR-02102 implemented; command +bsi

Version: 13.11.12
  UPDATE
    * glossar improved

Version: 13.11.11
  BUGFIX
    * parsing altname in certificate corrected
  UPDATE
    * +sts alias for +hsts
  NEW
    * check for RC4 implemented

Version: 13.10.22
  UPDATE
    * retrive target data for: krb5 psk_hint psk_identity srp master_key session_id session_ticket

Version: 13.10.20
  BUGFIX
    * connecting with openssl improved for openssl 1.0.1.e
  UPDATE
    * --v honored in various modes
    * --format=hex  includes +fingerprint
  NEW
    * reading options and arguments from rc-file implemented

Version: 13.10.19
  BUGFIX
    * more improvements for perl's -w
    * Net::SSLinfo::do_openssl() uses optional $data parameter; code improved

Version: 13.10.18
  BUGFIX
    * bugfix: variable syntax corrected; more improvements for perl's -w

Version: 13.10.17
  BUGFIX
    * code improved for perl's -w

Version: 13.10.16
  BUGFIX
    * syntax improved for ActivePerl
  UPDATE
    * INSTALLTION part added to README file

Version: 13.10.14
  BUGFIX
    * --cmd=quick is same as +quick
    * --help=checks instead of --help=check

Version: 13.10.11
  BUGFIX
  UPDATE
    * --v honored in various modes
    * --format=hex  includes +fingerprint
  NEW
    * description for CIPHER NAMES

Version: 13.09.29
  BUGFIX
    * check --envlibvar= option
    * +cipher command corrected
  UPDATE
    * fomal code changes in checkciphers()
  NEW
    * --force-openssl implemented to use openssl for cipher checks

Version: 13.09.28
  BUGFIX
    * s_client command corrected
    * PFS check label text corrected
    * Net::SSLinfo::do_openssl() supports ciphers command correctly
  NEW
    * EV-SSL checks implemented
    * +subject_ev implemented

Version: 13.09.27
  UPDATE
    * minor changes of output texts
  NEW
    * --format=hex implemented

Version: 13.09.25
  UPDATE
    * regex and check for compliance and attacks improved

Version: 13.09.16
  BUGFIX
    * label for EDH check corrected
    * RegEx ADHorDHA and DHEorEDH corrected
  UPDATE
    * glossar improved
  NEW
    * --format=raw implemented

Version: 13.09.15
  BUGFIX
    *  +list command exits
  NEW
    * check  for CRIME implemented

Version: 13.09.14
  BUGFIX
    * BEAST check for default cipher corrected

Version: 13.09.13
  UPDATE
    * documentation improved
    * huge amount of code cleanup (no change of functionality)

Version: 13.09.12
    not released

Version: 13.09.11
  BUGFIX
    * reverse hostname lookup corrected; now prints list
    * print host (target) information before doing checks
  UPDATE
    * be greedy to allow +BEAST, +CRIME, etc.
    * cipher names are prependet by SSL version in +check output
    * documentation (COMMANDS, OPTIONS) improved
    * legacy option improved
  NEW
    * -no-dns implemented (workaround for '<gethostbyaddr() failed>)
    * %cfg{regex} added

Version: 13.09.10
  BUGFIX
    * output for some legacy formats corrected (sslscan, ssltest, sslyze)
    * print correct SSL version for ciphers in results
    * legacy option --no-failed corrected
  UPDATE
    * Glossar improved

Version: 13.09.09
  BUGFIX
    * +cipher command corrected

Version: 13.09.08
  NEW
    * --cipher= allows other names;  _find_cipher_name() implemented

Version: 13.09.07
  BUGFIX
    * --short texts corrected
  UPDATE
    * scoring improved
    * documentation improved
  NEW
    * +quick  command for quick and simple check
    * +http   command for HTTP(S) checks
    * --legasy=testsslserver  implemented

Version: 13.07.31
  UPDATE
    * debugging and tracing improved
  NEW
    * STS     checks implemented (scoring not yet perfect)
    * PFS     checks implemented
    * --format=raw implemented
    * new commands:  +sigkey_value, +sigkey_algorithm, +sigkey_len

Version: 13.03.31
  BUGFIX
    * avoid useless or wrong output when --no-cert given
  UPDATE
    * glossar
  NEW
    * --http  implemented
    * --set_score implemented
    * --help=LABEL implemented
    * --ignorecase implemented
    * --showhost implemented
    * scoring implemented (first simple attempt)



