Version 1.3.1
-------------
Improvements:
-   Change default number of retries per endpoint to either 1 (multiple
    endpoints) or 2 (1 endpoint).
Bugfixes:
-   Should check whether we have at least one endpoint.

Version 1.3.0
-------------
Improvements:
-   The plugin now checks the internal consistency of the credentials returned
    by the different obligations. If more than one UID is returned or if more
    than one pGID is returned, they should match.
-   Add support for the new interoperability profile obligation
    http://authz-interop.org/xacml/obligation/account
-   Improve profile handling: send attributes for either one or both profiles.
    This can lower the request size.
-   Make sending pilot proxy cert-chain optional using new option
    --send-pilot-cert-chain
    It is only send (and read) when we use the AuthZ interop profile with
    implicit mode and the send option is specified.
-   Also retry if we only have one endpoint in case cURL failed since this might
    be due to a timeout.
-   Log the registered attributes (on LOG_DEBUG).
-   Log the status message (and code) in case of errors.
-   Update man page.
Bugfixes:
-   The plugin did not check the presence of mandatory attributes (only WN
    profile) and appropriate multiplicities for the different obligations.
-   The plugin would incorrectly set the primary GID also as secondary GID.
-   The plugin could break on empty attribute values.
-   The plugin could fail to revert the effective uid if reading the proxy file
    failed.
-   The removal of handled obligations, introduced in 1.2.8, resulted in
    potentially skipping obligations in case of multiple obligations of the same
    type.

Version 1.2.8
-------------
Bugfix:
-   The plugin did not check whether all obligations in the result were
    fulfilled by the obligation handlers. When used with the Argus PEP-API-C
    library 2.3.0 or higher this is now enforced. In case some service sets
    *invalid* obligations that cannot/need not be fulfilled by the C-PEP
    plugin, this check can be overruled using the new
    --override-unhandled-obligations-check flag. This new flag should normally
    NOT be used.

Version 1.2.7
-------------
Improvements:
-   Implement possibility to use multiple endpoints using a configurable
    round-robin strategy:
       round-robin: always start with first endpoint
       round-robin-random-start: start with a randomly chosen endpoint (default)
       random: choose random endpoint each time
    In addition a configurable number of retries per endpoint can be configured.
    New options (see manpage):
	--endpoint-strategy round-robin|round-robin-random-start|random
	--retry <1-9+>
-   Implement log callback for the Argus PEP-API-C library: we now capture both
    the library log information and the cURL output and forward them to the
    LCMAPS log. The former --pep-c-debug, which would log (part of) the debug
    output on stderr, is now deprecated and replaced with a generic
    --pep-c-loglevel option, which can be set to error, warning, info or debug.
-   Lower few log messages to prevent duplicate errors about the same issue
-   Package (empty) BUGS file

Version 1.2.6
-------------
-   Minor fix in use of sysconf() plus clean build on Solaris
-   Code cleanup to fix remaining compiler warnings.

Version 1.2.5
-------------
-   Cleanup of unneeded tests, minor bugfixes.

Version 1.2.4
-------------
-   New configuration option:
        --treat-notapplicable-as-success
    or
	--banning-only-mode
    With this new option set, a 'Not Applicable' result from the Argus server
    will not be interpreted as failure but success. This is necessary when Argus
    is used only for banning, since in that case there will be no matching
    'permit' lines in the Argus policy.


Version 1.2.3
-------------
-   Remove reference to password file.
-   Fix spelling of manpage.


Version 1.2.2
-------------
-   New configuration option:
        --use-pilot-proxy-as-cafile
    With this new option the pilot proxy file in X509_USER_PROXY will also be
    used as if specified with the --cafile option. This is necessary for
    implementations using NSS for the SSL.
-   New configure option --with-ssl-cipher-list=<cipherlist> to set the cipher
    list to be used for the SSL session. When unset no #define is passed.
-   New configuration option:
        --ssl-cipher-list <cipherlist>
    With this new option a sysadmin can specify the cipher list to be used for
    the SSL session.  This feature is required to be used on systems that are
    forced to use a libcurl build against libnss, i.e. Red Hat Enterprise Linux
    6 (and derivatives) and Fedora 12 and up. The same holds true on
    installations have choosen the libcurl dynmically linked to libnss. A
    build-in default is used when this option it not set. The default setting
    is known to be compatible with OpenSSL 0.9.7 though 1.0.x. and GnuTLS.
    When unset, no explicit cipher list is passed to libargus-pep-c (which is
    pushed to the SSL library used by libcurl)


Version 1.2.1
-------------
-   It is now supported to run this plug-in from an SSL- or GSS-based interface
    through LCMAPS. This included Xrootd, Globus gatekeepers, gridftpd and
    gsi-opensshd


Version 1.2.0
-------------
-   Changing the log messages to match the logging method used in LCMAPS version
    1.5.0, which will be using the Syslog native log priority/levels.


Version 1.1.6
-------------
- Fixed and verified: GGUS ticket: 72752. The correct error message is no
  displayed in the log file: "Error: assert failed: setoptions for implicit ssl
  needs X509_USER_PROXY set"

Build methods and install details:
- Rename lcmaps_config.h into lcmaps_c_pep_config.h and update
  AC_LCMAPS_INTERFACE to new-style. Still compatible with older LCMAPS apis.
- The new default install location for the module is $libdir/lcmaps, this was
  $libdir/modules.

To be tested to function properly:
- Argus support for GSS/GSI and STACK_OF(X509)/X509 * LCMAPS interface users,
  like gatekeepers, gridftpd and gsi-opensshd on request by IGE. GGUS: 75568


LCMAPS-plugins-c-pep v.1.1.4:
Really fixed the NFS rootsquashed proxy file reading for GGUS ticket 69332.
The pep_engage() is now enclosed in a privilege drop (and raise) to handle the entire interaction with the Argus PEP C API (and checked).


LCMAPS-plugins-c-pep v.1.1.3:

This version of the LCMAPS-plugins-c-pep introduces the following improvements:
- can build against and work with Argus 1.3.
- can build against OpenSSL 1.0
- is able to read the proxy used for SSL handshake from an NFS partition.

