GO-2024-2958 vulnerability fix

govuln fix (#71)

Co-authored-by: Aron Csatlos <aron.csatlos@nokia.com>

v1.10.1: oauth2-client-update (#70)

SetOauth2Conf now has a client parameter. You may use nil.

v1.10.0

CA pool allows using system CAs besides the CAs on the path provided. That introduces a minor backward incompatibility at some functions.

The affected functions:

• Generic: NewCertPool
• Server: StartTLS, ListenAndServeMTLS, TLSClientCert
• Client: TLSRootCerts

Note: In case of a server, the role of mTLS is to authorize only certain clients to connect. So enable system CAs only if those are reasonable for auth. For example, under control of the system operator.

v1.9.2

Minor panic fix if client request URL is invalid.

v1.9.1

Added Client.SetOauth2H2(), so that to be able to use http2-prior-knowledge toward Authorization Server. That is normally not needed, as TLS Client Hello ALPN indicates h2 support.

v1.9.0

New:

• NewClientWInterface() to create a client that uses the network interface, such as "eth0".
• NewClientWInterface() to add lambda and tracing data to a new context. Such as a background context of a new goroutine. While the original context may terminate.

v1.8.1

• Dependency updates and related coding fixes.
• Experimental MessagePack support. See client.MsgPack(true). That is fast, at least in theory. In practice the end-to-end benchmarks are not that conclusive. Any feedback welcome at #30.

v1.8.0: oauth2-config-update (#59)

SetClientCredentialAuth() is replaced by more generic SetOauth2Conf(). Using oauth2 libs config. That is a breaking change.

v1.7.6

GetErrBody() added to get HTTP body of a client received error. See docs for details.

v1.7.5

Client's HTTPS() applied to SetClientCredentialAuth() if called beforehand.