* Nov 19 2010 Massimiliano Pala <madwolf@openca.org> -Fixed incompatibility with Firefox OCSP stack * Nov 17 2010 Massimiliano Pala <madwolf@openca.org> -Fixed SSL verify routine (allowing for PKI_SSL_VERIFY_NONE) -Fixed IPv6 Hex addresses (eg., [2001::b]) parsing * Nov 16 2010 Massimiliano Pala <madwolf@openca.org> -Added support for IPv6 to PKI_NET_* functions * Nov 8 2010 Massimiliano Pala <madwolf@openca.org> -Updated error messages and error handling (addedd PKI_ERROR()) * Nov 6 2010 Massimiliano Pala <madwolf@openca.org> -Fixed extension management -Enhanced pki-tool support for non-token PKI operations -Fixed OID file management * Sep 7 2010 Massimiliano Pala <madwolf@openca.org> -Added support for URL retrieval from connected PKI_SOCKETs * Sep 2 2010 Massimiliano Pala <madwolf@openca.org> -Added support for cross platform thread creation (PKI_THREAD) -Added support for cross platform mutexes (PKI_MUTEX) -Added support for cross platform locks (PKI_RWLOCK) -Added support for cross platform condition variables (PKI_COND) -Added timeout support to LDAP connections * Aug 30 2010 Massimiliano Pala <madwolf@openca.org> -Added PKI_TOKEN_login() function -Added PKI_TOKEN_check() to retrieve the status of a loaded token -Fixed error in parsing algorithm name for key and token generation * Aug 24 2010 Massimiliano Pala <madwolf@openca.org> -Fixed support for library versioning * Aug 22 2010 Massimiliano Pala <madwolf@openca.org> -Fixed -rpath issue for custom OpenSSL installation (when using non-standard openssl installation path - e.g., for EC/ECDSA support) -Added support for cross-platform threads management (src/pki_threads.c) * Aug 21 2010 Massimiliano Pala <madwolf@openca.org> -Improved OS detection and defines -Added specific support for 64 bits architectures -Added support for non deprecated functions in LDAP (OPENLDAP) -Added support for Windows LDAP API * Jun 29 2010 Massimiliano Pala <madwolf@openca.org> -Fixed a bug in the PKCS#11 object delete -Fixed a bug in the PKCS#11 attribute retrieval -Added possibility to import a keypair in PKCS#11 (RSA) * Jun 27 2010 Massimiliano Pala <madwolf@openca.org> -Added support for OS details within pki.h (LIBPKI_OS_DETAILS) -Added support for endianness recognition * Jun 25 2010 Massimiliano Pala <madwolf@openca.org> -Fixed warnings with -Wall -Werrors -Fixed 64bit problem (int vs size_t) * Jun 22 2010 Massimiliano Pala <madwolf@openca.org> -Fixed correct usage of username and password in HTTP user authentication -Fixed debugging information for PKI_SSL connections -Fixed usage of PKI_SSL in PKI_X509_get(), and PKI_X509_put() -Updated url-tool to support trust settings for SSL-enabled connections * Jun 15 2010 Massimiliano Pala <madwolf@openca.org> -Fixed PKI_SSL trust settings -Fixed redirection support for HTTP/HTTPs code * May 25 2010 Massimiliano Pala <madwolf@openca.org> -Added PKI_SSL to the URL interface -Simplified HTTP/HTTPS code * May 23 2010 Massimiliano Pala <madwolf@openca.org> -Added support for PKI_SSL to manage SSL/TLS connections * May 19 2010 Massimiliano Pala <madwolf@openca.org> - Added safe URL deconding/encoding of PKI_MEM data - Enhanced HTTP support via the new PKI_HTTP data structure and help functions * Mar 25 2010 Massimiliano Pala <madwolf@openca.org> - Fixed RPM generation on Ubuntu - Added HSM_get_errno() and HSM_get_errdesc() functions to manage error messages from the crypto layer * Mar 22 2010 Massimiliano Pala <madwolf@openca.org> - Fixed PRQP Request/Responses signatures (via the general PKI_X509 cbs) - Added easy functions for adding services to PRQP_RESP objects - Fixed usage of PKI_STRING_OCTET instead of PKI_STRING_BIT in CERT_IDENTIFIER * Jan 18 2010 Massimiliano Pala <madwolf@openca.org> - Fixed RPM building script * Nov 14 2009 Massimiliano Pala <madwolf@openca.org> - Fixed Signature verification for OCSP and PRQP messages - Fixed parsing OCSP responses (on load) - Added simple OCSP REQ single request handling functions - Fixed build system for all platforms and libtool 2.2.6+ * Nov 02 2009 Massimiliano Pala <madwolf@openca.org> - Simplified configure.in script - Fixed some libtool problems * Oct 31 2009 Massimiliano Pala <madwolf@openca.org> - Fixed algorithm setting in PKI_sign() - Fixed debugging messages for PKI_X509_PROFILE and PKI_CONFIG * Oct 27 2009 Massimiliano Pala <madwolf@openca.org> - Added the possibility to specify Certificate Template and Level of Assurance in PKI_MSG_REQ interface (working with SCEP messages (tested with OpenCA)) - Fixed PKI_X509_PROFILE and PKI_CONFIG parsing functions (update is now working correctly - Finished PKI_X509 object container for all the principal objects (REQ, CRL, CERT, SCEP_MSG, PKCS#7, PKCS#12) * Oct 9 2009 Massimilaino Pala <madwolf@openca.org> - Added the new PKI_X509 object container to simplify PKI_X509_XXX management * Sep 30 2009 Massimiliano Pala <madwolf@openca.org> - Added the possibility to get a PKI_PKCS12 from a PKI_TOKEN - Added public PKI_NET_* functions for managing network connections both for client and server applications * Sep 28 2009 Massimiliano Pala <madwolf@openca.org> - Added support for RDN (retrieving a list of RDN from a PKI_X509_NAME) * Sep 7 2009 Massimiliano Pala <madwolf@openca.org> - Added support for OCSP request and response easy generation * Jun 26 2009 Massimiliano Pala <madwolf@openca.org> - Passed compilation with -Wall -Wextra in GCC * Jun 23 2009 Massimiliano Pala <madwolf@openca.org> - Finished PKCS#12 full support for PKI_TOKEN import/export functions - Fixed a bug in PKI_NAME_get_parsed() function (Memory) - Added support for creating in-memory PKI_X509_PROFILE configs - Added support for Proxy Certificates (RFC 3820) issuing via PKI_TOKEN * Jun 7 2009 Massimiliano Pala <madwolf@openca.org> - Added PKCS#12 get support (from a URL) - Added creation of a new PKI_TOKEN from a PKCS#12 object * May 14 2009 Massimiliano Pala <madwolf@openca.org> - Updated PRQP support to draft-ietf-pkix-prqp-03.txt (referrals support) - Fixed initialization error when setting the default password CB * May 4 2009 Massimiliano Pala <madwolf@openca.org> - Added PKI_MSG_RESP type of messages - Fixed sending PKI_MSG_REQ (SCEP) type of messages over HTTP * May 2 2009 Massimiliano Pala <madwolf@openca.org> - Started simplifying the SCEP interface - Integrating SCEP message support in PKI_MSG system - Fixed PKI_X509_ATTRIBUTE management for PKCS#7 * Apr 27 2009 Massimiliano Pala <madwolf@openca.org> - Started the PKI_MSG_* subsystem to handle communication between a client/CA - Added support for PKCS#7 handling * Apr 24 2009 Massimiliano Pala <madwolf@openca.org> - Added support for OID optional field in PRQP requests/responses - Fixed a mispelled OID (htmlRequest) * Apr 23 2009 Massimiliano Pala <madwolf@openca.org> - Added pki-query tool (PRQP client) - Added color to pki-query output - Fixed a URL parsing error (URI_PROTO_SOCK was not selected in socket:// URI) * Apr 22 2009 Massimiliano Pala <madwolf@openca.org> - Fixed a bug in releasing xml resources after parsing a config file * Apr 20 2009 Massimiliano Pala <madwolf@openca.org> - Fixed an error in PRQP OID initialization - Changed PRQP_REQ and PRQP_RESP to PKI_PRQP_REQ and PKI_PRQP_RESP - Aligned URL interface for PRQP to the rest of the library URL system * Apr 7 2009 Massimiliano Pala <madwolf@openca.org> - Added full support for crossCertificatePair (PKI_X509_XPAIR) * Apr 1 2009 Massimiliano Pala <madwolf@openca.org> - Fixed conflict in header files (PKCS11) for C++ reserved `template' word * Mar 29 2009 Massimiliano Pala <madwolf@openca.org> - Added `https' to the list of valid URI types for the URL interface - Fixed some bugs in the http URI handling - Added support for HTTP redirect for both `http' and `https' URIs * Feb 25 2009 Massimiliano Pala <madwolf@openca.org> - Fixed concurrent threads accessing non-atomic operation on PKCS#11 HSMs - NOTE: Never initialize a PKCS#11 token before a fork() - it won't work! * Feb 14 2009 Massimiliano Pala <madwolf@openca.org> - Added import of certificates in PKCS#11 devices * Feb 12 2009 Massimiliano Pala <madwolf@openca.org> - Added Callbacks for TOKEN credential * Feb 11 2009 Massimiliano Pala <madwolf@openca.org> - Fixed certificate issuing via TOKEN interface - Added validity period (secs) to the TOKEN certificate issuing interface - Added certificate issuing (self-sing and normal) to pki-tool command * Feb 9 2009 Massimiliano Pala <madwolf@openca.org> - Completed refactoring of the HSM interface for better extensibility and code readability * Feb 4 2009 Massimiliano Pala <madwolf@openca.org> - Fixed export/load keys password protected (software/PEM). * Feb 3 2009 Massimiliano Pala <madwolf@openca.org> - Fixed portability problems on Solaris 11 - Fixed small memory leaks * Feb 2 2009 Massimiliano Pala <madwolf@openca.org> - Completely rewritten the KEYPAIR/CERT/REQ/CRL get/import/export functions to better match the hardware devices management. * Jan 29 2009 Massimiliano Pala <madwolf@openca.org> - Added key loading from PKCS#11 device via id:// url - Added generation of PKCS#11 request in pki-tool (both with keygen or without) * Jan 29 2009 Massimiliano Pala <madwolf@openca.org> - Fixed key generation code for PKCS#11 devices - Added pki-tool command line util as part of standard distro of libpki - Fixed key ID and label setting on PKCS#11 devices * Jan 26 2009 Massimiliano Pala <madwolf@openca.org> - Added PKCS11 Object and PKCS11 Object Attributes (Templates) management functions * Jan 21 2009 Massimiliano Pala <madwolf@openca.org> - Added KEYPAIR generation for PKCS#11 driver * Jan 20 2009 Massimiliano Pala <madwolf@openca.org> - Added management for selecting slot on PKCS11 devices via the PKI_TOKEN_use_slot() function (<pki:slot /> in the config file). * Jan 13 2009 Massimiliano Pala <madwolf@openca.org> - Added graphical installer for different distributions (Linux/Fedora, Linux/Ubuntu, MacOS X/Darwin, etc.) - Updated the PRQP module to the last specs from IETF (draft-ietf-pkix-prqp-02.txt) - Fixed support for multi threaded applications (dynamic and static threads initialization for OpenSSL/ENGINE) - Fixed support for nChipher devices - Updated PKCS11 driver (added Slot Interface and Slot info retrieval functionalities) * Nov 8 2008 Massimiliano Pala <madwolf@openca.org> - Fixed PRQP ASN.1 of CERT_IDENTIFIER * Oct 31 2008 Massimiliano Pala <madwolf@openca.org> - Fixed PRQP response generation and CERT_IDENTIFIER_dup function * Oct 21 2008 Massimiliano Pala <madwolf@openca.org> - Updated PRQP module with OIDs from IETF PRQP PKIX draft * Oct 15 2008 Massimiliano Pala <madwolf@openca.org> - Fixed MySQL and PG QUERY building functions (stack checking now works properly) * Sep 9 2008 Massimiliano Pala <madwolf@openca.org> - Fixes a PKCS11_Malloc() wrong reference in PKCS11 pkey code * Jul 17 2008 Massimiliano Pala <madwolf@openca.org> - Added revocation code management for each entry in CRLs * Jul 10 2008 Massimiliano Pala <madwolf@openca.org> - Finished CRL generation code * Jul 02 2008 Massimiliano Pala <madwolf@openca.org> - Fixed autoconf replacement malloc with rpl_malloc because it won't work when cross compiling - Fixed PRQP definitions to match the current I-D from IETF (draft-ietf-pkix-prqp-00.txt) - First successful build of a LibPKI application on iPhone * Jun 29 2008 Massimiliano Pala <madwolf@openca.org> - Fixed PKCS#11 headers, now using updated pkcs11t.h from RSA * Jun 20 2008 Massimiliano Pala <madwolf@openca.org> - Fixed PKCS#7 Bug (Memory) - Added first support for PKCS#11 devices * Mar 20 2008 Massimiliano Pala <madwolf@openca.org> -Added support for DSA-224 and DSA-256 algorithms -Added support for ECDSA with SHA2 suite (ECDSA-SHA224, ECDSA-SHA256, ECDSA-SHA384, ECDSA-SHA512) -Fixed EC key generation (selected curves only by using bit sizes). Named curves for 256, 384 and 512 bit sizes are aligned with NIST specs * Mar 18 2008 Massimiliano Pala <madwolf@openca.org> -Added support for OpenSSL 0.9.9 version -Fixed support for static library linking (linux) * Mar 4 2008 Massimiliano Pala <madwolf@openca.org> -Added better support for PKI_ALGOR and PKI_DIGEST_ALG managing -Initial support for PKCS#7 object management * Feb 6 2008 Massimiliano Pala <madwolf@openca.org> -Fixed a memory bug in URL_new() -Added functions to easily calculate hash() values * Dec 2 2007 Massimiliano Pala <madwolf@openca.org> -Fixed a small error in OID definition list * Oct 15 2007 Massimiliano Pala <madwolf@openca.org> -Fixed signature problem for PRQP request/responses -Fixed PRQP ASN1 encoding/decoding error * Sep 30 2007 Massimiliano Pala <madwolf@openca.org> -Finished PKI_log subsystem API - PKI_log_init(), PKI_log(), PKI_log_end() and PKI_log_debug() provide the logging system interface. The signature capabilities are still to be implemented. * Sep 29 2007 Massimiliano Pala <madwolf@openca.org> -Added the PKI_LOG subsystem. Currently supported logging devices are SYSLOG, stderr, or a general file. Plans to support XML file as well. -Added support for $HOME/.libpki/ configuration directory (if NULL config_dir is passed when initializing the PKI_TOKEN structure with PKI_TOKEN_init()) * Sep 18 2007 Massimiliano Pala <madwolf@openca.org> -Updated PRQP ASN1 to the new specifications of the new I-D (still to be published on IETF) * Sep 16 2007 Massimiliano Pala <madwolf@openca.org> -Fixed problems in BIO macros for reading/writing PRQP messages (due to differences between openssl v0.9.7 and v0.9.8+) * Sep 15 2007 Massimiliano Pala <madwolf@openca.org> -Integrated new version of PRQP that is aligned with I-D <draft-pala-prqp-00.txt> available from IETF * Sep 14 2007 Massimiliano Pala <madwolf@openca.org> -Added support for OpenSSL ENGINE usage. Currently tested with Alladine eToken, libp11 and openssl-libp11 engine. * Aug 29 2007 Massimiliano Pala <madwolf@openca.org> -Added first support for PKCS11 URL retrieval (pkcs11://), parameters parsing and other datatype retrieving (key/data) are still missing * Aug 22 2007 Massimiliano Pala <madwolf@openca.org> -Fixed a memory leakage -Fixed configure script for selectively disable support for optional libs (mysql, postgresql) -First support for PostgreSQL URL retrieval (pg://) * Aug 21 2007 Massimiliano Pala <madwolf@openca.org> -Added MySQL support for URL retrieval (needs mysql.h include file) * Aug 19 2007 Massimiliano Pala <madwolf@openca.org> -Fixed support for LDAP URL retrieval -Fixed compile-time warnings on Solaris (cc) * Aug 8 2007 Massimiliano Pala <madwolf@openca.org> -Added support for SCEP messages to the library (directly integrated from OpenCA tools), it requires additional code cleanup -Initial CMS support added. Much work is needed to support all ASN.1 data structures and message generation tools * Jul 27 2007 Massimiliano Pala <madwolf@openca.org>, Scott Rea <scott@cs.dartmouth.edu> -The Pittsburgh Hack, save the token in a PKCS12 bag and use an attribute to store where (if any) the HSM config file is (maybe use the PKCS12_add_CSPName_asc() from OpenSSL src/crypto/pkcs12/p12_attr.c. Use another attribute if that one is used for other purposes. * Jul 10 2007 Massimiliano Pala <madwolf@openca.org> -Finished restructuring the library to use KMF only for token operations. Now OpenSSL is required also when libkmf is present on the system * May 18 2007 Massimiliano Pala <madwolf@openca.org> -Finished support for extensions management into libpki by using ceritficate profiles and oid configuration file (xml based) -Addedd support for certificate, request and certificate chain writing through PKI_TOKEN interface (currently only file:// protocol is supported) * May 14 2007 Massimiliano Pala <madwolf@openca.org> -Added support for config file (definition of ObjectIdentifiers) * May 8 2007 Massimiliano Pala <madwolf@openca.org> -Initial support for PKI_PROFILE xml parsing * Apr 7 2007 Massimiliano Pala <madwolf@openca.org> -Added new/get functions to the PKI_TOKEN interface -Fixed documentation for the PKI_TOKEN -Added support for different signature schemes (RSA/DSA/ECDSA withRC2/RC5/SHA1) * Apr 6 2007 Massimiliano Pala <madwolf@openca.org> -Added PKI_CRED_new() and PKI_CRED_free() functions -Fixed linking problems on Solaris 9- (static openssl) -Changed the PKI_TOKEN_add* function to PKI_TOKEN_set* * Apr 2 2007 Massimiliano Pala <madwolf@openca.org> -Enhanced documentation creation (doxygen) * Mar 22 2007 Massimiliano Pala <madwolf@openca.org> -Addedd inital support for Sun's KMF library (OpenSolaris only) -Fixed errors in key generation -Updated HTTP code (we now rely on libxml2 nanoHttp implementation * Jan 10 2007 Massimiliano Pala <madwolf@openca.org> -Fixed LDAP differences with OpenLDAP and Sun's LDAP LD options