[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


From: Simon Josefsson
Subject: GNU SASL 1.3
Date: Thu, 08 Oct 2009 17:45:54 +0200
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux)

GNU SASL is a modern C library that implement the standard network
security protocol Simple Authentication and Security Layer (SASL).  The
framework itself and a couple of common SASL mechanisms are implemented.
GNU SASL can be used by network applications for IMAP, SMTP, XMPP and
similar protocols to provide authentication services.

Top-level NEWS entries:

** Experimental support for SCRAM-SHA-1 added.
Please test it but don't put it into production use, the RFC have not
been finalized yet.  For this reason, the mechanism priority list is
such that SCRAM-SHA-1 will never be selected over any other mechanism
(including PLAIN, CRAM-MD5, and DIGEST-MD5).  When it has been tested
further, we'll make SCRAM-SHA-1 the preferred mechanism after GSSAPI.

** gsasl: Fix libintl-related build errors on MinGW.
Tiny patch from "carlo.bramix" <address@hidden>.

** doc: Typo fixes to manual.
Based on report by Marco Maggi <address@hidden> in

** tests: Rewrite basic self test using modern API.

** tests: New self-test 'crypto' to increase code coverage.

Library (lib/) NEWS entries:

** libgsasl: Implement SCRAM-SHA-1.
New properties are GSASL_SCRAM_ITER, GSASL_SCRAM_SALT, and

** libgsasl: Add helper APIs for SHA-1 and HMAC-SHA-1.
New functions are gsasl_sha1 and gsasl_hmac_sha1.

** API and ABI modifications.
gsasl_sha1: ADDED.
gsasl_hmac_sha1: ADDED.

Improving GNU SASL is costly, but you can help!  We are looking for
organizations that find GNU SASL useful and wish to contribute back.
You can contribute by reporting bugs, improve the software, purchase
support contracts, or donate money or equipment.

Commercial support contracts for GNU SASL are available, and they help
finance continued maintenance.  Simon Josefsson Datakonsult AB, a
Stockholm based privately held company, is currently funding GNU SASL
maintenance.  We are always looking for interesting development
projects.  See for more details.

The project's web page is available at:

All manuals are available from:

Specifically, the following formats are available.

The main manual: - HTML format - PDF format

API Reference manual: - GTK-DOC HTML

Doxygen documentation: - HTML format - PDF format

Instructions for how to build GNU SASL under uClinux are available from
<>.  If your uClinux toolchain is broken,
it is possible to build GNU SASL without using the ./configure
mechanism, see <>.

If you need help to use GNU SASL, or want to help others, you are
invited to join our help-gsasl mailing list, see:

Here are the compressed sources of the entire package: (3.6MB) (PGP)

Here are the compressed sources of the LGPL library (included above): (948KB) (PGP)

We also provide pre-built Windows binaries:

Here are the build reports for various platforms:

Daily builds of the package are available from:

For code coverage and cyclomatic code complexity charts:

The software is cryptographically signed by the author using an
OpenPGP key identified by the following information:

pub   1280R/B565716F 2002-05-05 [expires: 2010-04-21]
      Key fingerprint = 0424 D4EE 81A0 E3D1 19C6  F835 EDA2 1E94 B565 716F
uid                  Simon Josefsson <address@hidden>
uid                  Simon Josefsson <address@hidden>
sub   1280R/4D5D40AE 2002-05-05 [expires: 2010-04-21]

The key is available from:

Here are the SHA-1 and SHA-224 checksums:

97c91ad6230a134e6bc097527ead015f55be7b31  gsasl-1.3.tar.gz
d3e20d50353d37362cae1aed059a6111b38bd5d8e01ace63cf1f3aac  gsasl-1.3.tar.gz

eb4acff1314d8047230c9eb6898ae1326aadc2b3  libgsasl-1.3.tar.gz
929c7436dc99c5cb4ebcb91eca2321bca75e5a3d10a1d5dc2ccc21fb  libgsasl-1.3.tar.gz


45293adffae8a4591bb9fb241ee2ee42a3788311  mingw32-gsasl_1.3-1_all.deb

Happy hacking,

Attachment: pgp5meVtOk1BY.pgp
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]