[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


From: Simon Josefsson
Subject: GNU SASL 1.1
Date: Wed, 25 Mar 2009 16:20:00 +0100
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.90 (gnu/linux)

GNU SASL is a modern C library that implement the standard network
security protocol Simple Authentication and Security Layer (SASL).  The
framework itself and a couple of common SASL mechanisms are implemented.
GNU SASL can be used by network applications for IMAP, SMTP, XMPP and
similar protocols to provide authentication services.

Top-level NEWS entries:

* Version 1.1 (released 2009-03-25)

** gsasl: Reading integrity protected data from server now works.
Before it didn't decode data.

** gsasl: The --quality-of-protection parameter now works.
It was just a dummy before.  Only relevant for DIGEST-MD5.  Note that
the parameter value have been modified to match the library keywords.

** Only detect sufficiently recent GnuTLS versions.
Version 2.2.x or later is required.

Library (lib/) NEWS entries:

* Version 1.1 (released 2009-03-25)

** DIGEST-MD5 client: Add support for client integrity layer.
The layer is not used by default, the application needs to request it
specifically in a callback or by setting the GSASL_QOP property.

** DIGEST-MD5: Decoding of integrity protected sessions now works better.
Reported by Andery Melnikov <address@hidden>.

** libgsasl: Add new property GSASL_QOPS.
The DIGEST-MD5 server query for this property to get the set of
quality of protection (QOP) values to advertise.  The property holds
strings with comma separated keywords denoting the set of qops to use,
for example "qop-auth, qop-int".  Valid keywords are "qop-auth",
"qop-int", and "qop-conf".  The GSSAPI mechanism may be enhanced to
use this property as well in the future.

** libgsasl: Add new property GSASL_QOP.
The DIGEST-MD5 client query for this property to get the quality of
protection (QOP) values to request.  The property value is one of the
keywords for GSASL_QOPS.  The client must chose one of the QOP values
offered by the server (which may be inspected through the GSASL_QOPS
property).  The GSSAPI mechanism may be enhanced to use this property
as well in the future.

** DIGEST-MD5 client: Now queries application for QOP value
This makes it possible for client applications to request support for
authentication only and/or authentication plus integrity.  Before, the
client only supported authentication.  Note that confidentiality is
not supported, and if you request it you will get an error.

** DIGEST-MD5 server: Now queries application for QOP values.
This makes it possible for server applications to influence whether to
advertise support for authentication only and/or authentication plus
integrity.  Before, the server unconditionally advertised support for
both.  Note that confidentiality is not supported, and if you request
it you will get an error.  Suggested by Andery Melnikov

** DIGEST-MD5 server: No longer advertises support for integrity by default.
You can request it specifically through a callback or setting the
GSASL_QOPS property.

** libgsasl: Added C pre-processor expressions for version handling.
comparisons to test version level.

** libgsasl: Use a LD version script on platforms where it is supported.
Currently only GNU LD and the Solaris linker supports it.  This helps
Debian package tools to produce better dependencies.  Before we used
Libtool -export-symbols-regex that created an anonymous version tag.
We use -export-symbols-regex when the system does not support LD
version scripts, but that only affect symbol visibility.

** libgsasl: Compiled with -fvisibility=hidden by default if supported.
Currently only GCC supports it for ELF targets.  This hides internal
symbols and has other advantages, see

** API and ABI modifications.

Improving GNU SASL is costly, but you can help!  We are looking for
organizations that find GNU SASL useful and wish to contribute back.
You can contribute by reporting bugs, improve the software, purchase
support contracts, or donate money or equipment.

Commercial support contracts for GNU SASL are available, and they help
finance continued maintenance.  Simon Josefsson Datakonsult, a Stockholm
based privately held company, is currently funding GNU SASL maintenance.
We are always looking for interesting development projects.  See for more details.

The project's web page is available at:

All manuals are available from:

Specifically, the following formats are available.

The main manual: - HTML format - PDF format

API Reference manual: - GTK-DOC HTML

Doxygen documentation: - HTML format - PDF format

Instructions for how to build GNU SASL under uClinux are available from
<>.  If your uClinux toolchain is broken,
it is possible to build GNU SASL without using the ./configure
mechanism, see <>.

If you need help to use GNU SASL, or want to help others, you are
invited to join our help-gsasl mailing list, see:

Here are the compressed sources of the entire package: (3.7MB) (PGP)

Here are the compressed sources of the LGPL library (included above): (908KB) (PGP)

We also provide pre-built Windows binaries:

Here are the build reports for various platforms:

Daily builds of the package are available from:

The software is cryptographically signed by the author using an
OpenPGP key identified by the following information:

pub   1280R/B565716F 2002-05-05 [expires: 2010-02-22]
      Key fingerprint = 0424 D4EE 81A0 E3D1 19C6  F835 EDA2 1E94 B565 716F
uid                  Simon Josefsson <address@hidden>
uid                  Simon Josefsson <address@hidden>
sub   1280R/4D5D40AE 2002-05-05 [expires: 2009-04-21]

The key is available from:

Here are the SHA-1 and SHA-224 checksums:

18ad50a16da8cbb53b720968545330fa5cdaa380  gsasl-1.1.tar.gz
899cdafc0200751151ae40e009830fe8dfa29cacab220c0fe2d36a6c  gsasl-1.1.tar.gz

6261807a5251eba564175169af0662e6e1583ca7  libgsasl-1.1.tar.gz
81498a24de361cb64a67c44aa38399bccd36a80cdc03d322f28a58a8  libgsasl-1.1.tar.gz


45a3510d074b776f9f38480ba03850c172391be2  mingw32-gsasl_1.1-1_all.deb

Happy hacking,

Attachment: pgpjxDwDYn0ai.pgp
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]