[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GNU SASL 1.6.0 released

From: Simon Josefsson
Subject: GNU SASL 1.6.0 released
Date: Tue, 14 Dec 2010 14:27:21 +0100
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.2 (gnu/linux)

GNU SASL is a modern C library that implement the standard network
security protocol Simple Authentication and Security Layer (SASL).
The framework itself and a couple of common SASL mechanisms (including
CRAM-MD5 and SCRAM-SHA-1) are implemented.  GNU SASL can be used by
implementations of IMAP, SMTP, XMPP and other application protocols to
provide authentication services.

Highlights since the prior stable branch v1.4.x:

** SCRAM: General fixes and support for SCRAM-SHA-1-PLUS with channel bindings.

** GS2-KRB5: New mechanism GS2 with support for Kerberos V5.
The supported GSS-API implementations are GNU GSS (v1.0.0+), MIT
Kerberos, Heimdal, or MIT Kerberos for Windows.  The GS2-KRB5-PLUS
variant with TLS channel bindings is not supported.

** GSSAPI/GS2-KRB5: Support for MIT Kerberos for Windows GSS-API library.

** DIGEST-MD5: The server code now returns GSASL_OK after the final token.

** gsasl: Support for TLS channel bindings.
Requires GnuTLS 2.11.4 or later for the gnutls_session_channel_binding
function.  Used by the SCRAM-SHA-1-PLUS mechanism.

** libgsasl: Added property for tls-unique channel binding.
The new property GSASL_CB_TLS_UNIQUE takes a base64 encoded tls-unique
channel binding.  New error code GSASL_NO_CB_TLS_UNIQUE is returned
when application fails to provide a channel binding and the mechanism
requires it (i.e., in a PLUS server).

** gsasl: Add --no-cb to disable use of TLS channel bindings.

** libgsasl: No longer require the same or newer libgcrypt it was built with.
Before libgsasl refused to work if it was used with a libgcrypt shared
library that was older than the version that libgsasl was built with.

** doc: Several improvements, including discussion of new features.

** tests: Added and improved several self-tests.

** i18n: Updated translations.

** Update gnulib files.

** API and ABI modifications.

Improving GNU SASL is costly, but you can help!  We are looking for
organizations that find GNU SASL useful and wish to contribute back.
You can contribute by reporting bugs, improve the software, purchase
support contracts, or donate money or equipment.

Commercial support contracts for GNU SASL are available, and they help
finance continued maintenance.  Simon Josefsson Datakonsult AB, a
Stockholm based privately held company, is currently funding GNU SASL
maintenance.  We are always looking for interesting development
projects.  See for more details.

The project's web page is available at:

All manuals are available from:

Specifically, the following formats are available.

The main manual: - HTML format - PDF format

API Reference manual: - GTK-DOC HTML

Doxygen documentation: - HTML format - PDF format

Instructions for how to build GNU SASL under uClinux are available
From <>.  If your uClinux toolchain is
broken, it is possible to build GNU SASL without using the ./configure
mechanism, see <>.

If you need help to use GNU SASL, or want to help others, you are
invited to join our help-gsasl mailing list, see:

Here are the compressed sources of the entire package: (4.4MB) (OpenPGP)

Here are the compressed sources of the LGPL library (included above): (1.1MB) (OpenPGP)

We also provide pre-built Windows binaries (32-bit, 64-bit, 32-bit KfW): (650KB) (OpenPGP) (699KB) (OpenPGP) (686KB) (OpenPGP)

For code coverage and cyclomatic code complexity charts:

Here are the build reports for various platforms:

Daily builds of the package are available from:

The software is cryptographically signed by the author using an
OpenPGP key identified by the following information:

pub   1280R/B565716F 2002-05-05 [expires: 2011-03-30]
      Key fingerprint = 0424 D4EE 81A0 E3D1 19C6  F835 EDA2 1E94 B565 716F
uid                  Simon Josefsson <address@hidden>
uid                  Simon Josefsson <address@hidden>
sub   1280R/4D5D40AE 2002-05-05 [expires: 2011-03-30]

The key is available from:

Here are the SHA-1 and SHA-224 checksums:

56055324ebf1d1b823412b6fcee192c03452ea84  gsasl-1.6.0.tar.gz
d0fd62b83e698b8552df92eed07a7e173c3c2216536f64f4555484fc  gsasl-1.6.0.tar.gz

bb760a943ac487d332d5216559cd5fa765952245  libgsasl-1.6.0.tar.gz
5e17fa554a5f9b66b07cb31ba4d901265696a991b9746f0e384e36fb  libgsasl-1.6.0.tar.gz




Happy hacking,

Attachment: pgpcNsTKr7ciM.pgp
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]