[Caml-list] [ANN] ocamlnet-4.0.1

[Gerd Stolpmann <info@gerd-stolpmann.de>]

[-- Attachment #1: Type: text/plain, Size: 3155 bytes --]

Hi list,

after some testing I could finally release OCamlnet-4.0.1. Find it at
the usual place:

http://projects.camlcity.org/projects/ocamlnet.html

This is a major release, and there are incompatible changes, in
particular in the following areas:

 - How ocamlnet is configured (new switches: -enable-gnutls,
   -enable-gssapi, gone: -enable-ssl, -enable-crypto)
 - How to use TLS (formerly SSL) in protocols (see below)
 - Unicode tables need to be explicitly linked in (package
   netunidata), or conversions between character encodings
   may be unavailable
 - IPv6 is now enabled by default if there is a global IPv6
   address
 - A number of modules has been renamed (e.g. Http_client is
   now Nethttp_client)
 - A number of modules have been split up (e.g. some functions
   of Uq_engines are now in Uq_client and other modules)

But these are only the most visible changes. Besides that, there are
also plenty of new features, all about authentication and security.

1. TLS

The old support for OpenSSL (via the ocaml ssl bindings) are no longer
supported. Instead, there is an integrated wrapper for GnuTLS, which has
much nicer API and has better support for the latest TLS updates.

Read more here:
http://projects.camlcity.org/projects/dl/ocamlnet-4.0.1/doc/html-main/Tls.html

2. SASL authentication

OCamlnet-4 implements all important SASL authentication mechanisms (for
both clients and servers): PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1,
GS2-KRB5 (more on that one below). SASL is integrated into the protocol
interpreters for POP and  SMTP.

3. GSSAPI/Kerberos

Before this release, the was only very preliminary support for the
GSSAPI. This has changed, as there is now a binding of the system-level
GSSAPI functions. In particular, this permits protocol interpreters to
support Kerberos, and in Ocamlnet-4 SunRPC, HTTP clients, and FTP have
been "kerberized" this way. You can also run Kerberos on top of SASL via
bridging.

If you are unfamiliar with Kerberos, this is a single-sign-on security
framework for LANs, and it can be frequently found in company networks.

At the moment, we cannot support Kerberos on Windows, though (as Windows
doesn't provide a standard-compliant GSSAPI library).

4. Pluggable security modules

The security mechanisms are all pluggable. If you e.g. want to use a
different TLS provider, you "only" need to ensure that it has a module
interface compatible with TLS_PROVIDER. There's also SASL_MECHANISM,
HTTP_MECHANISM, and GSSAPI. The mechanisms are passed as normal values
to the protocol interpreters thanks to first-class modules. This permits
it to support several implementations, and also to weakly bind to
security mechanisms (e.g. use only TLS if available).

Gerd
-- 
------------------------------------------------------------
Gerd Stolpmann, Darmstadt, Germany    gerd@gerd-stolpmann.de
My OCaml site:          http://www.camlcity.org
Contact details:        http://www.camlcity.org/contact.html
Company homepage:       http://www.gerd-stolpmann.de
------------------------------------------------------------


[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 473 bytes --]