Hi list, after some testing I could finally release OCamlnet-4.0.1. Find it at the usual place: http://projects.camlcity.org/projects/ocamlnet.html This is a major release, and there are incompatible changes, in particular in the following areas: - How ocamlnet is configured (new switches: -enable-gnutls, -enable-gssapi, gone: -enable-ssl, -enable-crypto) - How to use TLS (formerly SSL) in protocols (see below) - Unicode tables need to be explicitly linked in (package netunidata), or conversions between character encodings may be unavailable - IPv6 is now enabled by default if there is a global IPv6 address - A number of modules has been renamed (e.g. Http_client is now Nethttp_client) - A number of modules have been split up (e.g. some functions of Uq_engines are now in Uq_client and other modules) But these are only the most visible changes. Besides that, there are also plenty of new features, all about authentication and security. 1. TLS The old support for OpenSSL (via the ocaml ssl bindings) are no longer supported. Instead, there is an integrated wrapper for GnuTLS, which has much nicer API and has better support for the latest TLS updates. Read more here: http://projects.camlcity.org/projects/dl/ocamlnet-4.0.1/doc/html-main/Tls.html 2. SASL authentication OCamlnet-4 implements all important SASL authentication mechanisms (for both clients and servers): PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1, GS2-KRB5 (more on that one below). SASL is integrated into the protocol interpreters for POP and SMTP. 3. GSSAPI/Kerberos Before this release, the was only very preliminary support for the GSSAPI. This has changed, as there is now a binding of the system-level GSSAPI functions. In particular, this permits protocol interpreters to support Kerberos, and in Ocamlnet-4 SunRPC, HTTP clients, and FTP have been "kerberized" this way. You can also run Kerberos on top of SASL via bridging. If you are unfamiliar with Kerberos, this is a single-sign-on security framework for LANs, and it can be frequently found in company networks. At the moment, we cannot support Kerberos on Windows, though (as Windows doesn't provide a standard-compliant GSSAPI library). 4. Pluggable security modules The security mechanisms are all pluggable. If you e.g. want to use a different TLS provider, you "only" need to ensure that it has a module interface compatible with TLS_PROVIDER. There's also SASL_MECHANISM, HTTP_MECHANISM, and GSSAPI. The mechanisms are passed as normal values to the protocol interpreters thanks to first-class modules. This permits it to support several implementations, and also to weakly bind to security mechanisms (e.g. use only TLS if available). Gerd -- ------------------------------------------------------------ Gerd Stolpmann, Darmstadt, Germany gerd@gerd-stolpmann.de My OCaml site: http://www.camlcity.org Contact details: http://www.camlcity.org/contact.html Company homepage: http://www.gerd-stolpmann.de ------------------------------------------------------------