From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Original-To: caml-list@sympa.inria.fr Delivered-To: caml-list@sympa.inria.fr Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr [192.134.164.83]) by sympa.inria.fr (Postfix) with ESMTPS id 1FA667F6D8 for ; Sun, 18 Jan 2015 19:32:17 +0100 (CET) Received-SPF: None (mail2-smtp-roc.national.inria.fr: no sender authenticity information available from domain of info@gerd-stolpmann.de) identity=pra; client-ip=212.227.126.187; receiver=mail2-smtp-roc.national.inria.fr; envelope-from="info@gerd-stolpmann.de"; x-sender="info@gerd-stolpmann.de"; x-conformance=sidf_compatible Received-SPF: None (mail2-smtp-roc.national.inria.fr: no sender authenticity information available from domain of info@gerd-stolpmann.de) identity=mailfrom; client-ip=212.227.126.187; receiver=mail2-smtp-roc.national.inria.fr; envelope-from="info@gerd-stolpmann.de"; x-sender="info@gerd-stolpmann.de"; x-conformance=sidf_compatible Received-SPF: None (mail2-smtp-roc.national.inria.fr: no sender authenticity information available from domain of postmaster@mout.kundenserver.de) identity=helo; client-ip=212.227.126.187; receiver=mail2-smtp-roc.national.inria.fr; envelope-from="info@gerd-stolpmann.de"; x-sender="postmaster@mout.kundenserver.de"; x-conformance=sidf_compatible X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ArQAAET7u1TU4367lGdsb2JhbABbg1i9V4kyDIVvgRBDAQEBAQERAQEBAQcLCwkSMIRoJIEqARMTCYgnCc5tII95gjQMQIEwBYU6iVkBgwyFUIEUNoRiAyGLWoIlG4FRbgEBAYJAAQEB X-IPAS-Result: ArQAAET7u1TU4367lGdsb2JhbABbg1i9V4kyDIVvgRBDAQEBAQERAQEBAQcLCwkSMIRoJIEqARMTCYgnCc5tII95gjQMQIEwBYU6iVkBgwyFUIEUNoRiAyGLWoIlG4FRbgEBAYJAAQEB X-IronPort-AV: E=Sophos;i="5.09,422,1418079600"; d="asc'?scan'208";a="117517886" Received: from mout.kundenserver.de ([212.227.126.187]) by mail2-smtp-roc.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-SHA; 18 Jan 2015 19:32:16 +0100 Received: from office1.lan.sumadev.de ([88.69.140.169]) by mrelayeu.kundenserver.de (mreue002) with ESMTPSA (Nemesis) id 0Lst7y-1XjWBR2JFC-012XMD; Sun, 18 Jan 2015 19:32:07 +0100 Received: from [192.168.65.10] (unknown [192.168.65.10]) by office1.lan.sumadev.de (Postfix) with ESMTPSA id E7E7ADC05D; Sun, 18 Jan 2015 19:32:05 +0100 (CET) Message-ID: <1421605920.4133.22.camel@e130.lan.sumadev.de> From: Gerd Stolpmann To: caml-list Cc: ocamlnet-devel Date: Sun, 18 Jan 2015 19:32:00 +0100 Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-Q0c4/Sy+ITiXjDcxT/mq" X-Mailer: Evolution 3.10.4-0ubuntu2 Mime-Version: 1.0 X-Provags-ID: V03:K0:aLguGkklsg/AEfCa6mZdShA8lF2GhPm/GqUgioWfhNydVTT3J/p 1OJ2E05nXaixVFMi5+PsLMbDi7F0TXEqdkvaf5OnAcRjDCf31IEQg583S1zb0rqNOllsUG/ 0F4dzLIQ1s0JdC2tNjYGY6YWcx6yp3rmEDedIYYkeSBnxc8+DJlM0CfgmRDSkMYd3y5spk1 fZxu/4waVZLlEJhVlazuA== X-UI-Out-Filterresults: notjunk:1; Subject: [Caml-list] [ANN] ocamlnet-4.0.1 --=-Q0c4/Sy+ITiXjDcxT/mq Content-Type: text/plain; charset="ISO-8859-15" Content-Transfer-Encoding: quoted-printable Hi list, after some testing I could finally release OCamlnet-4.0.1. Find it at the usual place: http://projects.camlcity.org/projects/ocamlnet.html This is a major release, and there are incompatible changes, in particular in the following areas: - How ocamlnet is configured (new switches: -enable-gnutls, -enable-gssapi, gone: -enable-ssl, -enable-crypto) - How to use TLS (formerly SSL) in protocols (see below) - Unicode tables need to be explicitly linked in (package netunidata), or conversions between character encodings may be unavailable - IPv6 is now enabled by default if there is a global IPv6 address - A number of modules has been renamed (e.g. Http_client is now Nethttp_client) - A number of modules have been split up (e.g. some functions of Uq_engines are now in Uq_client and other modules) But these are only the most visible changes. Besides that, there are also plenty of new features, all about authentication and security. 1. TLS The old support for OpenSSL (via the ocaml ssl bindings) are no longer supported. Instead, there is an integrated wrapper for GnuTLS, which has much nicer API and has better support for the latest TLS updates. Read more here: http://projects.camlcity.org/projects/dl/ocamlnet-4.0.1/doc/html-main/Tls.h= tml 2. SASL authentication OCamlnet-4 implements all important SASL authentication mechanisms (for both clients and servers): PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1, GS2-KRB5 (more on that one below). SASL is integrated into the protocol interpreters for POP and SMTP. 3. GSSAPI/Kerberos Before this release, the was only very preliminary support for the GSSAPI. This has changed, as there is now a binding of the system-level GSSAPI functions. In particular, this permits protocol interpreters to support Kerberos, and in Ocamlnet-4 SunRPC, HTTP clients, and FTP have been "kerberized" this way. You can also run Kerberos on top of SASL via bridging. If you are unfamiliar with Kerberos, this is a single-sign-on security framework for LANs, and it can be frequently found in company networks. At the moment, we cannot support Kerberos on Windows, though (as Windows doesn't provide a standard-compliant GSSAPI library). 4. Pluggable security modules The security mechanisms are all pluggable. If you e.g. want to use a different TLS provider, you "only" need to ensure that it has a module interface compatible with TLS_PROVIDER. There's also SASL_MECHANISM, HTTP_MECHANISM, and GSSAPI. The mechanisms are passed as normal values to the protocol interpreters thanks to first-class modules. This permits it to support several implementations, and also to weakly bind to security mechanisms (e.g. use only TLS if available). Gerd --=20 ------------------------------------------------------------ Gerd Stolpmann, Darmstadt, Germany gerd@gerd-stolpmann.de My OCaml site: http://www.camlcity.org Contact details: http://www.camlcity.org/contact.html Company homepage: http://www.gerd-stolpmann.de ------------------------------------------------------------ --=-Q0c4/Sy+ITiXjDcxT/mq Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAABAgAGBQJUu/wgAAoJEAaM4b9ZLB5TLkYH/jNvbzjl8Rj6grbVNZJWOloX 24N4rZMBGDgKXAoLme8kt9+bqdRAE+q/JAcJvML4ckNcS1Otr4kPJdFkN4dL5/7U GQWde3Z2awVZXlJ3fW8qe2WOnARzOHugLjdEP4/9AMdvz+66SzocEAnV8zE53FEn d32Pk+AzWkOTxg1xQi8EaOocXbZpP+2zyebKuSvTXL8Ufg9yaxBP7iwlabREqKUV NOoIF+rF75Gy1Tkv5VRaAY2430ACP16O1eCeijPT096tEGyjXZwaBbxUZzTZqkN7 /69qotF3CEk91Lh3+I9JBcOxRxRgx1NATXDgIC+3h2x6ishxyJht98mOkEyQ0uE= =bDp3 -----END PGP SIGNATURE----- --=-Q0c4/Sy+ITiXjDcxT/mq--