v1.7 Certificate Management Library & Mail List

["Pawling, John" <John.Pawling@xxxxxxxx>]

All,

J. G. Van Dyke and Associates (VDA), a Wang Government Services Company, has
delivered the freeware Version 1.7 Certificate Management Library (CML)
software and Application Programming Interface (API).  An enhanced version
of the SNACC ASN.1 C library has been delivered with the v1.7 CML.  The v1.7
CML and enhanced SNACC source code is available from the Fortezza
Developer's CML Page
<http://www.armadillo.huntsville.al.us/software/certmgmt/index.html>.  

The CML implements the 1997 X.509 certification path processing rules and
meets SDN.706 requirements.  It (optionally) provides local cache management
functions and (optionally) obtains data objects using LDAP v2.  It can
(optionally) be used in conjunction with the v1.31 Certificate Path
Development Library (CPDL) developed by CygnaCom Solutions to provide robust
certification path building capabilities such as using cross certificates.
The CML has been used to validate X.509 Certificates and Certificate
Revocation Lists (CRL) signed using Digital Signature Algorithm (DSA) and
RSA.   

The v1.7 CML includes the following enhancements (compared with the v1.6 CML
release):

1) Tested with the SNACC C++ library, Crypto Token Interface Libraries
(CTIL) and LibCert Dynamically Linked Libraries (DLL) delivered with the
v1.6 S/MIME Freeware Library (SFL) available from the Fortezza Developer's
S/MIME Page <http://www.armadillo.huntsville.al.us/software/smime>.

2) Enhanced CML API and software to add function to validate generic signed
data (using SIGNED macro).

3) Added functionality to set LDAP settings, trusted certificates, and a
validated public key cache on a per session basis.

4) Fixed uninitialized pointer problem on Extended Key Usage extensions, and
the freeing of the Extended Key Usage extension.

5) Fixed memory leak in freeing of a EncObject_LL.

6) Fixed memory leak in asn-any.c (line 175).

7) Fixed memory leaks in  CMU_GetDistPts().

8) Added the UID attribute to SNACC library.

9) Enhanced the CMU_FilterRemoteCertsList() function to perform certificate
filtering after LDAP retrieval.

10) Enhanced the setting of the CRL/ARL type in the CML provided callback
function, and set correctly the location flag in the CML provided callback.

11) Corrected the CRL Issuing Distribution Point processing logic.

12) Enhanced CML to automatically search the directory using LDAP for a
current certificate or CRL when the local CRL or Certificate has expired, if
the application has specified "search until found".

13) Tested CML with C and C++ versions of SNACC ASN.1 library that have been
enhanced to support PrintableString, TeletexString, NumericString,
IA5String, VisibileString, BMPString, UniversalString and UTF8String
character string types.  An optional function was added to SNACC to convert
ASN.1 OCTET STRINGs to single- or multi-byte character strings (as
appropriate).  The C version of the enhanced SNACC library is included in
the CML17sr.tar.Z file.  The C++ version of the enhanced SNACC library is
available with the SFL.


The following v1.7 CML files are available from the Fortezza Developer's CML
Page:
CMLv17win.zip: Windows DLLs 
CML17so.tar.Z: Solaris Libraries 
CML17sr.tar.Z: Source for CML and SNACC C library, includes Windows project
files 
CMv1_7api.doc, CMv1_7api.pdf: MS Word and Adobe PDF versions of v1.7 CML API
document
cml17data.zip: test certs used to test the CML 
readme.txt: Instructions for installing and using the CML

VDA welcomes all feedback regarding the CML software and documents.  If bugs
are reported, then VDA will investigate each reported bug and, if required,
will produce a patch or an updated release of the software to repair the
bug.

All source code for the CML is being provided at no cost and with no
financial limitations regarding its use and distribution. Organizations can
use the CML without paying any royalties or licensing fees.  The CML was
originally developed by the U.S. Government.  VDA is enhancing and
supporting the CML under contract to the U.S. Government.  The U.S.
Government is furnishing the CML software at no cost to the vendor subject
to the conditions of the CML Public License provided with the CML software.
The CML software is not subject to U.S. Government encryption export
regulations, so it is freely available to everyone.

The v1.7 CML uses the VDA-enhanced SNACC v1.3 ASN.1 Library to encode/decode
objects.  VDA has successfully tested the v1.7 CML with the SNACC and CTIL
DLLs delivered in conjunction with the v1.6 SFL.  Source code for the
VDA-developed CTILs is available from the Fortezza Developer's S/MIME Page.
The actual crypto libraries are not provided with the CML or SFL.  They must
be independently obtained from the appropriate source.  

The v1.7 CML can be used in conjunction with the v1.31 CPDL to successfully
meet all of the requirements of the Bridge Certification Authority
Demonstration effort which includes cross-certified Entrust, Spyrus and
Motorola v3 certificate domains.  The CML17sr.tar.Z file includes the CPDL
source code and public license.  <http://www.cygnacom.com/cpl> provides more
information regarding the CPDL.

Further enhancements, ports and testing of the CML are still in process.
Further releases of the CML will be provided as significant capabilities are
added.  

The Internet Mail Consortium (IMC) has established a CML web page
<http://www.imc.org/imc-cml/>.  The IMC has also established a CML mail list
which is used to: distribute information regarding CML releases; discuss
CML-related issues; and provide a means for CML users to provide feedback,
comments, bug reports, etc.  Subscription information for the imc-cml
mailing list is at the IMC web site listed above.

============================================
John Pawling, Director - Systems Engineering
J.G. Van Dyke & Associates, Inc;
a Wang Government Services Company
john.pawling@wang.com
============================================