[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
v1.9.2 Certificate Management Library Now Available
All,
Getronics Government Solutions has delivered the Version 1.9.2 Certificate
Management Library (CML) for MS Windows, Solaris 2.7 and Linux. The v1.9.2
CML is freely available to everyone from the Getronics CML web page
<http://www.getronicsgov.com/hot/cml_home.htm>. The v1.9.2 release fixes
bugs present in the v1.9.1 CML release. The v1.9.2 CML requires the latest
Enhanced SNACC ASN.1 software release (v1.3 R6 or later) that can be
downloaded from <http://www.getronicsgov.com/hot/snacc_home.htm>.
The v1.9.2 CML is described in the v1.9 CML Application Programming
Interface (API) document. It implements the 2000 X.509 Recommendation
certification path processing rules and SDN.706. It meets the majority of
the IETF PKIX RFC 2459 Certificate/CRL Profile requirements. The CML uses
path building software based on the v2.0 CPDL from CygnaCom Solutions, an
Entrust Technologies company, to provide robust certification path building
capabilities such as using cross certificates.
The CML has been used to validate X.509 Certificates and Certificate
Revocation Lists (CRL) signed using the Digital Signature Algorithm (DSA)
and RSA. Further enhancements, ports and testing of the CML are still in
process. Further releases of the CML will be provided as
significant capabilities are added.
The following enhancements are included in the v1.9.2 CML release
(compared with the v1.9.1 release):
1. Fixed memory allocation bug in CM_certPolicies.c
2. Fixed a duplicate session problem in CMU_AddASession() (CM_Mgr.c)
and in SRLi_AddASession() (SRL_Mgr.c).
3. Corrected logic on freeing objects, when a free callback function
was passed in.
4. Corrected argument to function call CMU_genname2str, when the
Distribution Point name refers to a full name.
5. Corrected function SRLi_GetAllCertificatesByType() in SRL_ReqOps.c
which was incorrectly filtering expired certificates.
6. Removed cpdlib.cpp and cpdlib.c from the CPDL project. The CML
instantiating of a CWinApp will crash other MFC applications.
7. Fixed a compile error in CM_Sigcheck.c when NORSA was defined.
8. Correct function CMU_genname2str() to copy the DN string when
the type is CM_X500_NAME.
9. Fixed bug in CM_ValidateSignature(), incorrectly referencing
the Key Usage Field.
The following v1.9.2 CML files are available from the Getronics CML web
page:
1) Windows_CMLLibv1.9.2.ZIP: MS Windows Dynamically Linked Libraries (DLL)
2) Windows_CM_Toolv1.9.2.ZIP: CM_Tool executable
3) Solaris_CMLLibv1.9.2.tar.Z: Sun Solaris Libraries
4) Solaris_CM_Toolv1.9.2.tar.z: CM_Tool for Solaris
5) Linux_CMLLibv1.9.2.tar.Z: Linux Libraries
6) Linux_CM_Toolv1.9.2.tar.z: CM_Tool for Linux
7) CML_sourcev1.9.2.tar.Z: Source, including Windows project files
8) CMAPI_data.tar.Z: Test Certs and CRLs used to test CML
The v1.9 CML API document (CMv1.9api.doc, CMv1.9api.pdf), v1.9 SRL API
document (SRLv1.9api.doc, SRLv1.9api.pdf), and v1.9 CML readme file are
also available from the Getronics CML web page.
All source code for the CML is being provided at no cost and with no
financial limitations regarding its use and distribution. Organizations
can use the CML without paying any royalties or licensing fees. The CML
was originally developed by the U.S. Government. Getronics is enhancing
and supporting the CML under contract to the U.S. Government. The U.S.
Government is furnishing the CML software at no cost to the vendor
Subject to the conditions of the CML Public License provided with the CML
software.
The v1.9.2 CML uses the Getronics v1.3 R6 (or later release) Enhanced
SNACC ASN.1 Library to encode/decode objects. Getronics has
successfully tested the v1.9.2 CML with the SNACC and CTIL DLLs delivered
in conjunction with the v1.10 SFL. Source code for the Getronics-developed
CTILs is available from <http://www.getronicsgov.com/hot/sfl_home.htm>.
The actual crypto libraries are not provided with the CML or SFL. They
must be independently obtained from the appropriate source.
The CML can be used in conjunction with the v2.0 CPDL to successfully meet
all of the requirements of the Bridge Certification Authority
Demonstration effort which includes cross-certified Entrust, Spyrus and
Motorola v3 certificate domains. The CML_source.tar.Z file includes the
CPDL
source code and public license.
<http://www.cygnacom.com/products/index.htm>
provides more information regarding the CPDL.
The National Institute of Standards and Technology (NIST) is providing a
standard test suite of X.509 certificate paths
<http://csrc.nist.gov/pki/testing/x509paths.html> that can be used for
testing applications against RFC 2459. The CML was used to successfully
process the NIST test data.
The Internet Mail Consortium (IMC) has established a CML web page
<http://www.imc.org/imc-cml> and a CML mail list which is used to:
distribute
information regarding CML releases; discuss CML-related issues; and allow
CML
users to provide feedback, comments, bug reports, etc. Subscription
information
for the imc-cml mailing list is at the IMC web site listed above.
All comments regarding the CML source code and documents are welcome.
This CML release announcement was sent to several mail lists, but please
send all messages regarding the CML to the imc-cml mail list ONLY. Please
do
not send messages regarding the CML to any of the IETF mail lists. We will
respond to all messages sent to the imc-cml mail list.
===========================================
John Pawling, John.Pawling@xxxxxxxxxxxxxxxx
Getronics Government Solutions, LLC
===========================================