[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

v2.0.1 Certificate Management Library (CML) Now Available

To: <imc-cml@xxxxxxx>
Subject: v2.0.1 Certificate Management Library (CML) Now Available
From: "Pawling, John" <John.Pawling@xxxxxxxxxxxxxxxx>
Date: Fri, 1 Mar 2002 17:33:03 -0500
List-archive: <http://www.imc.org/imc-cml/mail-archive/>
List-id: <imc-cml.imc.org>
List-unsubscribe: <mailto:imc-cml-request@imc.org?body=unsubscribe>
Sender: owner-imc-cml@xxxxxxxxxxxx
Thread-index: AcHBccXUur/up/3PS2Kqf6A7HZ9dPg==
Thread-topic: v2.0.1 Certificate Management Library (CML) Now Available

All,

Getronics Government Solutions has delivered the Version 2.0.1 
Certificate Management Library (CML) for Microsoft Windows, 
Sun Solaris and Linux.  The v2.0.1 CML is freely available
at: <http://www.getronicsgov.com/hot/cml_home.htm>.  The
v2.0.1 CML release fixes bugs present in the v2.0 CML release.

Applications requiring Public Key Infrastructure (PKI) security 
services can use the CML to meet their X.509 certificate and 
Certificate Revocation List (CRL) processing requirements.  
The v2.0.1 CML is described in the v2.0 CML Application Programming
Interface (API) document.  It implements the 2000 X.509 Recommendation
certification path verification processing rules and SDN.706 profile.
It meets the majority of the IETF PKIX RFC 2459 Certificate/CRL Profile
requirements.  There are some unsupported features such as 
Delta CRLs.  The v2.0.1 CML Abstract Syntax Notation One (ASN.1)
decodes X.509 Certificates and CRLs.  It requires the v1.3 R8 Enhanced
SNACC ASN.1 software that is freely available from:
<http://www.getronicsgov.com/hot/snacc_home.htm>.

The CML provides robust certificate path building capabilities such
as using cross certificates.  The CML uses the accompanying Storage 
and Retrieval Library (SRL) (optionally) to provide local certificate
and CRL storage management functions.  The SRL (optionally) provides 
remote directory retrieval capabilities using the Lightweight
Directory Access Protocol (LDAP).

The CML has been thoroughly tested including validating X.509 
Certificates and CRLs created by a variety of Certification 
Authority (CA) products, and signed using the Digital Signature
Algorithm (DSA) and RSA algorithms.  Further enhancements, 
ports and testing of the CML are still in process.  Further
releases of the CML will be provided as significant 
capabilities are added. 


The following bugs were fixed in the v2.0.1 CML release 
(compared with the v2.0 release):

1) In PathNode::GetCertTree, pTree->cmCert was not being set to 
NULL prior to calling GetCertStruct.

2) CM_CertPath.cpp: pFreeObj was being freed twice. 

3) pNew->cmCert was not being set to NULL prior to processing.

4) PolicyConstraintsExtension default constructor did not 
initialize it's member variables. 

5) Bug in CML DN string conversion processing.


The following bugs were fixed in the v2.0.1 SRL release 
(compared with the v2.0 release):

1) Modified SRL errors numbers to be different than CML error
numbers, so application can tell which library generated the error.
Delivered v2.0.1 SRL API document to include new error code values.
 
2) Fixed SRL_ChangeLDAPInfo prototype.
 
3) Fixed instance where SRL_DatabaseSearch not checking for NULL DN. 
 
4) SRLi_GetAllCertificatesByType was calling SRL_DatabaseAdd with
wrong type mask on objects collected remotely.

5) Improved handling of LDAP URL Requests

6) SRL_DatabaseAdd was checking for a trusted cert using 
SRL_TRUSTED_CERT_TYPE, when ldap was setting the type to 
SRL_CA_CERT_TYPE. Added check to logic to ensure that the 
SRL_CA_CERT_TYPE cert is a trusted cert.


The following v2.0.1 CML files are available from the CML web page:
1) Windows_CML_Lib_v2.0.1.ZIP: MS Windows Dynamically Linked Libraries 
2) Windows_CM_Tool_v2.0.1.ZIP: CM_Tool executable
3) Solaris_CML_Lib_v2.0.1.tar.Z: Sun Solaris Libraries 
4) Solaris_CM_Tool_v2.0.1.tar.z: CM_Tool for Solaris
5) Linux_CML_Lib_v2.0.1.tar.Z: Linux Libraries
6) Linux_CM_Tool_v2.0.1.tar.z: CM_Tool for Linux
7) CML_source_v2.0.1.tar.Z: Source, including Windows project files 
8) CMAPI_data.tar.Z: Test Certs and CRLs used to test CML


The v2.0 CML API document (CMv2.0api.doc, CMv2.0api.pdf), v2.0.1 SRL API

document (SRLv2.0.1api.doc, SRLv2.0.1api.pdf), and v2.0.1 CML readme
file
are also available from the Getronics CML web page.

All source code for the CML is being provided at no cost and with no
financial limitations regarding its use and distribution. Organizations 
can use the CML without paying any royalties or licensing fees.  The
CML was originally developed by the U.S. Government.  Getronics is 
enhancing and supporting the CML under contract to the U.S. Government.
The U.S. Government is furnishing the CML software at no cost to the
vendor subject to the conditions of the CML Public License provided
with the CML software.  

The CML makes calls to an algorithm-independent CTIL API that provides
access to a variety of external crypto libraries.  There is a CTIL for 
each crypto library that maps the generic CTIL API calls to the 
specific calls for that crypto library.  Getronics provides CTILs for
the Microsoft CAPI v2.0, Crypto++, RSA BSAFE, Spyrus SPEX/ and 
FORTEZZA Cryptologic Interface libraries.  Getronics also provides a 
PKCS #11 CTIL that enables PKCS #11-compliant libraries to be used 
with the CML.  The underlying, external crypto libraries are not 
distributed as part of the CML software. 

Getronics has successfully tested the v2.0.1 CML with the SNACC and 
CTIL libraries delivered with the v2.0.1 S/MIME Freeware Library (SFL).

Source code for the Getronics-developed CTILs is available from 
<http://www.getronicsgov.com/hot/sfl_home.htm>.  

The CML has been successfully tested with the Access Control 
Library (ACL) that is freely available to everyone from: 
<http://www.getronicsgov.com/hot/acl_home.htm>.

The v2.0.1 CML has been successfully used to build and verify 
certificate paths used in the Bridge Certification Authority (BCA)
demonstration which includes cross-certified hierarchical and non-
hierarchical PKIs.  The CML was used to successfully process the
BCA Interoperability Test Suite (BITS) test data available from:
<http://bcatest.atl.getronicsgov.com>.

The National Institute of Standards and Technology (NIST) is 
providing a standard test suite of X.509 certificate paths
<http://csrc.nist.gov/pki/testing/x509paths.html> that can be
used for testing applications against RFC 2459.  The CML was 
used to successfully process the NIST test data.

The CML meets the requirements stated in the SDN.706 Certificate/
CRL Profile required by the U.S. Defense Message System (DMS) 
project.

The Internet Mail Consortium (IMC) has established a CML web page
<http://www.imc.org/imc-cml> and a CML mail list which is used to: 
distribute information regarding CML releases; discuss CML-related 
issues; and allow CML users to provide feedback, comments, bug 
reports, etc.  Subscription information for the imc-cml mailing list 
is at the IMC web site listed above.  

All comments regarding the CML source code and documents are welcome. 
This CML release announcement was sent to several mail lists, but
please send all messages regarding the CML to the imc-cml mail list
ONLY. Please do not send messages regarding the CML to any of the IETF
mail lists.  We will respond to all messages sent to the imc-cml mail 
list.

===========================================
John Pawling, John.Pawling@xxxxxxxxxxxxxxxx
Getronics Government Solutions, LLC
===========================================

Prev by Date: v1.3 R8 Enhanced SNACC Freeware Now Available
Next by Date: v1.3 R10 Enhanced SNACC Freeware Now Available
Previous by thread: v1.3 R8 Enhanced SNACC Freeware Now Available
Next by thread: v1.3 R10 Enhanced SNACC Freeware Now Available
Index(es):
- Date
- Thread