Cryptix SASL Library / News: Recent posts

here is the ChangeLog section for this release:

+ added an index.html in docs to act as the toplevel index page.
+ added relevant drafts and rfcs to the docs folder and included in dist (distribution creation section in the build file).
+ aligned the SM2 implementation to draft-naffah-cat-sasl-sm2-01.txt.
+ aligned the SRP implementation to draft-burdis-cat-srp-sasl-05.txt.
+ made the SM2 implementation more robust when either client or server completes the exchange without sending any data to the peer.
+ constrained the example client/server to work with buffered mechanisms; ie. SRP and SM2.
+ added a new install section in the build.xml to ease installation.
+ (Yuri): fixed another bug in the password files that was causing them to be corrupt when adding/updating info.
+ fixed the RMI exchange to cater for mechanisms whose client side has no initial response. this has been achieved by forcing the server side to always start reading, and by the client writing a 0-byte message that gets discarded.
+ Fixed the PasswordFile implementations. their save...() methods use a PrintWriter instance. the PrintWriter was not flush()-ed before being closed, which meant that everything in their internal buffer was getting lost. ensured those PrintWriters get flushed and closed.
+ Added default wrapping behaviour to the Client & Server Mechanism base classes, which is to just return the data.
+ ANONYMOUS now accepts the legal tokens defined in the spec (RFC 2245) which can be the empty string, an email address or an ascii printable string up to 255 length not including the @ symbol.
+ SaslClientSocketFactory and SaslServerSocket now listen to the isFinished() method and dont wait for another message. This was causing problems with ANONYMOUS.
+ SaslClientSocketFactory and SaslServerSocket now send length+value messages which mean we don't rely on InputStream.available(). The latter method (available()) would cause problems if the client sent the last message directly followed by the application data or only read half way through a message. In either of these cases the wrong amount of data is assumed to be the message and its too late to do anything about it.
+ added build.xml for use with Jakarta ANT tool.
+ added an AuthInfo provider API around the password files to facilitate use of mechanisms with other than password files for a source of authentication information --eg. LDAP.
+ added a test case for the SRP implementation of the AuthInfoServices provider.... read more

Please see the Changelog for details of what has changed.

Our first release on SourceForge! This version includes Raif's SM2 mechanism implementation and some bug fixes.