Menu
▾
▴
[Ocamlnet-devel] [ANN] ocamlnet-4.0.0rc1
|
From: Gerd S. <in...@ge...> - 2014-12-31 18:36:23
|
Hi list, with the first release candidate the OCamlnet development cycle goes into the final round. If no serious problems are found, this version will be released (in about two weeks). If you'd like to help testing this version, this is now the best time, in particular for checking whether the build is ok on all platforms. OCamlnet contains now bindings for two new libraries: GnuTLS and GSSAPI, and these new bindings could cause problems here and there. ocamlnet-4.0.0rc1 is available at the usual place: http://projects.camlcity.org/projects/ocamlnet.html When you install it, be prepared that the configure script takes somewhat different arguments than before (new: -enable-gnutls, -enable-gssapi, gone: -enable-ssl, -enable-crypto). So, what's new? OCamlnet-4 focuses on authentication and security. There is now excellent support for TLS via the new GnuTLS bindings. It's available for all protocols, it's recent, and it supports the newest TLS options (e.g. TLS-1.2 with ECCDH). You can query the TLS connection properties. You can check the certificates (there is a parser for certificates). Via GnuTLS we also get direct access to hash functions and symmetric ciphers (sometimes even accelerated). There is an option for client certificates, but most protocols prefer to log users in with passwords. OCamlnet-4 implements all important SASL authentication mechanisms (for both clients and servers): PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1, GS2-KRB5 (more on that one below). SASL is integrated into the protocol interpreters for POP and SMTP, but it's quite simple to use, so feel free to include it into your own protocols. There is support for the SASLprep routine that prepares and normalizes passwords. The authentication mechanisms for the HTTP client have been updated, but this overlaps with the current IETF activities (Digest authentication is being revised, and SCRAM authentication being defined by IETF working groups). When the new mechanisms are available, OCamlnet can implement them very quickly. The GSSAPI bindings allows us to access network authentication mechanisms, in particular Kerberos which is mainly found in LANs of companies and organizations. The GSSAPI is integrated into all protocols where it is defined for, in particular SunRPC, HTTP (client) i.e. SPNEGO, and FTP. The GSSAPI mechanisms can also be used as SASL mechanisms (via bridging, GS2-KRB5). With Kerberos, the most important GSSAPI mechanism, you get automatic logins to network services (no password required, or better Kerberos knows how to use the current system identity in the network - single-sign-on). The security mechanisms are all pluggable. If you e.g. want to use a different TLS provider, you "only" need to ensure that it has a module interface compatible with TLS_PROVIDER, and you can use it with OCamlnet, thanks to first-class modules. There's also SASL_MECHANISM, HTTP_MECHANISM, and GSSAPI. Besides security, a number of other updates are available. In particular, the IPv6 support is now complete, and IPv6 is automatically enabled when a network interface has a global IPv6 address. The Unicode tables have been moved to a library of their own: netunidata. (You may need to add netunidata to your findlib packages when building your software against OCamlnet.) A number of modules were renamed, e.g. Http_client is now Nethttp_client. Note that 4.0.0rc1 doesn't support the new "bytes" type specially. I've delayed this because this the current "bytes" type seems not yet not to be a stable language feature. Gerd -- ------------------------------------------------------------ Gerd Stolpmann, Darmstadt, Germany ge...@ge... My OCaml site: http://www.camlcity.org Contact details: http://www.camlcity.org/contact.html Company homepage: http://www.gerd-stolpmann.de ------------------------------------------------------------ |
