<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html xmlns:fn="http://www.w3.org/2005/02/xpath-functions"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <link rel="stylesheet" href="../../../../doc/otp_doc.css" type="text/css"> <title>Erlang -- public_key Release Notes</title> </head> <body bgcolor="white" text="#000000" link="#0000ff" vlink="#ff00ff" alink="#ff0000"><div id="container"> <script id="js" type="text/javascript" language="JavaScript" src="../../../../doc/js/flipmenu/flipmenu.js"></script><script id="js2" type="text/javascript" src="../../../../doc/js/erlresolvelinks.js"></script><script language="JavaScript" type="text/javascript"> <!-- function getWinHeight() { var myHeight = 0; if( typeof( window.innerHeight ) == 'number' ) { //Non-IE myHeight = window.innerHeight; } else if( document.documentElement && ( document.documentElement.clientWidth || document.documentElement.clientHeight ) ) { //IE 6+ in 'standards compliant mode' myHeight = document.documentElement.clientHeight; } else if( document.body && ( document.body.clientWidth || document.body.clientHeight ) ) { //IE 4 compatible myHeight = document.body.clientHeight; } return myHeight; } function setscrollpos() { var objf=document.getElementById('loadscrollpos'); document.getElementById("leftnav").scrollTop = objf.offsetTop - getWinHeight()/2; } function addEvent(obj, evType, fn){ if (obj.addEventListener){ obj.addEventListener(evType, fn, true); return true; } else if (obj.attachEvent){ var r = obj.attachEvent("on"+evType, fn); return r; } else { return false; } } addEvent(window, 'load', setscrollpos); //--></script><div id="leftnav"><div class="innertube"> <img alt="Erlang logo" src="../../../../doc/erlang-logo.png"><br><small><a href="users_guide.html">User's Guide</a><br><a href="index.html">Reference Manual</a><br><a href="release_notes.html">Release Notes</a><br><a href="../pdf/public_key-0.17.pdf">PDF</a><br><a href="../../../../doc/index.html">Top</a></small><p><strong>public_key</strong><br><strong>Release Notes</strong><br><small>Version 0.17</small></p> <br><a href="javascript:openAllFlips()">Expand All</a><br><a href="javascript:closeAllFlips()">Contract All</a><p><small><strong>Chapters</strong></small></p> <ul class="flipMenu" imagepath="../../../../doc/js/flipmenu"><li id="loadscrollpos" title="public_key Release Notes" expanded="true">public_key Release Notes<ul> <li><a href="notes.html"> Top of chapter </a></li> <li title="Public_Key 0.17"><a href="notes.html#id63303">Public_Key 0.17</a></li> <li title="Public_Key 0.16"><a href="notes.html#id57324">Public_Key 0.16</a></li> <li title="Public_Key 0.15"><a href="notes.html#id57373">Public_Key 0.15</a></li> <li title="Public_Key 0.14"><a href="notes.html#id59568">Public_Key 0.14</a></li> <li title="Public_Key 0.13"><a href="notes.html#id62423">Public_Key 0.13</a></li> <li title="Public_Key 0.12"><a href="notes.html#id62453">Public_Key 0.12</a></li> <li title="Public_Key 0.11"><a href="notes.html#id62484">Public_Key 0.11</a></li> <li title="Public_Key 0.10"><a href="notes.html#id62515">Public_Key 0.10</a></li> <li title="Public_Key 0.9"><a href="notes.html#id62545">Public_Key 0.9</a></li> <li title="Public_Key 0.8"><a href="notes.html#id62628">Public_Key 0.8</a></li> <li title="Public_Key 0.7"><a href="notes.html#id62697">Public_Key 0.7</a></li> <li title="Public_Key 0.6"><a href="notes.html#id62751">Public_Key 0.6</a></li> <li title="Public_Key 0.5"><a href="notes.html#id62792">Public_Key 0.5</a></li> <li title="Public_Key 0.4"><a href="notes.html#id62831">Public_Key 0.4</a></li> <li title="Public_Key 0.3"><a href="notes.html#id62862">Public_Key 0.3</a></li> <li title="Public_Key 0.2"><a href="notes.html#id62918">Public_Key 0.2</a></li> <li title="Public_Key 0.1"><a href="notes.html#id64412">Public_Key 0.1</a></li> </ul> </li></ul> </div></div> <div id="content"> <div class="innertube"> <h1>1 public_key Release Notes</h1> <h3><a name="id63303">1.1 Public_Key 0.17</a></h3> <h4>Fixed Bugs and Malfunctions</h4> <ul> <li> <p> ssh_decode now handles comments, at the end of the line, containing withe spaces correctly</p> <p> Own Id: OTP-9361</p> </li> <li> <p> Add missing references to sha224 and sha384</p> <p> Own Id: OTP-9362 Aux Id: seq12116 </p> </li> </ul> <h4>Improvements and New Features</h4> <ul> <li> <p> public_key now supports PKCS-10 and includes exprimental support for PKCS-7</p> <p> Own Id: OTP-10509 Aux Id: kunagi-291 [202] </p> </li> </ul> <h3><a name="id57324">1.2 Public_Key 0.16</a></h3> <h4>Improvements and New Features</h4> <ul> <li> <p> Add crypto and public_key support for the hash functions SHA224, SHA256, SHA384 and SHA512 and also hmac and rsa_sign/verify support using these hash functions. Thanks to Andreas Schultz for making a prototype.</p> <p> Own Id: OTP-9908</p> </li> <li> <p> Optimize RSA private key handling in <span class="code">crypto</span> and <span class="code">public_key</span>.</p> <p> Own Id: OTP-10065</p> </li> </ul> <h3><a name="id57373">1.3 Public_Key 0.15</a></h3> <h4>Improvements and New Features</h4> <ul> <li> <p> Changed ssh implementation to use the public_key application for all public key handling. This is also a first step for enabling a callback API for supplying public keys and handling keys protected with password phrases. </p> <p> Additionally the test suites where improved so that they do not copy the users keys to test server directories as this is a security liability. Also ipv6 and file access issues found in the process has been fixed.</p> <p> This change also solves OTP-7677 and OTP-7235</p> <p> This changes also involves some updates to public_keys ssh-functions.</p> <p> Own Id: OTP-9911</p> </li> </ul> <h3><a name="id59568">1.4 Public_Key 0.14</a></h3> <h4>Improvements and New Features</h4> <ul> <li> <p> public_key, ssl and crypto now supports PKCS-8</p> <p> Own Id: OTP-9312</p> </li> <li> <p> The asn1 decoder/encoder now uses a runtime nif from the asn1 application if it is available.</p> <p> Own Id: OTP-9414</p> </li> </ul> <h3><a name="id62423">1.5 Public_Key 0.13</a></h3> <h4>Fixed Bugs and Malfunctions</h4> <ul> <li> <p> replace "a ssl" with "an ssl" reindent pkix_path_validation/3 Trivial documentation fixes (Thanks to Christian von Roques )</p> <p> Own Id: OTP-9464</p> </li> </ul> <h3><a name="id62453">1.6 Public_Key 0.12</a></h3> <h4>Improvements and New Features</h4> <ul> <li> <p> The public_key application now supports encode/decode of ssh public-key files.</p> <p> Own Id: OTP-9144</p> </li> </ul> <h3><a name="id62484">1.7 Public_Key 0.11</a></h3> <h4>Improvements and New Features</h4> <ul> <li> <p> Allows the public_key module to decode and encode RSA and DSA keys encoded using the SubjectPublicKeyInfo format. When pem_entry_encode is called on an RSA or DSA public key type, the key is wrapped in the SubjectPublicKeyInfo format.</p> <p> Own Id: OTP-9061</p> </li> </ul> <h3><a name="id62515">1.8 Public_Key 0.10</a></h3> <h4>Improvements and New Features</h4> <ul> <li> <p> Improved dialyzer specs.</p> <p> Own Id: OTP-8964</p> </li> </ul> <h3><a name="id62545">1.9 Public_Key 0.9</a></h3> <h4>Improvements and New Features</h4> <ul> <li> <p> Updated ssl to ignore CA certs that violate the asn1-spec for a certificate, and updated public key asn1 spec to handle inherited DSS-params.</p> <p> Own Id: OTP-7884</p> </li> <li> <p> Changed ssl implementation to retain backwards compatibility for old option {verify, 0} that shall be equivalent to {verify, verify_none}, also separate the cases unknown ca and selfsigned peer cert, and restored return value of deprecated function public_key:pem_to_der/1.</p> <p> Own Id: OTP-8858</p> </li> <li> <p> Better handling of v1 and v2 certificates. V1 and v2 certificates does not have any extensions so then validate_extensions should just accept that there are none and not end up in missing_basic_constraints clause.</p> <p> Own Id: OTP-8867</p> </li> <li> <p> Changed the verify fun so that it differentiate between the peer certificate and CA certificates by using valid_peer or valid as the second argument to the verify fun. It may not always be trivial or even possible to know when the peer certificate is reached otherwise.</p> <p> *** POTENTIAL INCOMPATIBILITY ***</p> <p> Own Id: OTP-8873</p> </li> </ul> <h3><a name="id62628">1.10 Public_Key 0.8</a></h3> <h4>Fixed Bugs and Malfunctions</h4> <ul> <li> <p> Handling of unknown CA certificates was changed in ssl and public_key to work as intended.</p> <p> Own Id: OTP-8788</p> </li> </ul> <h4>Improvements and New Features</h4> <ul> <li> <p> Revise the public_key API - Cleaned up and documented the public_key API to make it useful for general use, also changed ssl to use the new API.</p> <p> Own Id: OTP-8722</p> </li> <li> <p> Added the functionality so that the verification fun will be called when a certificate is considered valid by the path validation to allow access to each certificate in the path to the user application. Also try to verify subject-AltName, if unable to verify it let the application verify it.</p> <p> Own Id: OTP-8825</p> </li> </ul> <h3><a name="id62697">1.11 Public_Key 0.7</a></h3> <h4>Fixed Bugs and Malfunctions</h4> <ul> <li> <p> Certificates without any extensions could not be handled by public_key.</p> <p> Own Id: OTP-8626</p> </li> </ul> <h4>Improvements and New Features</h4> <ul> <li> <p> Code cleanup and minor bugfixes.</p> <p> Own Id: OTP-8649</p> </li> </ul> <h3><a name="id62751">1.12 Public_Key 0.6</a></h3> <h4>Improvements and New Features</h4> <ul> <li> <p> Support for Diffie-Hellman. ssl-3.11 requires public_key-0.6.</p> <p> Own Id: OTP-7046</p> </li> <li> <p> Moved extended key usage test for ssl values to ssl.</p> <p> Own Id: OTP-8553 Aux Id: seq11541, OTP-8554 </p> </li> </ul> <h3><a name="id62792">1.13 Public_Key 0.5</a></h3> <h4>Improvements and New Features</h4> <ul> <li> <p>Added <span class="code">public_key:pkix_transform/2</span> to enable ssl to send CA list during Certificate Request.</p> <p><span class="code">NOTE</span>: SSL (new_ssl) requires public_key-0.5. ssl usage.</p> <p>Own Id: OTP-8372</p> </li> </ul> <h3><a name="id62831">1.14 Public_Key 0.4</a></h3> <h4>Improvements and New Features</h4> <ul> <li> <p> The documentation is now built with open source tools (xsltproc and fop) that exists on most platforms. One visible change is that the frames are removed.</p> <p> Own Id: OTP-8250</p> </li> </ul> <h3><a name="id62862">1.15 Public_Key 0.3</a></h3> <h4>Fixed Bugs and Malfunctions</h4> <ul> <li> <p> Unknown attributes in certificates are left encoded instead of crashing. Patch by Will "wglozer" thanks.</p> <p> Own Id: OTP-8100</p> </li> </ul> <h4>Improvements and New Features</h4> <ul> <li> <p> Allow public_key:pem_to_der/[1,2] to take a binary as argument in addition to a filename. Patch by Geoff Cant, thanks.</p> <p> Own Id: OTP-8142</p> </li> </ul> <h3><a name="id62918">1.16 Public_Key 0.2</a></h3> <h4>Improvements and New Features</h4> <ul> <li> <p> X509 certificate handling has been extended and improved as a result of more extensive testing of both the ssl and public_key application. Even more extensions of the certificate handling is yet to be implemented.</p> <p> Own Id: OTP-7860</p> </li> </ul> <h3><a name="id64412">1.17 Public_Key 0.1</a></h3> <h4>Improvements and New Features</h4> <ul> <li> <p> First version.</p> <p> Own Id: OTP-7637</p> </li> </ul> </div> <div class="footer"> <hr> <p>Copyright © 2008-2012 Ericsson AB, All Rights Reserved</p> </div> </div> </div></body> </html>