Hi OAuthers, I'm proud to announce a new revision of liboauth - the C library.
The most prominent change is the that NSS can be used instead of OpenSSL as alternate cryptographic backend. The motivation for this was that OpenSSL may pose an issues with GPL licensed code (see README). There's been a variety of minor updates: configurable cURL timeout (thanks to Emil A Eklund), example-code for using HTTP Authorization header, MIT-licensed xmalloc,.. see the Changelog for details. Veracode.com has reviewed liboauth and assigned it an 'A+' aka "AL4 High Assurance Level". Their main reason for not granting 'AAA' was that liboauth used POSIX-rand() for generating the NONCE. It's extremely unlikely that this could be used for an exploit or DOS but anyway: since 0.7.2, NSS or OpenSSL rand() implementations are used if available. Veracode is currently re-evaluating; I've been putting this announcement off until I get a reply; but they're too busy at the moment and I did not pay them to do it. liboauth documentation, source-tgz and examples are available at http://liboauth.sourceforge.net/ The source-code is accessible via SVN from https://liboauth.svn.sourceforge.net/svnroot/liboauth/trunk and mirrored at https://oauth.googlecode.com/svn/code/c/liboauth Bilal Akhtar has stepped forward and packaged liboauth for Debian. He and Paul Wise have been particularly helpful identifying and suggesting fixes for lintian warnings (typos in man-page & doc, exported-symbol control, missing libtool macros and licensing issues). It should be available in Debian soon. have fun, robin PS. moving along with OAuth 2.0, liboauth2 is in the making. Looks like it's gonna be easier an easier job :-) If you'd like to get involved please contact me. -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.
