GNU SASL is a modern C library that implement the network security protocol Simple Authentication and Security Layer (SASL). The framework itself and a couple of common SASL mechanisms are implemented. GNU SASL can be used by network applications for IMAP, SMTP, XMPP and other protocols to provide authentication services. Supported mechanisms include CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, SCRAM-SHA-1(-PLUS), SCRAM-SHA-256(-PLUS), GS2-KRB5, SAML20, OPENID20, LOGIN, and NTLM.
The project's web page is available at: https://www.gnu.org/software/gsasl/ All manuals are available from: https://www.gnu.org/software/gsasl/manual/ The main manual: https://www.gnu.org/software/gsasl/manual/gsasl.html - HTML format https://www.gnu.org/software/gsasl/manual/gsasl.pdf - PDF format API Reference manual: https://www.gnu.org/software/gsasl/reference/ - GTK-DOC HTML Doxygen documentation: https://www.gnu.org/software/gsasl/doxygen/ - HTML format https://www.gnu.org/software/gsasl/doxygen/gsasl.pdf - PDF format For development snapshot artifacts see: https://gsasl.gitlab.io/gsasl/reference/ https://gsasl.gitlab.io/gsasl/coverage/ https://gsasl.gitlab.io/gsasl/cyclo/ https://gsasl.gitlab.io/gsasl/clang-analyzer/ If you need help to use GNU SASL, or want to help others, you are invited to join our help-gsasl mailing list, see: https://lists.gnu.org/mailman/listinfo/help-gsasl Here are the compressed sources and a GPG detached signature: https://ftpmirror.gnu.org/gsasl/gsasl-2.2.0.tar.gz https://ftpmirror.gnu.org/gsasl/gsasl-2.2.0.tar.gz.sig Use a mirror for higher download bandwidth: https://www.gnu.org/order/ftp.html Here are the SHA1 and SHA256 checksums: 903b70ecb4eef304521add85310c2df0a7675bd1 gsasl-2.2.0.tar.gz ebho47mXbcSE1ZspygroiXvpbOTTbTKu1dk1p6Mwd1k gsasl-2.2.0.tar.gz The SHA256 checksum is base64 encoded, instead of the hexadecimal encoding that most checksum tools default to. Use a .sig file to verify that the corresponding file (without the .sig suffix) is intact. First, be sure to download both the .sig file and the corresponding tarball. Then, run a command like this: gpg --verify gsasl-2.2.0.tar.gz.sig The signature should match the fingerprint of the following key: pub ed25519 2019-03-20 [SC] B1D2 BD13 75BE CB78 4CF4 F8C4 D73C F638 C53C 06BE uid Simon Josefsson <si...@josefsson.org> If that command fails because you don't have the required public key, or that public key has expired, try the following commands to retrieve or refresh it, and then rerun the 'gpg --verify' command. gpg --locate-external-key si...@josefsson.org gpg --recv-keys 51722B08FE4745A2 wget -q -O- 'https://savannah.gnu.org/project/release-gpgkeys.php?group=gsasl&download=1' | gpg --import - As a last resort to find the key, you can try the official GNU keyring: wget -q https://ftp.gnu.org/gnu/gnu-keyring.gpg gpg --keyring gnu-keyring.gpg --verify gsasl-2.2.0.tar.gz.sig This release was bootstrapped with the following tools: Autoconf 2.71 Automake 1.16.5 Libtoolize 2.4.6 Gnulib v0.1-5400-g416872ced Makeinfo 6.7 Help2man 1.48.1 Gperf 3.1 Gengetopt 2.23 Gtkdocize 1.33.1 Tar 1.34 Gzip 1.10 NEWS * Noteworthy changes in release 2.2.0 (2022-09-03) [stable] ** Fix build error with too old GnuTLS. ** Tests: New tests/gsasl-mailutils-tls.sh. It performs integration checks between GNU SASL and GNU MailUtils imapd with TLS enabled, thereby testing TLS support in the 'gsasl' command line tool. ** Various minor bug fixes and improvements. Mainly to pacify improved CI/CD checking. * Noteworthy changes in release 2.1.1 (2022-08-16) [beta] ** Tests: New tests/gsasl-mailutils-gs2krb5-gssapi.sh. It perform integration checks between GNU SASL and GNU MailUtils imapd (GSSAPI and GS2-KRB5). They can be used externally from the GNU SASL build environment to perform system integration tests, see .gitlab-ci.yml for inspiration. ** Various minor bug fixes and improvements. Fix two crashes in 'gsasl' introduced in 2.1.0. * Noteworthy changes in release 2.1.0 (2022-08-05) [beta] ** Support new "tls-exporter" channel binding. The "tls-exporter" channel binding is specified in RFC 9266 <https://datatracker.ietf.org/doc/html/rfc9266>. Now we can support SCRAM-*-PLUS over TLS 1.3 channels, and address some of the security problems with "tls-unique". The library add new callback property GSASL_CB_TLS_EXPORTER and error code GSASL_NO_CB_TLS_EXPORTER. These are documented in the manual. The 'gsasl' command-line tool set it if system GnuTLS has GNUTLS_CB_TLS_EXPORTER, which was introduced with GnuTLS 3.7.2 released on 2021-05-29. ** SCRAM: Support for "tls-exporter". The SCRAM client will now query the application for GSASL_CB_TLS_EXPORTER before it query for GSASL_CB_TLS_UNIQUE. Supply it to support TLS 1.3. The SCRAM server will query the application for the channel binding type requested by the client (tls-unique or tls-exporter), and it is up to the application to decide what to do. ** SCRAM: Fix memory leaks on incremental application usage. See tests/scram-incremental.c for application behaviour that trigger the leaks. We run valgrind --leak-check=full to catch future regressions. ** Tests: New tests/gsasl-dovecot-gssapi.sh & tests/gsasl-mailutils-cram.sh. These perform integration checks between GNU SASL and Dovecot (GSS-API) and GNU MailUtils imapd (CRAM-MD5, DIGEST-MD5, SCRAM-SHA-*). They can be used externally from the GNU SASL build environment to perform system integration tests, see .gitlab-ci.yml for inspiration. ** API and ABI modifications. GSASL_CB_TLS_EXPORTER: Added. GSASL_NO_CB_TLS_EXPORTER: Added.
signature.asc
Description: PGP signature