[new release] x509 (0.9.0)

CHANGES: * BREAKING add a whitelist of hash algorithms used for signatures. The default whitelist is the SHA-2 family (without SHA-224), Validation.valid_ca{,s} use all algorithms as default reported by @emillon in mirleft/ocaml-x509#123, fixed in mirleft/ocaml-x509#128 * BREAKING Certificate.hostnames and Signing_request.hostnames (new) return a set of [`Wildcard|`Strict] * [`host] Domain_name.t (Certificate.Host_set.t) reported by @mmaker in mirleft/ocaml-x509#88, fixed in mirleft/ocaml-x509#127 * BREAKING mirleft/ocaml-x509#127 Signing_request.sign returns a result type now, an error is returned if the signing request was not properly signed * BREAKING mirleft/ocaml-x509#127 Validation.{verify_chain_of_trust, trust_key_fingerprint, trust_cert_fingerptint} and the type Authenticator.t changed, no longer use of a Certificate.host, but instead a [`host] Domain_name.t (previously, it was a pair) * BUGFIX support AlgorithmIdentifier of RSA signature algorithms with parameter not present reported by @Ulrar in mirleft/ocaml-x509#108, fixed in mirleft/ocaml-x509#129 * BUGFIX mirleft/ocaml-x509#127 preserve a signed signing request (Country in a DN sometimes uses a non-utf8 string encoding) * remove deprecation from Validation.trust_cert_fingerprint and Authenticator.server_cert_fingerprint requested by @mben-romdhane in mirleft/ocaml-x509#125, fixed in mirleft/ocaml-x509#126 * Certificate.signature_algorithm, CRL.signature_algorithm, and Signing_request.signature_algorithm are now provided, returning a ([`RSA|`ECDSA] * Nocrypto.Hash.hash) option requested by @psafont in mirleft/ocaml-x509#123, fixed in mirleft/ocaml-x509#128
hannesm · Jan 22, 2020 · 0a219c0 · 0a219c0
1 parent 13e7f4c
commit 0a219c0
Showing 1 changed file with 51 additions and 0 deletions.
diff --git a/packages/x509/x509.0.9.0/opam b/packages/x509/x509.0.9.0/opam
@@ -0,0 +1,51 @@
+opam-version: "2.0"
+maintainer: [
+  "Hannes Mehnert <[email protected]>"
+]
+authors: [
+  "Hannes Mehnert <[email protected]>"
+  "David Kaloper <[email protected]>"
+]
+license: "BSD2"
+tags: "org:mirage"
+homepage: "https://github.com/mirleft/ocaml-x509"
+doc: "https://mirleft.github.io/ocaml-x509/doc"
+bug-reports: "https://github.com/mirleft/ocaml-x509/issues"
+depends: [
+  "ocaml" {>= "4.05.0"}
+  "dune" {>= "1.2"}
+  "cstruct" {>= "4.0.0"}
+  "asn1-combinators" {>= "0.2.0"}
+  "ptime"
+  "nocrypto" {>= "0.5.3"}
+  "rresult"
+  "fmt" {>= "0.8.7"}
+  "alcotest" {with-test}
+  "cstruct-unix" {with-test & >= "3.0.0"}
+  "gmap" {>= "0.3.0"}
+  "domain-name" {>= "0.3.0"}
+]
+build: [
+  ["dune" "subst"] {pinned}
+  ["dune" "build" "-p" name "-j" jobs]
+  ["dune" "runtest" "-p" name "-j" jobs] {with-test}
+]
+dev-repo: "git+https://github.com/mirleft/ocaml-x509.git"
+synopsis: "Public Key Infrastructure (RFC 5280, PKCS) purely in OCaml"
+description: """
+X.509 is a public key infrastructure used mostly on the Internet.  It consists
+of certificates which include public keys and identifiers, signed by an
+authority. Authorities must be exchanged over a second channel to establish the
+trust relationship. This library implements most parts of RFC5280 and RFC6125.
+The Public Key Cryptography Standards (PKCS) defines encoding and decoding
+(in ASN.1 DER and PEM format), which is also implemented by this library -
+namely PKCS 1, PKCS 7, PKCS 8, PKCS 9 and PKCS 10.
+"""
+url {
+  src:
+    "https://github.com/mirleft/ocaml-x509/releases/download/v0.9.0/x509-v0.9.0.tbz"
+  checksum: [
+    "sha256=742c9450821b16922f8709eaaaa871b88e2f160d8fae990448ddc0a7947e7795"
+    "sha512=f2b6c42cb0bdda6fd02acd5df957bb316d1f48755726e013272de88b0915d81ae330ef1e4fd3db21c801fb6c941ebcb446153a820936e2871b50c9ca5beb7992"
+  ]
+}