From 0a219c07a0c2d8850b437a93f0f72da2c1088a5a Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Wed, 22 Jan 2020 14:28:31 +0100 Subject: [PATCH] [new release] x509 (0.9.0) CHANGES: * BREAKING add a whitelist of hash algorithms used for signatures. The default whitelist is the SHA-2 family (without SHA-224), Validation.valid_ca{,s} use all algorithms as default reported by @emillon in mirleft/ocaml-x509#123, fixed in mirleft/ocaml-x509#128 * BREAKING Certificate.hostnames and Signing_request.hostnames (new) return a set of [`Wildcard|`Strict] * [`host] Domain_name.t (Certificate.Host_set.t) reported by @mmaker in mirleft/ocaml-x509#88, fixed in mirleft/ocaml-x509#127 * BREAKING mirleft/ocaml-x509#127 Signing_request.sign returns a result type now, an error is returned if the signing request was not properly signed * BREAKING mirleft/ocaml-x509#127 Validation.{verify_chain_of_trust, trust_key_fingerprint, trust_cert_fingerptint} and the type Authenticator.t changed, no longer use of a Certificate.host, but instead a [`host] Domain_name.t (previously, it was a pair) * BUGFIX support AlgorithmIdentifier of RSA signature algorithms with parameter not present reported by @Ulrar in mirleft/ocaml-x509#108, fixed in mirleft/ocaml-x509#129 * BUGFIX mirleft/ocaml-x509#127 preserve a signed signing request (Country in a DN sometimes uses a non-utf8 string encoding) * remove deprecation from Validation.trust_cert_fingerprint and Authenticator.server_cert_fingerprint requested by @mben-romdhane in mirleft/ocaml-x509#125, fixed in mirleft/ocaml-x509#126 * Certificate.signature_algorithm, CRL.signature_algorithm, and Signing_request.signature_algorithm are now provided, returning a ([`RSA|`ECDSA] * Nocrypto.Hash.hash) option requested by @psafont in mirleft/ocaml-x509#123, fixed in mirleft/ocaml-x509#128 --- packages/x509/x509.0.9.0/opam | 51 +++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 packages/x509/x509.0.9.0/opam diff --git a/packages/x509/x509.0.9.0/opam b/packages/x509/x509.0.9.0/opam new file mode 100644 index 00000000000..6e986c9e317 --- /dev/null +++ b/packages/x509/x509.0.9.0/opam @@ -0,0 +1,51 @@ +opam-version: "2.0" +maintainer: [ + "Hannes Mehnert " +] +authors: [ + "Hannes Mehnert " + "David Kaloper " +] +license: "BSD2" +tags: "org:mirage" +homepage: "https://github.com/mirleft/ocaml-x509" +doc: "https://mirleft.github.io/ocaml-x509/doc" +bug-reports: "https://github.com/mirleft/ocaml-x509/issues" +depends: [ + "ocaml" {>= "4.05.0"} + "dune" {>= "1.2"} + "cstruct" {>= "4.0.0"} + "asn1-combinators" {>= "0.2.0"} + "ptime" + "nocrypto" {>= "0.5.3"} + "rresult" + "fmt" {>= "0.8.7"} + "alcotest" {with-test} + "cstruct-unix" {with-test & >= "3.0.0"} + "gmap" {>= "0.3.0"} + "domain-name" {>= "0.3.0"} +] +build: [ + ["dune" "subst"] {pinned} + ["dune" "build" "-p" name "-j" jobs] + ["dune" "runtest" "-p" name "-j" jobs] {with-test} +] +dev-repo: "git+https://github.com/mirleft/ocaml-x509.git" +synopsis: "Public Key Infrastructure (RFC 5280, PKCS) purely in OCaml" +description: """ +X.509 is a public key infrastructure used mostly on the Internet. It consists +of certificates which include public keys and identifiers, signed by an +authority. Authorities must be exchanged over a second channel to establish the +trust relationship. This library implements most parts of RFC5280 and RFC6125. +The Public Key Cryptography Standards (PKCS) defines encoding and decoding +(in ASN.1 DER and PEM format), which is also implemented by this library - +namely PKCS 1, PKCS 7, PKCS 8, PKCS 9 and PKCS 10. +""" +url { + src: + "https://github.com/mirleft/ocaml-x509/releases/download/v0.9.0/x509-v0.9.0.tbz" + checksum: [ + "sha256=742c9450821b16922f8709eaaaa871b88e2f160d8fae990448ddc0a7947e7795" + "sha512=f2b6c42cb0bdda6fd02acd5df957bb316d1f48755726e013272de88b0915d81ae330ef1e4fd3db21c801fb6c941ebcb446153a820936e2871b50c9ca5beb7992" + ] +}