| | 1 | = 0.2.1 = |
| | 2 | |
| | 3 | * The API visible to programmers is much richer and should make |
| | 4 | development simpler. As part of this, the libcreddy/libabac |
| | 5 | distinction has disappeared. All libcreddy functions are now |
| | 6 | available through libabac. |
| | 7 | * updated to use strongswan 4.6.4. Strongswan 4.4.0 had become very |
| | 8 | outdated. |
| | 9 | * Added more examples and documentation. |
| | 10 | * add a new '--subject-link' option to creddy --attribute to hold the |
| | 11 | linking role |
| | 12 | * add --dbdump option to abac_prover_yap to retrieve all prolog clauses |
| | 13 | stored in the db |
| | 14 | |
| | 15 | WARNING |
| | 16 | - There are occasional spurious error messages originated |
| | 17 | from Strongswan during access of the attribute credentials. Those |
| | 18 | messages are due to libstrongswan mishandling certain values of |
| | 19 | authorizedKeyIdentifier in a non-destructive way. While we are |
| | 20 | working with the strongswan developers to remove these messages, they |
| | 21 | should not affect ABAC in any way. |
| | 22 | |
| | 23 | Here are sample messages: |
| | 24 | |
| | 25 | L6 - keyIdentifier: length of ASN.1 object invalid or too large |
| | 26 | L6 - authorityCertSerialNumber: length of ASN.1 object invalid or too large |
| | 27 | |
| | 28 | Do report to us if your ABAC is not behaving as |
| | 29 | expected and messages like above seem to be a factor.. |
| | 30 | |
