lsh123

cleanup release (targeting spring 2023)

3

* Bump version to xmlsec 1.3.1 * Remove soap support * Remove OpenSSL 1.0.0 support * Remove LibreSSL before version 2.7.0 * Remove all XMLSEC_DEPRECATED functions and macros

Want to fix: 1) xmlSecSize should be typedef to size_t 2) xmlSecByte should be typedef to unsigned chat 3) XMLSEC_SIZE_BAD_CAST should go away 4) Remove soap code 5) TBD This...

DO NOT MERGE: BLOCKED BY NSS BUG (see issue #233)

Need "multi" mode support for aes-gcm in nss to use Update/Final functions: https://bugzilla.mozilla.org/show_bug.cgi?id=1501854

NSS bug: http://bugzilla.mozilla.org/show_bug.cgi?id=211051 Added code to search for certs in the imported list, still would love to have proper NSS support. Migrated from: https://bugzilla.gnome.org/show_bug.cgi?id=118632

xmlsec-nss: CERT_FindCertByNameString does not work in all cases NSS bug: http://bugzilla.mozilla.org/show_bug.cgi?id=210709 Migrated from: https://bugzilla.gnome.org/show_bug.cgi?id=118631

The only supported file formats are PKCS#8, PKCS#12 and DER certificates. Correction from Wouter: I don't think pkcs8 is supported by MS Crypto API. Migrated from: https://bugzilla.gnome.org/show_bug.cgi?id=123675

The cert chain construction/verification function xmlSecMSCryptoX509StoreConstructCertsChain() is recursive. It's not too difficult to use a loop instead but I don't think this is important too much. If you do then...

Currently the only "trusted" certs are ones loaded to xmlsec directly (for example, using xmlsec command line utility "--trusted" option). This means that code does not accept trusted certs in...

AES Key wrap algorithm is implemented in NSS but not exposed due to some bug src/nss/kw_aes.c uses a workaround which should be removed when the bug is fixed NSS bug:...