Skip to content

v1.1.3
Compare
Choose a tag to compare
@m-ronnblom m-ronnblom released this 01 Aug 13:04
· 85 commits to master since this release
v1.1.3
408d239

Release v1.1.3 includes the following improvements:

Certificate Revocation

Starting in v1.1.3, libpaf supports checking certificates against one or more certificate revocation lists (CRLs). The domain file may optionally contain a key tlsCrlFile, which points to a CRL bundle in PEM format. For CRL checking functionality to be available, libpaf must be linked against XCM v1.9.0 or later. libpaf still supports older releases (down to v1.5.0). This feature is only relevant when the server is reached over TLS.

Multi-homed servers

libpaf v1.1.3 supports multi-homed servers. If the server's DNS name is configured in the domain file, and it resolves to multiple IP addresses, libpaf will interpret that a single server reachable via multiple IP addresses. The list of IP addresses retrieved from DNS will be scanned (i.e., connected to) until a functioning connection can be established. The details of the procedure is much like "Happy Eyeballs", as described in RFC 6555. This feature is only relevant when the server is reached over some TCP-based transport.

Support for multi-homed servers relies on functionality available only in XCM versions v1.9.0 and later.

Source-based Routing

With this release, libpaf allows specifying the source IP address and/or source TCP port to use when contacting a particular server in the domain file (using a new localAddress field). This feature may be useful in scenario where source-based routing is used.

Other Improvements

  • Work around false positive maybe-uninitialized warning in GCC 11.3.
  • Various minor improvements of the test suite.
  • Drop support for XCM API versions older than v1.5.0.

For details concerning the domain file-related changes of this release, consult the API documentation:
https://ericsson.github.io/libpaf/doc/v1.1.3/

Assets 2
Loading