Skip to content

v1.4.0
Compare
Choose a tag to compare
@m-ronnblom m-ronnblom released this 06 Oct 18:48
· 202 commits to master since this release
v1.4.0
b2781e4

Release v1.4.0 contains the following improvements:

  • API extended to allow XCM transports providing a byte stream service, rather than a messaging service. The xcm_send() function now, for byte stream type transports, returns the number of bytes actually accepted. The new byte stream transports do not have the message-related counters. All API changes are backward compatible.
  • A new socket attribute "xcm.service" is added. It may be specified by an application at socket creation time to the value "messaging", "bytestream", or "any", to signify which transport service type it is prepared to handle. The default is "messaging", for backward compatibility reasons.
  • A new byte stream type transport BTLS is added. BTLS provides a byte stream directly mapped to a TLS session/connection. It shares all socket attributes with the TLS transport.
  • The library has been reorganized to split the legacy TLS transport into two; one part with the OpenSSL interaction (and thus most of the complexity), and an another providing framing (message boundaries) on top of this byte stream. The split comes with a minor performance penalty (<5%) for the TLS transport.
  • A performance issue is fixed in the server part xcmpong tool.
  • TLS 1.2 renegotiation is disabled for both the TLS and BTLS transport (as per RFC 7540 recommendation), if the library is built against OpenSSL 1.1.1c or later. The XCM library never depended on this TLS protocol feature. This change does not affect TLS 1.3, which does not support renegotiation.
  • TLS server-side session cache is disabled, preventing session reuse across TCP connections. The XCM library never used this feature, and it may cause issues for "out-of-band" (to TLS) authorization (e.g., based on the X509 subject name). Client-side session caching is not and never was enabled by XCM.
  • The documentation is updated with details on TLS protocol versions, ciphers and features used.
  • The TLS 1.3 cipher suites used are still the OpenSSL defaults, but are now, for the sake of clarity, explicitly configured. A new log entry is added, which logs the cipher suites allowed, matching the existing TLS 1.2 cipher list entry.
  • The BTLS and TLS transports now logs what TLS version and what ciphers is actually being used on a newly-established connection.
  • The library-internal socket attribute handling is slightly reworked, to shave off some complexity in the UTLS and the new BTLS transport.
  • Default TCP keepalive parameters are documented.
  • Coding convention update, primarily related to pointer comparisons.
  • Fixed bug in shared CA test case.
  • Fixed build issue against older, pre-TLS 1.3, OpenSSL versions.
  • Fixed bug #42 where XCM would erroneously require trusted CA certificates to available even though TLS authentication was disabled.

The API/ABI version is bumped to 0.18.

The API documentation and user manual for this release can be found at:
https://ericsson.github.io/xcm/doc/v1.4.0/

Assets 2
Loading