v1.5.1

This is a patch release fixing issue #57 (introduced in 1.5.0).

The API documentation and user manual for this release can be found at:
https://ericsson.github.io/xcm/doc/v1.5.1/

v1.5.0

Release v1.5.0 contains a new XCM library version API in <xcm_version.h>.

The API/ABI version is bumped to 0.20.

The API documentation and user manual for this release can be found at:
https://ericsson.github.io/xcm/doc/v1.5.0/

v1.4.1

Release v1.4.1 contains the following improvements:

• A new attribute "tls.check_time" is introduced, allowing the application to disable X.509 validity period checks during the TLS session establishment.
• The use of the TLS 1.3 certificate authorities extension is discontinued (resolving issue #48).
• Unnecessary shared object dependencies are removed.
• Support for LTTng 2.13 added (resolving issue #52).
• API documentation related to ENFILE/EMFILE errno and xcm_await() updated. The limitations section is removed.
• The 'xcm' command-line program now supports setting server socket attributes (resolving issue #44).
• Network namespace lookup failures are now ignored (fixing issue #43).
• The bulk transfer test cases parameters are tweaked to allow execution on small system.
• The SSL context caching is simplified.
• Fixed bug in SSL context handling related to multi-thread safety.

The API/ABI version is bumped to 0.19.

Note: v1.4.1 version should have had its minor increased compared to v1.4.0, since it contained an ABI extension. Since the ABI version is what controls the shared object versioning, it should not cause any issues for computer programs (but may cause confusion for humans).

The API documentation and user manual for this release can be found at:
https://ericsson.github.io/xcm/doc/v1.4.1/

v1.4.0

Release v1.4.0 contains the following improvements:

• API extended to allow XCM transports providing a byte stream service, rather than a messaging service. The xcm_send() function now, for byte stream type transports, returns the number of bytes actually accepted. The new byte stream transports do not have the message-related counters. All API changes are backward compatible.
• A new socket attribute "xcm.service" is added. It may be specified by an application at socket creation time to the value "messaging", "bytestream", or "any", to signify which transport service type it is prepared to handle. The default is "messaging", for backward compatibility reasons.
• A new byte stream type transport BTLS is added. BTLS provides a byte stream directly mapped to a TLS session/connection. It shares all socket attributes with the TLS transport.
• The library has been reorganized to split the legacy TLS transport into two; one part with the OpenSSL interaction (and thus most of the complexity), and an another providing framing (message boundaries) on top of this byte stream. The split comes with a minor performance penalty (<5%) for the TLS transport.
• A performance issue is fixed in the server part xcmpong tool.
• TLS 1.2 renegotiation is disabled for both the TLS and BTLS transport (as per RFC 7540 recommendation), if the library is built against OpenSSL 1.1.1c or later. The XCM library never depended on this TLS protocol feature. This change does not affect TLS 1.3, which does not support renegotiation.
• TLS server-side session cache is disabled, preventing session reuse across TCP connections. The XCM library never used this feature, and it may cause issues for "out-of-band" (to TLS) authorization (e.g., based on the X509 subject name). Client-side session caching is not and never was enabled by XCM.
• The documentation is updated with details on TLS protocol versions, ciphers and features used.
• The TLS 1.3 cipher suites used are still the OpenSSL defaults, but are now, for the sake of clarity, explicitly configured. A new log entry is added, which logs the cipher suites allowed, matching the existing TLS 1.2 cipher list entry.
• The BTLS and TLS transports now logs what TLS version and what ciphers is actually being used on a newly-established connection.
• The library-internal socket attribute handling is slightly reworked, to shave off some complexity in the UTLS and the new BTLS transport.
• Default TCP keepalive parameters are documented.
• Coding convention update, primarily related to pointer comparisons.
• Fixed bug in shared CA test case.
• Fixed build issue against older, pre-TLS 1.3, OpenSSL versions.
• Fixed bug #42 where XCM would erroneously require trusted CA certificates to available even though TLS authentication was disabled.

The API/ABI version is bumped to 0.18.

The API documentation and user manual for this release can be found at:
https://ericsson.github.io/xcm/doc/v1.4.0/

v1.3.2

Release v1.3.2 contains the following improvements:

• Bug which caused XCM to in certain situations with many connections trigger an epoll_ctl() failure, which in turn caused an library abort(), is fixed. The bug was related to XCM "always-active" fds and a hard-coded Linux kernel limit of the number of epoll instances a fd can be a member of.
• Minor documentation updates. Fixed issue in a "explicit finish" sequence diagram in the documentation and noted that IPv6 link local addresses (fe80::/10) are not supported.
• Improved test coverage for X.509v3 extended key usage validation. Only test changes.
• Broken include guard for internal header file fixed. It caused warnings with certain compilers (e.g., clang).

API/ABI remains unchanged.

The API documentation and user manual for this release can be found at:
https://ericsson.github.io/xcm/doc/v1.3.2/

v1.3.1

Release v1.3.1 includes the following changes:

• Improved control processing heuristic, which greatly reduce control message handling overhead.
• Minor fix to control interface tracing.

API/ABI remains unchanged.

The API and user manual for this release can be found at:
https://ericsson.github.io/xcm/doc/v1.3.1/

v1.3.0

Release v1.3.0 includes the following changes:

• A TLS socket attribute "tls.auth" to disable authentication is added.
• A TLS socket attribute "tls.client" to control if a socket is to behave like a TLS-level client or server is added.
• Support for X.509 subject name verification introduced. This functionality is enabled by setting "tls.verify_peer_name" to true and optionally supplying a list of valid names in another attribute "tls.peer_names". "tls.peer_names" may also be used to retrieve the remote peer's actual names.
• Bug related to server-socket-to-connection-socket TLS configuration inheritance is fixed.
• "tls.peer_subject_key_id"-related memory leak is fixed.

This release has API/ABI version 0.17.

v1.2.0

This release includes the following changes:

• Per-TLS socket configuration of certificate and related files is now possible.
• "Trust chain" is renamed "trusted CA" in the documentation. No API change.
• The 'xcm' tool accepts setting socket attributes (on the command line).
• A bug preventing disabling the control interface build-time is fixed.
• A bug which rendered the control interface unresponsive for sockets after a fork() call is fixed.
• The 'xcmpong' tool properly maintains its XCM sockets, so that the control interface may be used to query such sockets during its run.
• Test certificates and related files used during testing are generated with a new 'gencert.py' script. TLS authorization test coverage is improved.
• Various tweaks of the test suite for improved reliability.

This release has API/ABI version 0.16. The only changes are the new TLS certificate and private key attributes.

v1.1.0

This release represent a major change.

• A framework for writable socket attributes is added. Attribute-aware versions of xcm_connect(), xcm_server() and xcm_accept() are now available, as well as a function xcm_attr_set(), to change attribute values after initial socket creation.
• A new API <xcm_attr_map.h> is added, to represent a set of attributes (e.g. passed to the new xcm_connect_a() function).
• Convenience wrappers to retrieve the value of boolean, integer or string type attributes value is added in <xcm_attr.h>
• The "xcm.local_addr" is now writable at the time of xcm_connect_a(), which allows the application to chose which local IP interface and/or port will be used for an outgoing connection (in BSD Socket terms: bind() before connect()). Available on TCP, UTLS, and TLS.
• A number of new read/write attributes related to TCP keepalive configuration are added to TCP and TLS (including such spawned from UTLS) connection sockets.
• The blocking/non-blocking socket configuration is turned into a read-write attribute "xcm.blocking".
• Fixes to various test cases.
• Some code reformatting (both in C and Python).
• SCTP control interface bugfix.

This release introduces API/ABI v0.15. It is backwards compatible.

v1.0.2

This is a maintenance release.

The only change is a bugfix for per-namespace certificate, private key, and trust chain file selection in the TLS transport.