Skip to content

3.10.0 release
Compare
Choose a tag to compare
@metsma metsma released this 16 Mar 13:08
· 689 commits to master since this release
v3.10.0
b400457

Binary packages available at https://installer.id.ee
We appreciate your feedback to abi@id.ee.

Changes compared to ver 3.9

  • Changed the default BDOC signature profile to BDOC-TS (ASiC-E LT signature with time-stamp) for new signatures. To create a BDOC-TM (LT_TM, i.e. time-mark) signature, specify the "time-mark" profile value in Container::sign(Signer *signer, const string &profile) method call.
  • Improved BDOC with time-stamp document validation to ensure OCSP confirmation's freshness. It is now checked that the time difference between the generation time of the time-stamp and the OCSP confirmation would not exceed 24 hours.
  • Fixed time zone usage when validating signer certificate validity period's starting time. Previously, "Not yet valid" error message was displayed even if the certificate was actually already valid.
  • Improved BDOC document validation. It is now checked that the issuance time of the OCSP response would be in the validity period of the signer's certificate.
  • Improved BDOC signatures*.xml file's XML structure validation. Transforms XML element is now allowed to enhance interoperability.
  • Improved TSL functionality
    • In case of BDOC format, checking the trustworthiness of trust services (CA, OCSP, time-stamping services) is now possible only by using TSL lists. Previously used certificate store functionality is no longer supported.
    • Removed country-specific filtering of the national TSLs that are referenced in the European Commission's central TSL list.
    • Added possibility to use multiple parallel European Commission's TSL signing certificates to enable transition to a new certificate, if needed.
    • Added checking of the TSL's officially published SHA-256 digest value online to determine if a newer version of the TSL is available.
    • Added configuration parameter "tsl.onlineDigest" that enables to disable the TSL online SHA-256 digest check.
    • Removed configuration file parameters "tsl.url" and "tsl.cert". The respective values can be set directly from the library's API.
    • Added TSL downloading timeout, the value is set to 10 seconds for each TSL.
  • Changed the XmlConf class to deprecated, use XmlConfV2 instead.
  • Changed the OCSP responder URL for EID-SK 2011 certificates, http://ocsp.sk.ee is now used.
  • Fixed error message text that appears when data file's mime-type in BDOC manifest.xml does not conform with mime-type value in signatures_.xml file. Previously, the displayed mime-type values were interchanged between the signatures_.xml and manifest.xml files.
  • The library's release notes is now also copied to the library's documentation: http://open-eid.github.io/libdigidocpp/manual.html#releasenotes
  • Development of the software can now be monitored in GitHub environment: https://github.com/open-eid/libdigidocpp
Assets 9
Loading