Releases: open-eid/libdigidocpp
Releases · open-eid/libdigidocpp
3.11.1 Release
We appreciate your feedback to abi@id.ee.
Changes compared to ver 3.11.0
- Verify HTTP result before processing TSL lists
- Include cdigidoc.exe
3.11.0 Release
We appreciate your feedback to abi@id.ee.
Changes compared to ver 3.10.3
- Improved ECDSA signature size calculation
- Optimized HTTP download speed (e.g. when updating TSL lists) by compressing the traffic (using gzip Content-Encoding)
- Added support for validating BDOC 2.1 time-stamp signatures with archive time-stamps
- Added option to specify different digest algorithm for the signature value than the default algorithm used in case of other digest values in the signature.
- Added API methods Signer::setMethod(), Signer::method(), XmlConfV4::signatureDigestUri()
- Added configuration parameters signer.digestUri and signer.signatureDigestUri
- Added parameter -sigsha(1,224,256,384,512) to digidoc-tool utility program - Improved OCSPserver access certificate usage, relative pkcs12.cert configuration parameter value is now resolved to the library's installation path, instead of current working directory
- Added option to download TSL-s over proxy in case of HTTPS connections
- Added API methods XmlConfV4::proxyForceSSL(), XmlConfV4::proxyTunnelSSL()
- Added configuration file parameters forceSSL and tunnelSSL
v3.11.0-RC
Please note that this is an eID software beta version.
The software may not work properly and some faults may occur.
We appreciate your feedback to abi@id.ee.
Changes compared to ver 3.10.3
- Improved ECDSA signature size calculation
- Optimized HTTP download speed (e.g. when updating TSL lists) by compressing the traffic (using gzip Content-Encoding)
- Added support for validating BDOC 2.1 time-stamp signatures with archive time-stamps
- Added option to specify different digest algorithm for the signature value than the default algorithm used in case of other digest values in the signature.
- Added API methods Signer::setMethod(), Signer::method(), XmlConfV4::signatureDigestUri()
- Added configuration parameters signer.digestUri and signer.signatureDigestUri
- Added parameter -sigsha(1,224,256,384,512) to digidoc-tool utility program - Improved OCSPserver access certificate usage, relative pkcs12.cert configuration parameter value is now resolved to the library's installation path, instead of current working directory
- Added option to download TSL-s over proxy in case of HTTPS connections
- Added API methods XmlConfV4::proxyForceSSL(), XmlConfV4::proxyTunnelSSL()
- Added configuration file parameters forceSSL and tunnelSSL
3.11.0 beta
Please note that this is an eID software beta version.
The software may not work properly and some faults may occur.
We appreciate your feedback to abi@id.ee.
Ubuntu packages available in PPA repository
sudo add-apt-repository ppa:ria-id/3.11.beta
sudo apt-get update
sudo apt-get install libdigidocpp-tools
Changes compared to ver 3.10.3
- Improve EC signature size calculation
- Improve HTTP traffic usage by using gzip Content-Encoding
- TimeStampArchive support
- Option to specify signature digest other than standard digest
- Resolve relative PKCS11 config parameter to library path, instead current working directory
3.10.3 beta
Please note that this is an eID software beta version.
The software may not work properly and some faults may occur.
We appreciate your feedback to abi@id.ee.
Changes compared to ver 3.10.0
- Updated experimental .NET C# wrapper swig configuration file to recent API
- Included C# wrapper files in Windows installer package
- Filter out CA certificates in PKCS11Signer implementation to support Finland id-card signing in digidoc-tool
- On signature validation at least one DataFile should be signed
- Disable OCSP time slot check – local computer time against OCSP server time
3.10.0 release
Binary packages available at https://installer.id.ee
We appreciate your feedback to abi@id.ee.
Changes compared to ver 3.9
- Changed the default BDOC signature profile to BDOC-TS (ASiC-E LT signature with time-stamp) for new signatures. To create a BDOC-TM (LT_TM, i.e. time-mark) signature, specify the "time-mark" profile value in Container::sign(Signer *signer, const string &profile) method call.
- Improved BDOC with time-stamp document validation to ensure OCSP confirmation's freshness. It is now checked that the time difference between the generation time of the time-stamp and the OCSP confirmation would not exceed 24 hours.
- Fixed time zone usage when validating signer certificate validity period's starting time. Previously, "Not yet valid" error message was displayed even if the certificate was actually already valid.
- Improved BDOC document validation. It is now checked that the issuance time of the OCSP response would be in the validity period of the signer's certificate.
- Improved BDOC signatures*.xml file's XML structure validation. Transforms XML element is now allowed to enhance interoperability.
- Improved TSL functionality
- In case of BDOC format, checking the trustworthiness of trust services (CA, OCSP, time-stamping services) is now possible only by using TSL lists. Previously used certificate store functionality is no longer supported.
- Removed country-specific filtering of the national TSLs that are referenced in the European Commission's central TSL list.
- Added possibility to use multiple parallel European Commission's TSL signing certificates to enable transition to a new certificate, if needed.
- Added checking of the TSL's officially published SHA-256 digest value online to determine if a newer version of the TSL is available.
- Added configuration parameter "tsl.onlineDigest" that enables to disable the TSL online SHA-256 digest check.
- Removed configuration file parameters "tsl.url" and "tsl.cert". The respective values can be set directly from the library's API.
- Added TSL downloading timeout, the value is set to 10 seconds for each TSL.
- Changed the XmlConf class to deprecated, use XmlConfV2 instead.
- Changed the OCSP responder URL for EID-SK 2011 certificates, http://ocsp.sk.ee is now used.
- Fixed error message text that appears when data file's mime-type in BDOC manifest.xml does not conform with mime-type value in signatures_.xml file. Previously, the displayed mime-type values were interchanged between the signatures_.xml and manifest.xml files.
- The library's release notes is now also copied to the library's documentation: http://open-eid.github.io/libdigidocpp/manual.html#releasenotes
- Development of the software can now be monitored in GitHub environment: https://github.com/open-eid/libdigidocpp
3.10.0 beta2 release
Please note that this is an eID software beta version.
The software may not work properly and some faults may occur.
We appreciate your feedback to abi@id.ee.
Ubuntu packages available in PPA repository
sudo add-apt-repository ppa:ria-id/1412-beta
sudo apt-get update
sudo apt-get install libdigidocpp-tools
3.10.0 beta release
Please note that this is an eID software beta version.
The software may not work properly and some faults may occur.
We appreciate your feedback to abi@id.ee.
Ubuntu packages available in PPA repository
sudo add-apt-repository ppa:ria-id/1412-beta
sudo apt-get update
sudo apt-get install libdigidocpp-tools