Major changes from previous version:
Master site has moved to sourceforge
Licence has changed to a GPL-like licence
Minor changes from previous version:
12-21-1999 - 1.1 Fixed typo in bare-bones TCP list where 524 was supposed to be for 1524.
03-31-2000 - 1.1 Updated .conf to add ipf blocking rule. Thanks Graham Dunn
<gdunn@inscriber.com>
06-08-2000 - 1.1 Fixed an error in the state engine portion that could cause an increment error
under certain conditions. Thanks Peter M. Allan <peter.m.allan@hsbcgroup.com> for finding this.
6-21-2000 - 1.1 New Features added
- Added in feature to disable DNS host resolution by checking RESOLVE_HOST in
conf file.
- Added in feature to have external command run before or after blocking has
occurred as defined in KILL_RUN_CMD_FIRST option in conf file.
- Removed DoBlockTCP/UDP functions. Converted over to generic flag checker.
7-5-2000 - 1.1
- Added iptables support (thanks Scott Catterton <scatterton@valinux.com>)
- Added Makefile support for Irix
- Put in ports for common DDOS ports
9-8-2000 - 1.1 - Added in netmask support
9-9-2000 - 1.1 - Finally moved resolver functions to own area.
- Made CleanAndResolve to ensure DNS records returned are sanitized
correctly before being passed back.
3-23-2001 - 1.1 - Fixed a bug that showed up under Linux 2.4 Kernel that would cause accept
to loop. There was an error with how I used a count variable after trying to bind to ports.
If the port didn't bind the count for the openSockfd would still increment and this caused
the error to show up.
6-26-2001 - 1.1 - Added Mac OS X build support (Same as FreeBSD). Fixed bug for Advanced mode
to properly monitor 1024 ports (it only did first 1023 before). Thanks Guido.
05-23-2003 - 1.2 - Removed references to old psionic e-mail and changed license to
Common Public License.
I've also added a fix for a multi-line string constant for gcc3.
OpenSSL software. Otherwise, set it to /etc/ssl/certs, which is where a
lot of Linux distros store certs. The behaviour on NetBSD systems is
unchanged -- always set to /etc/openssl/certs. Fixes PR 24161.
If an optional "mykeyid" is given on the command line, use different
colors for lines to & from that node. The colors are:
green mutual trust, includes mykey
blue mutual trust, not mykey
orange someone trusts mykey (one way)
red mykey trusts someone (one way)
black one way trust, not mykey
which lists all the keys in your public key ring, along with all
their signatures, and converts it to a di-graph in "dot" language
form.
The graphviz package can turn the description into a graph you can
look at to see who has signed whose key, or how far it is from your
key to someone in Reykjavik, etc.
Kerberos implementation packages to decide whether to prefix certain
commands with a "k" to differentiate it from system tools with similar
names. KERBEROS_PREFIX_CMDS defaults to "no".
Version 1.0.4 (04/01/2004)
- Changed handshake behaviour to send the lowest TLS version
when an unsupported version was advertized. The current behaviour
is to send the maximum version we support.
- certtool no longer asks the password in unencrypted private
keys.
- The source is now compiled to use the reentrant libc functions.
in agc's last bulk build.
Changes since 0.11:
- ZServerSSL with client certificate-based authentication rides again.
- Created Makefile for Python 2.3.
- Modified LICENCE: changed my name to the generic "the author" in the
all-caps disclaimer paragraph.
- Allow to save RSA key pair in the clear.
- ZServerSSL for Zope 2.7.
- Excluded RC5. IDEA was taken out several releases ago. This should
allow M2Crypto to build with stock OpenSSL on various Linuxen.
- Added ssl_set_tmp_dh_callback.
- Added ssl_set_tmp_rsa and ssl_set_tmp_rsa_callback to support weak-cipher
browsers.
- ZServerSSL exports SSL_CIPHER request header (a la mod_ssl) to Zope applications.
- Perform distutils's SWIG .i search path tweaking within setup.py. setup.py
should now work "out of the box".
- Allow using a passphrase callback in class SMIME. Thanks to Artur Frysiak
<wiget@pld-linux.org> for the patch.
- Added method get0_signers to class PKCS7, which retrieves signers' certificates
from a PKCS7 blob. Thanks again to Artur Frysiak.
- Added contrib/smimeplus.py, a high-level S/MIME interface, contributed by Bernard
Yue <bernie@3captus.com>. Thanks Bernard.
- Alias 'emailAddress' to 'Email' in X509.X509_Name.nid to support recent OpenSSL
convention.
command line options. We need -I/usr/include/krb5 to build against
heimdal, so symlink the headers in /usr/include/krb5 into ${BUILDLINK_DIR}
so they can be found.
Heimdal is a free implementation of Kerberos 5.
Kerberos is a system for authenticating users and services on a network.
It is built upon the assumption that the network is "unsafe". Kerberos
is a trusted third-party service. That means that there is a third
party (the Kerberos server) that is trusted by all the entities on the
network (users and services, usually called "principals"). All
principals share a secret password (or key) with the Kerberos server and
this enables principals to verify that the messages from the Kerberos
server are authentic. Thus trusting the Kerberos server, users and
services can authenticate each other.
