github Cosmian/kms 5.20.0
on GitHub

8 hours ago

[5.20.0] - 2026-04-03

🚀 Features

Support Veeam Backup via KMIP 1.x Protocol

  • KmipUnexpectedTagException when Veeam Backup decodes a Get response for an asymmetric key: Cosmian KMS was embedding all object-metadata attributes (including Link, UniqueIdentifier, State, Name, etc.) inside the KeyValue structure of the returned key object. KMIP 1.x clients such as Veeam Backup do not expect these non-cryptographic attributes inside KeyValue and fail with Unexpected Tag 66, expected Attribute. Fixed by stripping all embedded KeyValue attributes for PublicKey and PrivateKey objects in KMIP 1.x Get responses (perform_response_tweaks in routes/kmip.rs). Cryptographic metadata (algorithm, length) is still exposed at the KeyBlock level.

📚 Documentation

  • Fix CLI authentication docs: correct wrong field names (ssl_client_pem_cert_path / ssl_client_pkcs12_pathtls_client_*), add dedicated bearer/access-token section, and link each TOML example to the corresponding test_data/configs/client/*.toml reference file in cli_documentation/docs/authentication.md (#895)
  • Reorganize storage integration docs: move vcenter.md, synology_dsm.md, veeam.md, openssh.md, pykmip.md, smime.md, user_defined_function_for_pyspark_databricks_in_python/, and disk_encryption/ from documentation/docs/integrations/ root into the dedicated documentation/docs/integrations/storage/ subfolder; update mkdocs.yml, README.md, documentation/docs/index.md, and CLAUDE.md accordingly (#874)
  • Align README.md with documentation/docs
  • Fix refactor and dead links (#898)

🐛 Bug Fixes

KMIP Socket Server

  • TLS session resumption failure with mTLS clients: the TCP socket server (cosmian_kms_server::socket_server) was missing a call to SSL_CTX_set_session_id_context. When client certificate verification (SSL_VERIFY_PEER) is enabled alongside the default TLS session cache, OpenSSL requires a session ID context to be set; without it any session-resumption attempt aborts with error:0A000115:SSL routines:ssl_get_prev_session:session id context uninitialized. Fixed by calling builder.set_session_id_context(b"cosmian_kms_socket") in create_openssl_acceptor before building the acceptor.

⚙️ Miscellaneous Tasks

  • Refactoring + deduplicate of the UI codebase (#737)
Check out latest releases or
releases around Cosmian/kms 5.20.0

Don't miss a new kms release

NewReleases is sending notifications on new releases.

Get notifications