The XML Security Library 1.3.7 release includes the following changes:
- (xmlsec-core) Added XMLSEC_TRANSFORM_FLAGS_USER_SPECIFIED flag to the xmlSecTransform to differentiate transforms specified in the input XML file vs transforms automatically added by XMLSec library.
- (xmlsec-core) Added signature result verification to the examples to demonstrate the need to ensure the correct data is actually signed.
- (xmlsec-core) Disabled old crypto algorithms (MD5, RIPEMD160) and the old crypto engines (MSCrypto, GCrypt) by default (use "--with-legacy-features" option to reenable everything).
- (xmlsec-openssl) Fixed excess padding in ECDSA signature generation.
- (xmlsec-nss) Fixed certificates search in NSS DB.
- (xmlsec-openssl, xmlsec-gnutls, xmlsec-mscng) Added an option to skip timestamp checks for certificates and CLRs.
- (xmlsec-windows) Disabled old crypto algorithms (MD5, RIPEMD160), made "mscng" the default crypto engine on Windows, and added support for "legacy-features" flag for "configure.js".
- Several other small fixes (see more details).
Please test the release candidate (signature) and let me know if you see any issues!