The IO::Socket::SSL Perl module, required by MyProxy, is now required by configure (Bug Bug 5861).

Renamed create-jnlp to launchGSCA.jnlp as .jnlp suffix is important on Mac (Bug Bug 6719).

Improved reading of errors from Myproxy server (Bug Bug 4917).

Use CGISession.pm instead of TokenGenerator.pm for creating token used by JWS client (resolved Bug 6802). This adds a requirement for CGI::Session.

New improved JWS java client (Bug 5847, 6718).

Added test/test-cred.sh.in for testing credentials downloaded from GS-CA

Added "C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware" to trustStore for go.teragrid.org

Beefed up logging in launchGSCA.jnlp and generateCred.cgi (Bugs 6770 and 6636).

Removed umask checking in JWS client (Bug 5298).

Do not assume we can predict the user's DN, instead parse it from returned certificate (Cyrpt::OpenSSL::X509 Perl module now required). Remove get*DN() methods from CA.pm and move to OpenSSLCA.pm. (Bug 6781 and 6774.)

Use certificate DN hash instead of user identity for filename when logging certificate in CertRegistry.pm (Bug 6778). Also include timestamp in filename so that all certificates (instead of last certificate per user) are recorded.

Do not destroy CSRF cookie in create-jnlp (Bug 6771).

Fix untainting for ePTID in CGIInterface.pm (Bug 6775).

NameMapper.pm now uses CGIInterface.pm for REMOTE_USER and HTTP_SHIB_IDENTITY_PROVIDER (Bug 6782).

create-jnlp now adds "attachment" tag to output for non-FireFox browsers, so that Camino works correctly (Bug 6719).

Minor bugs fixed: 6129

Hardened against CSRF attacks (see Bug 6610)

Added code to login.cgi to prevent clickjacking (see Bug 6649)

Changed from InQueue to InCommon in default authorizedIdps.conf file

Added ProtectNetwork (https://idp.protectnetwork.org/protectnetwork-idp) to default authorizedIdps.conf

Bug fixes: 5860, 6517, 6522, 6560

Added clean-pod2html.sh to remove xml header from html files generated by pod2html which cause problems on the Globus web site (Bug 5894)

Jar file now includes version number to help prevent caching issues (Bug 5878)

Removed offline-allowed elements from jnlp files to help prevent caching

Documentation fix: Added setting of IdP.entityID for GS-SAMLTools integration (Bug 5813)

Added new NCSA CA certificates (f2e89fe3.0 and 9b95bbf2.0) to certificates/ directory for inclusion in trustStore

'make clean' does not remove files that cannot be easily regenerated in distribution. (Bug 5350)

Use (modified) Java Cog source instead of class files. See org/globus/util/README

Split openssl configuration (replacing --with-openssl-path) options into --with-openssl and --with-openssl-prefix to allow for binaries to be separate from libraries and includes.

Fixed a number of minor issues with 'make test' and 'make test-dist'

Moved configuration source into conf/ subdirectory

Bug fix in CredentialRetriever.java: Util.setFilePermissions() does not take octal and passing it such causes underlying chmod call to silently fail. Fortunately since we are enforcing a umask setting there is no security hole.

Remove whitespace around configuration values (Bug 5798)

Made '--quiet' argument to GridShib-SAMLTools dependent on debug configuration option so that when debug is True better output is generated.

check-config.pl now dumps all configuration values.

When running GridShib SAMLTools, check for existence of JAVA_HOME and log a warning if it doesn't exist.

Updated to use GridShib SAML Tools 0.3.0 and invoke so that we get correctly formatted ASN.1 in the extension with the right OID.

Moved documentation to docbook

Fixed OpenSSL CA so that it issues V3 certificates instead of V1 (Bug (5254)

Added test in the form of 'make test' and 'make test-post-install'

Integrate GridShib SAML Tools to bind simple attribute assertion to EEC

Handle creating DN from mix of atttributes (Bug 4889)

Use "DC" components for relative DN (Bug 4887).

Added 'redirectURL' option to configure file so that JWS application can send browser to URL after successful credential download.

Added 'useBundledCAs' option to gridshib-ca.conf to allow turning off use of bundled CAs (using Java-provided default CAs instead).

Fallback to prompting user if CA that issued portal https certificate is unrecognized. (Bug 4875).

configure.ac: --with-gridshib-ca-conf-dir uses ${prefix} instead of static '/usr/local/'

Added documentation for adding CA to GridShibCA.jar

Fixed bug 4973 causing bad CA filenames.

Fixed bug 4877 typos in configure.

Added support for delegation of X509 credential to portal (disabled by default).

Run-time configuration of trusted Idps and portals added.

Cleaned up protocol between CredentialRetriever and GridShib-CA. Use HTTP status code instead of own internal status header.

CredentialRetriever now generating key pair on client side and sending PKCS#10 certificate request to generateCred.pl.

Now builds and installs own openssl-based ca (openssl-ca) that allows setting of DN by GridShib CA

Includes GridShibCA::MyProxyCA.pm, a pure perl MyProxy client to allow outsourcing of CA functionality to MyProxy.

Now uses a set of PERL modules to accomplish basic tasks, which can be configured using gridshib-ca.conf file.

Starting to use RFC 2253 format DNs internally.

CredentialRetreiver.java: Circumvent JWS installing its own SSLSocketFactory so that default SSLSocketFactory is used and our list of trusted CAs is honored.

Added debug support with debug and clientDebug parameters in configuration file.

Added support for requested lifetimes from user.

Added support for updating user's trusted certificates directory

Changelog started Oct 7, 2006