2.5.0 Released / x509 Sandbox Certificates Exchanged

[boaks]

The 2.5.0 release comes with

Changes in DTLS:

• Asynchronous certificate verifier
• built-in CID load-balancer (beta)

Changes in CoAP:

• Introduce ClientObserveRelation

Changes in demo-apps:

• add "context" resouce to plugtest-server. Makes connection details of the server-side visible.

Changes in californium.tools:

• improved cf-browser, support for observe-notify

[boaks]

I postponed the 2.5.0 release for one week in order to add more test and some READMEs.

[sbernard31]

@boaks, I don't know if this should be in the scope of the 2.5.0 but :

1. we have some CertificateVerifier in Leshan which maybe could be integrated in cf. (see Certificate usage support client side (#912 with small modification) eclipse-leshan/leshan#923)
2. I suspect there is come code about certificate chain validation which should be in Leshan (see Certificate usage support client side (#912 with small modification) eclipse-leshan/leshan#923 (comment))

Let me know if you are interested by this. (If needed we can create dedicated issue to discuss about this)

[boaks]

If multiple CA-Certificates with common DN are "state of the art", the Californium requires some fixes/redesigns.

[boaks]

See PR #1442

[boaks]

The release is in the Eclipse Repos.

The artifacts are currently NOT on maven central, that has been postponed for short (infrastructure issue).
The releases of actinium and tools are also postponed for that reason.

[boaks]

The 2.5.0 is available on the sandbox coap://californium.eclipse.org
Please Note: the x509 demo certificates are renewed.

[boaks]

The releases of actinium 2.5.0 and tools 2.5.0 are available in the Eclipse Repos.

[boaks]

The 2.5.0 release is now also available on maven central.

[boaks]

Changelist:

db7635c 2020-11-09 Fix tcp/tls-tests with broken x509 chain and new keystore format.
0538d9f 2020-11-09 Add external eddsa provider to java system security.
ab97164 2020-11-10 Use root as common CA for libcoap tests.
2827a52 2020-11-09 Support multiple certificates for same DN.
b3e64a1 2020-11-09 Update certificates.
866e540 2020-11-12 Fix k8s install shell script of cf-extplugtest-server.
0ba0098 2020-11-10 Add more documentation for the dtls-cid-cluster implementation.
574c7c4 2020-11-10 Update READMEs.
17d2b67 2020-11-10 Add more javadoc to cluster connectors.
de9c93a 2020-10-29 Add dtls cluster configuration to cf-extplugtest-server.
fe1b636 2020-10-29 Add cf-cluster module.
d0d9282 2020-11-05 Add integration tests for cluster function.
18ec67a 2020-10-07 Add cluster connector.
cb09c7d 2020-10-27 Report outgoing alerts to handler as well.
d518d82 2020-11-04 Add ed25519-java by default, if build with java 11.
be282a3 2020-11-02 Benchmark client, increase stale timeout for dtls fail-over.
ea5f71f 2020-11-02 Adapt maven name of cf-bom to "Californium (Cf) BOM" compliant to other names.
5a50080 2020-10-31 Add detection for handshakes with itself.
dfafbb7 2020-11-01 Fix javadoc typos in cf-nat.
179fb2e 2020-11-01 Add ports to benchmark configuration.
f73a7ed 2020-10-28 Add reverse address update.
e2cc634 2020-10-29 #1420: Remove double-check locking in CoapClient
b507a47 2020-10-28 Add previous address to handshake error message.
26e0d00 2020-10-28 Update netty to 4.1.52.
a3c16ae 2020-10-27 Add --non to cli client configuration.
a2722eb 2020-10-27 Fix load-balancer destination timeout.
6ae2c87 2020-10-25 Add write cid and server version to context.
ff718a3 2020-10-23 Add createFlight to Handshaker.
2b001e6 2020-10-23 update readme file to include detail around network interface selection
8a404a6 2020-10-20 Change xml element name to context.
632decc 2020-10-18 Introduce ClientObserveRelation.
c5f145a 2020-10-17 Add link to Logs and IP Capturing wiki page for new issues.
3f44de5 2020-10-16 Add CID to endpoint context.
50ee690 2020-10-15 Add USE_TCP, USE_UDP, USE_PLAIN, and USE_SECURE to imported variables.
fa18f3c 2020-10-13 Prevent last destination from expiring.
d8dd3c4 2020-10-10 Fix defaults for receive client.
a848e34 2020-10-07 Update picocli to 4.5.1.
c47406b 2020-10-07 Add nat clear n.
6152165 2020-10-07 Exclude com.google.code.findbugs from indirect dependencies.
ab6148a 2020-10-04 Fix javadoc typos.
b984031 2020-10-04 Fix shebang in shell scripts.
e7e4284 2020-09-30 Adjust thread group name for AsyncNewAdvancedCertificateVerifier.
24f84d5 2020-09-28 Fix NioNatUtil message-reorderer.
b0a4bd8 2020-08-27 Merge LoadBalancer function into NAT.
3b4f382 2020-08-27 Add counter for wrong message routes.
884e2fc 2020-09-25 Slim cleanup for SslContextUtil.getInputStreamFromUri.
6888536 2020-09-24 Fix logger name.
0ff7603 2020-09-23 Fix javadoc typos.
bad8ead 2020-09-23 Update javadoc for (client) session cache.
ca7d891 2020-09-22 Add unit test for trusting the node's certificate or intermediate certificates.
e645327 2020-09-21 fix oscore dependency : californium-proxy2 should be test scope.
2ffa7e2 2020-09-17 Add preselected cipher suites to dtls configuration.
df349f7 2020-09-18 Make signatureEncoded field final in EcdhEcdsaServerKeyExchange.
5042e79 2020-09-18 Use CertPathValidator.getDefaultType() for CertPathValidator.
18a6de6 2020-09-17 Adapt trust of node's certificate.
219cc3b 2020-09-18 Add alert description to handshake exception.
7a2696e 2020-09-18 Move signature map to ThreadLocalSignature.
af2edf6 2020-09-18 Move KEY_FACTORIES map to ThreadLocalKeyFactory.
1ec3f63 2020-09-18 Re-encode EdDSA private keys on loading instead of using.
52ab36b 2020-09-17 Change some fields in handshaker to final.
ca0a81e 2020-09-17 Fix race condition for benchmark startup with RPK.
a23b684 2020-09-17 Update benchmark.sh to 2.5.0-SNAPSHOT.
1dfed9c 2020-09-02 Add new advanced certificate verifier.
3771242 2020-09-10 Update to 2.4.1.
1fbefe7 2020-09-04 Fix typos in javadoc.
3178d25 2020-09-02 Add NullPointerException to javadoc.
ec34493 2020-09-02 Fix typos.
62e8771 2020-09-01 Disable netstat logger for windows.
7c02f76 2020-09-01 Fix cookie generator.
bcb7937 2020-08-31 Adapt benchmark.
113cb16 2020-08-28 Add simplified support for hono request and PSK credentials.
b4c67aa 2020-08-26 Support protocol version 1.0 for dtls-firewall-rules.
5f30714 2020-08-24 Use version 1.0 for hello verify requests.
834f09f 2020-08-30 Cleanup advanced handshake tests.
4e8ad21 2020-08-30 Add more logging in dtls for dropped messages.
b36a818 2020-08-30 Add finish message to test name logger rule.
923def4 2020-08-28 Fix assembly files.
b683e67 2020-08-27 Add "work in progress" annotation to mark new APIs.

[boaks]

The 2.5.0 unfortunately comes with an unintended API break (see issue #1451):

Using DtlsConnectorConfig.Builder it is not longer possible to use
setRpkTrustStore and setCertificateVerifier at the same time.
The intention is to use StaticNewAdvancedCertificateVerifier or a custom implementation of the NewAdvancedCertificateVerifier. Temporary also the BridgeCertificateVerifier will help.