1.0 Release

We've posted our 1.0 release of MatrixSSL. Thank you to all the beta testers who sent us feedback and suggestions. We're sure the requirements will continue to be enhanced as additional products use MatrixSSL, but thanks to the open source community, this has been a strong 1.0 release.

1.0 Feature Complete

We've reached feature complete for our 1.0 release. This means that 1.0 is just around the corner. Some of the features included are:

• Incorporate feedback from the beta community


• User extensible certificate validation


• Support for multiple client side root CA certificates


• Support for platforms without standard filesystems


• Comprehensive sockets examples and documentation

Pre 2.96 gcc Error

Update: Fixed in 1.0
A compiler error in the file pscrypto.h has been reported for pre gcc 2.96 compilers. The error is related to the handling of curly braces in C macros. As 2.96 is actually a misnomer for a development release of gcc 3.0, this explains the incompatibility with the preprocessor between such close release numbers. A fix is available upon request and will be included in the next release.

Beta2 R2

We've released an updated Beta 2 package to fix an issue with the example certificate file included with the initial release. This certificate contained extensions that were not readable by Netscape 7 or Mozilla. We have regenerated the certificates and included them in the latest source download, with an update to asn1.c. These certificates are only for testing purposes and should not be used in an actual release.

Certificate Validation Limitations

Update: Fixed in 1.0

Support for certificate validation is limited in the beta release. Certificates are validated either as self signed or as signed by a single parent root CA if specified in the matrixSslReadKeys() API.

The certificate contents are parsed but not currently accessible to the client application, so validation on expiration date or certificate name are not supported.

The next release of MatrixSSL will expose the parsed certificate through an API which will allow application level validation.

MatrixSSL 1.0 Beta 2

We have just released a second beta version of MatrixSSL for download. Final release is just around the corner, but we wanted to get our client side SSL implementation some beta time.

Release Notes:

• RC4-MD5 and RC4-SHA are now enabled by default.
• httpClient and httpReflector must be "Set As StartUp Project" project in their respective VisualStudio solutions in order to run automatically in the debugger in Windows.
• Certificate validation currently checks only that the certificate was signed by the root CA, and that other internals are consistent. User level checks of the distinguished name will be added in final release.

Change Log:

• Added client side SSL support
• Added X.509 certificate parsing and basic validation
• Added httpClient example
• Added several new APIs for client side SSL
• Enhanced client and reflector example with support for pipelined requests
• Fixed length check in record parsing that could lead to a comparison beyond memory boundaries.
• Fixed SSL record version check that could allow invalid record versions to be sent. As only SSLv3 was supported, this did not cause a security concern.
• Added workaround for bug in Microsoft Internet Explorer, where negotiated version is sent in the encrypted premaster secret, rather than the requested version as per specification.
• Minor updates to cryptography code suggested by Tom St. Denis.