This file summarizes what's changed between releases of Mail-DKIM. 1.20200907 2020-09-07 UTC * ARC::Signer: Preserve leading fold from AR (if any) when copying to AAR. Thanks to @dev-aaront-org 1.20200824 2020-08-24 UTC * ARC::Signer: Set cv=none if message contains no ARC headers and no ARC result Thanks to @dev-aaront-org 1.20200724 2020-07-24 UTC * Fix test for change in live dns response 1.20200708 2020-07-08 UTC * Safer internal use of eval 1.20200513.1 2020-05-13 UTC * ARC: When sealing, don't die on an unparsable Authentication-Results header. 0.58 2019-11-13: Marc Bradshaw Thanks to Martin Sluka * Prevent outer $SIG{__DIE__} handlers from being called Thanks to Todd Richmond * Lowercase q tag before use * Lowercase domain check * Strip quotes from PublicKey.pm in addition to other whitespace chars * Fix regex performance issue 0.57 2019-10-08: Marc Bradshaw * Correct the $self->{result_reason} variable name for $self->{details} that is used by the parent class in Mail::DKIM::ARC::Signer 0.56 2019-08-21: Marc Bradshaw * Properly verify the domain, not the instance, of an ARC signature. This allows ARC signatures by keys marked as no subdomains to validate correctly. 0.55 2019-04-12: Marc Bradshaw * The authserv-id of an Authentication-Results header can contain CFWS, Use Mail::AuthenticationResults to parse the authserv-id from this field. * Improve parsing of authserv-id in ARC signer 0.54 2018-10-12: Marc Bradshaw * The T tag on arcseal is not required 0.53 2018-05-27: Marc Bradshaw * Make tests less dependent on local resolver setup * Add thanks to Valimail 0.52 2018-01-12: Marc Bradshaw * Internet connection tests were declared in the wrong order 0.51 2018-01-12: Marc Bradshaw * Fix for older versions of perl * Tests no longer fail with no internet connection 0.50 2017-12-16: Marc Bradshaw * Added Strict mode to DKIM verifier * Code formatting fixes 2017-12-14: John Levine * Make ARC code work a lot better * Add new arcsign.pl and arcverify.pl scripts * ARC code passing all tests and production ready. * Added strict mode to DKIM to reject sha1 and key sizes smaller than 1024 bit. 0.44 2017-10-19: Marc Bradshaw * Added experimental support for ARC 0.43 2017-09-20: Marc Bradshaw * Update tests for new DNS setup 0.42 2017-07-29: Marc Bradshaw * Fix tests failing due to dns changes elsewhere * Moved sample_mime_lite.pl to scripts directory 0.41 2017-04-14: Marc Bradshaw * commit aac893fdbaa7f8ccd5d37fa7f20d1785406cda51 Author: Marc Bradshaw Date: Fri Mar 17 14:53:53 2017 +1100 Avoid use of $_ in read loop RT 106485: Mail::DKIM::PrivateKey->load tampering $_ and * commit 06934f259e392b2a3cf94560e6051d9e522d0bf3 Author: Marc Bradshaw Date: Fri Mar 17 14:44:44 2017 +1100 Ensure PrivateKey file is closed properly. Store PrivateKey file handle in lexical variable and close it once we are done. RT 120638: Mail::DKIM::PrivateKey does not close FILE * commit 9e7c1c4cb78a6cb1cf396ece4379c7ed2c44c974 Author: Marc Bradshaw Date: Fri Feb 27 12:08:11 2015 +1100 Allow greater control over signed headers * commit 8291c034dc7db4394e9df80e70b8cbe8428a38c2 Author: Marc Bradshaw Date: Fri Jan 23 09:54:02 2015 +1100 Allow greater control over which headers are signed by Signer 2013-02-07: Jason Long * lib/Mail/DKIM/Verifier.pm (add_signature): call fetch_public_key() iff the signature passes a validity check; (finish_header): set result to 'invalid' if signature does not have a result * lib/Mail/DKIM/Signature.pm (check_protocol): now returns a list of supported protocols, or an empty list if no supported protocols found. 2013-02-06: Jason Long * t/corpus/good_83176.txt: add new email to test suite; this email contains a signature with a LIST of query methods, one of which is good, but the rest should be quietly ignored. This test currently fails. * lib/Mail/DKIM/Signature.pm (check_protocol): support multiple methods being specified in signatures q= tag. We look for dns/txt to occur anywhere in the field; all other values are ignored. * Fix to better comply with DKIM specification: * DKIM signatures with multiple methods specified in q= tag are now accepted. Such signatures are not known to appear in real life. (rt.cpan.org issue #83176) * Allow greater control over which headers are signed by Signer * Added the extended_headers() method to allow headers to be oversigned, or skipped. * bugfixes: * PrivateKey file is now closed correctly after being read. * Use lexical rather than named file handle 0.40 2013-02-06: Jason Long * lib/Mail/DKIM/DNS.pm: revert change that enabled EDNS0 by default; provide enable_EDNS0() subroutine for enabling EDNS0 * scripts/dkimverify.pl: sample verification script updated to enable EDNS0 before performing the verification 2013-02-06: Jason Long * lib/Mail/DKIM/DNS.pm: set udppacketsize to 1240, which is small enough that packet fragmentation will not normally occur; use DNS txtdata() method on versions of Net::DNS that support it. (This patch contributed by Mark Martinec.) 2013-02-04: Jason Long * lib/Mail/DKIM/DNS.pm: set default udppacketsize to 2048, which seems to be the suggested value to use in the Net::DNS documentation. 2013-02-04: Jason Long * lib/Mail/DKIM/Verifier.pm: avoid an 'uninitialized value' warning when signature being verified is missing a d= tag; accept a selector name of '0' rather than treating it as if the s= tag was missing * lib/Mail/DKIM/PublicKey.pm: sanity check selector/domain before attempting a DNS query (this fixes another 'uninitialized value' warning) * lib/Mail/DKIM/Signature.pm: avoid an 'uninitialized value' warning when calling identity() and d= tag is missing 2013-02-04: Jason Long * lib/Mail/DKIM/DNS.pm: construct a default RESOLVER that sets udppacketsize to 1280. This enables EDNS0 (extension mechanism for DNS), allowing Mail::DKIM to handle larger keys. 2012-11-28: Jason Long * lib/Mail/DKIM/DNS.pm: replace use of query() with send(), since it is never appropriate to append the default domain, and using send() paves the way to using bgsend() in the future for async dns. Contributed by Mark Martinec. * lib/Mail/DKIM/DNS.pm: add global variable $RESOLVER which the user can override if they want to specify options to Net::DNS. 2012-11-28: Jason Long * lib/Mail/DKIM/MessageParser.pm: rewrite of line parsing logic to avoid unnecessary copying of the internal buffer. This replaces use of $self->{buf} with ${ $self->{buf_ref} } in many places. Patch contributed by Mark Martinec. 2012-11-28: Jason Long * lib/Mail/DKIM/Signer.pm: throw proper error message if an invalid algorithm is requested * lib/Mail/DKIM/PublicKey.pm: further refinement to fix Perl warning about use of uninitialized value 2011-04-21: Jason Long * lib/Mail/DKIM/PublicKey.pm: fix a Perl warning about use of an uninitialized value (reported by hsk@fli-leibniz.de) released 2013-02-07 * New/changed functionality: * a single DNS resolver is created for the lifetime of the program, rather than reinitializing the resolver for each new query. * bugfixes: * fix the error message given when an invalid algorithm is specified in the construction of Mail::DKIM::Signer. * avoid Perl warning about use of an undefined value in several places (rt.cpan.org issue #82913). * speed- improved performance of parsing the message into lines (rt.cpan.org issue #77902). Patch by Mark Martinec. * fix DNS queries to use the correct method (txtdata) of Net::DNS (rt.cpan.org issue #83170). Patch by Mark Martinec. * API changes: * global subroutines resolver() or enable_EDNS0() in module Mail::DKIM::DNS can be called to specify non-default options to Net::DNS::Resolver (see also rt.cpan.org issue #80425). 0.39 2010-11-14: Jason Long * lib/Mail/DKIM/Signer.pm: fix an unusual error message given when no Key argument has been specified and it is time to load the key 2010-06-11: Jason Long * t/signer_dk.t: create regression tests for DomainKeys signature generation 2010-06-11: Jason Long * lib/Mail/DKIM/Verifier.pm, Signer.pm, Algorithm/Base.pm (finish_header): provide reference to entire list of headers at completion of header, so that canonicalizers do not need to store their own copy of the header * lib/Mail/DKIM/Canonicalization/DkimCommon.pm: do not store header as parsed, rather only canonicalize header within finish_header() * lib/Mail/DKIM/Canonicalization/DkCommon.pm: do not store header as parsed, rather only canonicalize header within finish_header() * lib/Mail/DKIM/Canonicalization/Base.pm (finish_header): change API * t/simple_canonicalization.t: update for the API change of Canonicalization/Base.pm 2010-06-03: Jason Long * lib/Mail/DKIM/Verifier.pm: prevent abuse- if a message has more than 50 signatures headers, we start ignoring them (it's unreasonable for a message to have more than a very few signature headers). 2010-04-08: Jason Long * t/verifier.t: wrote some tests for DomainKey signatures with empty, missing, or invalid q= tag values * lib/Mail/DKIM/Verifier.pm: move use of check_signature_identity() out of finish_header() and into check_and_verify_signature(); this fixes an issue with getting wrong error codes when q= tag is broken. released 2010-11-14 * bugfixes: * fix issue with getting wrong error codes when q= tag is empty (issue #3011005) * anti-abuse- prevent a message with thousands of signatures from thrashing the whole computer (issue #3010997) * memory usage- significantly reduced memory footprint for processing a message with a large header and many signatures * fix error message given when no KeyFile has been specified (issue #1889690) * API changes: * the Canonicalization::finish_header() method now expects a argument to be passed to it. In the unusual case that you are using this method from your own code, please update your code. 0.38 2010-03-31: Jason Long * lib/Mail/DKIM/DkSignature.pm, Signature.pm: avoid calling lc() on an undefined value (this generates warnings in Perl 5.12.x). Patch contributed by Mark Martinec. 2010-03-01: Jason Long * lib/Mail/DKIM/PrivateKey.pm (load): fix bug where a private key file named '0' could not be loaded 2010-03-01: Jason Long * lib/Mail/DKIM/DkSignature.pm (new): accept Key parameter when constructing a DomainKey signature object 2010-02-27: Jason Long * t/external_signer.t: test use of an alternate object for Key during a "sign" operation 2010-02-24: Jason Long * lib/Mail/DKIM/Signer.pm: document use of an alternate object for PrivateKey objects 2010-02-24: Jason Long * lib/Mail/DKIM/Signer.pm: import PrivateKey.pm in this module, rather than in the Algorithm modules 2010-02-24: Jason Long * lib/Mail/DKIM/PrivateKey.pm: document the sign_digest() method * lib/Mail/DKIM/Algorithm/*: use sign_digest() rather than sign_sha1_digest() 2010-01-23: Jason Long * t/public_key.t: test that DNS failure reason is given, when DNS returns no results * lib/Mail/DKIM/DNS.pm: bugfix (introduced by async_dns branch): preserve $@ in case of no error 2010-01-23: Jason Long * lib/Mail/DKIM/{DNS,Signature,PublicKey,Policy}.pm: merged my "async dns" branch --BEGIN "ASYNC DNS" branch 2009-07-10: Jason Long * lib/Mail/DKIM/Policy.pm: new fetch_async method, seems to work 2009-07-10: Jason Long * lib/Mail/DKIM/Signature.pm: new fetch_public_key method, which starts an asynchronous query for the public key referenced by this signature; redesign get_public_key to know how to complete the query 2009-07-10: Jason Long * lib/Mail/DKIM/PublicKey.pm: new fetch_async method: starts a query and returns a subref that when called will complete the query 2009-07-10: Jason Long * lib/Mail/DKIM/DNS.pm: new query_async method: starts a query and returns a subref that when called will complete the query --END "ASYNC DNS" branch 2009-12-14: Jason Long * MANIFEST: include sample_mime_lite.pl script in tarball 2009-09-08: Jason Long * lib/Mail/DKIM/DNS.pm: restart timer after a DNS lookup; based on a patch contributed by Mark Martinec released 2010-03-31 * New/changed functionality: * DNS lookups can now be started asynchronously; the queries are created as the header is parsed; the results are not actually needed until the entire message has been read. (The Mail::DKIM module does not yet do the queries asynchrously; this is just the infrastructure so that the queries can be asynchronous in the future.) * bugfixes: * DNS lookup overrides alarm() signal (issue #2854325) * documentation updates: * document use of custom PrivateKey object, for external signing * describe how to get "pretty signatures" in Signer.pm 0.37 2009-09-02: Jason Long * t/adsp.t: a test script for checking AuthorDomainPolicy.pm * lib/Mail/DKIM/AuthorDomainPolicy.pm: use d= tag not i= tag when checking for first-party signatures; fix for testing() method not found error; fix for "all" and "discardable" not doing the right thing 2009-08-14: Jason Long * sample_mime_lite.pl: a sample script showing how to use Mail::DKIM with MIME::Lite 2009-07-10: Jason Long * lib/Mail/DKIM/Policy.pm: revert ability for subclasses to override behavior of no-results DNS query * lib/Mail/DKIM/AuthorDomainPolicy.pm: if ADSP record is not found, check whether the domain itself exists * t/policy.t: add a test for the ADSP record causing a DNS error but the domain itself still existing 2009-07-10: Jason Long * t/public_key.t: refine the testing for DNS timeouts and SERVFAIL errors * t/policy.t: add some tests for DNS failures during policy queries * lib/Mail/DKIM/AuthorDomainPolicy.pm: more explicit documentation describing how DNS errors (and NXDOMAIN results) are handled 2009-07-09: Jason Long * lib/Mail/DKIM/Policy.pm: allow subclasses to override behavior when DNS query returns no records * lib/Mail/DKIM/AuthorDomainPolicy.pm: when DNS query returns no records, check the domain itself and possibly die. 2009-07-09: Jason Long * lib/Mail/DKIM/Verifier.pm: wasn't using the right API to get the ADSP policy 2009-07-09: Jason Long * lib/Mail/DKIM/AuthorDomainPolicy.pm, DkimPolicy.pm: changed the format of how methods are documented 2009-07-07: Jason Long * lib/Mail/DKIM/AuthorDomainPolicy.pm, DkimPolicy.pm: add a description of the class to the documentation 2009-06-09: Jason Long * scripts/dkimsign.pl: fix typo in the debugging output 2009-06-09: Jason Long * t/signer.t: test case for bug 2803465: space between header field name and colon cause signature to skip that header * lib/Mail/DKIM/Common.pm (add_header): fix regexp so that a space between the header field name and the colon is not treated as part of the header field name (issue #2803465) 2009-06-02: Jason Long * t/policy.t: test for the as_string() method released 2009-09-08 * New/changed functionality: * ADSP records now check whether the domain itself exists, in accordance to the ADSP specification * bugfixes: * fixed regexp used to detect header field names (issue #2803465) * various fixes to ADSP checking 0.36 2009-06-02: Jason Long * lib/Mail/DKIM/Policy.pm (as_string): restore this method which was accidentally removed in 0.34. released 2009-06-02 * API changes: * restore the as_string() method which was accidentally removed in version 0.34 0.35 2009-05-22: Jason Long * t/signer.t: add a test-case of a message with 10000's of blank lines; this seems to DoS the canonicalization routines * lib/Mail/DKIM/Canonicalization/{simple,relaxed,dk_simple}.pm: fix for bug reported on amavis-user list, patch provided by Mark Martinec. Thanks! released 2009-05-22 * bugfixes: * fixed a runaway regular expression in the canonicalization routines (patch provided by Mark Martinec) 0.34 2009-05-20: Jason Long * lib/Mail/DKIM.pm: rewrite the description section of the Mail::DKIM man page * lib/Mail/DKIM/Verifier.pm: document fetch_author_domain_policies() * Makefile.PL: release 0.34 2009-05-18: Jason Long * t/signer.t: add a test-case of a message without a header * lib/Mail/DKIM/Common.pm (init): initialize variables used by methods in this class; fixes RT.CPAN.ORG bug #46179 2009-04-04: Jason Long * lib/Mail/DKIM/Verifier.pm (fetch_author_domain_policies): new method for fetching ADSP records for a particular message 2009-04-03: Jason Long * lib/Mail/DKIM/DkPolicy.pm: moved the DomainKeys-specific policy stuff from Policy.pm to here * t/policy.t: change tests to use DkPolicy instead of Policy * lib/Mail/DKIM/Verifier.pm (fetch_sender_policy): use DkPolicy class instead of Policy class 2009-04-03: Jason Long * lib/Mail/DKIM/AuthorDomainPolicy.pm: first draft of ADSP support 2009-04-03: Jason Long * lib/Mail/DKIM/Verifier.pm: rename fetch_policies() to policies() * scripts/dkimverify.pl: replace use of fetch_policies() with policies() 2009-03-30: Jason Long * lib/Mail/DKIM/Verifier.pm: document a "temperror" result, which I will soon provide support for 2009-03-30: Jason Long * t/verifier.t: add support for testing DNS failures; add tests for detail messages of public key errors * t/verifier.t: add some tests of DNS failures 2009-03-30: Jason Long * lib/Mail/DKIM/Signature.pm (get_public_key): remember errors and always report them the same way 2009-03-30: Jason Long * lib/Mail/DKIM/Policy.pm, DkPolicy.pm: new method "name" to give a short name of the policy * scripts/dkimverify.pl: use the new fetch_policies() api to list the results of applicable policies 2009-03-24: Jason Long * lib/Mail/DKIM/Verifier.pm (fetch_policies): new method for fetching all applicable policies, and is guaranteed not to "die". 2009-03-24: Jason Long * lib/Mail/DKIM/DNS.pm: use a global variable to specify what Timeout to use * lib/Mail/DKIM/DNS.pm: detect DNS resolver errors and report them * t/public_key.t: test various DNS failures 2009-03-10: Jason Long * t/simple_canonicalization.t: fix simple-canonicalization test, which broke when I removed support for prestandardized DKIM signatures 2009-03-10: Jason Long * lib/Mail/DKIM/Algorithm/*, lib/Mail/DKIM/Canonicalization/*, lib/Mail/DKIM/Signature.pm, t/verifier.t: remove support and tests for the prestandardized DKIM signatures (issue #1871948) * Makefile.PL: bump version released 2009-05-20 * New/changed functionality: * support for ADSP (author-domain-signing-practices) records * removed support for pre-standardized DKIM signatures (i.e. these are DKIM signatures without a v= or bh= tag). * DNS resolver errors are detected and reported as such * API changes: * renamed Mail::DKIM::Policy to Mail::DKIM::DkPolicy. Programs using the former name to create policy objects directly (though it would be more expected to fetch the objects through Mail::DKIM::Verifier) should update their code * new policies() method in Mail::DKIM::Verifier for fetching all applicable sender/author signing policies * bugfixes: * Signer object would die if first line of input wasn't a header (rt.cpan.org issue #46179) 0.33 2009-03-10: Jason Long * Makefile.PL: release "0.33" 2008-11-19: Jason Long * lib/Mail/DKIM/Signature.pm, DkSignature.pm (DEFAULT_PREFIX): new method which determines what prefix to use in as_string, prettify, etc. * lib/Mail/DKIM/KeyValueList.pm (wrap): when splitting the h= field, only allow breaks prior to ':' symbols 2008-11-19: Jason Long * t/signature.t: further checks for prettify signatures (found a case where the new code caused a regression) * lib/Mail/DKIM/TextWrap.pm (flush): remember to update cur position when flushing text; use a "may_break" internal variable to know whether a linebreak is acceptable; other fixes * t/textwrap.t: another test case illustrating failure in TextWrap.pm * lib/Mail/DKIM/KeyValueList.pm (wrap): call flush() right after the ';' character; this is a further fix for #2257046. 2008-11-10: Jason Long * lib/Mail/DKIM/TextWrap.pm (flush): new method to explicitly allow a break at the current point in the string * lib/Mail/DKIM/KeyValueList.pm (wrap): call flush() whenever changing TextWrap parameters (this should complete the fix for #2257046) 2008-11-06: Jason Long * t/signature.t: test Mark Martinec's bad-signature-wrapping bug 2008-11-06: Jason Long * t/verifier.t: use a "fake" dns implementation, so that this test will pass no matter the user's state of dns 2008-11-06: Jason Long * lib/Mail/DKIM/DNS.pm (query): changed API so that it now returns a list of Net::DNS::RR objects, rather than a Net::DNS::Packet object. * lib/Mail/DKIM/Policy.pm: update for the change to the DNS.pm api. * lib/Mail/DKIM/PublicKey.pm: update for the change to the DNS.pm api. 2008-11-06: Jason Long * lib/Mail/DKIM/Signature.pm (encode_qp, decode_qp): suppress a warning about an uninitialized value * lib/Mail/DKIM/Common.pm (message_originator, message_sender): if a From/Sender line is present, but blank, still return a valid object (issue #2126559) * t/public_key.t: new test to check for DNS problems released 2009-03-10 * bugfixes: * signature wrapping would sometimes cause improper preparation of DKIM signatures, with "simple" canonicalization (issue #2257046) * test scripts: * the included corpus is now verified using a fake-DNS resolver, which means the test corpus can validate even when your DNS servers are really slow 0.32 2008-05-09: Jason Long * lib/Mail/DKIM/Algorithm/dk_rsa_sha1.pm: when populating a DomainKey signature's identity, record where the identity came from * lib/Mail/DKIM/DkSignature.pm (identity_source): make the source of the identity (i.e. sender header or from header) available as a method 2008-05-09: Jason Long * lib/Mail/DKIM/Signature.pm (identity): do quoted-printable encoding/ decoding for the i= tag (issue #1839015) * t/corpus/good_qp_1.txt, good_qp_2.txt, good_qp_3.txt: three test files for identities using quoted-printable encoding 2008-04-14: Jason Long * lib/Mail/DKIM/Signature.pm: documentation for get_tag() 2008-04-14: Jason Long * lib/Mail/DKIM/PublicKey.pm (check_granularity): do case-sensitive comparison (issue #1938112) 2008-04-14: Jason Long * t/corpus/badkey_12.txt: fix g= case-sensitivity test so it won't give false positives on dkim-milter * t/corpus/badkey_13.txt: test that the verifier checks granularity against i= tag, not the From header 2008-04-14: Jason Long * lib/Mail/DKIM/Algorithm/dk_rsa_sha1.pm, rsa_sha1.pm: replace use of Digest::SHA1 with equivalent Digest::SHA * Makefile.PL: remove requirement for Digest::SHA1 2008-04-14: Jason Long * Makefile.PL: bump version released 2008-06-03 * removed requirement for Digest::SHA1 (issue #1832549). We now use the more capable Digest::SHA module for SHA-1 and SHA-256. * bugfixes: * granularity checking should be case-sensitive (issue #1938112). * identity tag now uses quoted-printable encoding (issue #1839015). * API improvement: * implemented identity_source() for DkSignature objects 0.31 2008-04-08: Jason Long * lib/Mail/DKIM/PrivateKey.pm: allow Cork argument to new() (#1879209) 2008-04-07: Jason Long * lib/Mail/DKIM/DkimPolicy.pm: fix "use of uninitialized value in string" errors * lib/Mail/DKIM/Signature.pm: provide public API to public-key object of signatures, e.g. so its flags can be accessed (issue #1879215); also, if an error occurs fetching the public-key record, the failure is cached so it won't get tried again * lib/Mail/DKIM/Signer.pm: document how to create a DomainKey-Signature 2008-02-20: Jason Long * lib/Mail/DKIM/TextWrap.pm: implement BreakBefore option; provided a bunch of documentation for this module * t/textwrap.t: tests new functionality of TextWrap * lib/Mail/DKIM/KeyValueList.pm: colon-separated lists are now "wrapped" with colons appearing at the beginning of the next line instead of at the end of the current line (hoping this will fix #1868648) 2008-02-06: Jason Long * lib/Mail/DKIM/Signature.pm: conserve space by omitting "c=simple" and "q=dns/txt" (#1878518) 2008-02-06: Jason Long * lib/Mail/DKIM/Canonicalization/DkCommon.pm, DkimCommon.pm: bugfix for issue #1878954 (undef value used as an ARRAY ref) * lib/Mail/DKIM/Canonicalization/DkCommon.pm: some cleanup, possible bugfix for verifying message with two+ DomainKey signatures * lib/Mail/DKIM/Verifier.pm: allow caller of fetch_author_policy() to specify domain (#1879197) * lib/Mail/DKIM/PrivateKey.pm: cleanup- indentation style; throw error on load() if missing argument 2008-01-24: Jason Long * lib/Mail/DKIM/DkimPolicy.pm, Policy.pm, PublicKey.pm, Verifier.pm: fix parsing regexes used to split email address into localpart and domain (issue #1878994) 2008-01-10: Jason Long * Makefile.PL: bump version * lib/Mail/DKIM/Signature.pm: make sure all public key problems are prefixed with "public key:" (most were already, see below for actual changes) * lib/Mail/DKIM/PublicKey.pm: since Signature.pm is providing the "public key:" prefix, it can be omitted in PublicKey.pm error messages * lib/Mail/DKIM/Verifier: the following result_detail messages have changed: "no public key available" => "public key: not available" "key value list syntax error" => "syntax error" or "public key: syntax error" * t/verifier.t: test that "public key" is mentioned released 2008-04-14 * some error detail messages were changed (see ChangeLog, 2008-01-10 entry) * by default, and when possible, DKIM signatures now omit c= and q= tags (they are optional tags) (issue #1878518) * DKIM and DomainKey signatures are now wrapped so that line breaks occur before colon (':') separators instead of after; this avoids confusing some broken MUAs (issue #1868648) * bugfixes: * "undef value" error when DKIM signature appears at end of header (issue #1878954) * use proper regexp for splitting email address (issue #1878994) * API improvements: * can specify a domain for fetch_author_policy() (issue #1879197) * can access a signature's public-key object (issue #1879215) * can specify an OpenSSL-private-key object for PrivateKey->new() (issue #1879209) 0.30.1 2008-01-24: Jason Long * lib/Mail/DKIM/Algorithm/*: implement wants_pre_signature_headers() for each algorithm * lib/Mail/DKIM/Verifier.pm: if the algorithm "wants_pre_signature_headers", then feed headers found prior to the signature to the signature-specific algorithm doing the verification. This fixes an issue where signatures from cisco.com fail to verify (reported by Mark Martinec). released 2008-01-24 * bugfix: * email from cisco.com was failing to verify (issue #1878523) 0.30 2007-12-10: Jason Long * lib/Mail/DKIM/Verifier.pm (is_subdomain): do case-insensitive comparison * t/corpus/good_dk_7.txt: tests DK signature with domain names that differ only in case * t/corpus/good_rfc4871_4.txt: tests DKIM signature with i= and d= contain domain names differing in case * t/corpus/badkey_12.txt: tests public key where i=JLong, g=jl*ng 2007-12-07: Jason Long * t/verifier.t: three new DK tests * t/corpus/good_dk_6.txt: tests DK signature without h= tag * t/corpus/bad_dk_2.txt: tests DK signature w/o h= tag, Sender has been added * t/corpus/dk_multiple_1.txt: tests two DK signatures (with different domains) in a single message... both should pass * Makefile.PL: version bump 2007-12-07: Jason Long * lib/Mail/DKIM/Verifier.pm, lib/Mail/DKIM/Algorithm/dk_rsa_sha1.pm, lib/Mail/DKIM/Canonicalization/DkCommon.pm: domainkeys: determine identity from algorithm object. Currently the DomainKeys identity is determined by the Verifier. It is theoretically possible for two different DomainKeys signatures on the same message to have different identities. (This happens when one DomainKey signature includes a Sender header, and the other one does not.) This patch moves the determination of identity to the algorithm object. 2007-12-07: Jason Long * lib/Mail/DKIM/Verifier.pm, lib/Mail/DKIM/Common.pm: initialize signatures early. This patch makes Mail::DKIM::Verifier initialize and check the signature object as soon as it is parsed, and subsequent headers are fed into the algorithm as they are read, instead of waiting for the end of header. * lib/Mail/DKIM/Verifier.pm: fix DK identity. The previous patch broke identity-checking for DomainKeys signatures. This patch moves some things around so that identity checking still works. 2007-12-07: Jason Long * lib/Mail/DKIM/Verifier.pm (add_signature): changed to take a signature object, instead of an unparsed header line 2007-11-21: Jason Long * t/corpus/bad_dk_2.txt renamed to dk_headers_2.txt: revert this rename from earlier... the message should "pass" after all (the Sender header was not part of the signature) 2007-11-21: Jason Long * lib/Mail/DKIM/Signer.pm: provide documentation for Key parameter * lib/Mail/DKIM/PrivateKey.pm: created documentation for this package * lib/Mail/DKIM/Signature.pm: implement Key parameter for constructor, and key() method to get/set the private key 2007-11-14: Jason Long * lib/Mail/DKIM/Verifier.pm: for DomainKeys signatures, use the message sender as the identity * lib/Mail/DKIM/DkSignature.pm: allow verifier to supply the signing identity * lib/Mail/DKIM/Verifier.pm, PublicKey.pm: hack for allowing DomainKeys signatures to use public keys with empty g= tags 2007-11-14: Jason Long * lib/Mail/DKIM/Verifier.pm, Signer.pm: update documentation for message_sender() and message_originator() methods, which are now guaranteed to return an object * lib/Mail/DKIM/Common.pm (message_sender, message_originator): always return a Mail::Address object, even if the relevant headers were not found * t/corpus/dk_headers_2.txt renamed to bad_dk_2.txt: it turns out this message should've been failing all along, since the Sender header doesn't match the domain of the signature * lib/Mail/DKIM/Verifier.pm: slight change to the "unsupported version" detail message (don't want nested parenthesis) 2007-11-14: Jason Long * t/corpus/goodkey_4.txt: tests signature with i=a@b, public key implied g= * lib/Mail/DKIM/PublicKey.pm (check_granularity): fixed broken ends-with check, reported by Mark Martinec * t/corpus/good_dk_3.txt, good_dk_4.txt, good_dk_5.txt: these files test DomainKeys signatures with g= values in the public keys * t/corpus/bad_dk_1.txt: this one should fail, since the signature domain does not match the From/Sender header * scripts/dkimsign.pl: added option to override signature's d= tag * t/corpus/badkey_11.txt: tests a valid, but unmatched h= in public key 2007-11-08: Jason Long * lib/Mail/DKIM/Canonicalization/relaxed.pm, lib/Mail/DKIM/Canonicalization/nowsp.pm, lib/Mail/DKIM/Canonicalization/DkCommon.pm, lib/Mail/DKIM/Canonicalization/dk_simple.pm, lib/Mail/DKIM/Canonicalization/simple.pm, lib/Mail/DKIM/Canonicalization/dk_nofws.pm, lib/Mail/DKIM/Canonicalization/DkimCommon.pm, lib/Mail/DKIM/MessageParser.pm: more speed-up optimizations by Mark Martinec, now multiple lines at once can be fed into the canonicalization bits 2007-11-08: Jason Long * Makefile.PL, others: version bump to 0.30 2007-11-08: Jason Long * lib/Mail/DKIM/Signature.pm: minor doc edit * scripts/dkimsign.pl: generate "pretty" signatures; die on unrecognized signature type 2007-11-07: Jason Long * lib/Mail/DKIM/Algorithm/Base.pm: cleanup (delete commented-out code) * lib/Mail/DKIM/Algorithm/dk_rsa_sha1.pm (finish_message): fix bug where DomainKeys signatures were not "pretty", reported by Byung-Hee HWANG. 2007-11-07: Jason Long * lib/Mail/DKIM/Signature.pm: allow Timestamp to be specified to new() * lib/Mail/DKIM/Signer.pm: allow Timestamp to be specified to new(), requested by Mark Martinec * t/signer.t: test timestamp creation 2007-11-06: Jason Long * lib/Mail/DKIM/Canonicalization/simple.pm, lib/Mail/DKIM/Canonicalization/Base.pm, lib/Mail/DKIM/MessageParser.pm: speedup optimizations contributed by Mark Martinec. * lib/Mail/DKIM/Canonicalization/dk_simple,pm lib/Mail/DKIM/Canonicalization/relaxed.pm: more speed up optimizations by Mark Martinec. released 2008-01-10 * includes speed-up optimizations by Mark Martinec * DomainKeys, implement proper identity matching... a DomainKey-Signature's domain should match the From/Sender address * several more test cases * API improvements: * accept additional arguments when creating Signer/Signature * bugfixes: * DomainKey-Signature headers were not "prettified" * granularity ending with '*' was not checked correctly * DomainKey-Signature granularity was checked against the wrong value 0.29 2007-11-07: Jason Long * lib/Mail/DKIM/Verifier.pm: signatures() is now public 2007-10-30: Jason Long * t/corpus/good_rfc4871_3.txt: to test extra tags in signature * scripts/dkimsign.pl: allow user to specify arbitrary extra tags for putting in the signature * lib/Mail/DKIM/MessageParser.pm: make "not implemented" messages more helpful * t/corpus/badkey_10.txt: to test key with t=s * lib/Mail/DKIM/Verifier.pm: allow check_granularity() to return different detail messages; describe two additional result_detail possibilities * lib/Mail/DKIM/PublicKey.pm (check_granularity): check for empty g= value; check for subdomain usage; (subdomain_flag): helper method to look for "s" in flags (flags): return default value if no t= tag 2007-10-26: Jason Long * t/corpus/badkey_9.txt: to test empty g= in selector * t/corpus/ignore_8.txt: to test bad i= value in signature * lib/Mail/DKIM/Verifier.pm: check signature identity value 2007-10-24: Jason Long * t/corpus/badkey_8.txt, ignore_5.txt, ignore_6.txt: fix signature so it would verify if not for the flaw in the public key * scripts/dkimsign.pl: allow key protocol to be specified on command line * lib/Mail/DKIM/Verifier.pm: update documentation on possible error codes * lib/Mail/DKIM/PublicKey.pm: cleanup error code 2007-10-24: Jason Long * t/corpus/badkey_*.txt: changed subjects to indicate which test it is * t/corpus/badkey_7.txt, badkey_8.txt, goodkey_1.txt, goodkey_2.txt, goodkey_3.txt: additional tests of public key features * t/corpus/verifier.t: test the new test messages * lib/Mail/DKIM/Verifier.pm (check_public_key): check key granularity and report the problem if it doesn't match * lib/Mail/DKIM/PublicKey.pm (check_granularity): a method for testing the granularity (granularity): return the default value of '*' if g= not defined * scripts/dkimsign.pl: ability to set i= tag from command-line 2007-10-24: Jason Long * lib/Mail/DKIM/Verifier.pm (check_signature): do signature version check here (finish_header): report invalid signature details to the signature object (signatures): return all parsed signatures, not just "valid" signatures * lib/Mail/DKIM/Signature.pm: some misc. cleanup (check_version): version check is now a separate method, rather than being part of parse() * lib/Mail/DKIM/DkSignature.pm (check_version): always true * t/corpus/multiple_2.txt: a message testing multiple signatures with different results * t/verifier.t: verify that each signature's results are available and correct 2007-10-24: Jason Long * t/corpus/ignore_7.txt: a message with an expired signature * lib/Mail/DKIM/Signature.pm: recognize Expiration as a parameter * scripts/dkimsign.pl: make it possible to create a signature with an x= tag * t/verifier.t: test ignore_7.txt message, should "ignore" * lib/Mail/DKIM/Verifier.pm: check signature expiration when verifying * lib/Mail/DKIM/Signature.pm (check_expiration): new method 2007-10-08: Jason Long * lib/Mail/DKIM/Signer.pm: use "Key" property instead of "private" to store the private key; new methods key() and key_file(); allow each signature to have its own private key * t/signer_policy.t: test specifying a key file in a policy 2007-10-04: Jason Long * lib/Mail/DKIM/MessageParser.pm: return nonzero for PRINT and CLOSE * lib/Mail/DKIM/DkSignature.pm: make expiration() for DomainKey-Signature behave more compatibly with expiration() for DKIM-Signature * lib/Mail/DKIM/Verifier.pm: remove dependency on Error module * README: what I'm interested in if make test fails * lib/Mail/DKIM/Signer.pm: fix bug reported by dairiki, who noticed that the Signer class ignored the signature-specified algorithm when building the algorithm object * scripts/dkimsign.pl: update POD a bit * scripts/dkimverify.pl: add POD * lib/Mail/DKIM/Canonicalization/Base.pm, Algorithm/Base.pm: add see also, author, copyright sections to POD * lib/Mail/DKIM/Algorithm/rsa_sha1.pm, rsa_sha256.pm: remove useless pod * ...and others...: inline documentation (POD) cleanup 2007-10-03: Jason Long * lib/Mail/DKIM/Canonicalization/DkCommon.pm: attempt at making the header handling algorithm easier to understand * t/signer.t: test case for unreadable private key * lib/Mail/DKIM/PrivateKey.pm: die if unable to open private key file * lib/Mail/DKIM/Signer.pm: no more need for a separate existance check on the private key filename * lib/Mail/DKIM/Signature.pm: allow Identity to be specified in new() * lib/Mail/DKIM/Signer.pm: allow Identity to be specified in new() * t/signer.t: test that specifying Identity works 2007-10-02: Jason Long * lib/Mail/DKIM/Canonicalization/DkCommon.pm: there are some varying opinions about how to verify DomainKey-signed messages when there is an h= tag and the headers are in a different order... this is an attempt at making our verifier more compatible with other implementations * dk_headers.txt: some notes on multiple-occuring headers 2007-09-06: Jason Long * lib/Mail/DKIM/Policy.pm (get_lookup_name): new method that determines the name of the record to lookup * lib/Mail/DKIM/DkimPolicy.pm: no longer need to override fetch(), now it just overrides get_lookup_name() released 2007-11-08 * verifiers can now access all parsed signatures and their results, not just signatures that were fully tested * signer policies can now specify what private key file to use * some other minor API improvements * bugfixes: * for DomainKeys signatures, fixed a compatibility issue handling the h= tag * for DKIM, signature expirations had been ignored * for DKIM, signature identities did not have to match the domain * for DKIM, public key granularity field had been ignored 0.28 2007-07-31: Jason Long * Makefile.PL: OpenSSL 0.23 segfaults on certain signatures, so the requirement is now Crypt::OpenSSL::RSA 0.24 or better * lib/Mail/DKIM/KeyValueList.pm: don't split the header in the middle of a tag name released 2007-07-31 * fixed a bug with line-wrapping a signature at the wrong place 0.27 2007-07-25: Jason Long * lib/Mail/DKIM/Signature.pm (identity_matches): new method to help comparing a From/Sender address with the signature identity * lib/Mail/DKIM/DkimPolicy.pm, Policy.pm: use identity_matches function 2007-07-18: Jason Long * lib/Mail/DKIM/Verifier.pm: changed fetch_policy() back to fetch_author_policy(); added fetch_sender_policy(); save results for each signature * lib/Mail/DKIM/Policy.pm: now implements just Dk policies * lib/Mail/DKIM/DkimPolicy.pm: a new module for DKIM signing practices * lib/Mail/DKIM/Signature.pm: can now get/set the verification result for each signature * scripts/dkimsign.pl: handle DOS-formated input * scripts/dkimverify.pl: show multiple signatures' results; show both policy results 2007-06-11: Jason Long * lib/Mail/DKIM/Verifier.pm: public_key no longer available as a verifier property; use eval block instead of try...otherwise; experimental signatures() method * lib/Mail/DKIM/Verifier.pm: added description section to Perldocs; replaced a couple try...otherwise blocks with eval blocks 2007-06-08: Jason Long * policies.txt: some thoughts on dealing with two different types of policy records * lib/Mail/DKIM/Policy.pm: default() is now a private class method * lib/Mail/DKIM/PublicKey.pm: moved DNS query to DNS.pm * lib/Mail/DKIM/Policy.pm: moved DNS query to DNS.pm * lib/Mail/DKIM/DNS.pm: new module that does the common DNS lookups 2007-06-07: Jason Long * lib/Mail/DKIM/Common.pm: change "parse Mail::Address" to my preferred "Mail::Address->parse" style * t/policy.t: test policy lookup by email address instead of domain; test policy lookups on a few well known domains * lib/Mail/DKIM/Verifier.pm: minor doc changes; renamed fetch_author_policy() to fetch_policy(); fetch_author_policy still works for backward compatibility * lib/Mail/DKIM/Policy.pm: allow lookups given sender/from addresses (location): new method to determine where the policy came from 2007-06-05: Jason Long * lib/Mail/DKIM/Policy.pm: create the default policy only once; (is_implied_default_policy): new method to check whether the policy was explicit or implied (fetch): get policy record at the Yahoo!-DomainKeys-defined location, rather than the location in the not-yet-finished DKIM SSP spec. * t/policy.t: test is_implied_default_policy method released 2007-07-25 * Sender signing policies are now better implemented * Both Yahoo! DomainKeys signing policies and the under-development IETF DKIM signing policies are supported * Yahoo! DomainKeys policies can protect the Sender: header * DKIM signing policies can protect the From: header Look at Mail::DKIM::Verifier's fetch_author_policy() and fetch_sender_policy() methods for hints. 0.26 2007-05-24: Jason Long * lib/Mail/DKIM/Signature.pm: accept and use v=1 tag instead of v=0.5 * lib/Mail/DKIM/Policy.pm: oops, left a syntax error in here * t/signer.t: new expected signature value, since signature now has v=1 2007-05-10: Jason Long * lib/Mail/DKIM/PublicKey.pm: simplify error handling in fetch() * lib/Mail/DKIM/Policy.pm: simplify error handling in fetch() released 2007-05-24 * recognize and generate v=1 signatures (DKIM is now RFC 4871) 0.25 2007-05-10: Jason Long * lib/Mail/DKIM/KeyValueList.pm: separator should be "\015\012" not "\n"; allow splitting on whitespace in a colon-separated list value * Makefile.PL: it seems version 0.22 or better is required of Crypt::OpenSSL::RSA 2007-05-01: Jason Long * t/signature.t: test prettify_safe() * lib/Mail/DKIM/TextWrap.pm: new wrapping module to help with prettifying the signature * lib/Mail/DKIM/KeyValueList.pm (wrap): new method to help wrap the signature * lib/Mail/DKIM/Signature.pm: wrap the signature * lib/Mail/DKIM/Algorithm/Base.pm: oops, prettify() should only be called when we're _making_ the signature * lib/Mail/DKIM/KeyValueList.pm (wrap): only do something if TextWrap has been loaded (no longer automatically load it) * lib/Mail/DKIM/Signature.pm (prettify): better default value for Start 2007-04-16: Jason Long * t/signature.t: test that prettify() doesn't choke * lib/Mail/DKIM/Algorithm/Base.pm: call prettify() before hashing the signature header * lib/Mail/DKIM/Signer.pm: call prettify_safe() after generating the signature data * lib/Mail/DKIM/Signature.pm: stubs for prettify() and prettify_safe() * lib/Mail/DKIM/KeyValueList.pm: parse() can now be called on an existing key-value-list to regenerate the tag data from a string 2007-04-15: Jason Long * lib/Mail/DKIM/PublicKey.pm: bug fix- if Net::DNS caused an exception, there was a race condition for resetting the alarm * lib/Mail/DKIM/Signer.pm: limit which headers are signed * t/signer.t: test that undesirable headers are not signed released 2007-05-10 * we now only sign headers that IETF recommends for signing * it's now possible to "prettify" outgoing signatures, but this feature is not enabled by default. To enable, do a "use Mail::DKIM::TextWrap" in your program that signs messages. (This may change in a future release.) 0.24 2007-03-09: Jason Long * lib/Mail/DKIM/PublicKey.pm, lib/Mail/DKIM/Signature.pm, lib/Mail/DKIM/KeyValueList.pm: fix for linebreaks in public key data; provided by Mark Martinec. * lib/Mail/DKIM/Signature.pm: fix default value q=dns/txt; this fixes a bug for DKIM signatures without q= tags * t/verifier.t: added six new tests that test problems with the public key (e.g. revoked, syntax, etc.) released 2007-03-13 * fixes two bugs, see ChangeLog for details * fixed a bug with public keys (in DNS) containing linebreak characters * fixed a bug with DKIM signatures not including the optional q= tag 0.23 2007-02-22: Jason Long * lib/Mail/DKIM/PublicKey.pm: catch certain OpenSSL errors; tweak diagnostics * lib/Mail/DKIM/Verifier.pm: changed OpenSSL error catching code to match that found in PublicKey; document more possible diagnostic codes * lib/Mail/DKIM/Signature.pm: tweaked diagnostics for missing public key * Makefile.PL: check for Test::Simple, which is required for `make test' 2007-02-21: Jason Long * t/signer_policy.t: signature should still work even if no value is returned from signer policy * t/signer.t: now uses v=0.5 signature, which changes the signature * t/verifier.t: added three tests of empty body messages * lib/Mail/DKIM/Signer.pm: fixed bug where if signer policy was a sub ref, and didn't return a true value, the message would get skipped * lib/Mail/DKIM/Canonicalization/simple.pm: argh, hack for handling empty body * lib/Mail/DKIM/MessageParser.pm: fixed bug in handling of messages without bodies * lib/Mail/DKIM/Signature.pm: output v=0.5 signatures now * scripts/dkimsign.pl: new --binary option to disable line-ending conversion 2007-02-19: Jason Long * lib/Mail/DKIM/DkSignature: provide default value for a= tag (thanks to mark.martinec@ijs.si for the patch) * t/corpus/good_dk_2.txt: test for missing q= and a= tags on DomainKey signature 2007-02-09: Jason Long * lib/Mail/DKIM/Verifier.pm, DkSignature.pm: better diagnostic messages; allow missing q= tag for domainkey signatures (thanks to mark.martinec@ijs.si for the patch) released 2007-02-22 * fixes some issues with verifying DomainKeys signatures * generate newer-style DKIM signatures (with v=0.5 tag) * fixed some bugs related to handling messages with no body * improved diagnostic messages for certain cases 0.22 2007-01-19: Jason Long * t/verifiter.t: relaxed the OpenSSL check a little more * DKIM.pm, README, others: updated copyright to include 2007; updated abstract to include DomainKeys; updated version number 2007-01-19: Jason Long * lib/Mail/DKIM/Verifier.pm: in case of unsupported algorithm, canonicalization method, or key protocol, list the bad protocol in the error message to make diagnosing easier * lib/Mail/DKIM/DkSignature.pm: fix a use-of-undefined-scalar bug 2007-01-17: Jason Long * t/verifier.t: fixed testing bug that was too strict about what error message OpenSSL generates * lib/Mail/DKIM/Verifier.pm: handle OpenSSL panic message better released 2007-01-19 * fixes a couple very minor bugs * some cosmetic changes to error messages 0.21 2006-11-27: Jason Long * t/verifier.t: test domainkey message with trailing blank line * lib/Mail/DKIM/Canonicalization/dk_nofws.pm: fixed bug where DomainKey- signed message with trailing blank line was not canonicalized correctly, reported by Mark Martinec. 2006-11-13: Jason Long * t/verifier.t: test invalid signature length * lib/Mail/DKIM/Verifier.pm: fixed bug where OpenSSL error was not reported by moved "local $@" outside try block, thanks to Mark Martinec for finding this; detect OpenSSL error and clean up the error message released 2006-11-29 * fixes two bugs, see ChangeLog for details 0.20 2006-10-24: Jason Long * t/signer_policy.t, t/signer.t: use new() instead of new_object() * lib/Mail/DKIM/Algorithm/Base.pm: allow debugging body canonicalization * lib/Mail/DKIM/MessageParser.pm: removed problematic check for "control characters" * scripts/dkimsign.pl: document --type argument; replace signer policy class with signer policy subroutine 2006-10-23: Jason Long * lib/Mail/DKIM/Signer.pm: bugfix - signatures weren't setup correctly when policy built the signature * lib/Mail/DKIM/Signature.pm: bugfix - empty headerlist should return empty list * lib/Mail/DKIM/Canonicalization/Base.pm: moved support for Debug_Canonicalization here from Algorithm/* * lib/Mail/DKIM/Algorithm/Base.pm: removed Debug_Canonicalization support * lib/Mail/DKIM/Algorithm/dk_rsa_sha1.pm: removed Debug_Canonicalization support 2006-10-23: Jason Long * lib/Mail/DKIM/Signer.pm, lib/Mail/DKIM/Verifier.pm: use new() instead of new_object(); new_object() still supported; documented Debug_Canonicalization option 2006-10-20: Jason Long * t/signer_policy.t: added test for creating DomainKeys signature; added test for creating multiple signatures * lib/Mail/DKIM/SigningFilter.pm: removed (obsolete) * scripts/test_signing_filter.pl: removed (obsolete) * lib/Mail/DKIM/Signer.pm: added signatures method 2006-10-20: Jason Long * lib/Mail/DKIM.pm, lib/Mail/DKIM/Signer.pm, lib/Mail/DKIM/Verifier.pm: various documentation fixes * lib/Mail/DKIM/Verifier.pm: set signature property when result is determined * lib/Mail/DKIM/Signer.pm: support addition of multiple signatures; changed default canonicalization method to "relaxed" 2006-10-20: Jason Long * t/signer_policy.t: tests different forms of signing policies * lib/Mail/DKIM/Signer.pm: support code references as a signing policy; removed support for build_signature (I'm gonna do this a different way) 2006-10-20: Jason Long * t/verifier: added a message containing multiple signatures, only one of which is valid - t/corpus/multiple_1.txt: the new message * lib/Mail/DKIM/Algorithm/Base.pm: added signature method; changed method signature of verify method (no parameters needed any more) * lib/Mail/DKIM/Algorithm/rsa_sha1.pm, lib/Mail/DKIM/Algorithm/rsa_sha256.pm, lib/Mail/DKIM/Algorithm/dk_rsa_sha1.pm: updated verify method * lib/Mail/DKIM/Verifier.pm: support verification of multiple signatures * lib/Mail/DKIM/Signer.pm: documented use of policy _function_ rather than policy object; but no implementation yet * lib/Mail/DKIM/Common.pm (add_body): support multiple algorithms (needed to verify multiple signatures) * lib/Mail/DKIM/Signature.pm: renamed signature() to data(); signature still available for backwards compatibility 2006-10-19: Jason Long * lib/Mail/DKIM/SignerPolicy.pm: document mechanism for users to construct the signature themselves * lib/Mail/DKIM/Canonicalization/DkCommon.pm, * lib/Mail/DKIM/Canonicalization/dk_simple.pm, lib/Mail/DKIM/Canonicalization/dk_nofws.pm: implemented DomainKeys' canonicalization methods * lib/Mail/DKIM/Canonicalization/Base.pm: clarify use of add_body method * lib/Mail/DKIM/Algorithm/Base.pm: clarify use of add_body method * lib/Mail/DKIM/DkSignature.pm: implements DomainKeys signatures * lib/Mail/DKIM/Signer.pm: allow policy to construct the signature, if it implements the build_signature method; allow policy access to header field names (headers method) * lib/Mail/DKIM/Signature.pm: replace use of obsolete method() with canonicalization() * scripts/dkimsign.pl: allow user to specify signature type 2006-10-12: Jason Long * t/verifier: added two new DomainKeys messages to test - t/corpus/good_dk_yahoo.txt - t/corpus/good_dk_gmail.txt * lib/Mail/DKIM/Canonicalization/dk_nofws.pm: added support for the DomainKeys "nofws" canonicalization method * lib/Mail/DKIM/Verifier.pm: recognize DomainKeys signatures; signatures now determine which algorithm class to use * lib/Mail/DKIM/Algorithm/Base.pm: refactored a few things to better accomodate non-DKIM algorithms * lib/Mail/DKIM/Algorithm/dk_rsa_sha1.pm: implements the DomainKeys rsa-sha1 algorithm * lib/Mail/DKIM/DkSignature.pm: handles DomainKeys signatures * lib/Mail/DKIM/Signer.pm: signature now determines which algorithm class to use * lib/Mail/DKIM/PublicKey.pm: change an error message from "headers have been alterered" to "message has been altered" (if the headers have been altered, we really cannot imply that the body is still intact) * lib/Mail/DKIM/Common.pm: removed get_algorithm_class (this is now a signature method) * lib/Mail/DKIM/Signature.pm: added get_algorithm_class; documented get_public_key method 2006-09-28: Jason Long * README: include "Error" in the list of dependencies * lib/Mail/DKIM/Common.pm (get_algorithm_class): return undef instead of throwing an error when an unsupported algorithm is presented * lib/Mail/DKIM/Signature.pm (parse): allow v=0.5 tag (check_protocol): checks for dns option /txt (i.e. "dns/txt") (version): new method for getting/setting v= tag * lib/Mail/DKIM/Verifier.pm (check_signature): fixed algorithm check * t/verifier: added several additional sample emails to verify, including a ietf05 signature, and six cases where the signature should be ignored for one reason or another released 2006-10-24 * now supports verifying multiple signatures (the result returned is based on the "best" available signature) * now supports adding multiple signatures in one pass (to use this, you need to create a "signer policy"; see scripts/dkimsign.pl for an example) * now supports signing/verifying signatures for the older DomainKeys standard * now implements Internet Draft draft-ietf-dkim-base-05, including: * support for the version (v=) tag * eliminated "control character detected in message" error message 0.19 2006-06-15: Jason Long * Makefile.PL: change Perl version check to v5.6.1 instead of 5.8 * t/verifier.t: use binmode function instead of ":raw" layer, for Perl 5.6.1 compatibility released 2006-06-15 * now supports earlier versions of Perl (5.6.1 and up). 0.18 2006-06-09: Jason Long * t/verifier.t: open message in ":raw" mode to avoid CRLF->LF conversion (reported by Eugene Pivovarav) 2006-06-08: Jason Long * lib/Mail/DKIM/PublicKey.pm: rewrote verify_digest() so that it uses the Crypt::OpenSSL::RSA module exclusively, no longer relying on Crypt::RSA::Primitives * lib/Mail/DKIM/PrivateKey.pm: rewrote sign_digest() so it uses Crypt::OpenSSL::RSA exclusively * lib/Mail/DKIM/Key.pm: calculate_EM() - remove dependency on Crypt::RSA::DataFormat * Makefile.PL, README: remove mentions of Crypt::RSA and Crypt::OpenSSL::Bignum released 2006-06-09 * no longer depends on Crypt::RSA or Crypt::OpenSSL::Bignum. 0.17 2006-05-26: Jason Long * lib/Mail/DKIM/Algorithm/Base.pm: check_body_hash() - new method that verifies the body hash against the bh= tag; format for canonicalization debugging output has changed * lib/Mail/DKIM/Algorithm/rsa_sha1.pm: call check_body_hash() before returning results to verify() * lib/Mail/DKIM/Algorithm/rsa_sha256.pm: call check_body_hash() before returning results to verify() * lib/Mail/DKIM/Canonicalization/DkimCommon.pm: fixed bug where extra CRLF was being canonicalized * lib/Mail/DKIM/Key.pm: moved calculate_EM function here from PrivateKey after realizing that it would be needed when verifying * lib/Mail/DKIM/PublicKey.pm: now SHA256 hashes can be verified as well; also, the verification can distinguish between wrong hash and a bad signature * lib/Mail/DKIM/Verifier.pm: provide result details when verification fails; added documentation for the result_detail() method * t/corpus/: added several sample signed messages for the testing routines 2006-04-17: Jason Long * lib/Mail/DKIM/Algorithm/Base.pm: common class for DKIM algorithms * lib/Mail/DKIM/Algorithm/rsa_sha1.pm: now subclasses Algorithm::Base. * lib/Mail/DKIM/Algorithm/rsa_sha256.pm: new class for handling the rsa-sha256 DKIM algorithm * lib/Mail/DKIM/Common.pm: recognize rsa-sha256 algorithm * lib/Mail/DKIM/PrivateKey.pm: implemented signing of a SHA-256 digest * lib/Mail/DKIM/PublicKey.pm: implemented verifying of a SHA-256 digest * lib/Mail/DKIM/Signature.pm: allows algorithm to be "rsa-sha256"; body_hash() - new method handling the bh tag; hash_algorithm() - new method to determine what hash is being used; * lib/Mail/DKIM/Verifier.pm: check_public_key() - new method for checking the validity of a fetched public key * Makefile.PL: added Digest::SHA as a dependency 2006-03-26: Jason Long * lib/Mail/DKIM/Common.pm: remove version number from this file * lib/Mail/DKIM.pm: bump version to 0.17 * README: bump version to 0.17 released 2006-05-26 * now implements Internet Draft draft-ietf-dkim-base-01, including: * support for the body hash (bh=) tag * support for SHA256 digests (uses the Digest::SHA module from CPAN) * if a message fails to verify, it now distinguishes between: * headers having been altered * body having been altered * RSA key failure (i.e. the signing key does not match the public key) * added several sample messages to test against when doing `make test'. 0.16 2006-03-03: Jason Long * lib/Mail/DKIM/Policy.pm: new() and testing() are now warning-free (thanks to jm@jmason.org for the patch) * t/policy.t: tests the Policy package 2006-03-01: Jason Long * lib/Mail/DKIM/Signature.pm: correctly handle spaces around = character * t/signature.t: test for spaces around = character in signature 2006-02-24: Jason Long * t/: wrote some tests and added them to the project * README, Makefile.PL: discovered additional dependency: Crypt::OpenSSL::Bignum * lib/Mail/DKIM/Signature.pm: fixed a warning that could occur if the h= tag was left undefined 2006-02-23: Jason Long * converted to ExtUtils::MakeMaker package format, see the dkimproxy project for revision history prior to 2006-02-23. released 2006-03-03 * first version for CPAN; implements draft-allman-dkim-base-01.