Skip to content

Releases: jruby/jruby-openssl

0.10.0

17 May 10:46
@kares kares
v0.10.0
388fd2f
Compare
Choose a tag to compare
0.10.0

NOTE: dropped support for anything below ~ JRuby 1.7.20

  • drop support for Java 1.6 and compile using Java 7
  • improve java.version detection for Java 9/10 (pre-releases)
  • subject alt name parsing fixes (#140) - thanks @roadrunner2
  • fix loading of Subject/Issuer-Alt-Name extensions. (#144)
  • normalize all constants in CipherStrings as public (#146)
  • upgrade BC to 1.59 and dropped support for BC < 1.55
  • include BC's JSSE provider as we're planning on using it, eventually
  • setup OpenSSL::ExtConfig emulation - mostly (conservative) guesses
  • at last, do BN comparison == vs eql? properly - just like MRI
  • get BN.new("...", 0) working as OpenSSL does - using MPI format
  • allow for SSLContext#dup to work (copy-ing Ruby level i-vars only)
  • fix signature-alg to default to NULL and report it as 0.0 (like MRI)
  • account for ASN1Integers when transforming issuer serial numbers
    to_text in AuthorityKeyIdentifier extensions (#147) - thanks @lampad
  • copy bytes since it might be a shared (unsafe) buffer (#150)
  • don't use padding for streaming cipher modes (#155) - thanks @dgolombek
  • avoid ByteList#length() usage for forward (JRuby 9.2) compatibility
  • prepare for using BC's JSSE implementation as an SSL support backend
    allow to set SSL provider name (-Djruby.openssl.ssl.provider=...)
Assets 2
Loading

0.9.21

28 Jul 16:13
@kares kares
v0.9.21
db0823f
Compare
Choose a tag to compare
0.9.21
  • adjust X.509 value handling to parse subjectAltName recursively (#134)
  • SKI expected to be always octet wrapped - do not check for length (#131)
  • respect jruby.preferred.prng and use/tune its SecureRandom defaults
    trying to avoid BC generator's constant attempts for seeding itself
    as an attempt to 'fix' low-entropy systems wating for /dev/random
  • Random#add; Random#egd shall return true on JVM
  • move "DEFAULT" special case handling to match OpenSSL behaviour (#136)
    (jruby/jruby#2193)
  • If data is not provided, extract it from the PKCS7 instance (#132)
  • Add cipher suite strings for IBM JRE (#126) - thanks @ysohda
  • use the helper to printStackTrace (no System.err printing by default)
  • add OCSP support (#124) - thanks so very much @lampad
  • add support for renegotiation_cb on SSLContext (#121) - thanks @lampad
Assets 2
Loading

0.9.20

12 Jun 05:55
@kares kares
v0.9.20
5136388
Compare
Choose a tag to compare
0.9.20
  • upgrade Bouncy-Castle to 1.56 http://bouncycastle.org/releasenotes.html
    (additional security and robustness with 10 CVEs submitted as a result)
  • add a dummy SSLContext#security_level= implementation
  • no dup-ing for SSLContext/SSLSocket and X509 Store/StoreContext
  • implement PKey initialize_copy (dup-ing)
  • digest can be passed in as a String on PKey#sign/verify
  • DSA+SHA1 is actually a supported algorithm
  • reset signed-request -> sub-sequent req.verify will work correctly
  • allow for digest name to be passed into Cert#sign
  • be less fatal on Java 9
    won't attempt reflective SPIs when accessibility checks fail!
  • remove obsolete (deprecated) renamed classes
  • verify correct WaitReadable is raised on connect_nonblock (jruby/jruby#1716)
  • non-connected ssl socket raises EPIPE on connect_nonblock (MRI compat)
  • fine to close a SSLSocket which is not-yet-connected (like in MRI)
  • fix NPE when reading private keys (with passwd) (jruby/jruby#1784)
Assets 2
Loading

0.9.19

02 Dec 15:00
@kares kares
v0.9.19
63bdc37
Compare
Choose a tag to compare
0.9.19
  • re-use secure random from thread-context on SSL context initialization
  • preliminary OpenSSL 1.1 (Ruby 2.4) compatibility bits (#112)
  • try using thread-shared secure random gen (in PKey-s) where possible
  • implement PKeyDSA#syssign and PKeyDSA#sysverify methods
  • avoid (unnecessary) byte[] copies in PKey#sign/verify
  • fix ClassCastException error in X509Store.verify (#113)
  • align BH#hash with eql? (+ equals/hashCode on Java)
Assets 2
Loading

0.9.18

02 Dec 15:00
@kares kares
v0.9.18
0c018f1
Compare
Choose a tag to compare
0.9.18
  • handle X.509 authorityKeyIdentifier parsing somehow right (#102)
  • simple resolution for handling subjectAltName multiple DNS: names (#102)
  • upgrading BC to 1.55
    normalize "brainpoolP512t1" curve name for BC 1.55 compatibility
  • allow for X509::Certificate to be converted to a Java certificate
  • at least OpenSSL.debug potential env read failure on set_default_paths
  • negative BN values are always considered not prime.
  • Don't print a warning for missing client certs (#110)
Assets 2
Loading

0.9.17

09 Jun 17:51
@kares kares
v0.9.17
ff568d0
Compare
Choose a tag to compare
0.9.17
  • temporarily register BC provider on X.509 factory (work-around for #94)
  • support Cipher#auth_tag and auth_data for GCM ciphers (e.g. aes-128-gcm)
  • need to drop support for BC <= 1.50 due EC support (N/A in older BCs)
  • (somehow working) draft at implementing PKey::EC (elliptic curve support)
    DH encryption expected to behave correctly
  • make sure (initial) BC security provider registration works!
    ... when -Djruby.openssl.provider.register=true (due #94)
  • Make ALL cipherstring match ECDHE cihphers (#91)
  • fix X.509 indexBySubject returning correct index
  • try to handle SSLContext.session= and also try answering session_reused?
  • handle equals/hashCode on SSL::Session and raise on timeout int overflow
  • Allow DSA private keys to be initialized from parameters. (#83)
  • Instantiate both the private and public keys when setting parameters. (#82)
Assets 2
Loading

0.9.16

01 Jun 12:45
@kares kares
v0.9.16
dbb1711
Compare
Choose a tag to compare
0.9.16
  • add hard dependency to jar-dependencies (#74)
  • Recognize Android java.version (#81)
Assets 2
Loading

0.9.15

27 Jan 06:25
@kares kares
v0.9.15
672ab06
Compare
Choose a tag to compare
0.9.15
  • always return a Fixnum from OpenSSL::SSL::Session#timeout, OpenSSL defaults
    to 300 (been causing net/http.rb issues with timeouts on JRuby 9K)
Assets 2
Loading

0.9.14

12 Jan 08:49
@kares kares
v0.9.14
0f4f501
Compare
Choose a tag to compare
0.9.14
  • upgrade to using BC 1.54 as default (all versions >= 1.49 are supported)
    for Bouncy-Castle release notes see http://bouncycastle.org/releasenotes.html
  • basic support for prompting for PEM password (working for RSA/DSA priv.key)
  • avoid NPE due version field in X509Cert - make sure it's treated as 0 (#78)
    and fix settting ceritificate.serial = number
  • default WairReadable/Writable backtraces to JRuby's -Xerrno.backtrace
  • use hardcoded jks type for loading cacerts - for Java 9 compatibility (#79)
Assets 2
Loading

0.9.13

22 Dec 11:49
@kares kares
v0.9.13
8e894e2
Compare
Choose a tag to compare
0.9.13

JRuby-OpenSSL is the first release that aims to be Ruby 2.3 compatible.

  • SSLSocket#sysread do not copy bytes from buffer - re-use the backing array
  • handle read_nonblock EOF as nil when exception: false (Ruby 2.3 compatibility)
  • start exposing VERSION constant(s) directly on Jopenssl module
  • better not throw EOF on SSLSocket#sysclose for compatibility with MRI
  • setup "dummy" OpenSSL::OPENSSL_LIBRARY_VERSION constant for compatibility
  • Ruby 2.3 compatibility - adjust to changes in MRI's openssl .rb parts
  • update openssl/ssl.rb based on MRI 2.2's version
  • disable backtrace generation for wait non-block errors (use an empty array)
  • support SSLSocket#accept_nonblock/connect_nonblock with exception: false
  • support exception: false with syswrite_nonblock and sysread_nonblock
  • remove 'RSA' from RSA public key headers (#76)
Assets 2
Loading