0.14.6

• [compat] OpenSSL::ConfigError and DEFAULT_CONFIG_FILE (#304)
• [fix] OpenSSL::PKey::DH#set_pqg regression (#300)
• Convert IOException to Ruby exception correctly (#242)
• [refactor] add exception debugging within SSLSocket#waitSelect
• [fix] sync SSLContext#setup as it could be shared (#302)
• [refactor] organize i-var sets (set @context after setup)

0.14.5

• [fix] OpenSSL::X509::Request#verify with DSA public key
  (this was a regression introduced in JOSSL 0.14.4)

0.14.4

• [fix] convert OpenSSL::ASN1::Sequence to an array on #to_der (#265)
• [feat] implement PKey::DH.generate and (dummy) q reader (#254)
• [fix] raise TypeError when arg isn't a Group
• [refactor] make sure ASN1Error has native cause
• [fix] stop assuming (JDK) EC key identifier
  "EC" with Sun provider but "ECDSA" with BC
• [fix] do not check empty string as curve name
• [fix] make sure PKeyEC#group.curve_name is always set
• [refactor] PKey.read to use BC fully when reading public keys
• [fix] OpenSSL::X509::CRL#sign to accept string digest
• [fix] OpenSSL::X509::Request#version default is -1
• [fix] resolving EC key from X509::Request.new(pem)
• [feat] implement OpenSSL::X509::Request#signature_algorithm
• [fix] work-around CSR failing with EC key (#294)
• [feat] implement OpenSSL::PKey::EC#to_text (#280)
• [feat] partial support for PKey::EC::Point#to_octet_string(form)
• [feat] implement OpenSSL::PKCS7::SignerInfo#signed_time (#269)
• [feat] implement #oid method for PKey classes (#281)
• [fix] raise PKeyError from PKey.read when no key (#285)
• [fix] restore PKCS#8 EC key handling (see #292)
• [fix] revert readPrivateKey so public key is not lost (#292)

0.14.3

• [fix] SSLSocket#alpn_protocol to be nil when not used (#287)
• [feat] try resolving curve-name from EC public key
• [feat] implement missing PKey::EC#dsa_verify_asn1 (#241)
• [feat] implement support for PKey::EC.generate (#255)
• [refactor] make sure curveName is set when using PKey.read (#289)
• [fix] add Cipher#auth_data(arg) override (Rails 7.x compatibility) (#290)
• [fix] raise TypeError when arg not of expected type (jruby/jruby#7875)

0.14.2

• [deps] upgrade BC to latest 1.74
• [fix] for CRL verify when signed with EC key (#276)
• [fix] OpenSSL::X509::Certificate#public_key raises for EC keys (#273)

0.14.1

• [refactor] improve performance of Diffie-Hellman key exchange (#272)

• Try to use JDK console to prompt for pass (#270)

• [fix] for PKCS8 EC private key support (#267)

• [fix] Java's default session timeout in 24h

• [fix] handle ArgumentError on SSLSession#timeout=

• [fix] buffer overflow after wrap-ing data - wait

• [refactor] try a few tricks to detect session re-use

0.14.0

This version upgraded to latest Bouncy-Castle (1.71) and is only compatible with the new version mostly due artifact naming and breaking changes in BC itself.

• [deps] upgrade BC to latest 1.71
• [fix] make set_minmax_proto_version private

0.13.0

0.13.0

• [fix] ASN1::EndOfContent ancestor hierarchy (#228)
• [fix] handle X509::Name type conversion (#206)
• [fix] handle invalid type when creating X509::Name
• [fix] OpenSSL::X509::Name#inspect compatibility
• [fix] escaping with OpenSSL::X509::Name::RFC2253
• [feat] implement OpenSSL::X509::Name#to_utf8
• [fix] compat missing OpenSSL::SSL::OP_NO_TLSv1_3
• [refactor] performance - do not encode/decode cert objects
• [fix] make sure Context.ciphers are not mutated (#219)
• [feat] support to_java conversion for CRL
• [feat] support to_java protocol for PKey (#250)

0.12.2

• [fix] work-around JRuby 9.2 autoload behavior (#248)
  to be able to install jruby-openssl >= 0.12 on JRuby 9.2
  while the default gem (shipped with JRuby) is < 0.12
• [feat] support alpn negotiation in ssl context (#247)
• [feat] support Java cipher names on SSLContext#ciphers=
• [fix] properly handle require_jar fallback

0.12.1

• improved compatibility with the openssl gem (version 2.2.1)
• JOSSL now ships with a single set of openssl .rb files
  • providing compat with required_ruby_version = '>= 2.3.0'
  • flat set of .rb files at lib/openssl/ (based on openssl gem)
• revisited OpenSSL::SSL::SSLContext::DEFAULT_PARAMS defaults
  • implicit verify_hostname default .rb callback still a noop
  • TLS continues to rely on the Java SSL engine for hostname checks
• working TLS 1.3 support
• droped Java 1.7 support (at least Java 8 needed to use the gem)
• fixed SSLContext#options matches C OpenSSL (using OP_ALL)
• no longer filter out SSLv2 (for improved OpenSSL compatibility)
• implemented naive SSLContext#ciphers caching to speed-up TLS
• StoreError raised due a Java exception now retain native cause