Releases: jruby/jruby-openssl
Releases · jruby/jruby-openssl
0.14.6
- [compat] OpenSSL::ConfigError and DEFAULT_CONFIG_FILE (#304)
- [fix]
OpenSSL::PKey::DH#set_pqg
regression (#300) - Convert
IOException
to Ruby exception correctly (#242) - [refactor] add exception debugging within SSLSocket#waitSelect
- [fix] sync
SSLContext#setup
as it could be shared (#302) - [refactor] organize i-var sets (set
@context
after setup)
0.14.5
0.14.4
- [fix] convert
OpenSSL::ASN1::Sequence
to an array on #to_der (#265) - [feat] implement
PKey::DH.generate
and (dummy)q
reader (#254) - [fix] raise
TypeError
when arg isn't aGroup
- [refactor] make sure
ASN1Error
has native cause - [fix] stop assuming (JDK) EC key identifier
"EC" with Sun provider but "ECDSA" with BC - [fix] do not check empty string as curve name
- [fix] make sure
PKeyEC#group.curve_name
is always set - [refactor]
PKey.read
to use BC fully when reading public keys - [fix]
OpenSSL::X509::CRL#sign
to accept string digest - [fix]
OpenSSL::X509::Request#version
default is -1 - [fix] resolving EC key from
X509::Request.new(pem)
- [feat] implement
OpenSSL::X509::Request#signature_algorithm
- [fix] work-around CSR failing with EC key (#294)
- [feat] implement
OpenSSL::PKey::EC#to_text
(#280) - [feat] partial support for
PKey::EC::Point#to_octet_string(form)
- [feat] implement
OpenSSL::PKCS7::SignerInfo#signed_time
(#269) - [feat] implement #oid method for
PKey
classes (#281) - [fix] raise
PKeyError
fromPKey.read
when no key (#285) - [fix] restore PKCS#8 EC key handling (see #292)
- [fix] revert
readPrivateKey
so public key is not lost (#292)
0.14.3
- [fix]
SSLSocket#alpn_protocol
to be nil when not used (#287) - [feat] try resolving curve-name from EC public key
- [feat] implement missing
PKey::EC#dsa_verify_asn1
(#241) - [feat] implement support for
PKey::EC.generate
(#255) - [refactor] make sure curveName is set when using
PKey.read
(#289) - [fix] add
Cipher#auth_data(arg)
override (Rails 7.x compatibility) (#290) - [fix] raise
TypeError
when arg not of expected type (jruby/jruby#7875)
0.14.2
0.14.1
-
[refactor] improve performance of Diffie-Hellman key exchange (#272)
-
Try to use JDK console to prompt for pass (#270)
-
[fix] for PKCS8 EC private key support (#267)
-
[fix] Java's default session timeout in 24h
-
[fix] handle ArgumentError on
SSLSession#timeout=
-
[fix] buffer overflow after wrap-ing data - wait
-
[refactor] try a few tricks to detect session re-use
0.14.0
0.13.0
0.13.0
- [fix] ASN1::EndOfContent ancestor hierarchy (#228)
- [fix] handle X509::Name type conversion (#206)
- [fix] handle invalid type when creating
X509::Name
- [fix]
OpenSSL::X509::Name#inspect
compatibility - [fix] escaping with
OpenSSL::X509::Name::RFC2253
- [feat] implement
OpenSSL::X509::Name#to_utf8
- [fix] compat missing
OpenSSL::SSL::OP_NO_TLSv1_3
- [refactor] performance - do not encode/decode cert objects
- [fix] make sure
Context.ciphers
are not mutated (#219) - [feat] support
to_java
conversion for CRL - [feat] support
to_java
protocol for PKey (#250)
0.12.2
- [fix] work-around JRuby 9.2 autoload behavior (#248)
to be able to install jruby-openssl >= 0.12 on JRuby 9.2
while the default gem (shipped with JRuby) is < 0.12 - [feat] support alpn negotiation in ssl context (#247)
- [feat] support Java cipher names on
SSLContext#ciphers=
- [fix] properly handle
require_jar
fallback
0.12.1
- improved compatibility with the openssl gem (version 2.2.1)
- JOSSL now ships with a single set of openssl .rb files
- providing compat with
required_ruby_version = '>= 2.3.0'
- flat set of .rb files at lib/openssl/ (based on openssl gem)
- providing compat with
- revisited
OpenSSL::SSL::SSLContext::DEFAULT_PARAMS
defaults- implicit
verify_hostname
default .rb callback still a noop - TLS continues to rely on the Java SSL engine for hostname checks
- implicit
- working TLS 1.3 support
- droped Java 1.7 support (at least Java 8 needed to use the gem)
- fixed
SSLContext#options
matches C OpenSSL (usingOP_ALL
) - no longer filter out SSLv2 (for improved OpenSSL compatibility)
- implemented naive
SSLContext#ciphers
caching to speed-up TLS StoreError
raised due a Java exception now retain native cause