Releases: jruby/jruby-openssl
Releases · jruby/jruby-openssl
0.14.0
e497cc1
This commit was signed with the committer’s verified signature.
The key has expired.
kares
Karol Bucek
This version upgraded to latest Bouncy-Castle (1.71) and is only compatible with the new version mostly due artifact naming and breaking changes in BC itself.
- [deps] upgrade BC to latest 1.71
- [fix] make set_minmax_proto_version private
0.13.0
dc65327
This commit was signed with the committer’s verified signature.
The key has expired.
kares
Karol Bucek
0.13.0
- [fix] ASN1::EndOfContent ancestor hierarchy (#228)
- [fix] handle X509::Name type conversion (#206)
- [fix] handle invalid type when creating
X509::Name - [fix]
OpenSSL::X509::Name#inspectcompatibility - [fix] escaping with
OpenSSL::X509::Name::RFC2253 - [feat] implement
OpenSSL::X509::Name#to_utf8 - [fix] compat missing
OpenSSL::SSL::OP_NO_TLSv1_3 - [refactor] performance - do not encode/decode cert objects
- [fix] make sure
Context.ciphersare not mutated (#219) - [feat] support
to_javaconversion for CRL - [feat] support
to_javaprotocol for PKey (#250)
0.12.2
ae0f04e
This commit was signed with the committer’s verified signature.
The key has expired.
kares
Karol Bucek
- [fix] work-around JRuby 9.2 autoload behavior (#248)
to be able to install jruby-openssl >= 0.12 on JRuby 9.2
while the default gem (shipped with JRuby) is < 0.12 - [feat] support alpn negotiation in ssl context (#247)
- [feat] support Java cipher names on
SSLContext#ciphers= - [fix] properly handle
require_jarfallback
0.12.1
b0de18c
This commit was signed with the committer’s verified signature.
The key has expired.
kares
Karol Bucek
- improved compatibility with the openssl gem (version 2.2.1)
- JOSSL now ships with a single set of openssl .rb files
- providing compat with
required_ruby_version = '>= 2.3.0' - flat set of .rb files at lib/openssl/ (based on openssl gem)
- providing compat with
- revisited
OpenSSL::SSL::SSLContext::DEFAULT_PARAMSdefaults- implicit
verify_hostnamedefault .rb callback still a noop - TLS continues to rely on the Java SSL engine for hostname checks
- implicit
- working TLS 1.3 support
- droped Java 1.7 support (at least Java 8 needed to use the gem)
- fixed
SSLContext#optionsmatches C OpenSSL (usingOP_ALL) - no longer filter out SSLv2 (for improved OpenSSL compatibility)
- implemented naive
SSLContext#cipherscaching to speed-up TLS StoreErrorraised due a Java exception now retain native cause
0.11.0
0f73701
This commit was signed with the committer’s verified signature.
The key has expired.
kares
Karol Bucek
NOTE: This release aims to adapt the certificate verification logic to be aligned
with OpenSSL 1.1.1 as a resolution to issues due DST Root CA X3 expiration, more
details at: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
The port is expected to be superior compared to the simple legacy verification,
however in case of issues the previous algorithm is still around and can be toggled
using JRUBY_OPTS="-J-Djruby.openssl.x509.store.verify=legacy" system property.
- as a side-effect part of the PR to "allow multiple certs with same SubjectDN"
(#198) got reverted, this has been causing verification regressions (since 0.10.5)
for some users (#232) and is expected to be fixed
- [fix] replace deprecated getPeerCertificateChain (#231)
0.10.7
4eff863
This commit was signed with the committer’s verified signature.
The key has expired.
kares
Karol Bucek
- [feat] upgrade BC library to 1.68
- [fix] SSLContext#ciphers= (fixes #221 and jruby/jruby#3100) (#222)
- [fix] Java::JavaLang::StringIndexOutOfBoundsException on ctx.cipher=[] (fixes #220) (#223)
- [fix] SSLContext#ciphers= compatibility (fixes #223) (#220)
- [fix] Match OpenSSL::X509::Name.hash implementation with Ruby (#216, #218)
- [fix] OpenSSL::SSL::SSLContext#min_version= failure (#215)
- [fix] adds OpenSSL::Cipher#iv_len= setter (#208)
0.10.5
e0660c6
This commit was signed with the committer’s verified signature.
The key has expired.
kares
Karol Bucek
- [fix] EC key sign/verify (#193)
- [feat] upgrade BC library to 1.65
- [refactor] clean security helpers to avoid reflection (#197)
- Just use normal getInstance to get KeyFactory (fixes #197)
- Allow multiple Certificates with the same SubjectDN in the store (#198)
- Try direct path for MessageDigest before invasive path (#194)
(relates to jruby/jruby#6098) - [refactor] avoid NativeException usage (jruby/jruby#5646)
0.10.4
0.10.3
c862feb
This commit was signed with the committer’s verified signature.
The key has expired.
kares
Karol Bucek
- [fix] implement (missing) PKey::DSA#params
- [fix] authorityKeyIdentifier ext (general-name) value
- [fix] authority keyid extension's :always part optional (#174)
- [fix] work-around for not setting certificate serial
raise a more friendly error (jruby/jruby#1691) - [fix] PKey.read not parsing RSA pub-key (#176)
- [feat] support reading DSA (public key) in full DER
- [fix] RSA key DER format to closely follow OpenSSL
- [fix] add missing ASN1 factory methods (Null, EndOfContent)
- [fix] support getting password from block for PKeys
- [fix] incorrect ASN.1 for wrapped Integer type
- [fix] correct public key for subjectKeyIdentifier ext (#173)
- [fix] invalid Cert#sign handling -> raise (instead of ClassCastException)
- [feat] more TLS (GCM) ciphers - supported on Java 8+
- [feat] add ECDHE-RSA-AES128-GCM-SHA256 as supported cipher (#185)
- [feat] add support for ECDHE-RSA-AES256-GCM-SHA384 (#187)
- [fix] try hard not to fail on unkown oids (OpenSSL::X509::Certificate#to_text)
- update Bouncy-Castle to 1.62 (and handle supported BC compatibility)
0.10.2
- update Bouncy-Castle to 1.61 (and handle supported BC compatibility)
- [fix] avoid NPE when CRL fails to parse (invalid str) (jruby/jruby#5619)
- hide (deprecated) Jopenssl constant
- default OpenSSL.warn to warnings-enabled flag
- only un-restrict jce when its restricted
- OpenSSL::Cipher#update additional buffer argument (#170) (jruby/jruby#5242)