jruby-openssl 0.10.5-java → 0.12.1-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9d6499fed6e65be2c2ce456ff6aa60748cf25877
-  data.tar.gz: eb002de6cd119571cd27844029a92034deb0e585
+  metadata.gz: 2b73e2783a26e7aa5254c66e325fa6c824c78b8d
+  data.tar.gz: feb0ad37fca2ead87ed151f8c543214f7912508b
 SHA512:
-  metadata.gz: d720cada18be2c96df796c93fe545a72b58fc53d24d06781509f50751bafb340886840530b6b469c0c97b66aedff9a13bde58017cff5b1514330a1611ec31464
-  data.tar.gz: 9eb17b1809536887e1c7beef398bebce95c86ed5ed0d46e43c658396387cec56f7fafbd4098fa4c2f273960faf5cae12fe980131eb6ab56bee8a694fdc75eea5
+  metadata.gz: aba588920a82b3a568183ee03bcbee3175c033863654521bfc6a624be84072d510853ea2b457f8742d222e19a230c8ce67592a3df16e1ae625d1b644c7e858bf
+  data.tar.gz: ce31f7f99e2352871b2fdefc084eef1d8497a97baacf4a99a6459e39abf0cb35e66a1a4b422e454db6e9433cd6c698b22e07dc1e7688e7c580a397cc0a7ae37b

data/History.md

@@ -1,3 +1,53 @@
+## 0.12.1
+
+* improved compatibility with the openssl gem (version 2.2.1)
+* JOSSL now ships with a single set of openssl .rb files
+  - providing compat with `required_ruby_version = '>= 2.3.0'`
+  - flat set of .rb files at *lib/openssl/* (based on openssl gem) 
+* revisited `OpenSSL::SSL::SSLContext::DEFAULT_PARAMS` defaults
+  - implicit `verify_hostname` default .rb callback still a noop
+  - TLS continues to rely on the Java SSL engine for hostname checks
+* working TLS 1.3 support
+* droped Java 1.7 support (at least Java 8 needed to use the gem)
+* fixed `SSLContext#options` matches C OpenSSL (using `OP_ALL`)
+* no longer filter out SSLv2 (for improved OpenSSL compatibility) 
+* implemented naive `SSLContext#ciphers` caching to speed-up TLS
+* `StoreError` raised due a Java exception now retain native cause
+
+## 0.12.0 (yanked)
+
+There were Java 8 and JRuby 9.3 regressions in this release, use 0.12.1 instead.
+
+## 0.11.0
+
+NOTE: This release aims to adapt the certificate verification logic to be aligned 
+with OpenSSL 1.1.1 as a resolution to issues due *DST Root CA X3* expiration, more
+details at: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ 
+
+The port is expected to be superior compared to the simple legacy verification,
+however in case of issues the previous algorithm is still around and can be toggled 
+using `JRUBY_OPTS="-J-Djruby.openssl.x509.store.verify=legacy"` system property.
+
+* **OpenSSL 1.1.1 cert verification port** (fixes #236) (#239)
+ - as a side-effect part of the PR to "allow multiple certs with same SubjectDN" 
+   (#198) got reverted, this has been causing verification regressions (since 0.10.5) 
+   for some users (#232) and is expected to be fixed   
+* [fix] replace deprecated getPeerCertificateChain (#231)
+
+## 0.10.7
+
+* [feat] upgrade BC library to 1.68
+* [fix] SSLContext#ciphers= (fixes #221 and jruby/jruby#3100) (#222)
+* [fix] Java::JavaLang::StringIndexOutOfBoundsException on ctx.cipher=[] (fixes #220) (#223)
+* [fix] SSLContext#ciphers= compatibility (fixes #223) (#220)
+* [fix] Match OpenSSL::X509::Name.hash implementation with Ruby (#216, #218)
+* [fix] OpenSSL::SSL::SSLContext#min_version= failure (#215)
+* [fix] adds OpenSSL::Cipher#iv_len= setter (#208)
+
+## 0.10.6 (yanked)
+
+Due several regressions please update to version 0.10.7 or higher.
+
 ## 0.10.5
 
 * [fix] EC key sign/verify (#193)

data/Mavenfile

@@ -7,7 +7,7 @@ distribution_management do
   repository :id => :ossrh, :url => 'https://oss.sonatype.org/service/local/staging/deploy/maven2/'
 end
 
-java_target = '1.7'
+java_target = '1.8'
 gen_sources = '${basedir}/target/generated-sources' # hard-coded in AnnotationBinder
 
 plugin( 'org.codehaus.mojo:exec-maven-plugin', '1.3.2' ) do
@@ -45,15 +45,18 @@ plugin( 'org.codehaus.mojo:build-helper-maven-plugin', '1.9' ) do
   execute_goal 'add-source', :phase => 'process-classes', :sources => [ gen_sources ]
 end
 
-plugin( :compiler, '3.1',
-        :source => '1.7', :target => java_target,
-        :encoding => 'UTF-8', :debug => true,
-        :showWarnings => true, :showDeprecation => true,
-        :excludes => [ 'module-info.java' ],
-        #:jdkToolchain => { :version => '[1.7,11)' },
+compiler_configuration = {
+    :source => '1.8', :target => java_target, :release => '8',
+    :encoding => 'UTF-8', :debug => true,
+    :showWarnings => true, :showDeprecation => true,
+    :excludes => [ 'module-info.java' ],
+    #:jdkToolchain => { :version => '[1.7,11)' },
+    :generatedSourcesDirectory => gen_sources,
+    :annotationProcessors => [ 'org.jruby.anno.AnnotationBinder' ]
+}
+compiler_configuration.delete(:release) if ENV_JAVA['java.specification.version'] == '1.8'
 
-        :generatedSourcesDirectory => gen_sources,
-        :annotationProcessors => [ 'org.jruby.anno.AnnotationBinder' ]) do
+plugin( :compiler, '3.9.0', compiler_configuration) do
 
   #execute_goal :compile, :id => 'annotation-binder', :phase => 'compile',
   #    :generatedSourcesDirectory => gen_sources, #:outputDirectory => gen_sources,
@@ -69,14 +72,6 @@ plugin( :compiler, '3.1',
                :compilerArgs => [ '', '-XDignore.symbol.file=true' ]
 end
 
-profile 'module-info' do
-  activation { jdk '[9,)' }
-  plugin :compiler, '3.8.1',
-         :source => '9', :target => java_target,
-         :release => '9',
-         :includes => [ 'module-info.java' ]
-end
-
 plugin :clean do
   execute_goals( 'clean', :id => 'default-clean', :phase => 'clean',
                  'filesets' => [
@@ -87,18 +82,18 @@ plugin :clean do
                  'failOnError' =>  'false' )
 end
 
-jar 'org.jruby:jruby-core', '1.7.20', :scope => :provided
-jar 'junit:junit', '4.11', :scope => :test
+jar 'org.jruby:jruby-core', '9.1.11.0', :scope => :provided
+# for invoker generated classes we need to add javax.annotation when on Java > 8
+jar 'javax.annotation:javax.annotation-api', '1.3.1', :scope => :compile
+jar 'junit:junit', '[4.13.1,)', :scope => :test
 
-# 9.1.17.0 is Java 7 compatible (till supporting JRuby 1.7)
 # NOTE: to build on Java 11 - installing gems fails (due old jossl) with:
 #  load error: jopenssl/load -- java.lang.StringIndexOutOfBoundsException
-MVN_JRUBY_VERSION = ENV_JAVA['java.version'].to_i >= 9 ? '9.2.9.0' : '9.1.17.0'
+MVN_JRUBY_VERSION = ENV_JAVA['java.version'].to_i >= 9 ? '9.2.19.0' : '9.1.17.0'
 
 jruby_plugin! :gem do
   # when installing dependent gems we want to use the built in openssl not the one from this lib directory
-  # we compile against jruby-core-1.7.20 and want to keep this out of the plugin execution here
-  execute_goal :id => 'default-initialize', :addProjectClasspath => false, :libDirectory => 'something-which-does-not-exists'
+  execute_goal :id => 'default-package', :addProjectClasspath => false, :libDirectory => 'something-which-does-not-exists'
   execute_goals :id => 'default-push', :skip => true
 end
 
@@ -107,12 +102,12 @@ plugin :deploy, '2.8.1' do
   execute_goals( :deploy, :skip => false )
 end
 
-supported_bc_versions = %w{ 1.58 1.59 1.60 1.61 1.62 1.63 1.64 1.65 }
+supported_bc_versions = %w{ 1.60 1.61 1.62 1.63 1.64 1.65 1.66 1.67 1.68 }
 
 default_bc_version = File.read File.expand_path('lib/jopenssl/version.rb', File.dirname(__FILE__))
 default_bc_version = default_bc_version[/BOUNCY_CASTLE_VERSION\s?=\s?'(.*?)'/, 1]
 
-properties( 'jruby.plugins.version' => '1.1.8',
+properties( 'jruby.plugins.version' => '2.0.1', # 2.0.1
             'jruby.switches' => '-W0', # https://github.com/torquebox/jruby-maven-plugins/issues/94
             'bc.versions' => default_bc_version,
             'invoker.test' => '${bc.versions}',
@@ -123,9 +118,8 @@ properties( 'jruby.plugins.version' => '1.1.8',
             'mavengem-wagon.version' => '1.0.3', # for polyglot-ruby
             # use this version of jruby for the jruby-maven-plugins
             'jruby.versions' => MVN_JRUBY_VERSION, 'jruby.version' => MVN_JRUBY_VERSION,
-            # dump pom.xml as readonly when running 'rmvn'
-            'polyglot.dump.pom' => 'pom.xml',
-            'polyglot.dump.readonly' => true )
+            # dump pom.xml when running 'rmvn'
+            'polyglot.dump.pom' => 'pom.xml', 'polyglot.dump.readonly' => false )
 
 # make sure we have the embedded jars in place before we run runit plugin
 plugin! :dependency do
@@ -152,8 +146,8 @@ invoker_run_options = {
       'runit.dir' => '${runit.dir}' }
 }
 
-jruby_9_K_versions  = %w{ 9.0.5.0 9.1.2.0 9.1.8.0 9.1.12.0 9.1.16.0 9.1.17.0 }
-jruby_9_K_versions += %w{ 9.2.0.0 9.2.5.0 9.2.6.0 9.2.7.0 9.2.8.0 9.2.9.0 }
+jruby_9_K_versions  = %w{ 9.1.2.0 9.1.8.0 9.1.12.0 9.1.16.0 9.1.17.0 }
+jruby_9_K_versions += %w{ 9.2.0.0 9.2.5.0 9.2.10.0 9.2.17.0 9.2.19.0 }
 
 jruby_9_K_versions.each { |version|
 profile :id => "test-#{version}" do

data/README.md

@@ -24,6 +24,9 @@ the JRuby [mailing list][1] or the [bug tracker][2].
 |      ~>0.9.18 |   1.6.8-9.1.x |  Java 6-8  |    1.50-1.55 |
 |        0.10.0 |  1.7.20-9.2.x |  Java 7-10 |    1.55-1.59 |
 |        0.10.3 |  1.7.20-9.2.x |  Java 7-11 |    1.56-1.62 |
+|      ~>0.10.5 |  1.7.20-9.3.x |  Java 7-11 |    1.60-1.68 |
+|      ~>0.11.x |   9.0.x-9.3.x |  Java 7-11 |    1.62-1.68 |
+|      ~>0.12.x |   9.1.x-9.3.x |  Java 8-15 |    1.65-1.68 |
 
 NOTE: backwards JRuby compatibility was not handled for versions <= **0.9.6** 
 

data/Rakefile

@@ -1,40 +1,27 @@
 #-*- mode: ruby -*-
 
-begin
-  require 'ruby-maven'
-rescue LoadError
-  warn "ruby-maven not available - some tasks will not work " <<
-       "either `gem install ruby-maven' or use mvn instead of rake"
-  desc "Package jopenssl.jar with the compiled classes"
-  task :jar do
-    sh "mvn prepare-package -Dmaven.test.skip=true"
-  end
-  namespace :jar do
-    desc "Package jopenssl.jar file (and dependendent jars)"
-    task :all do
-      sh "mvn package -Dmaven.test.skip=true"
-    end
-  end
-else
-  #Rake::Task[:jar].clear rescue nil
-  desc "Package jopenssl.jar with the compiled classes"
-  task :jar do
-    RubyMaven.exec( 'prepare-package -Dmaven.test.skip=true' )
-  end
-  namespace :jar do
-    desc "Package jopenssl.jar file (and dependendent jars)"
-    task :all do
-      RubyMaven.exec( 'package -Dmaven.test.skip=true' )
-    end
-  end
-  task :test_prepare do
-    RubyMaven.exec( 'prepare-package -Dmaven.test.skip=true' )
-    RubyMaven.exec( 'test-compile' ) # separate step due -Dmaven.test.skip=true
+#Rake::Task[:jar].clear rescue nil
+desc "Package jopenssl.jar with the compiled classes"
+task :jar do
+  sh( './mvnw prepare-package -Dmaven.test.skip=true' )
+end
+namespace :jar do
+  desc "Package jopenssl.jar file (and dependendent jars)"
+  task :all do
+    sh( './mvnw package -Dmaven.test.skip=true' )
   end
 end
+task :test_prepare do
+  sh( './mvnw prepare-package -Dmaven.test.skip=true' )
+  sh( './mvnw test-compile' ) # separate step due -Dmaven.test.skip=true
+end
+
+task :clean do
+  sh( './mvnw clean' )
+end
 
 task :build do
-  RubyMaven.exec('package -Dmaven.test.skip')
+  sh( './mvnw clean package -Dmaven.test.skip=true' )
 end
 
 task :default => :build
@@ -55,16 +42,15 @@ task :test => 'lib/jopenssl.jar'
 namespace :integration do
   it_path = File.expand_path('../src/test/integration', __FILE__)
   task :install do
-    Dir.chdir(it_path) do
-      ruby "-S bundle install --gemfile '#{it_path}/Gemfile'"
-    end
+    ruby "-C #{it_path} -S bundle install"
   end
   # desc "Run IT tests"
   task :test => 'lib/jopenssl.jar' do
     unless File.exist?(File.join(it_path, 'Gemfile.lock'))
       raise "bundle not installed, run `rake integration:install'"
     end
-    loader = "ARGV.each { |f| require f }" ; lib = [ 'lib', it_path ]
+    loader = "ARGV.each { |f| require f }"
+    lib = [ File.expand_path('../lib', __FILE__), it_path ]
     test_files = FileList['src/test/integration/*_test.rb'].map { |path| path.sub('src/test/integration/', '') }
     ruby "-I#{lib.join(':')} -C src/test/integration -e \"#{loader}\" #{test_files.map { |f| "\"#{f}\"" }.join(' ')}"
   end

data/lib/jopenssl/load.rb

@@ -2,8 +2,6 @@ warn 'Loading jruby-openssl gem in a non-JRuby interpreter' unless defined? JRUB
 
 require 'jopenssl/version'
 
-warn "JRuby #{JRUBY_VERSION} is not supported by jruby-openssl #{JOpenSSL::VERSION}" if JRUBY_VERSION < '1.7.20'
-
 # NOTE: assuming user does pull in BC .jars from somewhere else on the CP
 unless ENV_JAVA['jruby.openssl.load.jars'].eql?('false')
   version = JOpenSSL::BOUNCY_CASTLE_VERSION
@@ -34,17 +32,5 @@ else; require 'jruby'
 end
 
 if RUBY_VERSION > '2.3'
-  load 'jopenssl23/openssl.rb'
   load 'jopenssl/_compat23.rb'
-elsif RUBY_VERSION > '2.2'
-  load 'jopenssl22/openssl.rb'
-elsif RUBY_VERSION > '2.1'
-  load 'jopenssl21/openssl.rb'
-else
-  load 'jopenssl19/openssl.rb'
-end
-
-module OpenSSL
-  autoload :Config, 'openssl/config' unless const_defined?(:Config, false)
-  autoload :PKCS12, 'openssl/pkcs12'
 end

data/lib/jopenssl/version.rb

@@ -1,6 +1,6 @@
 module JOpenSSL
-  VERSION = '0.10.5'
-  BOUNCY_CASTLE_VERSION = '1.65'
+  VERSION = '0.12.1'
+  BOUNCY_CASTLE_VERSION = '1.68'
 end
 
 Object.class_eval do

data/lib/openssl/bn.rb

@@ -1,9 +1,40 @@
-if RUBY_VERSION > '2.3'
-  load "jopenssl23/openssl/#{File.basename(__FILE__)}"
-elsif RUBY_VERSION > '2.2'
-  load "jopenssl22/openssl/#{File.basename(__FILE__)}"
-elsif RUBY_VERSION > '2.1'
-  load "jopenssl21/openssl/#{File.basename(__FILE__)}"
-else
-  load "jopenssl19/openssl/#{File.basename(__FILE__)}"
-end
+# frozen_string_literal: true
+#--
+#
+# = Ruby-space definitions that completes C-space funcs for BN
+#
+# = Info
+# 'OpenSSL for Ruby 2' project
+# Copyright (C) 2002  Michal Rokos <m.rokos@sh.cvut.cz>
+# All rights reserved.
+#
+# = Licence
+# This program is licensed under the same licence as Ruby.
+# (See the file 'LICENCE'.)
+#++
+
+module OpenSSL
+  class BN
+    include Comparable
+
+    def pretty_print(q)
+      q.object_group(self) {
+        q.text ' '
+        q.text to_i.to_s
+      }
+    end
+  end # BN
+end # OpenSSL
+
+##
+#--
+# Add double dispatch to Integer
+#++
+class Integer
+  # Casts an Integer as an OpenSSL::BN
+  #
+  # See `man bn` for more info.
+  def to_bn
+    OpenSSL::BN::new(self)
+  end
+end # Integer