jruby-openssl 0.9.4 → 0.14.0-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/History.md +652 -0
- data/LICENSE.txt +37 -0
- data/Mavenfile +163 -5
- data/README.md +75 -0
- data/Rakefile +52 -2
- data/lib/jopenssl/_compat23.rb +71 -0
- data/lib/jopenssl/load.rb +75 -16
- data/lib/jopenssl/version.rb +9 -4
- data/lib/jopenssl.jar +0 -0
- data/lib/openssl/bn.rb +40 -5
- data/lib/openssl/buffering.rb +477 -4
- data/lib/openssl/cipher.rb +67 -5
- data/lib/openssl/config.rb +500 -4
- data/lib/openssl/digest.rb +73 -5
- data/lib/openssl/hmac.rb +13 -0
- data/lib/openssl/marshal.rb +30 -0
- data/lib/openssl/pkcs12.rb +60 -99
- data/lib/openssl/pkcs5.rb +22 -0
- data/lib/openssl/pkey.rb +42 -0
- data/lib/openssl/ssl.rb +542 -4
- data/lib/openssl/x509.rb +368 -4
- data/lib/openssl.rb +3 -1
- data/lib/org/bouncycastle/bcpkix-jdk18on/1.71/bcpkix-jdk18on-1.71.jar +0 -0
- data/lib/org/bouncycastle/bcprov-jdk18on/1.71/bcprov-jdk18on-1.71.jar +0 -0
- data/lib/org/bouncycastle/bctls-jdk18on/1.71/bctls-jdk18on-1.71.jar +0 -0
- data/lib/org/bouncycastle/bcutil-jdk18on/1.71/bcutil-jdk18on-1.71.jar +0 -0
- data/pom.xml +772 -0
- metadata +40 -107
- data/History.txt +0 -218
- data/License.txt +0 -30
- data/README.txt +0 -13
- data/TODO-1_9-support.txt +0 -23
- data/lib/jopenssl18/openssl/bn.rb +0 -35
- data/lib/jopenssl18/openssl/buffering.rb +0 -241
- data/lib/jopenssl18/openssl/cipher.rb +0 -65
- data/lib/jopenssl18/openssl/config.rb +0 -316
- data/lib/jopenssl18/openssl/digest.rb +0 -61
- data/lib/jopenssl18/openssl/pkcs7.rb +0 -25
- data/lib/jopenssl18/openssl/ssl-internal.rb +0 -179
- data/lib/jopenssl18/openssl/ssl.rb +0 -1
- data/lib/jopenssl18/openssl/x509-internal.rb +0 -153
- data/lib/jopenssl18/openssl/x509.rb +0 -1
- data/lib/jopenssl18/openssl.rb +0 -67
- data/lib/jopenssl19/openssl/bn.rb +0 -35
- data/lib/jopenssl19/openssl/buffering.rb +0 -449
- data/lib/jopenssl19/openssl/cipher.rb +0 -65
- data/lib/jopenssl19/openssl/config.rb +0 -313
- data/lib/jopenssl19/openssl/digest.rb +0 -72
- data/lib/jopenssl19/openssl/ssl-internal.rb +0 -177
- data/lib/jopenssl19/openssl/ssl.rb +0 -2
- data/lib/jopenssl19/openssl/x509-internal.rb +0 -158
- data/lib/jopenssl19/openssl/x509.rb +0 -2
- data/lib/jopenssl19/openssl.rb +0 -23
- data/lib/openssl/pkcs7.rb +0 -5
- data/lib/openssl/ssl-internal.rb +0 -5
- data/lib/openssl/x509-internal.rb +0 -5
- data/test/java/pkcs7_mime_enveloped.message +0 -19
- data/test/java/pkcs7_mime_signed.message +0 -30
- data/test/java/pkcs7_multipart_signed.message +0 -45
- data/test/java/test_java_attribute.rb +0 -25
- data/test/java/test_java_bio.rb +0 -42
- data/test/java/test_java_mime.rb +0 -173
- data/test/java/test_java_pkcs7.rb +0 -772
- data/test/java/test_java_smime.rb +0 -177
- data/test/test_java.rb +0 -98
- data/test/ut_eof.rb +0 -128
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 2548bc2fe716c409cd989bf2d8dadfae326993f955aca85cfe03ca4bf3afb659
|
4
|
+
data.tar.gz: 5f6606773272d521abefb77c475d80a6437091d33b37c15d5daf6c8ccdb87e9b
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 05f1f9700cd0e52761a80c4c841dc5afa80f1dbffcb47dadc1761ccf59bb3315b6baa8cbff18b3d611b6094f0ef9b1e930800f07ed2cc1cad4f5c3951047fca8
|
7
|
+
data.tar.gz: 5ca2d93939853cdc3ae2055db4e32ba71e9c6127297ec14c5de5745db2ebbe27c4182ee7325045123a91d8b3b8bac5cebf80471aaab2e67ec5458803ba85805c
|
data/History.md
ADDED
@@ -0,0 +1,652 @@
|
|
1
|
+
## 0.14.0
|
2
|
+
|
3
|
+
This version upgraded to latest Bouncy-Castle (1.71) and is only compatible with
|
4
|
+
the new version mostly due artifact naming and breaking chances in BC itself.
|
5
|
+
|
6
|
+
- [deps] upgrade BC to latest 1.71
|
7
|
+
- [fix] make set_minmax_proto_version private
|
8
|
+
|
9
|
+
## 0.13.0
|
10
|
+
|
11
|
+
* [fix] ASN1::EndOfContent ancestor hierarchy (#228)
|
12
|
+
* [fix] handle X509::Name type conversion (#206)
|
13
|
+
* [fix] handle invalid type when creating `X509::Name`
|
14
|
+
* [fix] `OpenSSL::X509::Name#inspect` compatibility
|
15
|
+
* [fix] escaping with `OpenSSL::X509::Name::RFC2253`
|
16
|
+
* [feat] implement `OpenSSL::X509::Name#to_utf8`
|
17
|
+
* [fix] compat missing `OpenSSL::SSL::OP_NO_TLSv1_3`
|
18
|
+
* [refactor] performance - do not encode/decode cert objects
|
19
|
+
* [fix] make sure `Context.ciphers` are not mutated (#219)
|
20
|
+
* [feat] support `to_java` conversion for CRL
|
21
|
+
* [feat] support `to_java` protocol for PKey (#250)
|
22
|
+
|
23
|
+
## 0.12.2
|
24
|
+
|
25
|
+
* [fix] work-around JRuby 9.2 autoload behavior (#248)
|
26
|
+
to be able to install jruby-openssl >= 0.12 on JRuby 9.2
|
27
|
+
while the default gem (shipped with JRuby) is < 0.12
|
28
|
+
* [feat] support alpn negotiation in ssl context (#247)
|
29
|
+
* [feat] support Java cipher names on `SSLContext#ciphers=`
|
30
|
+
* [fix] properly handle `require_jar` fallback
|
31
|
+
|
32
|
+
## 0.12.1
|
33
|
+
|
34
|
+
* improved compatibility with the openssl gem (version 2.2.1)
|
35
|
+
* JOSSL now ships with a single set of openssl .rb files
|
36
|
+
- providing compat with `required_ruby_version = '>= 2.3.0'`
|
37
|
+
- flat set of .rb files at *lib/openssl/* (based on openssl gem)
|
38
|
+
* revisited `OpenSSL::SSL::SSLContext::DEFAULT_PARAMS` defaults
|
39
|
+
- implicit `verify_hostname` default .rb callback still a noop
|
40
|
+
- TLS continues to rely on the Java SSL engine for hostname checks
|
41
|
+
* working TLS 1.3 support
|
42
|
+
* droped Java 1.7 support (at least Java 8 needed to use the gem)
|
43
|
+
* fixed `SSLContext#options` matches C OpenSSL (using `OP_ALL`)
|
44
|
+
* no longer filter out SSLv2 (for improved OpenSSL compatibility)
|
45
|
+
* implemented naive `SSLContext#ciphers` caching to speed-up TLS
|
46
|
+
* `StoreError` raised due a Java exception now retain native cause
|
47
|
+
|
48
|
+
## 0.12.0 (yanked)
|
49
|
+
|
50
|
+
There were Java 8 and JRuby 9.3 regressions in this release, use 0.12.1 instead.
|
51
|
+
|
52
|
+
## 0.11.0
|
53
|
+
|
54
|
+
NOTE: This release aims to adapt the certificate verification logic to be aligned
|
55
|
+
with OpenSSL 1.1.1 as a resolution to issues due *DST Root CA X3* expiration, more
|
56
|
+
details at: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
|
57
|
+
|
58
|
+
The port is expected to be superior compared to the simple legacy verification,
|
59
|
+
however in case of issues the previous algorithm is still around and can be toggled
|
60
|
+
using `JRUBY_OPTS="-J-Djruby.openssl.x509.store.verify=legacy"` system property.
|
61
|
+
|
62
|
+
* **OpenSSL 1.1.1 cert verification port** (fixes #236) (#239)
|
63
|
+
- as a side-effect part of the PR to "allow multiple certs with same SubjectDN"
|
64
|
+
(#198) got reverted, this has been causing verification regressions (since 0.10.5)
|
65
|
+
for some users (#232) and is expected to be fixed
|
66
|
+
* [fix] replace deprecated getPeerCertificateChain (#231)
|
67
|
+
|
68
|
+
## 0.10.7
|
69
|
+
|
70
|
+
* [feat] upgrade BC library to 1.68
|
71
|
+
* [fix] SSLContext#ciphers= (fixes #221 and jruby/jruby#3100) (#222)
|
72
|
+
* [fix] Java::JavaLang::StringIndexOutOfBoundsException on ctx.cipher=[] (fixes #220) (#223)
|
73
|
+
* [fix] SSLContext#ciphers= compatibility (fixes #223) (#220)
|
74
|
+
* [fix] Match OpenSSL::X509::Name.hash implementation with Ruby (#216, #218)
|
75
|
+
* [fix] OpenSSL::SSL::SSLContext#min_version= failure (#215)
|
76
|
+
* [fix] adds OpenSSL::Cipher#iv_len= setter (#208)
|
77
|
+
|
78
|
+
## 0.10.6 (yanked)
|
79
|
+
|
80
|
+
Due several regressions please update to version 0.10.7 or higher.
|
81
|
+
|
82
|
+
## 0.10.5
|
83
|
+
|
84
|
+
* [fix] EC key sign/verify (#193)
|
85
|
+
* [feat] upgrade BC library to 1.65
|
86
|
+
* [refactor] clean security helpers to avoid reflection (#197)
|
87
|
+
* Just use normal getInstance to get KeyFactory (fixes #197)
|
88
|
+
* Allow multiple Certificates with the same SubjectDN in the store (#198)
|
89
|
+
* Try direct path for MessageDigest before invasive path (#194)
|
90
|
+
(relates to jruby/jruby#6098)
|
91
|
+
* [refactor] avoid NativeException usage (jruby/jruby#5646)
|
92
|
+
|
93
|
+
## 0.10.4
|
94
|
+
|
95
|
+
* Use CertificateFactory.getInstance rather than reflection
|
96
|
+
eliminates one of the module warnings we have been seeing (#161)
|
97
|
+
|
98
|
+
## 0.10.3
|
99
|
+
|
100
|
+
* [fix] implement (missing) PKey::DSA#params
|
101
|
+
* [fix] authorityKeyIdentifier ext (general-name) value
|
102
|
+
* [fix] authority keyid extension's :always part optional (#174)
|
103
|
+
* [fix] work-around for not setting certificate serial
|
104
|
+
raise a more friendly error (jruby/jruby#1691)
|
105
|
+
* [fix] PKey.read not parsing RSA pub-key (#176)
|
106
|
+
* [feat] support reading DSA (public key) in full DER
|
107
|
+
* [fix] RSA key DER format to closely follow OpenSSL
|
108
|
+
* [fix] add missing ASN1 factory methods (Null, EndOfContent)
|
109
|
+
* [fix] support getting password from block for PKeys
|
110
|
+
* [fix] incorrect ASN.1 for wrapped Integer type
|
111
|
+
* [fix] correct public key for subjectKeyIdentifier ext (#173)
|
112
|
+
* [fix] invalid Cert#sign handling -> raise (instead of ClassCastException)
|
113
|
+
* [feat] more TLS (GCM) ciphers - supported on Java 8+
|
114
|
+
* [feat] add ECDHE-RSA-AES128-GCM-SHA256 as supported cipher (#185)
|
115
|
+
* [feat] add support for ECDHE-RSA-AES256-GCM-SHA384 (#187)
|
116
|
+
* [fix] try hard not to fail on unkown oids (OpenSSL::X509::Certificate#to_text)
|
117
|
+
* update Bouncy-Castle to 1.62 (and handle supported BC compatibility)
|
118
|
+
|
119
|
+
## 0.10.2
|
120
|
+
|
121
|
+
* update Bouncy-Castle to 1.61 (and handle supported BC compatibility)
|
122
|
+
* [fix] avoid NPE when CRL fails to parse (invalid str) (jruby/jruby#5619)
|
123
|
+
* hide (deprecated) Jopenssl constant
|
124
|
+
* default OpenSSL.warn to warnings-enabled flag
|
125
|
+
* only un-restrict jce when its restricted
|
126
|
+
* OpenSSL::Cipher#update additional buffer argument (#170) (jruby/jruby#5242)
|
127
|
+
|
128
|
+
## 0.10.1
|
129
|
+
|
130
|
+
* loading JOpenSSL's native ext part the JRuby 9.2 (internal) way
|
131
|
+
* avoid, once again, installing BC provider on boot (due OCSP support)
|
132
|
+
* [feat] support OpenSSL::KDF as a (semi) OpenSSL::PKCS5 replacement
|
133
|
+
* rename ugly-sh "Jopenssl" constant to **JOpenSSL**
|
134
|
+
* support PKCS7#decrypt with 1 argument (pkey only - without certificate)
|
135
|
+
* undo some of the call-sites in SSLSocket - account for sub-classes (#165)
|
136
|
+
* follow-up to provide == for X.509 types (like C-OpenSSL does in 2.1)
|
137
|
+
* validate iter parameter on Cipher#pkcs5_keyivgen (since OpenSSL 2.0.8)
|
138
|
+
* remove openssl/pkcs7.rb -> since 1.8 no longer supported
|
139
|
+
|
140
|
+
## 0.10.0
|
141
|
+
|
142
|
+
**NOTE:** dropped support for anything below ~ JRuby 1.7.20
|
143
|
+
|
144
|
+
* drop support for Java 1.6 and compile using Java 7
|
145
|
+
* improve java.version detection for Java 9/10 (pre-releases)
|
146
|
+
* subject alt name parsing fixes (#140) - thanks @roadrunner2
|
147
|
+
* fix loading of Subject/Issuer-Alt-Name extensions. (#144)
|
148
|
+
* normalize all constants in CipherStrings as public (#146)
|
149
|
+
* upgrade BC to **1.59** and dropped support for BC < 1.55
|
150
|
+
* include BC's JSSE provider as we're planning on using it, eventually
|
151
|
+
* setup OpenSSL::ExtConfig emulation - mostly (conservative) guesses
|
152
|
+
* at last, do BN comparison `==` vs `eql?` properly - just like MRI
|
153
|
+
* get `BN.new("...", 0)` working as OpenSSL does - using MPI format
|
154
|
+
* allow for SSLContext#dup to work (copy-ing Ruby level i-vars only)
|
155
|
+
* fix signature-alg to default to NULL and report it as 0.0 (like MRI)
|
156
|
+
* account for ASN1Integers when transforming issuer serial numbers
|
157
|
+
to_text in AuthorityKeyIdentifier extensions (#147) - thanks @lampad
|
158
|
+
* copy bytes since it might be a shared (unsafe) buffer (#150)
|
159
|
+
* don't use padding for streaming cipher modes (#155) - thanks @dgolombek
|
160
|
+
* avoid ByteList#length() usage for forward (JRuby 9.2) compatibility
|
161
|
+
* prepare for using BC's JSSE implementation as an SSL support backend
|
162
|
+
allow to set SSL provider name (-Djruby.openssl.ssl.provider=...)
|
163
|
+
|
164
|
+
## 0.9.21
|
165
|
+
|
166
|
+
* adjust X.509 value handling to parse subjectAltName recursively (#134)
|
167
|
+
* SKI expected to be always octet wrapped - do not check for length (#131)
|
168
|
+
* respect jruby.preferred.prng and use/tune its SecureRandom defaults
|
169
|
+
trying to avoid BC generator's constant attempts for seeding itself
|
170
|
+
as an attempt to 'fix' low-entropy systems wating for */dev/random*
|
171
|
+
* Random#add; Random#egd shall return true on JVM
|
172
|
+
* move "DEFAULT" special case handling to match OpenSSL behaviour (#136)
|
173
|
+
(jruby/jruby#2193)
|
174
|
+
* If data is not provided, extract it from the PKCS7 instance (#132)
|
175
|
+
* Add cipher suite strings for IBM JRE (#126) - thanks @ysohda
|
176
|
+
* use the helper to printStackTrace (no System.err printing by default)
|
177
|
+
* add OCSP support (#124) - thanks so very much @lampad
|
178
|
+
* add support for renegotiation_cb on SSLContext (#121) - thanks @lampad
|
179
|
+
|
180
|
+
## 0.9.20
|
181
|
+
|
182
|
+
* upgrade Bouncy-Castle to 1.56 http://bouncycastle.org/releasenotes.html
|
183
|
+
(additional security and robustness with 10 CVEs submitted as a result)
|
184
|
+
* add a dummy SSLContext#security_level= implementation
|
185
|
+
* no dup-ing for SSLContext/SSLSocket and X509 Store/StoreContext
|
186
|
+
* implement PKey initialize_copy (dup-ing)
|
187
|
+
* digest can be passed in as a String on PKey#sign/verify
|
188
|
+
* DSA+SHA1 is actually a supported algorithm
|
189
|
+
* reset signed-request -> sub-sequent req.verify will work correctly
|
190
|
+
* allow for digest name to be passed into Cert#sign
|
191
|
+
* be less fatal on Java 9
|
192
|
+
won't attempt reflective SPIs when accessibility checks fail!
|
193
|
+
* remove obsolete (deprecated) renamed classes
|
194
|
+
* verify correct WaitReadable is raised on connect_nonblock (jruby/jruby#1716)
|
195
|
+
* non-connected ssl socket raises EPIPE on connect_nonblock (MRI compat)
|
196
|
+
* fine to close a SSLSocket which is not-yet-connected (like in MRI)
|
197
|
+
* fix NPE when reading private keys (with passwd) (jruby/jruby#1784)
|
198
|
+
|
199
|
+
## 0.9.19
|
200
|
+
|
201
|
+
* re-use secure random from thread-context on SSL context initialization
|
202
|
+
* preliminary OpenSSL 1.1 (Ruby 2.4) compatibility bits (#112)
|
203
|
+
* try using thread-shared secure random gen (in PKey-s) where possible
|
204
|
+
* implement PKeyDSA#syssign and PKeyDSA#sysverify methods
|
205
|
+
* avoid (unnecessary) byte[] copies in PKey#sign/verify
|
206
|
+
* fix ClassCastException error in X509Store.verify (#113)
|
207
|
+
* align BH#hash with eql? (+ equals/hashCode on Java)
|
208
|
+
|
209
|
+
## 0.9.18
|
210
|
+
|
211
|
+
* handle X.509 authorityKeyIdentifier parsing somehow right (#102)
|
212
|
+
* simple resolution for handling subjectAltName multiple DNS: names (#102)
|
213
|
+
* upgrading BC to 1.55
|
214
|
+
normalize "brainpoolP512t1" curve name for BC 1.55 compatibility
|
215
|
+
* allow for X509::Certificate to be converted to a Java certificate
|
216
|
+
* at least OpenSSL.debug potential env read failure on set_default_paths
|
217
|
+
* negative BN values are always considered not prime.
|
218
|
+
* Don't print a warning for missing client certs (#110)
|
219
|
+
|
220
|
+
## 0.9.17
|
221
|
+
|
222
|
+
* temporarily register BC provider on X.509 factory (work-around for #94)
|
223
|
+
* support Cipher#auth_tag and auth_data for GCM ciphers (e.g. aes-128-gcm)
|
224
|
+
* need to drop support for BC <= 1.50 due EC support (N/A in older BCs)
|
225
|
+
* (somehow working) draft at implementing PKey::EC (elliptic curve support)
|
226
|
+
DH encryption expected to behave correctly
|
227
|
+
* make sure (initial) BC security provider registration works!
|
228
|
+
... when **-Djruby.openssl.provider.register=true** (due #94)
|
229
|
+
* Make ALL cipherstring match ECDHE cihphers (#91)
|
230
|
+
* fix X.509 indexBySubject returning correct index
|
231
|
+
* try to handle `SSLContext.session=` and also try answering `session_reused?`
|
232
|
+
* handle equals/hashCode on SSL::Session and raise on timeout int overflow
|
233
|
+
* Allow DSA private keys to be initialized from parameters. (#83)
|
234
|
+
* Instantiate both the private and public keys when setting parameters. (#82)
|
235
|
+
|
236
|
+
## 0.9.16
|
237
|
+
|
238
|
+
* add hard dependency to jar-dependencies (#74)
|
239
|
+
* Recognize Android java.version (#81)
|
240
|
+
|
241
|
+
## 0.9.15
|
242
|
+
|
243
|
+
* always return a Fixnum from `OpenSSL::SSL::Session#timeout`, OpenSSL defaults
|
244
|
+
to 300 (been causing net/http.rb issues with timeouts on JRuby 9K)
|
245
|
+
|
246
|
+
## 0.9.14
|
247
|
+
|
248
|
+
* upgrade to using BC **1.54** as default (all versions >= 1.49 are supported)
|
249
|
+
for Bouncy-Castle release notes see http://bouncycastle.org/releasenotes.html
|
250
|
+
* basic support for prompting for PEM password (working for RSA/DSA priv.key)
|
251
|
+
* avoid NPE due version field in X509Cert - make sure it's treated as 0 (#78)
|
252
|
+
and fix settting ceritificate.serial = number
|
253
|
+
* default WairReadable/Writable backtraces to JRuby's -Xerrno.backtrace
|
254
|
+
* use hardcoded jks type for loading cacerts - for Java 9 compatibility (#79)
|
255
|
+
|
256
|
+
## 0.9.13
|
257
|
+
|
258
|
+
JRuby-OpenSSL is the first release that aims to be Ruby **2.3** compatible.
|
259
|
+
|
260
|
+
* SSLSocket#sysread do not copy bytes from buffer - re-use the backing array
|
261
|
+
* handle read_nonblock EOF as nil when exception: false (Ruby 2.3 compatibility)
|
262
|
+
* start exposing VERSION constant(s) directly on Jopenssl module
|
263
|
+
* better not throw EOF on SSLSocket#sysclose for compatibility with MRI
|
264
|
+
* setup "dummy" OpenSSL::OPENSSL_LIBRARY_VERSION constant for compatibility
|
265
|
+
* Ruby 2.3 compatibility - adjust to changes in MRI's openssl .rb parts
|
266
|
+
* update openssl/ssl.rb based on MRI 2.2's version
|
267
|
+
* disable backtrace generation for wait non-block errors (use an empty array)
|
268
|
+
* support SSLSocket#accept_nonblock/connect_nonblock with exception: false
|
269
|
+
* support `exception: false` with syswrite_nonblock and sysread_nonblock
|
270
|
+
* remove 'RSA' from RSA public key headers (#76)
|
271
|
+
|
272
|
+
## 0.9.12
|
273
|
+
|
274
|
+
* when the Cipher/Signature needs to be created via java reflection use a constructor
|
275
|
+
which avoids verifying the bouncy-castle jars (which is the main reason for using
|
276
|
+
reflection since some classloader setups fails to verify those jars) (#73)
|
277
|
+
* force US locale for date formatting
|
278
|
+
otherwise it uses system locale, which is inconsistent with MRI.
|
279
|
+
* X509::Store.set_default_paths ignores FileNotFound errors like MRI does (#68)
|
280
|
+
* check type on X509::Store.verify
|
281
|
+
throw a TypeError if the argument is not a OpenSSL::X509::Certificate (#69)
|
282
|
+
* keep the default x509 certs and directories in line with MRI, only if
|
283
|
+
they do not exists fallback on cacerts from the java.home/lib/security/cacerts
|
284
|
+
* bring the default ca-certs paths/location more in line with MRI and fallback on
|
285
|
+
jvm truststore (java.home/lib/security/cacerts) when needed
|
286
|
+
|
287
|
+
## 0.9.11
|
288
|
+
|
289
|
+
* add TLSv1_1_client, TLSv1_1_server, TLSv1_2_client and TLSv1_2_server options
|
290
|
+
to ssl_version (#65)
|
291
|
+
* **regression** make sure we hold a buffered reader so that the loop continues
|
292
|
+
reading PEMs - previously introduced an incompatibility with cert verify (#67)
|
293
|
+
* support negotiating up to TLS1_1 and TLS1_2 when the server supports these
|
294
|
+
ssl_versions (#63)
|
295
|
+
|
296
|
+
## 0.9.10
|
297
|
+
|
298
|
+
* **regression** reverted fix for #49 (as it needs more work/testing) :
|
299
|
+
keep the default x509 certs and directories in line with MRI (#49), only if
|
300
|
+
they do not exists fallback on cacerts from the java.home/lib/security/cacerts
|
301
|
+
|
302
|
+
## 0.9.9
|
303
|
+
|
304
|
+
* **regression** causing to re-package a RaiseException in `SSLSocket#accept`
|
305
|
+
* fix load error: jopenssl/load -- java.lang.VerifyError: using BC 1.51 or 1.52 (#62)
|
306
|
+
* keep the default x509 certs and directories in line with MRI (#49), only if
|
307
|
+
they do not exists fallback on cacerts from the java.home/lib/security/cacerts
|
308
|
+
|
309
|
+
## 0.9.8
|
310
|
+
|
311
|
+
* refactor `PKCS5.pbkdf2_hmac_sha1` to use BC APIs
|
312
|
+
thus less dependent on provider internals (jruby/jruby#3025)
|
313
|
+
* HMAC - use our SimpleKey impl so that there's less[] copy
|
314
|
+
... also allows for an empty key to work like MRI (jruby/jruby#2854)
|
315
|
+
* fixing oaep encryption to use correct algorithm (#54)
|
316
|
+
* [experimental] support NOT loading any (BC) jars on our own ... (#10)
|
317
|
+
* disable DHE (by default) on Java <= 7 ... on Java 8 we (still) force 1024/2048
|
318
|
+
(see jruby/jruby#2872 and #45)
|
319
|
+
* **regression** handle parsing of "incomplete" X.509 certs like MRI does (#42)
|
320
|
+
* implement a CRL/certificate caching (for now off by default) in Lookup
|
321
|
+
... set *-J-Djruby.openssl.x509.lookup.cache=true* to enable
|
322
|
+
* improve Store helper concurrency (with less synchronization)
|
323
|
+
* reviewed OpenSSL's .rb parts to match those present in MRI 1.9.3 / 2.2.2
|
324
|
+
* initial support for `OpenSSL::SSL::Session` (id, time, timeout work)
|
325
|
+
* session_cache_mode as present in OpenSSL makes no sense with Java APIs
|
326
|
+
* use the set SSLContext#session_cache_size on the underlying javax.net API
|
327
|
+
* tidy up SSLSocket's internals + add stack-trace debugging on accept/connect
|
328
|
+
* add SSLSocket ssl_version property like MRI has (#38)
|
329
|
+
* avoid unnecessary `_initialize` naming - it's confusing to see in JVM tools
|
330
|
+
* use SecurityHelper to get a X.509 certificate factory
|
331
|
+
we'll know prefer BC's X.509 factory over the built-in (Sun provider) one
|
332
|
+
|
333
|
+
## 0.9.7
|
334
|
+
|
335
|
+
* put in some more ossl to jsse mappings for SSL/TLS
|
336
|
+
(SSL_DHE_xxx, TLS_ECDH_xxx, TLS_ECDHE_xxx)
|
337
|
+
* exclude SSLv2 in reported METHODS (all fine to close jruby/jruby#1874)
|
338
|
+
* support passing ssl_version as an argument to initialize SSLContext.new ...
|
339
|
+
* now that we've matched w MRI's SSLContext::METHODS don't report custom ones
|
340
|
+
* more ssl_version= compatibility fixes that match MRI (jruby/jruby#1736)
|
341
|
+
* support setting ssl_version = "TLSv1_1" (or "TLSv1_2") just like MRI
|
342
|
+
* **regression** make sure version is set when reading encoded certificate
|
343
|
+
+ signature algorithm should be read as well when decoding certificate (#39)
|
344
|
+
* better accept handshake errors instead of "General SSLEngine problem (#37)
|
345
|
+
* trying to decode DER application specific objects (based on patch from #36)
|
346
|
+
* we've not been compatible with MRI's DES (EDE) - partly due DES(3) ECB
|
347
|
+
fixing jruby/jruby#2617 as well as jruby/jruby#931
|
348
|
+
* exclude reporting algorithms with CFB-1 cipher mode as supported (due #35)
|
349
|
+
* do not change CFB1 to CFB ... it's something different (although broken on BC)
|
350
|
+
* attempt to deal with update/final buffering incompatibility with MRI
|
351
|
+
* fix HMAC digest incorrect when data contains invalid characters (#33)
|
352
|
+
* add Gemfile and specify ruby-maven as dependency
|
353
|
+
* use SafePropertyAccessor to access properties instead of directly (#28)
|
354
|
+
* make sure SSLSocket's cipher and hostname are nil by default (avoids NPE)
|
355
|
+
* update to (packed) BC version 1.50 + start declaring 1.51 as semi-supported
|
356
|
+
|
357
|
+
## 0.9.6
|
358
|
+
|
359
|
+
* ClassCastException still happen deep within BC - turn them into SignatureExeption
|
360
|
+
* make sure empty object can be serialize via to_pem
|
361
|
+
* use the classname as message in case the exception has no message (jruby/jruby#2249)
|
362
|
+
* make sure X509Object list is synchronized properly
|
363
|
+
* use JRubyFile to get input-stream to file-resource fixes #11
|
364
|
+
* Cache the discovered classes for digest engines. Fixes #15.
|
365
|
+
* avoid the rest of Ruby.getGlobalRuntime usages - only worked in 1 runtime envs
|
366
|
+
* refactored CRL - using light-weight BC API (avoids deprecated X.509 generator)
|
367
|
+
* implement X509::Certificate#to_text for happiness (the MRI-way - only RSA for now)
|
368
|
+
* allow to "fake" our inspect() support and match MRI's X509::Certificate#inspect
|
369
|
+
* decode BC's ASN1Enumarated into a OpenSSL::ASN1::Enumerated
|
370
|
+
* we can (ASN.1) encode an infinite-length bit-string constructive
|
371
|
+
* turns out all ASN1 primitives in MRI have the infinite_length attribute
|
372
|
+
* support (so-far only dummy) @servername_cb attribute on SSLSocket
|
373
|
+
* handle (CRL) extension's issuerAltName wrapping without an exception
|
374
|
+
* fix SSL (cert) verification - now working on 1.8/1.9 better than before
|
375
|
+
* do not skip first 2 bytes of key identifier hash when encoding to hex!
|
376
|
+
* match X.509 extension short-comings of the Java API in order to align with MRI
|
377
|
+
* improve cert.extension's value - *extendedKeyUsage* was not returned correctly
|
378
|
+
* make sure ASN1::ObjectId.new(...).ln and ASN1::ObjectId.new(...).sn are correct!
|
379
|
+
* better working to_der conversion esp. with constructives (indefinite lengths)
|
380
|
+
* improve our ASN1 decoding for better MRI compatibility
|
381
|
+
* avoiding Krypt gem dependency completely (was used for OpenSSL::PKCS5)
|
382
|
+
* cleanup OpenSSL::Digest internals - make sure block_length works for more
|
383
|
+
* OpenSSL deprecated_warning_flag and check_func API compatibility stubs
|
384
|
+
* do not force loading of jar-dependencies + possibly respect jars skipped
|
385
|
+
* X509::Name.to_a compatibility - MRI seems to never return "UNDEF"
|
386
|
+
experimental support for passing down "real" Java JCE cipher names
|
387
|
+
* rewriten Cipher internals - now faster, slimmer and more compatible than ever!
|
388
|
+
* rebuilt our global ASN1Registry and refactored it (back) internally to use string oids
|
389
|
+
* report OpenSSL::VERSION **1.1.0** since 1.9.3
|
390
|
+
* fill RaiseException's cause whenever we use a factory passing down a Throwable
|
391
|
+
* allow X509::Revoked.serial= to receive an integer
|
392
|
+
* make sure X509::CRL's to_text representation si (fully) MRI compatible
|
393
|
+
* handle authority key-id unwrapping correctly in X509::Extension#value
|
394
|
+
* long time coming - OpenSSL::X509::CRL support for loading revoked entries (#5)
|
395
|
+
* Reflect Java cacert location in DEFAULT_CERT_* constants (jruby/jruby#1953)
|
396
|
+
* X509::Certificate.new MRI compatibility + make sure inspect works the same
|
397
|
+
* BN.inspect() and make sure BN.new(0) works just fine (both as in MRI)
|
398
|
+
* X509::CRL instantiation compatibility with MRI
|
399
|
+
* inspect() X509::Certificate an X509::CRL just like MRI does
|
400
|
+
* handle OpenSSL::X509::Store.add error messages correctly (fix based on #6)
|
401
|
+
* update to using BC 1.49 by default (still compatible with older versions)
|
402
|
+
* implement X509::StoreContext#current_crl method
|
403
|
+
* support X509::StoreContext cleanup and error_depth instance methods
|
404
|
+
* support disabling of warnings using system property -Djruby.openssl.warn
|
405
|
+
* Throw error when chain certs are *not* OpenSSL::X509::Certificate (#3)
|
406
|
+
* avoid using JRuby IO APIs (will likely not work in 9k)
|
407
|
+
* make 'jopenssl/load' also work on jruby-1.6.8 mode 1.9
|
408
|
+
|
409
|
+
## 0.9.5
|
410
|
+
|
411
|
+
MASSIVE internal "rewrite" to avoid depending on a registered (BC) security
|
412
|
+
provider. This releases restores compatibility with BC version 1.47 while being
|
413
|
+
compatible with newer bouncy-castle jars as well (1.48, 1.49 and 1.50).
|
414
|
+
|
415
|
+
* handle SSLErrorWaitReadable/Writable as SSLErrors on Ruby 1.8 and 1.9 mode
|
416
|
+
* Treat SSL NOT_HANDSHAKING as FINISHED
|
417
|
+
* only add DER.TRUE when encoding X.509 extension when non-critical
|
418
|
+
* do not der encode non-critical flag in X509::Extension (jruby/jruby#389)
|
419
|
+
* SSLContext internals + support `SSLContext::METHODS` correctly (jruby/jruby#1596)
|
420
|
+
* correct visibility of initialize* and respond_to_missing? methods
|
421
|
+
* fix spinning indefinitely on partial TLS record (jruby/jruby#1280)
|
422
|
+
* Support file input for PKey::RSA.new
|
423
|
+
* fix bug https://github.com/jruby/jruby/issues/1156
|
424
|
+
* openssl: add handling for base 0 to new and to_s
|
425
|
+
|
426
|
+
## 0.9.4
|
427
|
+
|
428
|
+
* Fix compatibility wiht Bouncy Castle 1.49.
|
429
|
+
|
430
|
+
## 0.9.3
|
431
|
+
|
432
|
+
* Allow options passed to nonblock methods (not impl'ed yet)
|
433
|
+
* Make ClassIndex into an enum, to prevent issues like jruby/jruby#1004
|
434
|
+
|
435
|
+
|
436
|
+
== ...
|
437
|
+
|
438
|
+
|
439
|
+
## 0.7.7
|
440
|
+
|
441
|
+
This release includes bug fixes.
|
442
|
+
|
443
|
+
* JRUBY-6622: Support loading encrypted RSA key with PBES2
|
444
|
+
* JRUBY-4326: Confusing (and late) OpenSSL error message
|
445
|
+
* JRUBY-6579: Avoid ClassCastException for public key loading
|
446
|
+
* JRUBY-6515: sending UTF-8 data over SSL can hang with openssl
|
447
|
+
* Update tests to sync with CRuby ruby_1_9_3
|
448
|
+
|
449
|
+
## 0.7.6
|
450
|
+
|
451
|
+
This release includes initial implementation of PKCS12 by Owen Ou.
|
452
|
+
|
453
|
+
* JRUBY-5066: Implement OpenSSL::PKCS12 (only for simple case)
|
454
|
+
* JRUBY-6385: Assertion failure with -J-ea
|
455
|
+
|
456
|
+
## 0.7.5
|
457
|
+
|
458
|
+
This release improved 1.9 mode support with help of
|
459
|
+
Duncan Mak <duncan@earthaid.net>. Now jruby-ossl gem includes both 1.8 and 1.9
|
460
|
+
libraries and part of features should work fine on 1.9 mode, too.
|
461
|
+
|
462
|
+
* JRUBY-6270: Wrong keyUsage check for SSL server
|
463
|
+
* JRUBY-6260: OpenSSL::ASN1::Integer#value incompatibility
|
464
|
+
* JRUBY-6044: Improve Ecrypted RSA/DSA pem support
|
465
|
+
* JRUBY-5972: Allow to load/dump empty PKCS7 data
|
466
|
+
* JRUBY-5834: Fix X509Name handling; X509Name RDN can include multiple elements
|
467
|
+
* JRUBY-5362: Improved 1.9 support
|
468
|
+
* JRUBY-4992: Warn if loaded by non JRuby interpreter
|
469
|
+
|
470
|
+
## 0.7.4
|
471
|
+
|
472
|
+
* JRUBY-5519: Avoid String encoding dependency in DER loading. PEM loading
|
473
|
+
failed on JRuby 1.6.x. Fixed.
|
474
|
+
* JRUBY-5510: Add debug information to released jar
|
475
|
+
* JRUBY-5478: Update bouncycastle jars to the latest version. (1.46)
|
476
|
+
|
477
|
+
## 0.7.3
|
478
|
+
|
479
|
+
* JRUBY-5200: Net::IMAP + SSL(imaps) login could hang. Fixed.
|
480
|
+
* JRUBY-5253: Allow to load the certificate file which includes private
|
481
|
+
key for activemarchant compatibility.
|
482
|
+
* JRUBY-5267: Added SSL socket error-checks to avoid busy loop under an
|
483
|
+
unknown condition.
|
484
|
+
* JRUBY-5316: Improvements for J9's IBMJCE support. Now all testcases
|
485
|
+
pass on J9 JDK 6.
|
486
|
+
|
487
|
+
## 0.7.2
|
488
|
+
|
489
|
+
* JRUBY-5126: Ignore Cipher#reset and Cipher#iv= when it's a stream
|
490
|
+
cipher (Net::SSH compatibility)
|
491
|
+
* JRUBY-5125: let Cipher#name for 'rc4' to be 'RC4' (Net::SSH
|
492
|
+
compatibility)
|
493
|
+
* JRUBY-5096: Fixed inconsistent Certificate verification behavior
|
494
|
+
* JRUBY-5060: Avoid NPE from to_pem for empty X509 Objects
|
495
|
+
* JRUBY-5059: SSLSocket ignores Timeout (Fixed)
|
496
|
+
* JRUBY-4965: implemented OpenSSL::Config
|
497
|
+
* JRUBY-5023: make Certificate#signature_algorithm return correct algo
|
498
|
+
name; "sha1WithRSAEncryption" instead of "SHA1"
|
499
|
+
* JRUBY-5024: let HMAC.new accept a String as a digest name
|
500
|
+
* JRUBY-5018: SSLSocket holds selectors, keys, preventing quick
|
501
|
+
cleanup of resources when dereferenced
|
502
|
+
|
503
|
+
## 0.7.1
|
504
|
+
|
505
|
+
NOTE: Now BouncyCastle jars has moved out to its own gem "bouncy-castle-java"
|
506
|
+
http://rubygems.org/gems/bouncy-castle-java. You don't need to care about it
|
507
|
+
because "jruby-openssl" gem depends on it from now on.
|
508
|
+
|
509
|
+
* JRUBY-4826 net/https client possibly raises "rbuf_fill': End of file
|
510
|
+
reached (EOFError)" for HTTP chunked read.
|
511
|
+
|
512
|
+
* JRUBY-4900: Set proper String to OpenSSL::OPENSSL_VERSION. Make sure
|
513
|
+
it's not an OpenSSL artifact: "OpenSSL 0.9.8b 04 May 2006
|
514
|
+
(JRuby-OpenSSL fake)" -> "jruby-ossl 0.7.1"
|
515
|
+
* JRUBY-4975: Moving BouncyCastle jars out to its own gem.
|
516
|
+
|
517
|
+
## 0.7
|
518
|
+
|
519
|
+
* Follow MRI 1.8.7 openssl API changes
|
520
|
+
* Fixes so that jruby-openssl can run on appengine
|
521
|
+
* Many bug and compatibility fixes, see below.
|
522
|
+
* This is the last release that will be compatible with JRuby 1.4.x.
|
523
|
+
* Compatibility issues
|
524
|
+
- JRUBY-4342: Follow ruby-openssl of CRuby 1.8.7.
|
525
|
+
- JRUBY-4346: Sync tests with tests for ruby-openssl of CRuby 1.8.7.
|
526
|
+
- JRUBY-4444: OpenSSL crash running RubyGems tests
|
527
|
+
- JRUBY-4075: Net::SSH gives OpenSSL::Cipher::CipherError "No message
|
528
|
+
available"
|
529
|
+
- JRUBY-4076: Net::SSH padding error using 3des-cbc on Solaris
|
530
|
+
- JRUBY-4541: jruby-openssl doesn't load on App Engine.
|
531
|
+
- JRUBY-4077: Net::SSH "all authorization methods failed" Solaris -> Solaris
|
532
|
+
- JRUBY-4535: Issues with the BouncyCastle provider
|
533
|
+
- JRUBY-4510: JRuby-OpenSSL crashes when JCE fails a initialise bcprov
|
534
|
+
- JRUBY-4343: Update BouncyCastle jar to upstream version; jdk14-139 ->
|
535
|
+
jdk15-144
|
536
|
+
Cipher issues
|
537
|
+
- JRUBY-4012: Initialization vector length handled differently than in MRI
|
538
|
+
(longer IV sequence are trimmed to fit the required)
|
539
|
+
- JRUBY-4473: Implemented DSA key generation
|
540
|
+
- JRUBY-4472: Cipher does not support RC4 and CAST
|
541
|
+
- JRUBY-4577: InvalidParameterException 'Wrong keysize: must be equal to 112 or
|
542
|
+
168' for DES3 + SunJCE
|
543
|
+
SSL and X.509(PKIX) issues
|
544
|
+
- JRUBY-4384: TCP socket connection causes busy loop of SSL server
|
545
|
+
- JRUBY-4370: Implement SSLContext#ciphers
|
546
|
+
- JRUBY-4688: SSLContext#ciphers does not accept 'DEFAULT'
|
547
|
+
- JRUBY-4357: SSLContext#{setup,ssl_version=} are not implemented
|
548
|
+
- JRUBY-4397: SSLContext#extra_chain_cert and SSLContext#client_ca
|
549
|
+
- JRUBY-4684: SSLContext#verify_depth is ignored
|
550
|
+
- JRUBY-4398: SSLContext#options does not affect to SSL sessions
|
551
|
+
- JRUBY-4360: Implement SSLSocket#verify_result and dependents
|
552
|
+
- JRUBY-3829: SSLSocket#read should clear given buffer before concatenating
|
553
|
+
(ByteBuffer.java:328:in `allocate': java.lang.IllegalArgumentException when
|
554
|
+
returning SOAP queries over a certain size)
|
555
|
+
- JRUBY-4686: SSLSocket can drop last chunk of data just before inbound channel
|
556
|
+
close
|
557
|
+
- JRUBY-4369: X509Store#verify_callback is not called
|
558
|
+
- JRUBY-4409: OpenSSL::X509::Store#add_file corrupts when it includes
|
559
|
+
certificates which have the same subject (problem with
|
560
|
+
ruby-openid-apps-discovery (github jruby-openssl issue #2))
|
561
|
+
- JRUBY-4333: PKCS#8 formatted privkey read
|
562
|
+
- JRUBY-4454: Loading Key file as a Certificate causes NPE
|
563
|
+
- JRUBY-4455: calling X509::Certificate#sign for the Certificate initialized
|
564
|
+
from PEM causes IllegalStateException
|
565
|
+
PKCS#7 issues
|
566
|
+
- JRUBY-4379: PKCS7#sign failed for DES3 cipher algorithm
|
567
|
+
- JRUBY-4428: Allow to use DES-EDE3-CBC in PKCS#7 w/o the Policy Files (rake
|
568
|
+
test doesn't finish on JDK5 w/o policy files update)
|
569
|
+
Misc
|
570
|
+
- JRUBY-4574: jruby-openssl deprecation warning cleanup
|
571
|
+
- JRUBY-4591: jruby-1.4 support
|
572
|
+
|
573
|
+
## 0.6
|
574
|
+
|
575
|
+
* This is a recommended upgrade to jruby-openssl. A security problem
|
576
|
+
involving peer certificate verification was found where failed
|
577
|
+
verification silently did nothing, making affected applications
|
578
|
+
vulnerable to attackers. Attackers could lead a client application
|
579
|
+
to believe that a secure connection to a rogue SSL server is
|
580
|
+
legitimate. Attackers could also penetrate client-validated SSL
|
581
|
+
server applications with a dummy certificate. Your application would
|
582
|
+
be vulnerable if you're using the 'net/https' library with
|
583
|
+
OpenSSL::SSL::VERIFY_PEER mode and any version of jruby-openssl
|
584
|
+
prior to 0.6. Thanks to NaHi (NAKAMURA Hiroshi) for finding the
|
585
|
+
problem and providing the fix. See
|
586
|
+
http://www.jruby.org/2009/12/07/vulnerability-in-jruby-openssl.html
|
587
|
+
for details.
|
588
|
+
* This release addresses CVE-2009-4123 which was reserved for the
|
589
|
+
above vulnerability.
|
590
|
+
* Many fixes from NaHi, including issues related to certificate
|
591
|
+
verification and certificate store purpose verification.
|
592
|
+
- implement OpenSSL::X509::Store#set_default_paths
|
593
|
+
- MRI compat. fix: OpenSSL::X509::Store#add_file
|
594
|
+
- Fix nsCertType handling.
|
595
|
+
- Fix Cipher#key_len for DES-EDE3: 16 should be 24.
|
596
|
+
- Modified test expectations around Cipher#final.
|
597
|
+
* Public keys are lazily instantiated when the
|
598
|
+
X509::Certificate#public_key method is called (Dave Garcia)
|
599
|
+
|
600
|
+
## 0.5.2
|
601
|
+
|
602
|
+
Multiple bugs fixed:
|
603
|
+
|
604
|
+
* JRUBY-3895 Could not verify server signature with net-ssh against Cygwin
|
605
|
+
* JRUBY-3864 jruby-openssl depends on Base64Coder from JvYAMLb
|
606
|
+
* JRUBY-3790 JRuby-OpenSSL test_post_connection_check is not passing
|
607
|
+
* JRUBY-3767 OpenSSL ssl implementation doesn't support client auth
|
608
|
+
* JRUBY-3673 jRuby-OpenSSL does not properly load certificate authority file
|
609
|
+
|
610
|
+
## 0.5.1
|
611
|
+
|
612
|
+
* Multiple fixes by Brice Figureau to get net/ssh working. Requires JRuby 1.3.1
|
613
|
+
to be 100%
|
614
|
+
* Fix by Frederic Jean for a character-decoding issue for some certificates
|
615
|
+
|
616
|
+
## 0.5
|
617
|
+
|
618
|
+
* Fixed JRUBY-3614: Unsupported HMAC algorithm (HMACSHA-256)
|
619
|
+
* Fixed JRUBY-3570: ActiveMerchant's AuthorizeNet Gateway throws OpenSSL Cert
|
620
|
+
Validation Error, when there should be no error
|
621
|
+
* Fixed JRUBY-3557 Class cast exception in PKeyRSA.java
|
622
|
+
* Fixed JRUBY-3468 X.509 certificates: subjectKeyIdentifier corrupted
|
623
|
+
* Fixed JRUBY-3285 Unsupported HMAC algorithm (HMACSHA1) error when generating
|
624
|
+
digest
|
625
|
+
* Misc code cleanup
|
626
|
+
|
627
|
+
## 0.2
|
628
|
+
|
629
|
+
* Enable remaining tests; fix a nil string issue in SSLSocket.sysread
|
630
|
+
(JRUBY-1888)
|
631
|
+
* Fix socket buffering issue by setting socket IO sync = true
|
632
|
+
* Fix bad file descriptor issue caused by unnecessary close (JRUBY-2152)
|
633
|
+
* Fix AES key length (JRUBY-2187)
|
634
|
+
* Fix cipher initialization (JRUBY-1100)
|
635
|
+
* Now, only compatible with JRuby 1.1
|
636
|
+
|
637
|
+
## 0.1.1
|
638
|
+
|
639
|
+
* Fixed blocker issue preventing HTTPS/SSL from working (JRUBY-1222)
|
640
|
+
|
641
|
+
## 0.1
|
642
|
+
|
643
|
+
* PLEASE NOTE: This release is not compatible with JRuby releases earlier than
|
644
|
+
1.0.3 or 1.1b2. If you must use JRuby 1.0.2 or earlier, please install the
|
645
|
+
0.6 release.
|
646
|
+
* Release coincides with JRuby 1.0.3 and JRuby 1.1b2 releases
|
647
|
+
* Simultaneous support for JRuby trunk and 1.0 branch
|
648
|
+
* Start of support for OpenSSL::BN
|
649
|
+
|
650
|
+
## 0.0.5 and prior
|
651
|
+
|
652
|
+
* Initial versions with maintenance updates
|