jruby-openssl 0.9.4 → 0.14.0-java
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/History.md +652 -0
- data/LICENSE.txt +37 -0
- data/Mavenfile +163 -5
- data/README.md +75 -0
- data/Rakefile +52 -2
- data/lib/jopenssl/_compat23.rb +71 -0
- data/lib/jopenssl/load.rb +75 -16
- data/lib/jopenssl/version.rb +9 -4
- data/lib/jopenssl.jar +0 -0
- data/lib/openssl/bn.rb +40 -5
- data/lib/openssl/buffering.rb +477 -4
- data/lib/openssl/cipher.rb +67 -5
- data/lib/openssl/config.rb +500 -4
- data/lib/openssl/digest.rb +73 -5
- data/lib/openssl/hmac.rb +13 -0
- data/lib/openssl/marshal.rb +30 -0
- data/lib/openssl/pkcs12.rb +60 -99
- data/lib/openssl/pkcs5.rb +22 -0
- data/lib/openssl/pkey.rb +42 -0
- data/lib/openssl/ssl.rb +542 -4
- data/lib/openssl/x509.rb +368 -4
- data/lib/openssl.rb +3 -1
- data/lib/org/bouncycastle/bcpkix-jdk18on/1.71/bcpkix-jdk18on-1.71.jar +0 -0
- data/lib/org/bouncycastle/bcprov-jdk18on/1.71/bcprov-jdk18on-1.71.jar +0 -0
- data/lib/org/bouncycastle/bctls-jdk18on/1.71/bctls-jdk18on-1.71.jar +0 -0
- data/lib/org/bouncycastle/bcutil-jdk18on/1.71/bcutil-jdk18on-1.71.jar +0 -0
- data/pom.xml +772 -0
- metadata +40 -107
- data/History.txt +0 -218
- data/License.txt +0 -30
- data/README.txt +0 -13
- data/TODO-1_9-support.txt +0 -23
- data/lib/jopenssl18/openssl/bn.rb +0 -35
- data/lib/jopenssl18/openssl/buffering.rb +0 -241
- data/lib/jopenssl18/openssl/cipher.rb +0 -65
- data/lib/jopenssl18/openssl/config.rb +0 -316
- data/lib/jopenssl18/openssl/digest.rb +0 -61
- data/lib/jopenssl18/openssl/pkcs7.rb +0 -25
- data/lib/jopenssl18/openssl/ssl-internal.rb +0 -179
- data/lib/jopenssl18/openssl/ssl.rb +0 -1
- data/lib/jopenssl18/openssl/x509-internal.rb +0 -153
- data/lib/jopenssl18/openssl/x509.rb +0 -1
- data/lib/jopenssl18/openssl.rb +0 -67
- data/lib/jopenssl19/openssl/bn.rb +0 -35
- data/lib/jopenssl19/openssl/buffering.rb +0 -449
- data/lib/jopenssl19/openssl/cipher.rb +0 -65
- data/lib/jopenssl19/openssl/config.rb +0 -313
- data/lib/jopenssl19/openssl/digest.rb +0 -72
- data/lib/jopenssl19/openssl/ssl-internal.rb +0 -177
- data/lib/jopenssl19/openssl/ssl.rb +0 -2
- data/lib/jopenssl19/openssl/x509-internal.rb +0 -158
- data/lib/jopenssl19/openssl/x509.rb +0 -2
- data/lib/jopenssl19/openssl.rb +0 -23
- data/lib/openssl/pkcs7.rb +0 -5
- data/lib/openssl/ssl-internal.rb +0 -5
- data/lib/openssl/x509-internal.rb +0 -5
- data/test/java/pkcs7_mime_enveloped.message +0 -19
- data/test/java/pkcs7_mime_signed.message +0 -30
- data/test/java/pkcs7_multipart_signed.message +0 -45
- data/test/java/test_java_attribute.rb +0 -25
- data/test/java/test_java_bio.rb +0 -42
- data/test/java/test_java_mime.rb +0 -173
- data/test/java/test_java_pkcs7.rb +0 -772
- data/test/java/test_java_smime.rb +0 -177
- data/test/test_java.rb +0 -98
- data/test/ut_eof.rb +0 -128
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 2548bc2fe716c409cd989bf2d8dadfae326993f955aca85cfe03ca4bf3afb659
|
4
|
+
data.tar.gz: 5f6606773272d521abefb77c475d80a6437091d33b37c15d5daf6c8ccdb87e9b
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 05f1f9700cd0e52761a80c4c841dc5afa80f1dbffcb47dadc1761ccf59bb3315b6baa8cbff18b3d611b6094f0ef9b1e930800f07ed2cc1cad4f5c3951047fca8
|
7
|
+
data.tar.gz: 5ca2d93939853cdc3ae2055db4e32ba71e9c6127297ec14c5de5745db2ebbe27c4182ee7325045123a91d8b3b8bac5cebf80471aaab2e67ec5458803ba85805c
|
data/History.md
ADDED
@@ -0,0 +1,652 @@
|
|
1
|
+
## 0.14.0
|
2
|
+
|
3
|
+
This version upgraded to latest Bouncy-Castle (1.71) and is only compatible with
|
4
|
+
the new version mostly due artifact naming and breaking chances in BC itself.
|
5
|
+
|
6
|
+
- [deps] upgrade BC to latest 1.71
|
7
|
+
- [fix] make set_minmax_proto_version private
|
8
|
+
|
9
|
+
## 0.13.0
|
10
|
+
|
11
|
+
* [fix] ASN1::EndOfContent ancestor hierarchy (#228)
|
12
|
+
* [fix] handle X509::Name type conversion (#206)
|
13
|
+
* [fix] handle invalid type when creating `X509::Name`
|
14
|
+
* [fix] `OpenSSL::X509::Name#inspect` compatibility
|
15
|
+
* [fix] escaping with `OpenSSL::X509::Name::RFC2253`
|
16
|
+
* [feat] implement `OpenSSL::X509::Name#to_utf8`
|
17
|
+
* [fix] compat missing `OpenSSL::SSL::OP_NO_TLSv1_3`
|
18
|
+
* [refactor] performance - do not encode/decode cert objects
|
19
|
+
* [fix] make sure `Context.ciphers` are not mutated (#219)
|
20
|
+
* [feat] support `to_java` conversion for CRL
|
21
|
+
* [feat] support `to_java` protocol for PKey (#250)
|
22
|
+
|
23
|
+
## 0.12.2
|
24
|
+
|
25
|
+
* [fix] work-around JRuby 9.2 autoload behavior (#248)
|
26
|
+
to be able to install jruby-openssl >= 0.12 on JRuby 9.2
|
27
|
+
while the default gem (shipped with JRuby) is < 0.12
|
28
|
+
* [feat] support alpn negotiation in ssl context (#247)
|
29
|
+
* [feat] support Java cipher names on `SSLContext#ciphers=`
|
30
|
+
* [fix] properly handle `require_jar` fallback
|
31
|
+
|
32
|
+
## 0.12.1
|
33
|
+
|
34
|
+
* improved compatibility with the openssl gem (version 2.2.1)
|
35
|
+
* JOSSL now ships with a single set of openssl .rb files
|
36
|
+
- providing compat with `required_ruby_version = '>= 2.3.0'`
|
37
|
+
- flat set of .rb files at *lib/openssl/* (based on openssl gem)
|
38
|
+
* revisited `OpenSSL::SSL::SSLContext::DEFAULT_PARAMS` defaults
|
39
|
+
- implicit `verify_hostname` default .rb callback still a noop
|
40
|
+
- TLS continues to rely on the Java SSL engine for hostname checks
|
41
|
+
* working TLS 1.3 support
|
42
|
+
* droped Java 1.7 support (at least Java 8 needed to use the gem)
|
43
|
+
* fixed `SSLContext#options` matches C OpenSSL (using `OP_ALL`)
|
44
|
+
* no longer filter out SSLv2 (for improved OpenSSL compatibility)
|
45
|
+
* implemented naive `SSLContext#ciphers` caching to speed-up TLS
|
46
|
+
* `StoreError` raised due a Java exception now retain native cause
|
47
|
+
|
48
|
+
## 0.12.0 (yanked)
|
49
|
+
|
50
|
+
There were Java 8 and JRuby 9.3 regressions in this release, use 0.12.1 instead.
|
51
|
+
|
52
|
+
## 0.11.0
|
53
|
+
|
54
|
+
NOTE: This release aims to adapt the certificate verification logic to be aligned
|
55
|
+
with OpenSSL 1.1.1 as a resolution to issues due *DST Root CA X3* expiration, more
|
56
|
+
details at: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
|
57
|
+
|
58
|
+
The port is expected to be superior compared to the simple legacy verification,
|
59
|
+
however in case of issues the previous algorithm is still around and can be toggled
|
60
|
+
using `JRUBY_OPTS="-J-Djruby.openssl.x509.store.verify=legacy"` system property.
|
61
|
+
|
62
|
+
* **OpenSSL 1.1.1 cert verification port** (fixes #236) (#239)
|
63
|
+
- as a side-effect part of the PR to "allow multiple certs with same SubjectDN"
|
64
|
+
(#198) got reverted, this has been causing verification regressions (since 0.10.5)
|
65
|
+
for some users (#232) and is expected to be fixed
|
66
|
+
* [fix] replace deprecated getPeerCertificateChain (#231)
|
67
|
+
|
68
|
+
## 0.10.7
|
69
|
+
|
70
|
+
* [feat] upgrade BC library to 1.68
|
71
|
+
* [fix] SSLContext#ciphers= (fixes #221 and jruby/jruby#3100) (#222)
|
72
|
+
* [fix] Java::JavaLang::StringIndexOutOfBoundsException on ctx.cipher=[] (fixes #220) (#223)
|
73
|
+
* [fix] SSLContext#ciphers= compatibility (fixes #223) (#220)
|
74
|
+
* [fix] Match OpenSSL::X509::Name.hash implementation with Ruby (#216, #218)
|
75
|
+
* [fix] OpenSSL::SSL::SSLContext#min_version= failure (#215)
|
76
|
+
* [fix] adds OpenSSL::Cipher#iv_len= setter (#208)
|
77
|
+
|
78
|
+
## 0.10.6 (yanked)
|
79
|
+
|
80
|
+
Due several regressions please update to version 0.10.7 or higher.
|
81
|
+
|
82
|
+
## 0.10.5
|
83
|
+
|
84
|
+
* [fix] EC key sign/verify (#193)
|
85
|
+
* [feat] upgrade BC library to 1.65
|
86
|
+
* [refactor] clean security helpers to avoid reflection (#197)
|
87
|
+
* Just use normal getInstance to get KeyFactory (fixes #197)
|
88
|
+
* Allow multiple Certificates with the same SubjectDN in the store (#198)
|
89
|
+
* Try direct path for MessageDigest before invasive path (#194)
|
90
|
+
(relates to jruby/jruby#6098)
|
91
|
+
* [refactor] avoid NativeException usage (jruby/jruby#5646)
|
92
|
+
|
93
|
+
## 0.10.4
|
94
|
+
|
95
|
+
* Use CertificateFactory.getInstance rather than reflection
|
96
|
+
eliminates one of the module warnings we have been seeing (#161)
|
97
|
+
|
98
|
+
## 0.10.3
|
99
|
+
|
100
|
+
* [fix] implement (missing) PKey::DSA#params
|
101
|
+
* [fix] authorityKeyIdentifier ext (general-name) value
|
102
|
+
* [fix] authority keyid extension's :always part optional (#174)
|
103
|
+
* [fix] work-around for not setting certificate serial
|
104
|
+
raise a more friendly error (jruby/jruby#1691)
|
105
|
+
* [fix] PKey.read not parsing RSA pub-key (#176)
|
106
|
+
* [feat] support reading DSA (public key) in full DER
|
107
|
+
* [fix] RSA key DER format to closely follow OpenSSL
|
108
|
+
* [fix] add missing ASN1 factory methods (Null, EndOfContent)
|
109
|
+
* [fix] support getting password from block for PKeys
|
110
|
+
* [fix] incorrect ASN.1 for wrapped Integer type
|
111
|
+
* [fix] correct public key for subjectKeyIdentifier ext (#173)
|
112
|
+
* [fix] invalid Cert#sign handling -> raise (instead of ClassCastException)
|
113
|
+
* [feat] more TLS (GCM) ciphers - supported on Java 8+
|
114
|
+
* [feat] add ECDHE-RSA-AES128-GCM-SHA256 as supported cipher (#185)
|
115
|
+
* [feat] add support for ECDHE-RSA-AES256-GCM-SHA384 (#187)
|
116
|
+
* [fix] try hard not to fail on unkown oids (OpenSSL::X509::Certificate#to_text)
|
117
|
+
* update Bouncy-Castle to 1.62 (and handle supported BC compatibility)
|
118
|
+
|
119
|
+
## 0.10.2
|
120
|
+
|
121
|
+
* update Bouncy-Castle to 1.61 (and handle supported BC compatibility)
|
122
|
+
* [fix] avoid NPE when CRL fails to parse (invalid str) (jruby/jruby#5619)
|
123
|
+
* hide (deprecated) Jopenssl constant
|
124
|
+
* default OpenSSL.warn to warnings-enabled flag
|
125
|
+
* only un-restrict jce when its restricted
|
126
|
+
* OpenSSL::Cipher#update additional buffer argument (#170) (jruby/jruby#5242)
|
127
|
+
|
128
|
+
## 0.10.1
|
129
|
+
|
130
|
+
* loading JOpenSSL's native ext part the JRuby 9.2 (internal) way
|
131
|
+
* avoid, once again, installing BC provider on boot (due OCSP support)
|
132
|
+
* [feat] support OpenSSL::KDF as a (semi) OpenSSL::PKCS5 replacement
|
133
|
+
* rename ugly-sh "Jopenssl" constant to **JOpenSSL**
|
134
|
+
* support PKCS7#decrypt with 1 argument (pkey only - without certificate)
|
135
|
+
* undo some of the call-sites in SSLSocket - account for sub-classes (#165)
|
136
|
+
* follow-up to provide == for X.509 types (like C-OpenSSL does in 2.1)
|
137
|
+
* validate iter parameter on Cipher#pkcs5_keyivgen (since OpenSSL 2.0.8)
|
138
|
+
* remove openssl/pkcs7.rb -> since 1.8 no longer supported
|
139
|
+
|
140
|
+
## 0.10.0
|
141
|
+
|
142
|
+
**NOTE:** dropped support for anything below ~ JRuby 1.7.20
|
143
|
+
|
144
|
+
* drop support for Java 1.6 and compile using Java 7
|
145
|
+
* improve java.version detection for Java 9/10 (pre-releases)
|
146
|
+
* subject alt name parsing fixes (#140) - thanks @roadrunner2
|
147
|
+
* fix loading of Subject/Issuer-Alt-Name extensions. (#144)
|
148
|
+
* normalize all constants in CipherStrings as public (#146)
|
149
|
+
* upgrade BC to **1.59** and dropped support for BC < 1.55
|
150
|
+
* include BC's JSSE provider as we're planning on using it, eventually
|
151
|
+
* setup OpenSSL::ExtConfig emulation - mostly (conservative) guesses
|
152
|
+
* at last, do BN comparison `==` vs `eql?` properly - just like MRI
|
153
|
+
* get `BN.new("...", 0)` working as OpenSSL does - using MPI format
|
154
|
+
* allow for SSLContext#dup to work (copy-ing Ruby level i-vars only)
|
155
|
+
* fix signature-alg to default to NULL and report it as 0.0 (like MRI)
|
156
|
+
* account for ASN1Integers when transforming issuer serial numbers
|
157
|
+
to_text in AuthorityKeyIdentifier extensions (#147) - thanks @lampad
|
158
|
+
* copy bytes since it might be a shared (unsafe) buffer (#150)
|
159
|
+
* don't use padding for streaming cipher modes (#155) - thanks @dgolombek
|
160
|
+
* avoid ByteList#length() usage for forward (JRuby 9.2) compatibility
|
161
|
+
* prepare for using BC's JSSE implementation as an SSL support backend
|
162
|
+
allow to set SSL provider name (-Djruby.openssl.ssl.provider=...)
|
163
|
+
|
164
|
+
## 0.9.21
|
165
|
+
|
166
|
+
* adjust X.509 value handling to parse subjectAltName recursively (#134)
|
167
|
+
* SKI expected to be always octet wrapped - do not check for length (#131)
|
168
|
+
* respect jruby.preferred.prng and use/tune its SecureRandom defaults
|
169
|
+
trying to avoid BC generator's constant attempts for seeding itself
|
170
|
+
as an attempt to 'fix' low-entropy systems wating for */dev/random*
|
171
|
+
* Random#add; Random#egd shall return true on JVM
|
172
|
+
* move "DEFAULT" special case handling to match OpenSSL behaviour (#136)
|
173
|
+
(jruby/jruby#2193)
|
174
|
+
* If data is not provided, extract it from the PKCS7 instance (#132)
|
175
|
+
* Add cipher suite strings for IBM JRE (#126) - thanks @ysohda
|
176
|
+
* use the helper to printStackTrace (no System.err printing by default)
|
177
|
+
* add OCSP support (#124) - thanks so very much @lampad
|
178
|
+
* add support for renegotiation_cb on SSLContext (#121) - thanks @lampad
|
179
|
+
|
180
|
+
## 0.9.20
|
181
|
+
|
182
|
+
* upgrade Bouncy-Castle to 1.56 http://bouncycastle.org/releasenotes.html
|
183
|
+
(additional security and robustness with 10 CVEs submitted as a result)
|
184
|
+
* add a dummy SSLContext#security_level= implementation
|
185
|
+
* no dup-ing for SSLContext/SSLSocket and X509 Store/StoreContext
|
186
|
+
* implement PKey initialize_copy (dup-ing)
|
187
|
+
* digest can be passed in as a String on PKey#sign/verify
|
188
|
+
* DSA+SHA1 is actually a supported algorithm
|
189
|
+
* reset signed-request -> sub-sequent req.verify will work correctly
|
190
|
+
* allow for digest name to be passed into Cert#sign
|
191
|
+
* be less fatal on Java 9
|
192
|
+
won't attempt reflective SPIs when accessibility checks fail!
|
193
|
+
* remove obsolete (deprecated) renamed classes
|
194
|
+
* verify correct WaitReadable is raised on connect_nonblock (jruby/jruby#1716)
|
195
|
+
* non-connected ssl socket raises EPIPE on connect_nonblock (MRI compat)
|
196
|
+
* fine to close a SSLSocket which is not-yet-connected (like in MRI)
|
197
|
+
* fix NPE when reading private keys (with passwd) (jruby/jruby#1784)
|
198
|
+
|
199
|
+
## 0.9.19
|
200
|
+
|
201
|
+
* re-use secure random from thread-context on SSL context initialization
|
202
|
+
* preliminary OpenSSL 1.1 (Ruby 2.4) compatibility bits (#112)
|
203
|
+
* try using thread-shared secure random gen (in PKey-s) where possible
|
204
|
+
* implement PKeyDSA#syssign and PKeyDSA#sysverify methods
|
205
|
+
* avoid (unnecessary) byte[] copies in PKey#sign/verify
|
206
|
+
* fix ClassCastException error in X509Store.verify (#113)
|
207
|
+
* align BH#hash with eql? (+ equals/hashCode on Java)
|
208
|
+
|
209
|
+
## 0.9.18
|
210
|
+
|
211
|
+
* handle X.509 authorityKeyIdentifier parsing somehow right (#102)
|
212
|
+
* simple resolution for handling subjectAltName multiple DNS: names (#102)
|
213
|
+
* upgrading BC to 1.55
|
214
|
+
normalize "brainpoolP512t1" curve name for BC 1.55 compatibility
|
215
|
+
* allow for X509::Certificate to be converted to a Java certificate
|
216
|
+
* at least OpenSSL.debug potential env read failure on set_default_paths
|
217
|
+
* negative BN values are always considered not prime.
|
218
|
+
* Don't print a warning for missing client certs (#110)
|
219
|
+
|
220
|
+
## 0.9.17
|
221
|
+
|
222
|
+
* temporarily register BC provider on X.509 factory (work-around for #94)
|
223
|
+
* support Cipher#auth_tag and auth_data for GCM ciphers (e.g. aes-128-gcm)
|
224
|
+
* need to drop support for BC <= 1.50 due EC support (N/A in older BCs)
|
225
|
+
* (somehow working) draft at implementing PKey::EC (elliptic curve support)
|
226
|
+
DH encryption expected to behave correctly
|
227
|
+
* make sure (initial) BC security provider registration works!
|
228
|
+
... when **-Djruby.openssl.provider.register=true** (due #94)
|
229
|
+
* Make ALL cipherstring match ECDHE cihphers (#91)
|
230
|
+
* fix X.509 indexBySubject returning correct index
|
231
|
+
* try to handle `SSLContext.session=` and also try answering `session_reused?`
|
232
|
+
* handle equals/hashCode on SSL::Session and raise on timeout int overflow
|
233
|
+
* Allow DSA private keys to be initialized from parameters. (#83)
|
234
|
+
* Instantiate both the private and public keys when setting parameters. (#82)
|
235
|
+
|
236
|
+
## 0.9.16
|
237
|
+
|
238
|
+
* add hard dependency to jar-dependencies (#74)
|
239
|
+
* Recognize Android java.version (#81)
|
240
|
+
|
241
|
+
## 0.9.15
|
242
|
+
|
243
|
+
* always return a Fixnum from `OpenSSL::SSL::Session#timeout`, OpenSSL defaults
|
244
|
+
to 300 (been causing net/http.rb issues with timeouts on JRuby 9K)
|
245
|
+
|
246
|
+
## 0.9.14
|
247
|
+
|
248
|
+
* upgrade to using BC **1.54** as default (all versions >= 1.49 are supported)
|
249
|
+
for Bouncy-Castle release notes see http://bouncycastle.org/releasenotes.html
|
250
|
+
* basic support for prompting for PEM password (working for RSA/DSA priv.key)
|
251
|
+
* avoid NPE due version field in X509Cert - make sure it's treated as 0 (#78)
|
252
|
+
and fix settting ceritificate.serial = number
|
253
|
+
* default WairReadable/Writable backtraces to JRuby's -Xerrno.backtrace
|
254
|
+
* use hardcoded jks type for loading cacerts - for Java 9 compatibility (#79)
|
255
|
+
|
256
|
+
## 0.9.13
|
257
|
+
|
258
|
+
JRuby-OpenSSL is the first release that aims to be Ruby **2.3** compatible.
|
259
|
+
|
260
|
+
* SSLSocket#sysread do not copy bytes from buffer - re-use the backing array
|
261
|
+
* handle read_nonblock EOF as nil when exception: false (Ruby 2.3 compatibility)
|
262
|
+
* start exposing VERSION constant(s) directly on Jopenssl module
|
263
|
+
* better not throw EOF on SSLSocket#sysclose for compatibility with MRI
|
264
|
+
* setup "dummy" OpenSSL::OPENSSL_LIBRARY_VERSION constant for compatibility
|
265
|
+
* Ruby 2.3 compatibility - adjust to changes in MRI's openssl .rb parts
|
266
|
+
* update openssl/ssl.rb based on MRI 2.2's version
|
267
|
+
* disable backtrace generation for wait non-block errors (use an empty array)
|
268
|
+
* support SSLSocket#accept_nonblock/connect_nonblock with exception: false
|
269
|
+
* support `exception: false` with syswrite_nonblock and sysread_nonblock
|
270
|
+
* remove 'RSA' from RSA public key headers (#76)
|
271
|
+
|
272
|
+
## 0.9.12
|
273
|
+
|
274
|
+
* when the Cipher/Signature needs to be created via java reflection use a constructor
|
275
|
+
which avoids verifying the bouncy-castle jars (which is the main reason for using
|
276
|
+
reflection since some classloader setups fails to verify those jars) (#73)
|
277
|
+
* force US locale for date formatting
|
278
|
+
otherwise it uses system locale, which is inconsistent with MRI.
|
279
|
+
* X509::Store.set_default_paths ignores FileNotFound errors like MRI does (#68)
|
280
|
+
* check type on X509::Store.verify
|
281
|
+
throw a TypeError if the argument is not a OpenSSL::X509::Certificate (#69)
|
282
|
+
* keep the default x509 certs and directories in line with MRI, only if
|
283
|
+
they do not exists fallback on cacerts from the java.home/lib/security/cacerts
|
284
|
+
* bring the default ca-certs paths/location more in line with MRI and fallback on
|
285
|
+
jvm truststore (java.home/lib/security/cacerts) when needed
|
286
|
+
|
287
|
+
## 0.9.11
|
288
|
+
|
289
|
+
* add TLSv1_1_client, TLSv1_1_server, TLSv1_2_client and TLSv1_2_server options
|
290
|
+
to ssl_version (#65)
|
291
|
+
* **regression** make sure we hold a buffered reader so that the loop continues
|
292
|
+
reading PEMs - previously introduced an incompatibility with cert verify (#67)
|
293
|
+
* support negotiating up to TLS1_1 and TLS1_2 when the server supports these
|
294
|
+
ssl_versions (#63)
|
295
|
+
|
296
|
+
## 0.9.10
|
297
|
+
|
298
|
+
* **regression** reverted fix for #49 (as it needs more work/testing) :
|
299
|
+
keep the default x509 certs and directories in line with MRI (#49), only if
|
300
|
+
they do not exists fallback on cacerts from the java.home/lib/security/cacerts
|
301
|
+
|
302
|
+
## 0.9.9
|
303
|
+
|
304
|
+
* **regression** causing to re-package a RaiseException in `SSLSocket#accept`
|
305
|
+
* fix load error: jopenssl/load -- java.lang.VerifyError: using BC 1.51 or 1.52 (#62)
|
306
|
+
* keep the default x509 certs and directories in line with MRI (#49), only if
|
307
|
+
they do not exists fallback on cacerts from the java.home/lib/security/cacerts
|
308
|
+
|
309
|
+
## 0.9.8
|
310
|
+
|
311
|
+
* refactor `PKCS5.pbkdf2_hmac_sha1` to use BC APIs
|
312
|
+
thus less dependent on provider internals (jruby/jruby#3025)
|
313
|
+
* HMAC - use our SimpleKey impl so that there's less[] copy
|
314
|
+
... also allows for an empty key to work like MRI (jruby/jruby#2854)
|
315
|
+
* fixing oaep encryption to use correct algorithm (#54)
|
316
|
+
* [experimental] support NOT loading any (BC) jars on our own ... (#10)
|
317
|
+
* disable DHE (by default) on Java <= 7 ... on Java 8 we (still) force 1024/2048
|
318
|
+
(see jruby/jruby#2872 and #45)
|
319
|
+
* **regression** handle parsing of "incomplete" X.509 certs like MRI does (#42)
|
320
|
+
* implement a CRL/certificate caching (for now off by default) in Lookup
|
321
|
+
... set *-J-Djruby.openssl.x509.lookup.cache=true* to enable
|
322
|
+
* improve Store helper concurrency (with less synchronization)
|
323
|
+
* reviewed OpenSSL's .rb parts to match those present in MRI 1.9.3 / 2.2.2
|
324
|
+
* initial support for `OpenSSL::SSL::Session` (id, time, timeout work)
|
325
|
+
* session_cache_mode as present in OpenSSL makes no sense with Java APIs
|
326
|
+
* use the set SSLContext#session_cache_size on the underlying javax.net API
|
327
|
+
* tidy up SSLSocket's internals + add stack-trace debugging on accept/connect
|
328
|
+
* add SSLSocket ssl_version property like MRI has (#38)
|
329
|
+
* avoid unnecessary `_initialize` naming - it's confusing to see in JVM tools
|
330
|
+
* use SecurityHelper to get a X.509 certificate factory
|
331
|
+
we'll know prefer BC's X.509 factory over the built-in (Sun provider) one
|
332
|
+
|
333
|
+
## 0.9.7
|
334
|
+
|
335
|
+
* put in some more ossl to jsse mappings for SSL/TLS
|
336
|
+
(SSL_DHE_xxx, TLS_ECDH_xxx, TLS_ECDHE_xxx)
|
337
|
+
* exclude SSLv2 in reported METHODS (all fine to close jruby/jruby#1874)
|
338
|
+
* support passing ssl_version as an argument to initialize SSLContext.new ...
|
339
|
+
* now that we've matched w MRI's SSLContext::METHODS don't report custom ones
|
340
|
+
* more ssl_version= compatibility fixes that match MRI (jruby/jruby#1736)
|
341
|
+
* support setting ssl_version = "TLSv1_1" (or "TLSv1_2") just like MRI
|
342
|
+
* **regression** make sure version is set when reading encoded certificate
|
343
|
+
+ signature algorithm should be read as well when decoding certificate (#39)
|
344
|
+
* better accept handshake errors instead of "General SSLEngine problem (#37)
|
345
|
+
* trying to decode DER application specific objects (based on patch from #36)
|
346
|
+
* we've not been compatible with MRI's DES (EDE) - partly due DES(3) ECB
|
347
|
+
fixing jruby/jruby#2617 as well as jruby/jruby#931
|
348
|
+
* exclude reporting algorithms with CFB-1 cipher mode as supported (due #35)
|
349
|
+
* do not change CFB1 to CFB ... it's something different (although broken on BC)
|
350
|
+
* attempt to deal with update/final buffering incompatibility with MRI
|
351
|
+
* fix HMAC digest incorrect when data contains invalid characters (#33)
|
352
|
+
* add Gemfile and specify ruby-maven as dependency
|
353
|
+
* use SafePropertyAccessor to access properties instead of directly (#28)
|
354
|
+
* make sure SSLSocket's cipher and hostname are nil by default (avoids NPE)
|
355
|
+
* update to (packed) BC version 1.50 + start declaring 1.51 as semi-supported
|
356
|
+
|
357
|
+
## 0.9.6
|
358
|
+
|
359
|
+
* ClassCastException still happen deep within BC - turn them into SignatureExeption
|
360
|
+
* make sure empty object can be serialize via to_pem
|
361
|
+
* use the classname as message in case the exception has no message (jruby/jruby#2249)
|
362
|
+
* make sure X509Object list is synchronized properly
|
363
|
+
* use JRubyFile to get input-stream to file-resource fixes #11
|
364
|
+
* Cache the discovered classes for digest engines. Fixes #15.
|
365
|
+
* avoid the rest of Ruby.getGlobalRuntime usages - only worked in 1 runtime envs
|
366
|
+
* refactored CRL - using light-weight BC API (avoids deprecated X.509 generator)
|
367
|
+
* implement X509::Certificate#to_text for happiness (the MRI-way - only RSA for now)
|
368
|
+
* allow to "fake" our inspect() support and match MRI's X509::Certificate#inspect
|
369
|
+
* decode BC's ASN1Enumarated into a OpenSSL::ASN1::Enumerated
|
370
|
+
* we can (ASN.1) encode an infinite-length bit-string constructive
|
371
|
+
* turns out all ASN1 primitives in MRI have the infinite_length attribute
|
372
|
+
* support (so-far only dummy) @servername_cb attribute on SSLSocket
|
373
|
+
* handle (CRL) extension's issuerAltName wrapping without an exception
|
374
|
+
* fix SSL (cert) verification - now working on 1.8/1.9 better than before
|
375
|
+
* do not skip first 2 bytes of key identifier hash when encoding to hex!
|
376
|
+
* match X.509 extension short-comings of the Java API in order to align with MRI
|
377
|
+
* improve cert.extension's value - *extendedKeyUsage* was not returned correctly
|
378
|
+
* make sure ASN1::ObjectId.new(...).ln and ASN1::ObjectId.new(...).sn are correct!
|
379
|
+
* better working to_der conversion esp. with constructives (indefinite lengths)
|
380
|
+
* improve our ASN1 decoding for better MRI compatibility
|
381
|
+
* avoiding Krypt gem dependency completely (was used for OpenSSL::PKCS5)
|
382
|
+
* cleanup OpenSSL::Digest internals - make sure block_length works for more
|
383
|
+
* OpenSSL deprecated_warning_flag and check_func API compatibility stubs
|
384
|
+
* do not force loading of jar-dependencies + possibly respect jars skipped
|
385
|
+
* X509::Name.to_a compatibility - MRI seems to never return "UNDEF"
|
386
|
+
experimental support for passing down "real" Java JCE cipher names
|
387
|
+
* rewriten Cipher internals - now faster, slimmer and more compatible than ever!
|
388
|
+
* rebuilt our global ASN1Registry and refactored it (back) internally to use string oids
|
389
|
+
* report OpenSSL::VERSION **1.1.0** since 1.9.3
|
390
|
+
* fill RaiseException's cause whenever we use a factory passing down a Throwable
|
391
|
+
* allow X509::Revoked.serial= to receive an integer
|
392
|
+
* make sure X509::CRL's to_text representation si (fully) MRI compatible
|
393
|
+
* handle authority key-id unwrapping correctly in X509::Extension#value
|
394
|
+
* long time coming - OpenSSL::X509::CRL support for loading revoked entries (#5)
|
395
|
+
* Reflect Java cacert location in DEFAULT_CERT_* constants (jruby/jruby#1953)
|
396
|
+
* X509::Certificate.new MRI compatibility + make sure inspect works the same
|
397
|
+
* BN.inspect() and make sure BN.new(0) works just fine (both as in MRI)
|
398
|
+
* X509::CRL instantiation compatibility with MRI
|
399
|
+
* inspect() X509::Certificate an X509::CRL just like MRI does
|
400
|
+
* handle OpenSSL::X509::Store.add error messages correctly (fix based on #6)
|
401
|
+
* update to using BC 1.49 by default (still compatible with older versions)
|
402
|
+
* implement X509::StoreContext#current_crl method
|
403
|
+
* support X509::StoreContext cleanup and error_depth instance methods
|
404
|
+
* support disabling of warnings using system property -Djruby.openssl.warn
|
405
|
+
* Throw error when chain certs are *not* OpenSSL::X509::Certificate (#3)
|
406
|
+
* avoid using JRuby IO APIs (will likely not work in 9k)
|
407
|
+
* make 'jopenssl/load' also work on jruby-1.6.8 mode 1.9
|
408
|
+
|
409
|
+
## 0.9.5
|
410
|
+
|
411
|
+
MASSIVE internal "rewrite" to avoid depending on a registered (BC) security
|
412
|
+
provider. This releases restores compatibility with BC version 1.47 while being
|
413
|
+
compatible with newer bouncy-castle jars as well (1.48, 1.49 and 1.50).
|
414
|
+
|
415
|
+
* handle SSLErrorWaitReadable/Writable as SSLErrors on Ruby 1.8 and 1.9 mode
|
416
|
+
* Treat SSL NOT_HANDSHAKING as FINISHED
|
417
|
+
* only add DER.TRUE when encoding X.509 extension when non-critical
|
418
|
+
* do not der encode non-critical flag in X509::Extension (jruby/jruby#389)
|
419
|
+
* SSLContext internals + support `SSLContext::METHODS` correctly (jruby/jruby#1596)
|
420
|
+
* correct visibility of initialize* and respond_to_missing? methods
|
421
|
+
* fix spinning indefinitely on partial TLS record (jruby/jruby#1280)
|
422
|
+
* Support file input for PKey::RSA.new
|
423
|
+
* fix bug https://github.com/jruby/jruby/issues/1156
|
424
|
+
* openssl: add handling for base 0 to new and to_s
|
425
|
+
|
426
|
+
## 0.9.4
|
427
|
+
|
428
|
+
* Fix compatibility wiht Bouncy Castle 1.49.
|
429
|
+
|
430
|
+
## 0.9.3
|
431
|
+
|
432
|
+
* Allow options passed to nonblock methods (not impl'ed yet)
|
433
|
+
* Make ClassIndex into an enum, to prevent issues like jruby/jruby#1004
|
434
|
+
|
435
|
+
|
436
|
+
== ...
|
437
|
+
|
438
|
+
|
439
|
+
## 0.7.7
|
440
|
+
|
441
|
+
This release includes bug fixes.
|
442
|
+
|
443
|
+
* JRUBY-6622: Support loading encrypted RSA key with PBES2
|
444
|
+
* JRUBY-4326: Confusing (and late) OpenSSL error message
|
445
|
+
* JRUBY-6579: Avoid ClassCastException for public key loading
|
446
|
+
* JRUBY-6515: sending UTF-8 data over SSL can hang with openssl
|
447
|
+
* Update tests to sync with CRuby ruby_1_9_3
|
448
|
+
|
449
|
+
## 0.7.6
|
450
|
+
|
451
|
+
This release includes initial implementation of PKCS12 by Owen Ou.
|
452
|
+
|
453
|
+
* JRUBY-5066: Implement OpenSSL::PKCS12 (only for simple case)
|
454
|
+
* JRUBY-6385: Assertion failure with -J-ea
|
455
|
+
|
456
|
+
## 0.7.5
|
457
|
+
|
458
|
+
This release improved 1.9 mode support with help of
|
459
|
+
Duncan Mak <duncan@earthaid.net>. Now jruby-ossl gem includes both 1.8 and 1.9
|
460
|
+
libraries and part of features should work fine on 1.9 mode, too.
|
461
|
+
|
462
|
+
* JRUBY-6270: Wrong keyUsage check for SSL server
|
463
|
+
* JRUBY-6260: OpenSSL::ASN1::Integer#value incompatibility
|
464
|
+
* JRUBY-6044: Improve Ecrypted RSA/DSA pem support
|
465
|
+
* JRUBY-5972: Allow to load/dump empty PKCS7 data
|
466
|
+
* JRUBY-5834: Fix X509Name handling; X509Name RDN can include multiple elements
|
467
|
+
* JRUBY-5362: Improved 1.9 support
|
468
|
+
* JRUBY-4992: Warn if loaded by non JRuby interpreter
|
469
|
+
|
470
|
+
## 0.7.4
|
471
|
+
|
472
|
+
* JRUBY-5519: Avoid String encoding dependency in DER loading. PEM loading
|
473
|
+
failed on JRuby 1.6.x. Fixed.
|
474
|
+
* JRUBY-5510: Add debug information to released jar
|
475
|
+
* JRUBY-5478: Update bouncycastle jars to the latest version. (1.46)
|
476
|
+
|
477
|
+
## 0.7.3
|
478
|
+
|
479
|
+
* JRUBY-5200: Net::IMAP + SSL(imaps) login could hang. Fixed.
|
480
|
+
* JRUBY-5253: Allow to load the certificate file which includes private
|
481
|
+
key for activemarchant compatibility.
|
482
|
+
* JRUBY-5267: Added SSL socket error-checks to avoid busy loop under an
|
483
|
+
unknown condition.
|
484
|
+
* JRUBY-5316: Improvements for J9's IBMJCE support. Now all testcases
|
485
|
+
pass on J9 JDK 6.
|
486
|
+
|
487
|
+
## 0.7.2
|
488
|
+
|
489
|
+
* JRUBY-5126: Ignore Cipher#reset and Cipher#iv= when it's a stream
|
490
|
+
cipher (Net::SSH compatibility)
|
491
|
+
* JRUBY-5125: let Cipher#name for 'rc4' to be 'RC4' (Net::SSH
|
492
|
+
compatibility)
|
493
|
+
* JRUBY-5096: Fixed inconsistent Certificate verification behavior
|
494
|
+
* JRUBY-5060: Avoid NPE from to_pem for empty X509 Objects
|
495
|
+
* JRUBY-5059: SSLSocket ignores Timeout (Fixed)
|
496
|
+
* JRUBY-4965: implemented OpenSSL::Config
|
497
|
+
* JRUBY-5023: make Certificate#signature_algorithm return correct algo
|
498
|
+
name; "sha1WithRSAEncryption" instead of "SHA1"
|
499
|
+
* JRUBY-5024: let HMAC.new accept a String as a digest name
|
500
|
+
* JRUBY-5018: SSLSocket holds selectors, keys, preventing quick
|
501
|
+
cleanup of resources when dereferenced
|
502
|
+
|
503
|
+
## 0.7.1
|
504
|
+
|
505
|
+
NOTE: Now BouncyCastle jars has moved out to its own gem "bouncy-castle-java"
|
506
|
+
http://rubygems.org/gems/bouncy-castle-java. You don't need to care about it
|
507
|
+
because "jruby-openssl" gem depends on it from now on.
|
508
|
+
|
509
|
+
* JRUBY-4826 net/https client possibly raises "rbuf_fill': End of file
|
510
|
+
reached (EOFError)" for HTTP chunked read.
|
511
|
+
|
512
|
+
* JRUBY-4900: Set proper String to OpenSSL::OPENSSL_VERSION. Make sure
|
513
|
+
it's not an OpenSSL artifact: "OpenSSL 0.9.8b 04 May 2006
|
514
|
+
(JRuby-OpenSSL fake)" -> "jruby-ossl 0.7.1"
|
515
|
+
* JRUBY-4975: Moving BouncyCastle jars out to its own gem.
|
516
|
+
|
517
|
+
## 0.7
|
518
|
+
|
519
|
+
* Follow MRI 1.8.7 openssl API changes
|
520
|
+
* Fixes so that jruby-openssl can run on appengine
|
521
|
+
* Many bug and compatibility fixes, see below.
|
522
|
+
* This is the last release that will be compatible with JRuby 1.4.x.
|
523
|
+
* Compatibility issues
|
524
|
+
- JRUBY-4342: Follow ruby-openssl of CRuby 1.8.7.
|
525
|
+
- JRUBY-4346: Sync tests with tests for ruby-openssl of CRuby 1.8.7.
|
526
|
+
- JRUBY-4444: OpenSSL crash running RubyGems tests
|
527
|
+
- JRUBY-4075: Net::SSH gives OpenSSL::Cipher::CipherError "No message
|
528
|
+
available"
|
529
|
+
- JRUBY-4076: Net::SSH padding error using 3des-cbc on Solaris
|
530
|
+
- JRUBY-4541: jruby-openssl doesn't load on App Engine.
|
531
|
+
- JRUBY-4077: Net::SSH "all authorization methods failed" Solaris -> Solaris
|
532
|
+
- JRUBY-4535: Issues with the BouncyCastle provider
|
533
|
+
- JRUBY-4510: JRuby-OpenSSL crashes when JCE fails a initialise bcprov
|
534
|
+
- JRUBY-4343: Update BouncyCastle jar to upstream version; jdk14-139 ->
|
535
|
+
jdk15-144
|
536
|
+
Cipher issues
|
537
|
+
- JRUBY-4012: Initialization vector length handled differently than in MRI
|
538
|
+
(longer IV sequence are trimmed to fit the required)
|
539
|
+
- JRUBY-4473: Implemented DSA key generation
|
540
|
+
- JRUBY-4472: Cipher does not support RC4 and CAST
|
541
|
+
- JRUBY-4577: InvalidParameterException 'Wrong keysize: must be equal to 112 or
|
542
|
+
168' for DES3 + SunJCE
|
543
|
+
SSL and X.509(PKIX) issues
|
544
|
+
- JRUBY-4384: TCP socket connection causes busy loop of SSL server
|
545
|
+
- JRUBY-4370: Implement SSLContext#ciphers
|
546
|
+
- JRUBY-4688: SSLContext#ciphers does not accept 'DEFAULT'
|
547
|
+
- JRUBY-4357: SSLContext#{setup,ssl_version=} are not implemented
|
548
|
+
- JRUBY-4397: SSLContext#extra_chain_cert and SSLContext#client_ca
|
549
|
+
- JRUBY-4684: SSLContext#verify_depth is ignored
|
550
|
+
- JRUBY-4398: SSLContext#options does not affect to SSL sessions
|
551
|
+
- JRUBY-4360: Implement SSLSocket#verify_result and dependents
|
552
|
+
- JRUBY-3829: SSLSocket#read should clear given buffer before concatenating
|
553
|
+
(ByteBuffer.java:328:in `allocate': java.lang.IllegalArgumentException when
|
554
|
+
returning SOAP queries over a certain size)
|
555
|
+
- JRUBY-4686: SSLSocket can drop last chunk of data just before inbound channel
|
556
|
+
close
|
557
|
+
- JRUBY-4369: X509Store#verify_callback is not called
|
558
|
+
- JRUBY-4409: OpenSSL::X509::Store#add_file corrupts when it includes
|
559
|
+
certificates which have the same subject (problem with
|
560
|
+
ruby-openid-apps-discovery (github jruby-openssl issue #2))
|
561
|
+
- JRUBY-4333: PKCS#8 formatted privkey read
|
562
|
+
- JRUBY-4454: Loading Key file as a Certificate causes NPE
|
563
|
+
- JRUBY-4455: calling X509::Certificate#sign for the Certificate initialized
|
564
|
+
from PEM causes IllegalStateException
|
565
|
+
PKCS#7 issues
|
566
|
+
- JRUBY-4379: PKCS7#sign failed for DES3 cipher algorithm
|
567
|
+
- JRUBY-4428: Allow to use DES-EDE3-CBC in PKCS#7 w/o the Policy Files (rake
|
568
|
+
test doesn't finish on JDK5 w/o policy files update)
|
569
|
+
Misc
|
570
|
+
- JRUBY-4574: jruby-openssl deprecation warning cleanup
|
571
|
+
- JRUBY-4591: jruby-1.4 support
|
572
|
+
|
573
|
+
## 0.6
|
574
|
+
|
575
|
+
* This is a recommended upgrade to jruby-openssl. A security problem
|
576
|
+
involving peer certificate verification was found where failed
|
577
|
+
verification silently did nothing, making affected applications
|
578
|
+
vulnerable to attackers. Attackers could lead a client application
|
579
|
+
to believe that a secure connection to a rogue SSL server is
|
580
|
+
legitimate. Attackers could also penetrate client-validated SSL
|
581
|
+
server applications with a dummy certificate. Your application would
|
582
|
+
be vulnerable if you're using the 'net/https' library with
|
583
|
+
OpenSSL::SSL::VERIFY_PEER mode and any version of jruby-openssl
|
584
|
+
prior to 0.6. Thanks to NaHi (NAKAMURA Hiroshi) for finding the
|
585
|
+
problem and providing the fix. See
|
586
|
+
http://www.jruby.org/2009/12/07/vulnerability-in-jruby-openssl.html
|
587
|
+
for details.
|
588
|
+
* This release addresses CVE-2009-4123 which was reserved for the
|
589
|
+
above vulnerability.
|
590
|
+
* Many fixes from NaHi, including issues related to certificate
|
591
|
+
verification and certificate store purpose verification.
|
592
|
+
- implement OpenSSL::X509::Store#set_default_paths
|
593
|
+
- MRI compat. fix: OpenSSL::X509::Store#add_file
|
594
|
+
- Fix nsCertType handling.
|
595
|
+
- Fix Cipher#key_len for DES-EDE3: 16 should be 24.
|
596
|
+
- Modified test expectations around Cipher#final.
|
597
|
+
* Public keys are lazily instantiated when the
|
598
|
+
X509::Certificate#public_key method is called (Dave Garcia)
|
599
|
+
|
600
|
+
## 0.5.2
|
601
|
+
|
602
|
+
Multiple bugs fixed:
|
603
|
+
|
604
|
+
* JRUBY-3895 Could not verify server signature with net-ssh against Cygwin
|
605
|
+
* JRUBY-3864 jruby-openssl depends on Base64Coder from JvYAMLb
|
606
|
+
* JRUBY-3790 JRuby-OpenSSL test_post_connection_check is not passing
|
607
|
+
* JRUBY-3767 OpenSSL ssl implementation doesn't support client auth
|
608
|
+
* JRUBY-3673 jRuby-OpenSSL does not properly load certificate authority file
|
609
|
+
|
610
|
+
## 0.5.1
|
611
|
+
|
612
|
+
* Multiple fixes by Brice Figureau to get net/ssh working. Requires JRuby 1.3.1
|
613
|
+
to be 100%
|
614
|
+
* Fix by Frederic Jean for a character-decoding issue for some certificates
|
615
|
+
|
616
|
+
## 0.5
|
617
|
+
|
618
|
+
* Fixed JRUBY-3614: Unsupported HMAC algorithm (HMACSHA-256)
|
619
|
+
* Fixed JRUBY-3570: ActiveMerchant's AuthorizeNet Gateway throws OpenSSL Cert
|
620
|
+
Validation Error, when there should be no error
|
621
|
+
* Fixed JRUBY-3557 Class cast exception in PKeyRSA.java
|
622
|
+
* Fixed JRUBY-3468 X.509 certificates: subjectKeyIdentifier corrupted
|
623
|
+
* Fixed JRUBY-3285 Unsupported HMAC algorithm (HMACSHA1) error when generating
|
624
|
+
digest
|
625
|
+
* Misc code cleanup
|
626
|
+
|
627
|
+
## 0.2
|
628
|
+
|
629
|
+
* Enable remaining tests; fix a nil string issue in SSLSocket.sysread
|
630
|
+
(JRUBY-1888)
|
631
|
+
* Fix socket buffering issue by setting socket IO sync = true
|
632
|
+
* Fix bad file descriptor issue caused by unnecessary close (JRUBY-2152)
|
633
|
+
* Fix AES key length (JRUBY-2187)
|
634
|
+
* Fix cipher initialization (JRUBY-1100)
|
635
|
+
* Now, only compatible with JRuby 1.1
|
636
|
+
|
637
|
+
## 0.1.1
|
638
|
+
|
639
|
+
* Fixed blocker issue preventing HTTPS/SSL from working (JRUBY-1222)
|
640
|
+
|
641
|
+
## 0.1
|
642
|
+
|
643
|
+
* PLEASE NOTE: This release is not compatible with JRuby releases earlier than
|
644
|
+
1.0.3 or 1.1b2. If you must use JRuby 1.0.2 or earlier, please install the
|
645
|
+
0.6 release.
|
646
|
+
* Release coincides with JRuby 1.0.3 and JRuby 1.1b2 releases
|
647
|
+
* Simultaneous support for JRuby trunk and 1.0 branch
|
648
|
+
* Start of support for OpenSSL::BN
|
649
|
+
|
650
|
+
## 0.0.5 and prior
|
651
|
+
|
652
|
+
* Initial versions with maintenance updates
|