jruby-openssl 0.9.5-java → 0.9.6-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/History.md +279 -0
- data/LICENSE.txt +37 -0
- data/README.md +55 -0
- data/Rakefile +13 -0
- data/lib/jopenssl.jar +0 -0
- data/lib/jopenssl/load.rb +13 -10
- data/lib/jopenssl/version.rb +2 -2
- data/lib/jopenssl18/openssl/bn.rb +0 -10
- data/lib/jopenssl18/openssl/cipher.rb +1 -38
- data/lib/jopenssl18/openssl/digest.rb +0 -29
- data/lib/jopenssl18/openssl/ssl-internal.rb +5 -29
- data/lib/jopenssl18/openssl/x509-internal.rb +0 -43
- data/lib/jopenssl19/openssl.rb +0 -1
- data/lib/jopenssl19/openssl/bn.rb +4 -10
- data/lib/jopenssl19/openssl/cipher.rb +4 -41
- data/lib/jopenssl19/openssl/digest.rb +3 -43
- data/lib/jopenssl19/openssl/ssl-internal.rb +5 -27
- data/lib/jopenssl19/openssl/x509-internal.rb +0 -43
- data/lib/jopenssl21/openssl.rb +0 -1
- data/lib/jopenssl21/openssl/bn.rb +0 -6
- data/lib/jopenssl21/openssl/cipher.rb +1 -38
- data/lib/jopenssl21/openssl/digest.rb +1 -41
- data/lib/jopenssl21/openssl/ssl.rb +5 -37
- data/lib/jopenssl21/openssl/x509.rb +0 -43
- data/lib/org/bouncycastle/bcpkix-jdk15on/1.49/bcpkix-jdk15on-1.49.jar +0 -0
- data/lib/org/bouncycastle/bcprov-jdk15on/1.49/bcprov-jdk15on-1.49.jar +0 -0
- metadata +76 -46
- data/History.txt +0 -218
- data/License.txt +0 -30
- data/Mavenfile +0 -44
- data/README.txt +0 -13
- data/lib/org/bouncycastle/bcpkix-jdk15on/1.47/bcpkix-jdk15on-1.47.jar +0 -0
- data/lib/org/bouncycastle/bcprov-jdk15on/1.47/bcprov-jdk15on-1.47.jar +0 -0
data/lib/jopenssl21/openssl.rb
CHANGED
@@ -20,46 +20,9 @@
|
|
20
20
|
|
21
21
|
module OpenSSL
|
22
22
|
class Cipher
|
23
|
-
%w(AES CAST5 BF DES IDEA RC2 RC4 RC5).each{|name|
|
24
|
-
klass = Class.new(Cipher){
|
25
|
-
define_method(:initialize){|*args|
|
26
|
-
cipher_name = args.inject(name){|n, arg| "#{n}-#{arg}" }
|
27
|
-
super(cipher_name)
|
28
|
-
}
|
29
|
-
}
|
30
|
-
const_set(name, klass)
|
31
|
-
}
|
32
|
-
|
33
|
-
%w(128 192 256).each{|keylen|
|
34
|
-
klass = Class.new(Cipher){
|
35
|
-
define_method(:initialize){|mode|
|
36
|
-
mode ||= "CBC"
|
37
|
-
cipher_name = "AES-#{keylen}-#{mode}"
|
38
|
-
super(cipher_name)
|
39
|
-
}
|
40
|
-
}
|
41
|
-
const_set("AES#{keylen}", klass)
|
42
|
-
}
|
43
|
-
|
44
|
-
# Generate, set, and return a random key.
|
45
|
-
# You must call cipher.encrypt or cipher.decrypt before calling this method.
|
46
|
-
def random_key
|
47
|
-
str = OpenSSL::Random.random_bytes(self.key_len)
|
48
|
-
self.key = str
|
49
|
-
return str
|
50
|
-
end
|
51
|
-
|
52
|
-
# Generate, set, and return a random iv.
|
53
|
-
# You must call cipher.encrypt or cipher.decrypt before calling this method.
|
54
|
-
def random_iv
|
55
|
-
str = OpenSSL::Random.random_bytes(self.iv_len)
|
56
|
-
self.iv = str
|
57
|
-
return str
|
58
|
-
end
|
59
|
-
|
60
23
|
# This class is only provided for backwards compatibility. Use OpenSSL::Cipher in the future.
|
61
24
|
class Cipher < Cipher
|
62
25
|
# add warning
|
63
26
|
end
|
64
27
|
end # Cipher
|
65
|
-
end # OpenSSL
|
28
|
+
end # OpenSSL
|
@@ -20,45 +20,6 @@
|
|
20
20
|
|
21
21
|
module OpenSSL
|
22
22
|
class Digest
|
23
|
-
|
24
|
-
alg = %w(DSS DSS1 MD2 MD4 MD5 MDC2 RIPEMD160 SHA SHA1)
|
25
|
-
if OPENSSL_VERSION_NUMBER > 0x00908000
|
26
|
-
alg += %w(SHA224 SHA256 SHA384 SHA512)
|
27
|
-
end
|
28
|
-
|
29
|
-
# Return the +data+ hash computed with +name+ Digest. +name+ is either the
|
30
|
-
# long name or short name of a supported digest algorithm.
|
31
|
-
#
|
32
|
-
# === Examples
|
33
|
-
#
|
34
|
-
# OpenSSL::Digest.digest("SHA256", "abc")
|
35
|
-
#
|
36
|
-
# which is equivalent to:
|
37
|
-
#
|
38
|
-
# OpenSSL::Digest::SHA256.digest("abc")
|
39
|
-
|
40
|
-
def self.digest(name, data)
|
41
|
-
super(data, name)
|
42
|
-
end
|
43
|
-
|
44
|
-
alg.each{|name|
|
45
|
-
klass = Class.new(Digest){
|
46
|
-
define_method(:initialize){|*data|
|
47
|
-
if data.length > 1
|
48
|
-
raise ArgumentError,
|
49
|
-
"wrong number of arguments (#{data.length} for 1)"
|
50
|
-
end
|
51
|
-
super(name, data.first)
|
52
|
-
}
|
53
|
-
}
|
54
|
-
singleton = (class << klass; self; end)
|
55
|
-
singleton.class_eval{
|
56
|
-
define_method(:digest){|data| Digest.digest(name, data) }
|
57
|
-
define_method(:hexdigest){|data| Digest.hexdigest(name, data) }
|
58
|
-
}
|
59
|
-
const_set(name, klass)
|
60
|
-
}
|
61
|
-
|
62
23
|
# This class is only provided for backwards compatibility. Use OpenSSL::Digest in the future.
|
63
24
|
class Digest < Digest
|
64
25
|
def initialize(*args)
|
@@ -66,7 +27,6 @@ module OpenSSL
|
|
66
27
|
super(*args)
|
67
28
|
end
|
68
29
|
end
|
69
|
-
|
70
30
|
end # Digest
|
71
31
|
|
72
32
|
# Returns a Digest subclass by +name+.
|
@@ -82,7 +42,7 @@ module OpenSSL
|
|
82
42
|
def Digest(name)
|
83
43
|
OpenSSL::Digest.const_get(name)
|
84
44
|
end
|
85
|
-
|
45
|
+
|
86
46
|
module_function :Digest
|
87
47
|
|
88
48
|
end # OpenSSL
|
@@ -19,42 +19,6 @@ require "fcntl"
|
|
19
19
|
|
20
20
|
module OpenSSL
|
21
21
|
module SSL
|
22
|
-
class SSLContext
|
23
|
-
DEFAULT_PARAMS = {
|
24
|
-
:ssl_version => "SSLv23",
|
25
|
-
:verify_mode => OpenSSL::SSL::VERIFY_PEER,
|
26
|
-
:ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW",
|
27
|
-
:options => defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS) ?
|
28
|
-
OpenSSL::SSL::OP_ALL & ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS :
|
29
|
-
OpenSSL::SSL::OP_ALL,
|
30
|
-
}
|
31
|
-
|
32
|
-
DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
|
33
|
-
DEFAULT_CERT_STORE.set_default_paths
|
34
|
-
if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
|
35
|
-
DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
|
36
|
-
end
|
37
|
-
|
38
|
-
##
|
39
|
-
# Sets the parameters for this SSL context to the values in +params+.
|
40
|
-
# The keys in +params+ must be assignment methods on SSLContext.
|
41
|
-
#
|
42
|
-
# If the verify_mode is not VERIFY_NONE and ca_file, ca_path and
|
43
|
-
# cert_store are not set then the system default certificate store is
|
44
|
-
# used.
|
45
|
-
|
46
|
-
def set_params(params={})
|
47
|
-
params = DEFAULT_PARAMS.merge(params)
|
48
|
-
params.each{|name, value| self.__send__("#{name}=", value) }
|
49
|
-
if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
|
50
|
-
unless self.ca_file or self.ca_path or self.cert_store
|
51
|
-
self.cert_store = DEFAULT_CERT_STORE
|
52
|
-
end
|
53
|
-
end
|
54
|
-
return params
|
55
|
-
end
|
56
|
-
end
|
57
|
-
|
58
22
|
module SocketForwarder
|
59
23
|
def addr
|
60
24
|
to_io.addr
|
@@ -105,7 +69,11 @@ module OpenSSL
|
|
105
69
|
should_verify_common_name = false
|
106
70
|
reg = Regexp.escape($1).gsub(/\\\*/, "[^.]+")
|
107
71
|
return true if /\A#{reg}\z/i =~ hostname
|
108
|
-
|
72
|
+
# NOTE: somehow we need the IP: canonical form
|
73
|
+
# seems there were failures elsewhere when not
|
74
|
+
# not sure how that's possible possible to-do!
|
75
|
+
elsif /\AIP(?: Address)?:(.*)/ =~ general_name
|
76
|
+
#elsif /\AIP Address:(.*)/ =~ general_name
|
109
77
|
should_verify_common_name = false
|
110
78
|
return true if $1 == hostname
|
111
79
|
end
|
@@ -20,49 +20,6 @@
|
|
20
20
|
|
21
21
|
module OpenSSL
|
22
22
|
module X509
|
23
|
-
class ExtensionFactory
|
24
|
-
def create_extension(*arg)
|
25
|
-
if arg.size > 1
|
26
|
-
create_ext(*arg)
|
27
|
-
else
|
28
|
-
send("create_ext_from_"+arg[0].class.name.downcase, arg[0])
|
29
|
-
end
|
30
|
-
end
|
31
|
-
|
32
|
-
def create_ext_from_array(ary)
|
33
|
-
raise ExtensionError, "unexpected array form" if ary.size > 3
|
34
|
-
create_ext(ary[0], ary[1], ary[2])
|
35
|
-
end
|
36
|
-
|
37
|
-
def create_ext_from_string(str) # "oid = critical, value"
|
38
|
-
oid, value = str.split(/=/, 2)
|
39
|
-
oid.strip!
|
40
|
-
value.strip!
|
41
|
-
create_ext(oid, value)
|
42
|
-
end
|
43
|
-
|
44
|
-
def create_ext_from_hash(hash)
|
45
|
-
create_ext(hash["oid"], hash["value"], hash["critical"])
|
46
|
-
end
|
47
|
-
end
|
48
|
-
|
49
|
-
class Extension
|
50
|
-
def to_s # "oid = critical, value"
|
51
|
-
str = self.oid
|
52
|
-
str << " = "
|
53
|
-
str << "critical, " if self.critical?
|
54
|
-
str << self.value.gsub(/\n/, ", ")
|
55
|
-
end
|
56
|
-
|
57
|
-
def to_h # {"oid"=>sn|ln, "value"=>value, "critical"=>true|false}
|
58
|
-
{"oid"=>self.oid,"value"=>self.value,"critical"=>self.critical?}
|
59
|
-
end
|
60
|
-
|
61
|
-
def to_a
|
62
|
-
[ self.oid, self.value, self.critical? ]
|
63
|
-
end
|
64
|
-
end
|
65
|
-
|
66
23
|
class Name
|
67
24
|
module RFC2253DN
|
68
25
|
Special = ',=+<>#;'
|
Binary file
|
Binary file
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: jruby-openssl
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.9.
|
4
|
+
version: 0.9.6
|
5
5
|
platform: java
|
6
6
|
authors:
|
7
7
|
- Ola Bini
|
@@ -9,68 +9,98 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2014-
|
13
|
-
dependencies:
|
12
|
+
date: 2014-12-19 00:00:00.000000000 Z
|
13
|
+
dependencies:
|
14
|
+
- !ruby/object:Gem::Dependency
|
15
|
+
name: jar-dependencies
|
16
|
+
version_requirements: !ruby/object:Gem::Requirement
|
17
|
+
requirements:
|
18
|
+
- - '='
|
19
|
+
- !ruby/object:Gem::Version
|
20
|
+
version: 0.0.9
|
21
|
+
requirement: !ruby/object:Gem::Requirement
|
22
|
+
requirements:
|
23
|
+
- - '='
|
24
|
+
- !ruby/object:Gem::Version
|
25
|
+
version: 0.0.9
|
26
|
+
prerelease: false
|
27
|
+
type: :development
|
28
|
+
- !ruby/object:Gem::Dependency
|
29
|
+
name: mocha
|
30
|
+
version_requirements: !ruby/object:Gem::Requirement
|
31
|
+
requirements:
|
32
|
+
- - ~>
|
33
|
+
- !ruby/object:Gem::Version
|
34
|
+
version: 1.1.0
|
35
|
+
requirement: !ruby/object:Gem::Requirement
|
36
|
+
requirements:
|
37
|
+
- - ~>
|
38
|
+
- !ruby/object:Gem::Version
|
39
|
+
version: 1.1.0
|
40
|
+
prerelease: false
|
41
|
+
type: :development
|
14
42
|
description: JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library.
|
15
43
|
email: ola.bini@gmail.com
|
16
44
|
executables: []
|
17
45
|
extensions: []
|
18
46
|
extra_rdoc_files: []
|
19
47
|
files:
|
20
|
-
-
|
48
|
+
- History.md
|
49
|
+
- LICENSE.txt
|
50
|
+
- README.md
|
21
51
|
- Rakefile
|
22
|
-
-
|
23
|
-
-
|
24
|
-
-
|
25
|
-
- lib/
|
26
|
-
- lib/openssl.rb
|
27
|
-
- lib/
|
52
|
+
- lib/jopenssl/load.rb
|
53
|
+
- lib/jopenssl/version.rb
|
54
|
+
- lib/jopenssl18/openssl.rb
|
55
|
+
- lib/jopenssl18/openssl/bn.rb
|
56
|
+
- lib/jopenssl18/openssl/buffering.rb
|
57
|
+
- lib/jopenssl18/openssl/cipher.rb
|
58
|
+
- lib/jopenssl18/openssl/config.rb
|
59
|
+
- lib/jopenssl18/openssl/digest.rb
|
60
|
+
- lib/jopenssl18/openssl/pkcs7.rb
|
61
|
+
- lib/jopenssl18/openssl/ssl-internal.rb
|
62
|
+
- lib/jopenssl18/openssl/ssl.rb
|
63
|
+
- lib/jopenssl18/openssl/x509-internal.rb
|
64
|
+
- lib/jopenssl18/openssl/x509.rb
|
28
65
|
- lib/jopenssl19/openssl.rb
|
29
66
|
- lib/jopenssl19/openssl/bn.rb
|
30
|
-
- lib/jopenssl19/openssl/
|
67
|
+
- lib/jopenssl19/openssl/buffering.rb
|
31
68
|
- lib/jopenssl19/openssl/cipher.rb
|
32
|
-
- lib/jopenssl19/openssl/ssl.rb
|
33
69
|
- lib/jopenssl19/openssl/config.rb
|
34
70
|
- lib/jopenssl19/openssl/digest.rb
|
35
71
|
- lib/jopenssl19/openssl/ssl-internal.rb
|
36
|
-
- lib/jopenssl19/openssl/
|
72
|
+
- lib/jopenssl19/openssl/ssl.rb
|
37
73
|
- lib/jopenssl19/openssl/x509-internal.rb
|
38
|
-
- lib/openssl/
|
74
|
+
- lib/jopenssl19/openssl/x509.rb
|
75
|
+
- lib/jopenssl21/openssl.rb
|
76
|
+
- lib/jopenssl21/openssl/bn.rb
|
77
|
+
- lib/jopenssl21/openssl/buffering.rb
|
78
|
+
- lib/jopenssl21/openssl/cipher.rb
|
79
|
+
- lib/jopenssl21/openssl/config.rb
|
80
|
+
- lib/jopenssl21/openssl/digest.rb
|
81
|
+
- lib/jopenssl21/openssl/ssl.rb
|
82
|
+
- lib/jopenssl21/openssl/x509.rb
|
83
|
+
- lib/jruby-openssl.rb
|
84
|
+
- lib/openssl.rb
|
39
85
|
- lib/openssl/bn.rb
|
40
|
-
- lib/openssl/
|
41
|
-
- lib/openssl/pkcs12.rb
|
86
|
+
- lib/openssl/buffering.rb
|
42
87
|
- lib/openssl/cipher.rb
|
43
|
-
- lib/openssl/ssl.rb
|
44
88
|
- lib/openssl/config.rb
|
45
89
|
- lib/openssl/digest.rb
|
90
|
+
- lib/openssl/pkcs12.rb
|
91
|
+
- lib/openssl/pkcs7.rb
|
46
92
|
- lib/openssl/ssl-internal.rb
|
47
|
-
- lib/openssl/
|
93
|
+
- lib/openssl/ssl.rb
|
48
94
|
- lib/openssl/x509-internal.rb
|
49
|
-
- lib/
|
50
|
-
- lib/
|
51
|
-
- lib/
|
52
|
-
- lib/
|
53
|
-
|
54
|
-
|
55
|
-
-
|
56
|
-
-
|
57
|
-
-
|
58
|
-
- lib/jopenssl18/openssl/pkcs7.rb
|
59
|
-
- lib/jopenssl18/openssl/bn.rb
|
60
|
-
- lib/jopenssl18/openssl/x509.rb
|
61
|
-
- lib/jopenssl18/openssl/cipher.rb
|
62
|
-
- lib/jopenssl18/openssl/ssl.rb
|
63
|
-
- lib/jopenssl18/openssl/config.rb
|
64
|
-
- lib/jopenssl18/openssl/digest.rb
|
65
|
-
- lib/jopenssl18/openssl/ssl-internal.rb
|
66
|
-
- lib/jopenssl18/openssl/buffering.rb
|
67
|
-
- lib/jopenssl18/openssl/x509-internal.rb
|
68
|
-
- lib/org/bouncycastle/bcpkix-jdk15on/1.47/bcpkix-jdk15on-1.47.jar
|
69
|
-
- lib/org/bouncycastle/bcprov-jdk15on/1.47/bcprov-jdk15on-1.47.jar
|
70
|
-
- lib/jopenssl/version.rb
|
71
|
-
- lib/jopenssl/load.rb
|
72
|
-
homepage: https://github.com/jruby/jruby
|
73
|
-
licenses: []
|
95
|
+
- lib/openssl/x509.rb
|
96
|
+
- lib/jopenssl.jar
|
97
|
+
- lib/org/bouncycastle/bcpkix-jdk15on/1.49/bcpkix-jdk15on-1.49.jar
|
98
|
+
- lib/org/bouncycastle/bcprov-jdk15on/1.49/bcprov-jdk15on-1.49.jar
|
99
|
+
homepage: https://github.com/jruby/jruby-openssl
|
100
|
+
licenses:
|
101
|
+
- EPL-1.0
|
102
|
+
- GPL-2.0
|
103
|
+
- LGPL-2.1
|
74
104
|
metadata: {}
|
75
105
|
post_install_message:
|
76
106
|
rdoc_options: []
|
@@ -87,9 +117,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
87
117
|
- !ruby/object:Gem::Version
|
88
118
|
version: '0'
|
89
119
|
requirements:
|
90
|
-
- jar org.bouncycastle:bcpkix-jdk15on, 1.
|
91
|
-
- jar org.bouncycastle:bcprov-jdk15on, 1.
|
92
|
-
rubyforge_project:
|
120
|
+
- jar org.bouncycastle:bcpkix-jdk15on, 1.49
|
121
|
+
- jar org.bouncycastle:bcprov-jdk15on, 1.49
|
122
|
+
rubyforge_project:
|
93
123
|
rubygems_version: 2.1.9
|
94
124
|
signing_key:
|
95
125
|
specification_version: 4
|
data/History.txt
DELETED
@@ -1,218 +0,0 @@
|
|
1
|
-
== 0.7.7
|
2
|
-
|
3
|
-
This release includes bug fixes.
|
4
|
-
|
5
|
-
- JRUBY-6622: Support loading encrypted RSA key with PBES2
|
6
|
-
- JRUBY-4326: Confusing (and late) OpenSSL error message
|
7
|
-
- JRUBY-6579: Avoid ClassCastException for public key loading
|
8
|
-
- JRUBY-6515: sending UTF-8 data over SSL can hang with openssl
|
9
|
-
- Update tests to sync with CRuby ruby_1_9_3
|
10
|
-
|
11
|
-
== 0.7.6
|
12
|
-
|
13
|
-
This release includes initial implementation of PKCS12 by Owen Ou.
|
14
|
-
|
15
|
-
- JRUBY-5066: Implement OpenSSL::PKCS12 (only for simple case)
|
16
|
-
- JRUBY-6385: Assertion failure with -J-ea
|
17
|
-
|
18
|
-
== 0.7.5
|
19
|
-
|
20
|
-
This release improved 1.9 mode support with help of
|
21
|
-
Duncan Mak <duncan@earthaid.net>. Now jruby-ossl gem includes both 1.8 and 1.9
|
22
|
-
libraries and part of features should work fine on 1.9 mode, too.
|
23
|
-
|
24
|
-
- JRUBY-6270: Wrong keyUsage check for SSL server
|
25
|
-
- JRUBY-6260: OpenSSL::ASN1::Integer#value incompatibility
|
26
|
-
- JRUBY-6044: Improve Ecrypted RSA/DSA pem support
|
27
|
-
- JRUBY-5972: Allow to load/dump empty PKCS7 data
|
28
|
-
- JRUBY-5834: Fix X509Name handling; X509Name RDN can include multiple elements
|
29
|
-
- JRUBY-5362: Improved 1.9 support
|
30
|
-
- JRUBY-4992: Warn if loaded by non JRuby interpreter
|
31
|
-
|
32
|
-
== 0.7.4
|
33
|
-
|
34
|
-
- JRUBY-5519: Avoid String encoding dependency in DER loading. PEM loading
|
35
|
-
failed on JRuby 1.6.x. Fixed.
|
36
|
-
- JRUBY-5510: Add debug information to released jar
|
37
|
-
- JRUBY-5478: Update bouncycastle jars to the latest version. (1.46)
|
38
|
-
|
39
|
-
== 0.7.3
|
40
|
-
|
41
|
-
- JRUBY-5200: Net::IMAP + SSL(imaps) login could hang. Fixed.
|
42
|
-
- JRUBY-5253: Allow to load the certificate file which includes private
|
43
|
-
key for activemarchant compatibility.
|
44
|
-
- JRUBY-5267: Added SSL socket error-checks to avoid busy loop under an
|
45
|
-
unknown condition.
|
46
|
-
- JRUBY-5316: Improvements for J9's IBMJCE support. Now all testcases
|
47
|
-
pass on J9 JDK 6.
|
48
|
-
|
49
|
-
== 0.7.2
|
50
|
-
|
51
|
-
- JRUBY-5126: Ignore Cipher#reset and Cipher#iv= when it's a stream
|
52
|
-
cipher (Net::SSH compatibility)
|
53
|
-
- JRUBY-5125: let Cipher#name for 'rc4' to be 'RC4' (Net::SSH
|
54
|
-
compatibility)
|
55
|
-
- JRUBY-5096: Fixed inconsistent Certificate verification behavior
|
56
|
-
- JRUBY-5060: Avoid NPE from to_pem for empty X509 Objects
|
57
|
-
- JRUBY-5059: SSLSocket ignores Timeout (Fixed)
|
58
|
-
- JRUBY-4965: implemented OpenSSL::Config
|
59
|
-
- JRUBY-5023: make Certificate#signature_algorithm return correct algo
|
60
|
-
name; "sha1WithRSAEncryption" instead of "SHA1"
|
61
|
-
- JRUBY-5024: let HMAC.new accept a String as a digest name
|
62
|
-
- JRUBY-5018: SSLSocket holds selectors, keys, preventing quick
|
63
|
-
cleanup of resources when dereferenced
|
64
|
-
|
65
|
-
== 0.7.1
|
66
|
-
|
67
|
-
- NOTE: Now BouncyCastle jars has moved out to its own gem
|
68
|
-
"bouncy-castle-java" (http://rubygems.org/gems/bouncy-castle-java).
|
69
|
-
You don't need to care about it because "jruby-openssl" gem depends
|
70
|
-
on it from now on.
|
71
|
-
|
72
|
-
=== SSL bugfix
|
73
|
-
|
74
|
-
- JRUBY-4826 net/https client possibly raises "rbuf_fill': End of file
|
75
|
-
reached (EOFError)" for HTTP chunked read.
|
76
|
-
|
77
|
-
=== Misc
|
78
|
-
|
79
|
-
- JRUBY-4900: Set proper String to OpenSSL::OPENSSL_VERSION. Make sure
|
80
|
-
it's not an OpenSSL artifact: "OpenSSL 0.9.8b 04 May 2006
|
81
|
-
(JRuby-OpenSSL fake)" -> "jruby-ossl 0.7.1"
|
82
|
-
- JRUBY-4975: Moving BouncyCastle jars out to its own gem.
|
83
|
-
|
84
|
-
== 0.7
|
85
|
-
|
86
|
-
- Follow MRI 1.8.7 openssl API changes
|
87
|
-
- Fixes so that jruby-openssl can run on appengine
|
88
|
-
- Many bug and compatibility fixes, see below.
|
89
|
-
- This is the last release that will be compatible with JRuby 1.4.x.
|
90
|
-
- Compatibility issues
|
91
|
-
-- JRUBY-4342: Follow ruby-openssl of CRuby 1.8.7.
|
92
|
-
-- JRUBY-4346: Sync tests with tests for ruby-openssl of CRuby 1.8.7.
|
93
|
-
-- JRUBY-4444: OpenSSL crash running RubyGems tests
|
94
|
-
-- JRUBY-4075: Net::SSH gives OpenSSL::Cipher::CipherError "No message
|
95
|
-
available"
|
96
|
-
-- JRUBY-4076: Net::SSH padding error using 3des-cbc on Solaris
|
97
|
-
-- JRUBY-4541: jruby-openssl doesn't load on App Engine.
|
98
|
-
-- JRUBY-4077: Net::SSH "all authorization methods failed" Solaris -> Solaris
|
99
|
-
-- JRUBY-4535: Issues with the BouncyCastle provider
|
100
|
-
-- JRUBY-4510: JRuby-OpenSSL crashes when JCE fails a initialise bcprov
|
101
|
-
-- JRUBY-4343: Update BouncyCastle jar to upstream version; jdk14-139 ->
|
102
|
-
jdk15-144
|
103
|
-
- Cipher issues
|
104
|
-
-- JRUBY-4012: Initialization vector length handled differently than in MRI
|
105
|
-
(longer IV sequence are trimmed to fit the required)
|
106
|
-
-- JRUBY-4473: Implemented DSA key generation
|
107
|
-
-- JRUBY-4472: Cipher does not support RC4 and CAST
|
108
|
-
-- JRUBY-4577: InvalidParameterException 'Wrong keysize: must be equal to 112 or
|
109
|
-
168' for DES3 + SunJCE
|
110
|
-
- SSL and X.509(PKIX) issues
|
111
|
-
-- JRUBY-4384: TCP socket connection causes busy loop of SSL server
|
112
|
-
-- JRUBY-4370: Implement SSLContext#ciphers
|
113
|
-
-- JRUBY-4688: SSLContext#ciphers does not accept 'DEFAULT'
|
114
|
-
-- JRUBY-4357: SSLContext#{setup,ssl_version=} are not implemented
|
115
|
-
-- JRUBY-4397: SSLContext#extra_chain_cert and SSLContext#client_ca
|
116
|
-
-- JRUBY-4684: SSLContext#verify_depth is ignored
|
117
|
-
-- JRUBY-4398: SSLContext#options does not affect to SSL sessions
|
118
|
-
-- JRUBY-4360: Implement SSLSocket#verify_result and dependents
|
119
|
-
-- JRUBY-3829: SSLSocket#read should clear given buffer before concatenating
|
120
|
-
(ByteBuffer.java:328:in `allocate': java.lang.IllegalArgumentException when
|
121
|
-
returning SOAP queries over a certain size)
|
122
|
-
-- JRUBY-4686: SSLSocket can drop last chunk of data just before inbound channel
|
123
|
-
close
|
124
|
-
-- JRUBY-4369: X509Store#verify_callback is not called
|
125
|
-
-- JRUBY-4409: OpenSSL::X509::Store#add_file corrupts when it includes
|
126
|
-
certificates which have the same subject (problem with
|
127
|
-
ruby-openid-apps-discovery (github jruby-openssl issue #2))
|
128
|
-
-- JRUBY-4333: PKCS#8 formatted privkey read
|
129
|
-
-- JRUBY-4454: Loading Key file as a Certificate causes NPE
|
130
|
-
-- JRUBY-4455: calling X509::Certificate#sign for the Certificate initialized
|
131
|
-
from PEM causes IllegalStateException
|
132
|
-
- PKCS#7 issues
|
133
|
-
-- JRUBY-4379: PKCS7#sign failed for DES3 cipher algorithm
|
134
|
-
-- JRUBY-4428: Allow to use DES-EDE3-CBC in PKCS#7 w/o the Policy Files (rake
|
135
|
-
test doesn't finish on JDK5 w/o policy files update)
|
136
|
-
- Misc
|
137
|
-
-- JRUBY-4574: jruby-openssl deprecation warning cleanup
|
138
|
-
-- JRUBY-4591: jruby-1.4 support
|
139
|
-
|
140
|
-
== 0.6
|
141
|
-
|
142
|
-
- This is a recommended upgrade to jruby-openssl. A security problem
|
143
|
-
involving peer certificate verification was found where failed
|
144
|
-
verification silently did nothing, making affected applications
|
145
|
-
vulnerable to attackers. Attackers could lead a client application
|
146
|
-
to believe that a secure connection to a rogue SSL server is
|
147
|
-
legitimate. Attackers could also penetrate client-validated SSL
|
148
|
-
server applications with a dummy certificate. Your application would
|
149
|
-
be vulnerable if you're using the 'net/https' library with
|
150
|
-
OpenSSL::SSL::VERIFY_PEER mode and any version of jruby-openssl
|
151
|
-
prior to 0.6. Thanks to NaHi (NAKAMURA Hiroshi) for finding the
|
152
|
-
problem and providing the fix. See
|
153
|
-
http://www.jruby.org/2009/12/07/vulnerability-in-jruby-openssl.html
|
154
|
-
for details.
|
155
|
-
- This release addresses CVE-2009-4123 which was reserved for the
|
156
|
-
above vulnerability.
|
157
|
-
- Many fixes from NaHi, including issues related to certificate
|
158
|
-
verification and certificate store purpose verification.
|
159
|
-
- implement OpenSSL::X509::Store#set_default_paths
|
160
|
-
- MRI compat. fix: OpenSSL::X509::Store#add_file
|
161
|
-
- Fix nsCertType handling.
|
162
|
-
- Fix Cipher#key_len for DES-EDE3: 16 should be 24.
|
163
|
-
- Modified test expectations around Cipher#final.
|
164
|
-
- Public keys are lazily instantiated when the
|
165
|
-
X509::Certificate#public_key method is called (Dave Garcia)
|
166
|
-
|
167
|
-
== 0.5.2
|
168
|
-
|
169
|
-
* Multiple bugs fixed:
|
170
|
-
** JRUBY-3895 Could not verify server signature with net-ssh against Cygwin
|
171
|
-
** JRUBY-3864 jruby-openssl depends on Base64Coder from JvYAMLb
|
172
|
-
** JRUBY-3790 JRuby-OpenSSL test_post_connection_check is not passing
|
173
|
-
** JRUBY-3767 OpenSSL ssl implementation doesn't support client auth
|
174
|
-
** JRUBY-3673 jRuby-OpenSSL does not properly load certificate authority file
|
175
|
-
|
176
|
-
== 0.5.1
|
177
|
-
|
178
|
-
* Multiple fixes by Brice Figureau to get net/ssh working. Requires JRuby 1.3.1
|
179
|
-
to be 100%
|
180
|
-
* Fix by Frederic Jean for a character-decoding issue for some certificates
|
181
|
-
|
182
|
-
== 0.5
|
183
|
-
|
184
|
-
* Fixed JRUBY-3614: Unsupported HMAC algorithm (HMACSHA-256)
|
185
|
-
* Fixed JRUBY-3570: ActiveMerchant's AuthorizeNet Gateway throws OpenSSL Cert
|
186
|
-
Validation Error, when there should be no error
|
187
|
-
* Fixed JRUBY-3557 Class cast exception in PKeyRSA.java
|
188
|
-
* Fixed JRUBY-3468 X.509 certificates: subjectKeyIdentifier corrupted
|
189
|
-
* Fixed JRUBY-3285 Unsupported HMAC algorithm (HMACSHA1) error when generating
|
190
|
-
digest
|
191
|
-
* Misc code cleanup
|
192
|
-
|
193
|
-
== 0.2
|
194
|
-
|
195
|
-
- Enable remaining tests; fix a nil string issue in SSLSocket.sysread
|
196
|
-
(JRUBY-1888)
|
197
|
-
- Fix socket buffering issue by setting socket IO sync = true
|
198
|
-
- Fix bad file descriptor issue caused by unnecessary close (JRUBY-2152)
|
199
|
-
- Fix AES key length (JRUBY-2187)
|
200
|
-
- Fix cipher initialization (JRUBY-1100)
|
201
|
-
- Now, only compatible with JRuby 1.1
|
202
|
-
|
203
|
-
== 0.1.1
|
204
|
-
|
205
|
-
- Fixed blocker issue preventing HTTPS/SSL from working (JRUBY-1222)
|
206
|
-
|
207
|
-
== 0.1
|
208
|
-
|
209
|
-
- PLEASE NOTE: This release is not compatible with JRuby releases earlier than
|
210
|
-
1.0.3 or 1.1b2. If you must use JRuby 1.0.2 or earlier, please install the
|
211
|
-
0.6 release.
|
212
|
-
- Release coincides with JRuby 1.0.3 and JRuby 1.1b2 releases
|
213
|
-
- Simultaneous support for JRuby trunk and 1.0 branch
|
214
|
-
- Start of support for OpenSSL::BN
|
215
|
-
|
216
|
-
== 0.0.5 and prior
|
217
|
-
|
218
|
-
- Initial versions with maintenance updates
|