== 0.7 - Follow MRI 1.8.7 openssl API changes - Fixes so that jruby-openssl can run on appengine - Many bug and compatibility fixes, see below. - This is the last release that will be compatible with JRuby 1.4.x. - Compatibility issues -- JRUBY-4342: Follow ruby-openssl of CRuby 1.8.7. -- JRUBY-4346: Sync tests with tests for ruby-openssl of CRuby 1.8.7. -- JRUBY-4444: OpenSSL crash running RubyGems tests -- JRUBY-4075: Net::SSH gives OpenSSL::Cipher::CipherError "No message available" -- JRUBY-4076: Net::SSH padding error using 3des-cbc on Solaris -- JRUBY-4541: jruby-openssl doesn't load on App Engine. -- JRUBY-4077: Net::SSH "all authorization methods failed" Solaris -> Solaris -- JRUBY-4535: Issues with the BouncyCastle provider -- JRUBY-4510: JRuby-OpenSSL crashes when JCE fails a initialise bcprov -- JRUBY-4343: Update BouncyCastle jar to upstream version; jdk14-139 -> jdk15-144 - Cipher issues -- JRUBY-4012: Initialization vector length handled differently than in MRI (longer IV sequence are trimmed to fit the required) -- JRUBY-4473: Implemented DSA key generation -- JRUBY-4472: Cipher does not support RC4 and CAST -- JRUBY-4577: InvalidParameterException 'Wrong keysize: must be equal to 112 or 168' for DES3 + SunJCE - SSL and X.509(PKIX) issues -- JRUBY-4384: TCP socket connection causes busy loop of SSL server -- JRUBY-4370: Implement SSLContext#ciphers -- JRUBY-4688: SSLContext#ciphers does not accept 'DEFAULT' -- JRUBY-4357: SSLContext#{setup,ssl_version=} are not implemented -- JRUBY-4397: SSLContext#extra_chain_cert and SSLContext#client_ca -- JRUBY-4684: SSLContext#verify_depth is ignored -- JRUBY-4398: SSLContext#options does not affect to SSL sessions -- JRUBY-4360: Implement SSLSocket#verify_result and dependents -- JRUBY-3829: SSLSocket#read should clear given buffer before concatenating (ByteBuffer.java:328:in `allocate': java.lang.IllegalArgumentException when returning SOAP queries over a certain size) -- JRUBY-4686: SSLSocket can drop last chunk of data just before inbound channel close -- JRUBY-4369: X509Store#verify_callback is not called -- JRUBY-4409: OpenSSL::X509::Store#add_file corrupts when it includes certificates which have the same subject (problem with ruby-openid-apps-discovery (github jruby-openssl issue #2)) -- JRUBY-4333: PKCS#8 formatted privkey read -- JRUBY-4454: Loading Key file as a Certificate causes NPE -- JRUBY-4455: calling X509::Certificate#sign for the Certificate initialized from PEM causes IllegalStateException - PKCS#7 issues -- JRUBY-4379: PKCS7#sign failed for DES3 cipher algorithm -- JRUBY-4428: Allow to use DES-EDE3-CBC in PKCS#7 w/o the Policy Files (rake test doesn't finish on JDK5 w/o policy files update) - Misc -- JRUBY-4574: jruby-openssl deprecation warning cleanup -- JRUBY-4591: jruby-1.4 support == 0.6 - This is a recommended upgrade to jruby-openssl. A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to a rogue SSL server is legitimate. Attackers could also penetrate client-validated SSL server applications with a dummy certificate. Your application would be vulnerable if you're using the 'net/https' library with OpenSSL::SSL::VERIFY_PEER mode and any version of jruby-openssl prior to 0.6. Thanks to NaHi (NAKAMURA Hiroshi) for finding the problem and providing the fix. See http://www.jruby.org/2009/12/07/vulnerability-in-jruby-openssl.html for details. - This release addresses CVE-2009-4123 which was reserved for the above vulnerability. - Many fixes from NaHi, including issues related to certificate verification and certificate store purpose verification. - implement OpenSSL::X509::Store#set_default_paths - MRI compat. fix: OpenSSL::X509::Store#add_file - Fix nsCertType handling. - Fix Cipher#key_len for DES-EDE3: 16 should be 24. - Modified test expectations around Cipher#final. - Public keys are lazily instantiated when the X509::Certificate#public_key method is called (Dave Garcia) == 0.5.2 * Multiple bugs fixed: ** JRUBY-3895 Could not verify server signature with net-ssh against Cygwin ** JRUBY-3864 jruby-openssl depends on Base64Coder from JvYAMLb ** JRUBY-3790 JRuby-OpenSSL test_post_connection_check is not passing ** JRUBY-3767 OpenSSL ssl implementation doesn't support client auth ** JRUBY-3673 jRuby-OpenSSL does not properly load certificate authority file == 0.5.1 * Multiple fixes by Brice Figureau to get net/ssh working. Requires JRuby 1.3.1 to be 100% * Fix by Frederic Jean for a character-decoding issue for some certificates == 0.5 * Fixed JRUBY-3614: Unsupported HMAC algorithm (HMACSHA-256) * Fixed JRUBY-3570: ActiveMerchant's AuthorizeNet Gateway throws OpenSSL Cert Validation Error, when there should be no error * Fixed JRUBY-3557 Class cast exception in PKeyRSA.java * Fixed JRUBY-3468 X.509 certificates: subjectKeyIdentifier corrupted * Fixed JRUBY-3285 Unsupported HMAC algorithm (HMACSHA1) error when generating digest * Misc code cleanup == 0.2 - Enable remaining tests; fix a nil string issue in SSLSocket.sysread (JRUBY-1888) - Fix socket buffering issue by setting socket IO sync = true - Fix bad file descriptor issue caused by unnecessary close (JRUBY-2152) - Fix AES key length (JRUBY-2187) - Fix cipher initialization (JRUBY-1100) - Now, only compatible with JRuby 1.1 == 0.1.1 - Fixed blocker issue preventing HTTPS/SSL from working (JRUBY-1222) == 0.1 - PLEASE NOTE: This release is not compatible with JRuby releases earlier than 1.0.3 or 1.1b2. If you must use JRuby 1.0.2 or earlier, please install the 0.6 release. - Release coincides with JRuby 1.0.3 and JRuby 1.1b2 releases - Simultaneous support for JRuby trunk and 1.0 branch - Start of support for OpenSSL::BN == 0.0.5 and prior - Initial versions with maintenance updates