forked from jruby/jruby-ossl
-
Notifications
You must be signed in to change notification settings - Fork 1
/
History.txt
208 lines (173 loc) · 8.51 KB
/
History.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
== 0.7.6
This release includes initial implementation of PKCS12 by Owen Ou.
- JRUBY-5066: Implement OpenSSL::PKCS12 (only for simple case)
- JRUBY-6385: Assertion failure with -J-ea
== 0.7.5
This release improved 1.9 mode support with help of
Duncan Mak <[email protected]>. Now jruby-ossl gem includes both 1.8 and 1.9
libraries and part of features should work fine on 1.9 mode, too.
- JRUBY-6270: Wrong keyUsage check for SSL server
- JRUBY-6260: OpenSSL::ASN1::Integer#value incompatibility
- JRUBY-6044: Improve Ecrypted RSA/DSA pem support
- JRUBY-5972: Allow to load/dump empty PKCS7 data
- JRUBY-5834: Fix X509Name handling; X509Name RDN can include multiple elements
- JRUBY-5362: Improved 1.9 support
- JRUBY-4992: Warn if loaded by non JRuby interpreter
== 0.7.4
- JRUBY-5519: Avoid String encoding dependency in DER loading. PEM loading
failed on JRuby 1.6.x. Fixed.
- JRUBY-5510: Add debug information to released jar
- JRUBY-5478: Update bouncycastle jars to the latest version. (1.46)
== 0.7.3
- JRUBY-5200: Net::IMAP + SSL(imaps) login could hang. Fixed.
- JRUBY-5253: Allow to load the certificate file which includes private
key for activemarchant compatibility.
- JRUBY-5267: Added SSL socket error-checks to avoid busy loop under an
unknown condition.
- JRUBY-5316: Improvements for J9's IBMJCE support. Now all testcases
pass on J9 JDK 6.
== 0.7.2
- JRUBY-5126: Ignore Cipher#reset and Cipher#iv= when it's a stream
cipher (Net::SSH compatibility)
- JRUBY-5125: let Cipher#name for 'rc4' to be 'RC4' (Net::SSH
compatibility)
- JRUBY-5096: Fixed inconsistent Certificate verification behavior
- JRUBY-5060: Avoid NPE from to_pem for empty X509 Objects
- JRUBY-5059: SSLSocket ignores Timeout (Fixed)
- JRUBY-4965: implemented OpenSSL::Config
- JRUBY-5023: make Certificate#signature_algorithm return correct algo
name; "sha1WithRSAEncryption" instead of "SHA1"
- JRUBY-5024: let HMAC.new accept a String as a digest name
- JRUBY-5018: SSLSocket holds selectors, keys, preventing quick
cleanup of resources when dereferenced
== 0.7.1
- NOTE: Now BouncyCastle jars has moved out to its own gem
"bouncy-castle-java" (http://rubygems.org/gems/bouncy-castle-java).
You don't need to care about it because "jruby-openssl" gem depends
on it from now on.
=== SSL bugfix
- JRUBY-4826 net/https client possibly raises "rbuf_fill': End of file
reached (EOFError)" for HTTP chunked read.
=== Misc
- JRUBY-4900: Set proper String to OpenSSL::OPENSSL_VERSION. Make sure
it's not an OpenSSL artifact: "OpenSSL 0.9.8b 04 May 2006
(JRuby-OpenSSL fake)" -> "jruby-ossl 0.7.1"
- JRUBY-4975: Moving BouncyCastle jars out to its own gem.
== 0.7
- Follow MRI 1.8.7 openssl API changes
- Fixes so that jruby-openssl can run on appengine
- Many bug and compatibility fixes, see below.
- This is the last release that will be compatible with JRuby 1.4.x.
- Compatibility issues
-- JRUBY-4342: Follow ruby-openssl of CRuby 1.8.7.
-- JRUBY-4346: Sync tests with tests for ruby-openssl of CRuby 1.8.7.
-- JRUBY-4444: OpenSSL crash running RubyGems tests
-- JRUBY-4075: Net::SSH gives OpenSSL::Cipher::CipherError "No message
available"
-- JRUBY-4076: Net::SSH padding error using 3des-cbc on Solaris
-- JRUBY-4541: jruby-openssl doesn't load on App Engine.
-- JRUBY-4077: Net::SSH "all authorization methods failed" Solaris -> Solaris
-- JRUBY-4535: Issues with the BouncyCastle provider
-- JRUBY-4510: JRuby-OpenSSL crashes when JCE fails a initialise bcprov
-- JRUBY-4343: Update BouncyCastle jar to upstream version; jdk14-139 ->
jdk15-144
- Cipher issues
-- JRUBY-4012: Initialization vector length handled differently than in MRI
(longer IV sequence are trimmed to fit the required)
-- JRUBY-4473: Implemented DSA key generation
-- JRUBY-4472: Cipher does not support RC4 and CAST
-- JRUBY-4577: InvalidParameterException 'Wrong keysize: must be equal to 112 or
168' for DES3 + SunJCE
- SSL and X.509(PKIX) issues
-- JRUBY-4384: TCP socket connection causes busy loop of SSL server
-- JRUBY-4370: Implement SSLContext#ciphers
-- JRUBY-4688: SSLContext#ciphers does not accept 'DEFAULT'
-- JRUBY-4357: SSLContext#{setup,ssl_version=} are not implemented
-- JRUBY-4397: SSLContext#extra_chain_cert and SSLContext#client_ca
-- JRUBY-4684: SSLContext#verify_depth is ignored
-- JRUBY-4398: SSLContext#options does not affect to SSL sessions
-- JRUBY-4360: Implement SSLSocket#verify_result and dependents
-- JRUBY-3829: SSLSocket#read should clear given buffer before concatenating
(ByteBuffer.java:328:in `allocate': java.lang.IllegalArgumentException when
returning SOAP queries over a certain size)
-- JRUBY-4686: SSLSocket can drop last chunk of data just before inbound channel
close
-- JRUBY-4369: X509Store#verify_callback is not called
-- JRUBY-4409: OpenSSL::X509::Store#add_file corrupts when it includes
certificates which have the same subject (problem with
ruby-openid-apps-discovery (github jruby-openssl issue #2))
-- JRUBY-4333: PKCS#8 formatted privkey read
-- JRUBY-4454: Loading Key file as a Certificate causes NPE
-- JRUBY-4455: calling X509::Certificate#sign for the Certificate initialized
from PEM causes IllegalStateException
- PKCS#7 issues
-- JRUBY-4379: PKCS7#sign failed for DES3 cipher algorithm
-- JRUBY-4428: Allow to use DES-EDE3-CBC in PKCS#7 w/o the Policy Files (rake
test doesn't finish on JDK5 w/o policy files update)
- Misc
-- JRUBY-4574: jruby-openssl deprecation warning cleanup
-- JRUBY-4591: jruby-1.4 support
== 0.6
- This is a recommended upgrade to jruby-openssl. A security problem
involving peer certificate verification was found where failed
verification silently did nothing, making affected applications
vulnerable to attackers. Attackers could lead a client application
to believe that a secure connection to a rogue SSL server is
legitimate. Attackers could also penetrate client-validated SSL
server applications with a dummy certificate. Your application would
be vulnerable if you're using the 'net/https' library with
OpenSSL::SSL::VERIFY_PEER mode and any version of jruby-openssl
prior to 0.6. Thanks to NaHi (NAKAMURA Hiroshi) for finding the
problem and providing the fix. See
http://www.jruby.org/2009/12/07/vulnerability-in-jruby-openssl.html
for details.
- This release addresses CVE-2009-4123 which was reserved for the
above vulnerability.
- Many fixes from NaHi, including issues related to certificate
verification and certificate store purpose verification.
- implement OpenSSL::X509::Store#set_default_paths
- MRI compat. fix: OpenSSL::X509::Store#add_file
- Fix nsCertType handling.
- Fix Cipher#key_len for DES-EDE3: 16 should be 24.
- Modified test expectations around Cipher#final.
- Public keys are lazily instantiated when the
X509::Certificate#public_key method is called (Dave Garcia)
== 0.5.2
* Multiple bugs fixed:
** JRUBY-3895 Could not verify server signature with net-ssh against Cygwin
** JRUBY-3864 jruby-openssl depends on Base64Coder from JvYAMLb
** JRUBY-3790 JRuby-OpenSSL test_post_connection_check is not passing
** JRUBY-3767 OpenSSL ssl implementation doesn't support client auth
** JRUBY-3673 jRuby-OpenSSL does not properly load certificate authority file
== 0.5.1
* Multiple fixes by Brice Figureau to get net/ssh working. Requires JRuby 1.3.1
to be 100%
* Fix by Frederic Jean for a character-decoding issue for some certificates
== 0.5
* Fixed JRUBY-3614: Unsupported HMAC algorithm (HMACSHA-256)
* Fixed JRUBY-3570: ActiveMerchant's AuthorizeNet Gateway throws OpenSSL Cert
Validation Error, when there should be no error
* Fixed JRUBY-3557 Class cast exception in PKeyRSA.java
* Fixed JRUBY-3468 X.509 certificates: subjectKeyIdentifier corrupted
* Fixed JRUBY-3285 Unsupported HMAC algorithm (HMACSHA1) error when generating
digest
* Misc code cleanup
== 0.2
- Enable remaining tests; fix a nil string issue in SSLSocket.sysread
(JRUBY-1888)
- Fix socket buffering issue by setting socket IO sync = true
- Fix bad file descriptor issue caused by unnecessary close (JRUBY-2152)
- Fix AES key length (JRUBY-2187)
- Fix cipher initialization (JRUBY-1100)
- Now, only compatible with JRuby 1.1
== 0.1.1
- Fixed blocker issue preventing HTTPS/SSL from working (JRUBY-1222)
== 0.1
- PLEASE NOTE: This release is not compatible with JRuby releases earlier than
1.0.3 or 1.1b2. If you must use JRuby 1.0.2 or earlier, please install the
0.6 release.
- Release coincides with JRuby 1.0.3 and JRuby 1.1b2 releases
- Simultaneous support for JRuby trunk and 1.0 branch
- Start of support for OpenSSL::BN
== 0.0.5 and prior
- Initial versions with maintenance updates