0.15.1

• [deps] upgrade BC to version 1.78.1

0.15.0

This version upgraded to latest Bouncy-Castle (1.78) and the minimum supported JRuby is now 9.2.

• [refactor] propagate IOError from selector exception
• [fix] convert IOException to Ruby exception correctly
  follow up on the fix (#242) in 0.14.6
• [fix] implement OpenSSL::PKey::EC::Point#mul and #add (#307)
• [fix] ASN.1 BitString pad bits being out of range
• [compat] support base64digest on OpenSSL::HMAC
• [compat] add Buffering#getbyte for SSLSocket
• [refactor] drop (unused) Config native impl
• [refactor] less locking when there's a shared SSLContext
• [fix] encoding of ASN1::Null primitive to_der
• [fix] ASN.1 tagged object tag-class encoding/decoding
• [fix] ASN1 primitive tagging (encoding) part (#122)
• [fix] encoding/decoding of all ASN1 string types
• [fix] ASN1Data encoding with Array primitive value (#119)
• [refactor] drop security restriction JCE work-around
• [refactor] drop long deprecated OpenSSLReal Java class
• [deps] upgrade BC to version 1.78

0.14.6

• [compat] OpenSSL::ConfigError and DEFAULT_CONFIG_FILE (#304)
• [fix] OpenSSL::PKey::DH#set_pqg regression (#300)
• Convert IOException to Ruby exception correctly (#242)
• [refactor] add exception debugging within SSLSocket#waitSelect
• [fix] sync SSLContext#setup as it could be shared (#302)
• [refactor] organize i-var sets (set @context after setup)

0.14.5

• [fix] OpenSSL::X509::Request#verify with DSA public key
  (this was a regression introduced in JOSSL 0.14.4)

0.14.4

• [fix] convert OpenSSL::ASN1::Sequence to an array on #to_der (#265)
• [feat] implement PKey::DH.generate and (dummy) q reader (#254)
• [fix] raise TypeError when arg isn't a Group
• [refactor] make sure ASN1Error has native cause
• [fix] stop assuming (JDK) EC key identifier
  "EC" with Sun provider but "ECDSA" with BC
• [fix] do not check empty string as curve name
• [fix] make sure PKeyEC#group.curve_name is always set
• [refactor] PKey.read to use BC fully when reading public keys
• [fix] OpenSSL::X509::CRL#sign to accept string digest
• [fix] OpenSSL::X509::Request#version default is -1
• [fix] resolving EC key from X509::Request.new(pem)
• [feat] implement OpenSSL::X509::Request#signature_algorithm
• [fix] work-around CSR failing with EC key (#294)
• [feat] implement OpenSSL::PKey::EC#to_text (#280)
• [feat] partial support for PKey::EC::Point#to_octet_string(form)
• [feat] implement OpenSSL::PKCS7::SignerInfo#signed_time (#269)
• [feat] implement #oid method for PKey classes (#281)
• [fix] raise PKeyError from PKey.read when no key (#285)
• [fix] restore PKCS#8 EC key handling (see #292)
• [fix] revert readPrivateKey so public key is not lost (#292)

0.14.3

• [fix] SSLSocket#alpn_protocol to be nil when not used (#287)
• [feat] try resolving curve-name from EC public key
• [feat] implement missing PKey::EC#dsa_verify_asn1 (#241)
• [feat] implement support for PKey::EC.generate (#255)
• [refactor] make sure curveName is set when using PKey.read (#289)
• [fix] add Cipher#auth_data(arg) override (Rails 7.x compatibility) (#290)
• [fix] raise TypeError when arg not of expected type (jruby/jruby#7875)

0.14.2

• [deps] upgrade BC to latest 1.74
• [fix] for CRL verify when signed with EC key (#276)
• [fix] OpenSSL::X509::Certificate#public_key raises for EC keys (#273)

0.14.1

• [refactor] improve performance of Diffie-Hellman key exchange (#272)

• Try to use JDK console to prompt for pass (#270)

• [fix] for PKCS8 EC private key support (#267)

• [fix] Java's default session timeout in 24h

• [fix] handle ArgumentError on SSLSession#timeout=

• [fix] buffer overflow after wrap-ing data - wait

• [refactor] try a few tricks to detect session re-use

0.14.0

This version upgraded to latest Bouncy-Castle (1.71) and is only compatible with the new version mostly due artifact naming and breaking changes in BC itself.

• [deps] upgrade BC to latest 1.71
• [fix] make set_minmax_proto_version private

0.13.0

0.13.0

• [fix] ASN1::EndOfContent ancestor hierarchy (#228)
• [fix] handle X509::Name type conversion (#206)
• [fix] handle invalid type when creating X509::Name
• [fix] OpenSSL::X509::Name#inspect compatibility
• [fix] escaping with OpenSSL::X509::Name::RFC2253
• [feat] implement OpenSSL::X509::Name#to_utf8
• [fix] compat missing OpenSSL::SSL::OP_NO_TLSv1_3
• [refactor] performance - do not encode/decode cert objects
• [fix] make sure Context.ciphers are not mutated (#219)
• [feat] support to_java conversion for CRL
• [feat] support to_java protocol for PKey (#250)