70d5828b3d79a0d7ba6885c912c421f5c1a2e59e NAKAMURA nakahiro@gmail.com http://github.com/jruby/jruby-openssl/commit/869737a0f9e353d2bddd77762ee1e94fd6558dbc 869737a0f9e353d2bddd77762ee1e94fd6558dbc

2009-12-28T21:48:49-08:00

call doShutdown for client side socket close for sending SSL closing alert. SSL impl should send it (OpenSSL does). unlike server side, client should close outbound channel even if we have remaining data to be sent. SSL closing alert will be sent and the server side can close SSL socket gracefully. 2b039a50c44644aae19679d18adc6cd70a61e7e1 NAKAMURA nakahiro@gmail.com 15f131bc9d81a5f7536613d720a609e6af89d841 NAKAMURA nakahiro@gmail.com http://github.com/jruby/jruby-openssl/commit/70d5828b3d79a0d7ba6885c912c421f5c1a2e59e 70d5828b3d79a0d7ba6885c912c421f5c1a2e59e

2009-12-28T07:27:23-08:00

Fixed fileformat (CRLF -> LF). Sorry. 38b0502acba69e86a849c673784f435ea285b099 NAKAMURA nakahiro@gmail.com 3a39a5e2bb663dbdc11773d5409f075de3a6534b NAKAMURA nakahiro@gmail.com http://github.com/jruby/jruby-openssl/commit/15f131bc9d81a5f7536613d720a609e6af89d841 15f131bc9d81a5f7536613d720a609e6af89d841

2009-12-28T07:19:26-08:00

Added support for SSLSocket#verify_result and SSLContect#verify_callback. * SSLSocket, X509Store, X509StoreCtx: added SSLSocket#verify_result support. * SSLContext: extracted common processes for checkServerTrusted and checkClientTrusted. * SSLContext: added verify_callback support. pass ossl_verify_cb to StoreContext. * 2 failed tests in test/openssl/test_ssl.rb got green now. d6ae93724a4863f049ea4fdb9782433033ea1597 NAKAMURA nakahiro@gmail.com 0c89f0b4f1f91cc11d2b4fd9015e325f40dcc757 NAKAMURA nakahiro@gmail.com http://github.com/jruby/jruby-openssl/commit/3a39a5e2bb663dbdc11773d5409f075de3a6534b 3a39a5e2bb663dbdc11773d5409f075de3a6534b

2009-12-24T08:49:36-08:00

Avoid SSLSocket busy loop while initial handshake. during initialHandshake, calling readAndUnwrap that results UNDERFLOW does not mean writable. we explicitly wait for readable channel to avoid busy loop. f118cad7888b4d404b6585f58323b128f4060560 NAKAMURA nakahiro@gmail.com fa9fd43ac45852eb13ac211504f2f7971a7858b0 NAKAMURA nakahiro@gmail.com http://github.com/jruby/jruby-openssl/commit/0c89f0b4f1f91cc11d2b4fd9015e325f40dcc757 0c89f0b4f1f91cc11d2b4fd9015e325f40dcc757

2009-12-24T08:05:27-08:00

Fixed cipher string parser & converter. * leading '+' means 'move to the end of the list'. must not add new ciphers. * implemented 'name1+name2' handling. it's the logical AND operator. 68ba23f52e050d0bd3b3fedf03e6eb0db5d57724 NAKAMURA nakahiro@gmail.com d6e1d499769ea5c57708418464704fa891d7b567 NAKAMURA nakahiro@gmail.com http://github.com/jruby/jruby-openssl/commit/fa9fd43ac45852eb13ac211504f2f7971a7858b0 fa9fd43ac45852eb13ac211504f2f7971a7858b0

2009-12-21T01:06:25-08:00

Fixed buffer handling of SSLSocket#sysread. * when the second arg is specified as a buffer, overwrite the buffer with new data. * when the first arg(len) is 0, returns "" even if the given buffer is not empty. 086129e75c5d2d3ea0d153a0d8a0f088fe424421 NAKAMURA nakahiro@gmail.com 4fffbaa0ecc81170ec0a73e6e30f1ddd2d7e0c54 NAKAMURA nakahiro@gmail.com http://github.com/jruby/jruby-openssl/commit/d6e1d499769ea5c57708418464704fa891d7b567 d6e1d499769ea5c57708418464704fa891d7b567

2009-12-18T07:53:44-08:00

Implemented OpenSSL::SSL::SSLContext#ciphers. Fixed SSLContext#ciphers=, too. SSL ciphersuite negotiation did not work properly regardless of ciphers setting. Hope opponent SSL server/client use proper secure ciphersuite... 339d9f7964a5855833bcf3dd4c4bfed204330f81 NAKAMURA nakahiro@gmail.com 8eacb2d9892650b524949e4d1def0453a11a0edd NAKAMURA nakahiro@gmail.com http://github.com/jruby/jruby-openssl/commit/4fffbaa0ecc81170ec0a73e6e30f1ddd2d7e0c54 4fffbaa0ecc81170ec0a73e6e30f1ddd2d7e0c54

2009-12-18T02:12:19-08:00

Implemented X509Store#verify_callback for PKCS7#verify. CAUTION: SSLContext#verify_callback is not called yet. 557b3d9c477a3ec6f714205bf0ab623c294663ec NAKAMURA nakahiro@gmail.com 72f3229812081f0ae74b2267d4d96407910ed786 NAKAMURA nakahiro@gmail.com http://github.com/jruby/jruby-openssl/commit/8eacb2d9892650b524949e4d1def0453a11a0edd 8eacb2d9892650b524949e4d1def0453a11a0edd

2009-12-16T08:08:58-08:00

PKCS#7 OpenSSL compatibility fix. * Cipher: introduced JSSE<->OSSL algorithm mapping class. (Cipher.Algorithm) * CipherSpec: newly added. keeps keyBitLen with Cipher which is required while encoding PKCS7 object. * PKCS7: compatibility update for 'signed' content and 'enveloped(encrypted)' content. other contents should be tested later. implemented PKCS7#to_pem. * impl.ASN1Registry: added OID for RC2-40-CBC which is default cipher algorithm for encryption (used when the given cipher is nil) * impl.{PKCS7 related classes}: fixed DER encoding issues for OpenSSL compatibility. * and added some tests for 'signed' and 'enveloped(encrypted)' PKCS7. 2105622f0d4e2988466b6dd2ea55307deb90e126 NAKAMURA nakahiro@gmail.com 44457f0924a0490831b2e60faeb0a33e7c1cec4d NAKAMURA nakahiro@gmail.com http://github.com/jruby/jruby-openssl/commit/72f3229812081f0ae74b2267d4d96407910ed786 72f3229812081f0ae74b2267d4d96407910ed786

2009-12-14T04:08:33-08:00

Fixed SSL verification test added for jruby-openssl/0.6 ruby-openssl freezes SSLContext at initialization time so we cannot reuse it. The example I wrote for CVE-2009-4123 (http://jruby.org/2009/12/07/vulnerability-in-jruby-openssl) does not work after the previous commit as well as CRuby because SSLContext is frozen now. Nick, sorry for that. b616c66e9544513951a5eb02943aa9f861bfc381 NAKAMURA nakahiro@gmail.com a0a336374fa0192cd637ec082d59dbc43cabfae6 NAKAMURA nakahiro@gmail.com http://github.com/jruby/jruby-openssl/commit/44457f0924a0490831b2e60faeb0a33e7c1cec4d 44457f0924a0490831b2e60faeb0a33e7c1cec4d

2009-12-14T04:04:09-08:00

JRUBY-4357: implemented SSLContext#{ssl_version=,setup} It needs some later cleanups (marked as TODO) but it works and passes existing tests for ssl_version= and setup. Test result: 2F1E. 930595865e96d8b4bd0bbe60c58f71805d10021d NAKAMURA nakahiro@gmail.com 5de1bfa7056ab7e68145ada40499b476bac2832b NAKAMURA nakahiro@gmail.com http://github.com/jruby/jruby-openssl/commit/a0a336374fa0192cd637ec082d59dbc43cabfae6 a0a336374fa0192cd637ec082d59dbc43cabfae6

2009-12-13T06:24:53-08:00

removed unintentionally committed test files. a655f6e2b71bfbf4c3b3794d66cf662c60a9153b NAKAMURA nakahiro@gmail.com 3182ea3af44a7b79ea316bb0ac6b8d4ee0bb8e1a NAKAMURA nakahiro@gmail.com http://github.com/jruby/jruby-openssl/commit/5de1bfa7056ab7e68145ada40499b476bac2832b 5de1bfa7056ab7e68145ada40499b476bac2832b

2009-12-13T06:22:21-08:00

Sync tests with ruby-openssl. Note: 4E for HEAD. * SSLContext#{setup,ssl_version=} are not implemented. * PKCS#8 PEM loader not implemented. * Java interface mocking causes NPE 8345e4af50d85d52d4cb4e998c9fe92e38913481 NAKAMURA nakahiro@gmail.com 49acfe2c1a2caa3f8e17fe225dd47c16043d2643 40945adc07e99e7ede5533f2d46285904a460315 NAKAMURA nakahiro@gmail.com http://github.com/jruby/jruby-openssl/commit/3182ea3af44a7b79ea316bb0ac6b8d4ee0bb8e1a 3182ea3af44a7b79ea316bb0ac6b8d4ee0bb8e1a

2009-12-10T11:56:19-08:00

Merge branch 'master' of git@github.com:jruby/jruby-openssl bd898d0b055c9e55b2f1b26fa60e7af1c91ff2ae NAKAMURA nakahiro@gmail.com abc2ca696f4cc79284f8ff16f9cbe97d2c8ce722 NAKAMURA nakahiro@gmail.com http://github.com/jruby/jruby-openssl/commit/49acfe2c1a2caa3f8e17fe225dd47c16043d2643 49acfe2c1a2caa3f8e17fe225dd47c16043d2643

2009-12-10T11:53:18-08:00

added a test for previous commit by Dylan McClung. and a little syntax cleanups. 5fb56cd46bf7f3a9c27517a753962f8c8e67dff7 NAKAMURA nakahiro@gmail.com 26e2349c05f1d8fa8fde11932c1ade6633803538 Nick Sieger nick@nicksieger.com http://github.com/jruby/jruby-openssl/commit/40945adc07e99e7ede5533f2d46285904a460315 40945adc07e99e7ede5533f2d46285904a460315

2009-12-10T10:48:17-08:00

Delete some obsolete information in README Also update the way description is added to gemspec so that it will display properly on gemcutter. 055c2a0b8e64918e7f2f4f5b3da68d4e1dc54e0e Nick Sieger nick@nicksieger.com 26e2349c05f1d8fa8fde11932c1ade6633803538 Dylan McClung dylan.mcclung@gmail.com http://github.com/jruby/jruby-openssl/commit/abc2ca696f4cc79284f8ff16f9cbe97d2c8ce722 abc2ca696f4cc79284f8ff16f9cbe97d2c8ce722

2009-12-09T22:41:29-08:00

2009-10-20T19:33:38-07:00

Update for JRUBY-4012 22fac2c46a638e4b0dbe30c926f2f43eada39e7c NAKAMURA nakahiro@gmail.com 8c440685b518886d448177cfb2bb7ba19e31d60d NAKAMURA nakahiro@gmail.com http://github.com/jruby/jruby-openssl/commit/26e2349c05f1d8fa8fde11932c1ade6633803538 26e2349c05f1d8fa8fde11932c1ade6633803538

2009-12-09T20:35:27-08:00

updated nbproject compilation classpath setting. (BC update) 0ff3af2785aff1722b393790e8fd916416dc5497 NAKAMURA nakahiro@gmail.com 0593fdc7bb51014ae5e08c7d2f5535d58574569c c4c1360df82335d78a960ef44584f33a58f00048 NAKAMURA nakahiro@gmail.com http://github.com/jruby/jruby-openssl/commit/8c440685b518886d448177cfb2bb7ba19e31d60d 8c440685b518886d448177cfb2bb7ba19e31d60d

2009-12-09T20:18:12-08:00

Merge commit 'c4c1360df82335d78a960ef44584f33a58f00048' c4a203087072433e9ba74551c7a020f1af543b2a NAKAMURA nakahiro@gmail.com 555d578a9f140454cdeb0c0d36d3145d82291518 cca959cb0ed764251fe215b588efe9b38259a5a9 NAKAMURA nakahiro@gmail.com http://github.com/jruby/jruby-openssl/commit/0593fdc7bb51014ae5e08c7d2f5535d58574569c 0593fdc7bb51014ae5e08c7d2f5535d58574569c

2009-12-09T20:01:36-08:00

Merge commit 'cca959cb0ed764251fe215b588efe9b38259a5a9' 5c0f7b29b782b70efa22357ae194ded9965978b5 NAKAMURA nakahiro@gmail.com e5b4f1b1b47bd94d54a17d099c0e2d0fe3c0e0ef 85b434526176f803648180edf38fe0537ce2b212 NAKAMURA nakahiro@gmail.com http://github.com/jruby/jruby-openssl/commit/555d578a9f140454cdeb0c0d36d3145d82291518 555d578a9f140454cdeb0c0d36d3145d82291518

2009-12-09T20:01:27-08:00

Merge commit '85b434526176f803648180edf38fe0537ce2b212' b4fd5df66e7bf332fa56ac0fec500688c79a4770 NAKAMURA nakahiro@gmail.com 1cb8b7d62319a80b9a62405183ad8bd28b4b279c ede88a3e02f548961994825c25cb4b6bbdb88e94 NAKAMURA nakahiro@gmail.com http://github.com/jruby/jruby-openssl/commit/e5b4f1b1b47bd94d54a17d099c0e2d0fe3c0e0ef e5b4f1b1b47bd94d54a17d099c0e2d0fe3c0e0ef

2009-12-09T20:01:15-08:00

Merge commit 'ede88a3e02f548961994825c25cb4b6bbdb88e94' c7bbed0b0c5c5b517fa21118f1de9f342a43d480 NAKAMURA nakahiro@gmail.com 683dc235e246b6b170610266f9943ae3ce0640c1 NAKAMURA nakahiro@gmail.com http://github.com/jruby/jruby-openssl/commit/c4c1360df82335d78a960ef44584f33a58f00048 c4c1360df82335d78a960ef44584f33a58f00048

2009-12-09T01:43:00-08:00

JRUBY-4326: check unsupported cipher algorithm at initialization. follow CRuby's openssl behavior. CAUTION: at this time, JRE's security policy is not checked at initialization time so Cipher.new("aes-256-cbc") is allowed even if the env does not have JCE Unlimited Strength Jurisdiction Policy Files. For such environment, you get an CipherError "Illegal key size" at usage time. Should be fixed in the future. c4a203087072433e9ba74551c7a020f1af543b2a NAKAMURA nakahiro@gmail.com cca959cb0ed764251fe215b588efe9b38259a5a9 1cb8b7d62319a80b9a62405183ad8bd28b4b279c NAKAMURA nakahiro@gmail.com http://github.com/jruby/jruby-openssl/commit/683dc235e246b6b170610266f9943ae3ce0640c1 683dc235e246b6b170610266f9943ae3ce0640c1

2009-12-07T11:23:45-08:00

Merge branch 'master' of git://github.com/jruby/jruby-openssl Conflicts: test/test_x509store.rb 5c0f7b29b782b70efa22357ae194ded9965978b5 NAKAMURA nakahiro@gmail.com 367f170fa17890c7352a5c4dc0bf5f2e8b1d8139 Nick Sieger nick@nicksieger.com http://github.com/jruby/jruby-openssl/commit/1cb8b7d62319a80b9a62405183ad8bd28b4b279c 1cb8b7d62319a80b9a62405183ad8bd28b4b279c

2009-12-07T06:22:32-08:00

Ignore jopenssl.jar 4027225a93d44beb95c78bd5609a3800d9d468d9 Nick Sieger nick@nicksieger.com 7fb0aa2da5bbbf1f80694ecf79809c2308120c2e Nick Sieger nick@nicksieger.com http://github.com/jruby/jruby-openssl/commit/367f170fa17890c7352a5c4dc0bf5f2e8b1d8139 367f170fa17890c7352a5c4dc0bf5f2e8b1d8139

2009-12-07T06:19:12-08:00

2009-12-06T21:35:16-08:00

Updated 0.6 notes to reflect updates to security announcement 6e2063c68f8c6ec01b90297d58fc4601660f219d Nick Sieger nick@nicksieger.com 3e6df60ec91ebe74b4c0edf443cade940f502048 Nick Sieger nick@nicksieger.com http://github.com/jruby/jruby-openssl/commit/7fb0aa2da5bbbf1f80694ecf79809c2308120c2e 7fb0aa2da5bbbf1f80694ecf79809c2308120c2e

2009-12-07T06:19:12-08:00

2009-11-25T15:18:04-08:00

Misc cleanup and get quickcert working as-is f3baed2737f79f7281bcd69162f17c89e3765311 Nick Sieger nick@nicksieger.com d0e97ebb2e214788abd192d5a3d2a0c7cac3d10d Nick Sieger nick@nicksieger.com http://github.com/jruby/jruby-openssl/commit/3e6df60ec91ebe74b4c0edf443cade940f502048 3e6df60ec91ebe74b4c0edf443cade940f502048

2009-12-07T06:18:54-08:00

2009-11-25T08:35:40-08:00

Updated history and bump version to 0.6 ac84521a1963c63d7128900d254274cdd9cf4024 Nick Sieger nick@nicksieger.com 06bf2cc5ca7592a40204ce18e8dd0d21d0656fd9 NAKAMURA nakahiro@gmail.com http://github.com/jruby/jruby-openssl/commit/d0e97ebb2e214788abd192d5a3d2a0c7cac3d10d d0e97ebb2e214788abd192d5a3d2a0c7cac3d10d

2009-12-07T06:17:48-08:00

2009-11-24T14:57:53-08:00

Added a symlink as a fixture for test_x509store.rb Must be a symlink to test/fixture/purpose/cacert.pem Signed-off-by: Nick Sieger <nick@nicksieger.com> e79ff59ebdfc53f9b671da50e0193f8d52d89759 Nick Sieger nick@nicksieger.com 1b31e21a9c0bf030dfbbf4aea5863edfa7a49b4a NAKAMURA nakahiro@gmail.com http://github.com/jruby/jruby-openssl/commit/06bf2cc5ca7592a40204ce18e8dd0d21d0656fd9 06bf2cc5ca7592a40204ce18e8dd0d21d0656fd9

2009-12-07T06:17:48-08:00

2009-11-19T05:38:20-08:00

implement OpenSSL::X509::Store#set_default_paths implement it at X509Store. we already had x509store.Store#setDefaultPaths but we cannot use it because it refers 'SSL_CERT_DIR' via System.getenv of Java. we need to fetch env var via ENV['SSL_CERT_DIR'] of Ruby. now open-uri.rb + https should work. Signed-off-by: Nick Sieger <nick@nicksieger.com> 4528faf9dcdd9ebbd0e7456a9c7d6b587f61520b Nick Sieger nick@nicksieger.com