RubyGems - jruby-openssl - Versions diffs - 0.10.5-java → 0.12.1-java - Mend

jruby-openssl 0.10.5-java → 0.12.1-java

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (63) hide show

checksums.yaml +4 -4
data/History.md +50 -0
data/Mavenfile +24 -30
data/README.md +3 -0
data/Rakefile +21 -35
data/lib/jopenssl/load.rb +0 -14
data/lib/jopenssl/version.rb +2 -2
data/lib/jopenssl.jar +0 -0
data/lib/openssl/bn.rb +40 -9
data/lib/openssl/buffering.rb +478 -9
data/lib/openssl/cipher.rb +67 -9
data/lib/openssl/config.rb +496 -12
data/lib/openssl/digest.rb +73 -9
data/lib/openssl/hmac.rb +13 -0
data/lib/openssl/marshal.rb +30 -0
data/lib/openssl/pkcs5.rb +3 -3
data/lib/openssl/pkey.rb +42 -5
data/lib/openssl/ssl.rb +543 -9
data/lib/openssl/x509.rb +369 -9
data/lib/openssl.rb +43 -1
data/lib/org/bouncycastle/bcpkix-jdk15on/{1.65/bcpkix-jdk15on-1.65.jar → 1.68/bcpkix-jdk15on-1.68.jar} +0 -0
data/lib/org/bouncycastle/bcprov-jdk15on/{1.65/bcprov-jdk15on-1.65.jar → 1.68/bcprov-jdk15on-1.68.jar} +0 -0
data/lib/org/bouncycastle/bctls-jdk15on/1.68/bctls-jdk15on-1.68.jar +0 -0
data/pom.xml +42 -134
metadata +14 -48
data/lib/jopenssl19/openssl/bn.rb +0 -29
data/lib/jopenssl19/openssl/buffering.rb +0 -449
data/lib/jopenssl19/openssl/cipher.rb +0 -28
data/lib/jopenssl19/openssl/config.rb +0 -472
data/lib/jopenssl19/openssl/digest.rb +0 -32
data/lib/jopenssl19/openssl/ssl-internal.rb +0 -223
data/lib/jopenssl19/openssl/ssl.rb +0 -2
data/lib/jopenssl19/openssl/x509-internal.rb +0 -115
data/lib/jopenssl19/openssl/x509.rb +0 -2
data/lib/jopenssl19/openssl.rb +0 -22
data/lib/jopenssl21/openssl/bn.rb +0 -28
data/lib/jopenssl21/openssl/buffering.rb +0 -1
data/lib/jopenssl21/openssl/cipher.rb +0 -1
data/lib/jopenssl21/openssl/config.rb +0 -1
data/lib/jopenssl21/openssl/digest.rb +0 -1
data/lib/jopenssl21/openssl/ssl.rb +0 -1
data/lib/jopenssl21/openssl/x509.rb +0 -119
data/lib/jopenssl21/openssl.rb +0 -22
data/lib/jopenssl22/openssl/bn.rb +0 -39
data/lib/jopenssl22/openssl/buffering.rb +0 -456
data/lib/jopenssl22/openssl/cipher.rb +0 -28
data/lib/jopenssl22/openssl/config.rb +0 -313
data/lib/jopenssl22/openssl/digest.rb +0 -54
data/lib/jopenssl22/openssl/ssl.rb +0 -330
data/lib/jopenssl22/openssl/x509.rb +0 -139
data/lib/jopenssl22/openssl.rb +0 -22
data/lib/jopenssl23/openssl/bn.rb +0 -38
data/lib/jopenssl23/openssl/buffering.rb +0 -455
data/lib/jopenssl23/openssl/cipher.rb +0 -25
data/lib/jopenssl23/openssl/config.rb +0 -474
data/lib/jopenssl23/openssl/digest.rb +0 -43
data/lib/jopenssl23/openssl/pkey.rb +0 -25
data/lib/jopenssl23/openssl/ssl.rb +0 -508
data/lib/jopenssl23/openssl/x509.rb +0 -208
data/lib/jopenssl23/openssl.rb +0 -19
data/lib/openssl/ssl-internal.rb +0 -5
data/lib/openssl/x509-internal.rb +0 -5
data/lib/org/bouncycastle/bctls-jdk15on/1.65/bctls-jdk15on-1.65.jar +0 -0

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9d6499fed6e65be2c2ce456ff6aa60748cf25877
-  data.tar.gz: eb002de6cd119571cd27844029a92034deb0e585
+  metadata.gz: 2b73e2783a26e7aa5254c66e325fa6c824c78b8d
+  data.tar.gz: feb0ad37fca2ead87ed151f8c543214f7912508b
 SHA512:
-  metadata.gz: d720cada18be2c96df796c93fe545a72b58fc53d24d06781509f50751bafb340886840530b6b469c0c97b66aedff9a13bde58017cff5b1514330a1611ec31464
-  data.tar.gz: 9eb17b1809536887e1c7beef398bebce95c86ed5ed0d46e43c658396387cec56f7fafbd4098fa4c2f273960faf5cae12fe980131eb6ab56bee8a694fdc75eea5
+  metadata.gz: aba588920a82b3a568183ee03bcbee3175c033863654521bfc6a624be84072d510853ea2b457f8742d222e19a230c8ce67592a3df16e1ae625d1b644c7e858bf
+  data.tar.gz: ce31f7f99e2352871b2fdefc084eef1d8497a97baacf4a99a6459e39abf0cb35e66a1a4b422e454db6e9433cd6c698b22e07dc1e7688e7c580a397cc0a7ae37b

data/History.md CHANGED Viewed

@@ -1,3 +1,53 @@
+## 0.12.1
+* improved compatibility with the openssl gem (version 2.2.1)
+* JOSSL now ships with a single set of openssl .rb files
+  - providing compat with `required_ruby_version = '>= 2.3.0'`
+  - flat set of .rb files at *lib/openssl/* (based on openssl gem)
+* revisited `OpenSSL::SSL::SSLContext::DEFAULT_PARAMS` defaults
+  - implicit `verify_hostname` default .rb callback still a noop
+  - TLS continues to rely on the Java SSL engine for hostname checks
+* working TLS 1.3 support
+* droped Java 1.7 support (at least Java 8 needed to use the gem)
+* fixed `SSLContext#options` matches C OpenSSL (using `OP_ALL`)
+* no longer filter out SSLv2 (for improved OpenSSL compatibility)
+* implemented naive `SSLContext#ciphers` caching to speed-up TLS
+* `StoreError` raised due a Java exception now retain native cause
+## 0.12.0 (yanked)
+There were Java 8 and JRuby 9.3 regressions in this release, use 0.12.1 instead.
+## 0.11.0
+NOTE: This release aims to adapt the certificate verification logic to be aligned
+with OpenSSL 1.1.1 as a resolution to issues due *DST Root CA X3* expiration, more
+details at: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
+The port is expected to be superior compared to the simple legacy verification,
+however in case of issues the previous algorithm is still around and can be toggled
+using `JRUBY_OPTS="-J-Djruby.openssl.x509.store.verify=legacy"` system property.
+* **OpenSSL 1.1.1 cert verification port** (fixes #236) (#239)
+ - as a side-effect part of the PR to "allow multiple certs with same SubjectDN"
+   (#198) got reverted, this has been causing verification regressions (since 0.10.5)
+   for some users (#232) and is expected to be fixed
+* [fix] replace deprecated getPeerCertificateChain (#231)
+## 0.10.7
+* [feat] upgrade BC library to 1.68
+* [fix] SSLContext#ciphers= (fixes #221 and jruby/jruby#3100) (#222)
+* [fix] Java::JavaLang::StringIndexOutOfBoundsException on ctx.cipher=[] (fixes #220) (#223)
+* [fix] SSLContext#ciphers= compatibility (fixes #223) (#220)
+* [fix] Match OpenSSL::X509::Name.hash implementation with Ruby (#216, #218)
+* [fix] OpenSSL::SSL::SSLContext#min_version= failure (#215)
+* [fix] adds OpenSSL::Cipher#iv_len= setter (#208)
+## 0.10.6 (yanked)
+Due several regressions please update to version 0.10.7 or higher.
 ## 0.10.5
 * [fix] EC key sign/verify (#193)

data/Mavenfile CHANGED Viewed

@@ -7,7 +7,7 @@ distribution_management do
   repository :id => :ossrh, :url => 'https://oss.sonatype.org/service/local/staging/deploy/maven2/'
 end
-java_target = '1.7'
+java_target = '1.8'
 gen_sources = '${basedir}/target/generated-sources' # hard-coded in AnnotationBinder
 plugin( 'org.codehaus.mojo:exec-maven-plugin', '1.3.2' ) do
@@ -45,15 +45,18 @@ plugin( 'org.codehaus.mojo:build-helper-maven-plugin', '1.9' ) do
   execute_goal 'add-source', :phase => 'process-classes', :sources => [ gen_sources ]
 end
-plugin( :compiler, '3.1',
-        :source => '1.7', :target => java_target,
-        :encoding => 'UTF-8', :debug => true,
-        :showWarnings => true, :showDeprecation => true,
-        :excludes => [ 'module-info.java' ],
-        #:jdkToolchain => { :version => '[1.7,11)' },
+compiler_configuration = {
+    :source => '1.8', :target => java_target, :release => '8',
+    :encoding => 'UTF-8', :debug => true,
+    :showWarnings => true, :showDeprecation => true,
+    :excludes => [ 'module-info.java' ],
+    #:jdkToolchain => { :version => '[1.7,11)' },
+    :generatedSourcesDirectory => gen_sources,
+    :annotationProcessors => [ 'org.jruby.anno.AnnotationBinder' ]
+}
+compiler_configuration.delete(:release) if ENV_JAVA['java.specification.version'] == '1.8'
-        :generatedSourcesDirectory => gen_sources,
-        :annotationProcessors => [ 'org.jruby.anno.AnnotationBinder' ]) do
+plugin( :compiler, '3.9.0', compiler_configuration) do
   #execute_goal :compile, :id => 'annotation-binder', :phase => 'compile',
   #    :generatedSourcesDirectory => gen_sources, #:outputDirectory => gen_sources,
@@ -69,14 +72,6 @@ plugin( :compiler, '3.1',
                :compilerArgs => [ '', '-XDignore.symbol.file=true' ]
 end
-profile 'module-info' do
-  activation { jdk '[9,)' }
-  plugin :compiler, '3.8.1',
-         :source => '9', :target => java_target,
-         :release => '9',
-         :includes => [ 'module-info.java' ]
-end
 plugin :clean do
   execute_goals( 'clean', :id => 'default-clean', :phase => 'clean',
                  'filesets' => [
@@ -87,18 +82,18 @@ plugin :clean do
                  'failOnError' =>  'false' )
 end
-jar 'org.jruby:jruby-core', '1.7.20', :scope => :provided
-jar 'junit:junit', '4.11', :scope => :test
+jar 'org.jruby:jruby-core', '9.1.11.0', :scope => :provided
+# for invoker generated classes we need to add javax.annotation when on Java > 8
+jar 'javax.annotation:javax.annotation-api', '1.3.1', :scope => :compile
+jar 'junit:junit', '[4.13.1,)', :scope => :test
-# 9.1.17.0 is Java 7 compatible (till supporting JRuby 1.7)
 # NOTE: to build on Java 11 - installing gems fails (due old jossl) with:
 #  load error: jopenssl/load -- java.lang.StringIndexOutOfBoundsException
-MVN_JRUBY_VERSION = ENV_JAVA['java.version'].to_i >= 9 ? '9.2.9.0' : '9.1.17.0'
+MVN_JRUBY_VERSION = ENV_JAVA['java.version'].to_i >= 9 ? '9.2.19.0' : '9.1.17.0'
 jruby_plugin! :gem do
   # when installing dependent gems we want to use the built in openssl not the one from this lib directory
-  # we compile against jruby-core-1.7.20 and want to keep this out of the plugin execution here
-  execute_goal :id => 'default-initialize', :addProjectClasspath => false, :libDirectory => 'something-which-does-not-exists'
+  execute_goal :id => 'default-package', :addProjectClasspath => false, :libDirectory => 'something-which-does-not-exists'
   execute_goals :id => 'default-push', :skip => true
 end
@@ -107,12 +102,12 @@ plugin :deploy, '2.8.1' do
   execute_goals( :deploy, :skip => false )
 end
-supported_bc_versions = %w{ 1.58 1.59 1.60 1.61 1.62 1.63 1.64 1.65 }
+supported_bc_versions = %w{ 1.60 1.61 1.62 1.63 1.64 1.65 1.66 1.67 1.68 }
 default_bc_version = File.read File.expand_path('lib/jopenssl/version.rb', File.dirname(__FILE__))
 default_bc_version = default_bc_version[/BOUNCY_CASTLE_VERSION\s?=\s?'(.*?)'/, 1]
-properties( 'jruby.plugins.version' => '1.1.8',
+properties( 'jruby.plugins.version' => '2.0.1', # 2.0.1
             'jruby.switches' => '-W0', # https://github.com/torquebox/jruby-maven-plugins/issues/94
             'bc.versions' => default_bc_version,
             'invoker.test' => '${bc.versions}',
@@ -123,9 +118,8 @@ properties( 'jruby.plugins.version' => '1.1.8',
             'mavengem-wagon.version' => '1.0.3', # for polyglot-ruby
             # use this version of jruby for the jruby-maven-plugins
             'jruby.versions' => MVN_JRUBY_VERSION, 'jruby.version' => MVN_JRUBY_VERSION,
-            # dump pom.xml as readonly when running 'rmvn'
-            'polyglot.dump.pom' => 'pom.xml',
-            'polyglot.dump.readonly' => true )
+            # dump pom.xml when running 'rmvn'
+            'polyglot.dump.pom' => 'pom.xml', 'polyglot.dump.readonly' => false )
 # make sure we have the embedded jars in place before we run runit plugin
 plugin! :dependency do
@@ -152,8 +146,8 @@ invoker_run_options = {
       'runit.dir' => '${runit.dir}' }
 }
-jruby_9_K_versions  = %w{ 9.0.5.0 9.1.2.0 9.1.8.0 9.1.12.0 9.1.16.0 9.1.17.0 }
-jruby_9_K_versions += %w{ 9.2.0.0 9.2.5.0 9.2.6.0 9.2.7.0 9.2.8.0 9.2.9.0 }
+jruby_9_K_versions  = %w{ 9.1.2.0 9.1.8.0 9.1.12.0 9.1.16.0 9.1.17.0 }
+jruby_9_K_versions += %w{ 9.2.0.0 9.2.5.0 9.2.10.0 9.2.17.0 9.2.19.0 }
 jruby_9_K_versions.each { |version|
 profile :id => "test-#{version}" do

data/README.md CHANGED Viewed

@@ -24,6 +24,9 @@ the JRuby [mailing list][1] or the [bug tracker][2].
 |      ~>0.9.18 |   1.6.8-9.1.x |  Java 6-8  |    1.50-1.55 |
 |        0.10.0 |  1.7.20-9.2.x |  Java 7-10 |    1.55-1.59 |
 |        0.10.3 |  1.7.20-9.2.x |  Java 7-11 |    1.56-1.62 |
+|      ~>0.10.5 |  1.7.20-9.3.x |  Java 7-11 |    1.60-1.68 |
+|      ~>0.11.x |   9.0.x-9.3.x |  Java 7-11 |    1.62-1.68 |
+|      ~>0.12.x |   9.1.x-9.3.x |  Java 8-15 |    1.65-1.68 |
 NOTE: backwards JRuby compatibility was not handled for versions <= **0.9.6**

data/Rakefile CHANGED Viewed

@@ -1,40 +1,27 @@
 #-*- mode: ruby -*-
-begin
-  require 'ruby-maven'
-rescue LoadError
-  warn "ruby-maven not available - some tasks will not work " <<
-       "either `gem install ruby-maven' or use mvn instead of rake"
-  desc "Package jopenssl.jar with the compiled classes"
-  task :jar do
-    sh "mvn prepare-package -Dmaven.test.skip=true"
-  end
-  namespace :jar do
-    desc "Package jopenssl.jar file (and dependendent jars)"
-    task :all do
-      sh "mvn package -Dmaven.test.skip=true"
-    end
-  end
-else
-  #Rake::Task[:jar].clear rescue nil
-  desc "Package jopenssl.jar with the compiled classes"
-  task :jar do
-    RubyMaven.exec( 'prepare-package -Dmaven.test.skip=true' )
-  end
-  namespace :jar do
-    desc "Package jopenssl.jar file (and dependendent jars)"
-    task :all do
-      RubyMaven.exec( 'package -Dmaven.test.skip=true' )
-    end
-  end
-  task :test_prepare do
-    RubyMaven.exec( 'prepare-package -Dmaven.test.skip=true' )
-    RubyMaven.exec( 'test-compile' ) # separate step due -Dmaven.test.skip=true
+#Rake::Task[:jar].clear rescue nil
+desc "Package jopenssl.jar with the compiled classes"
+task :jar do
+  sh( './mvnw prepare-package -Dmaven.test.skip=true' )
+end
+namespace :jar do
+  desc "Package jopenssl.jar file (and dependendent jars)"
+  task :all do
+    sh( './mvnw package -Dmaven.test.skip=true' )
   end
 end
+task :test_prepare do
+  sh( './mvnw prepare-package -Dmaven.test.skip=true' )
+  sh( './mvnw test-compile' ) # separate step due -Dmaven.test.skip=true
+end
+task :clean do
+  sh( './mvnw clean' )
+end
 task :build do
-  RubyMaven.exec('package -Dmaven.test.skip')
+  sh( './mvnw clean package -Dmaven.test.skip=true' )
 end
 task :default => :build
@@ -55,16 +42,15 @@ task :test => 'lib/jopenssl.jar'
 namespace :integration do
   it_path = File.expand_path('../src/test/integration', __FILE__)
   task :install do
-    Dir.chdir(it_path) do
-      ruby "-S bundle install --gemfile '#{it_path}/Gemfile'"
-    end
+    ruby "-C #{it_path} -S bundle install"
   end
   # desc "Run IT tests"
   task :test => 'lib/jopenssl.jar' do
     unless File.exist?(File.join(it_path, 'Gemfile.lock'))
       raise "bundle not installed, run `rake integration:install'"
     end
-    loader = "ARGV.each { |f| require f }" ; lib = [ 'lib', it_path ]
+    loader = "ARGV.each { |f| require f }"
+    lib = [ File.expand_path('../lib', __FILE__), it_path ]
     test_files = FileList['src/test/integration/*_test.rb'].map { |path| path.sub('src/test/integration/', '') }
     ruby "-I#{lib.join(':')} -C src/test/integration -e \"#{loader}\" #{test_files.map { |f| "\"#{f}\"" }.join(' ')}"
   end

data/lib/jopenssl/load.rb CHANGED Viewed

@@ -2,8 +2,6 @@ warn 'Loading jruby-openssl gem in a non-JRuby interpreter' unless defined? JRUB
 require 'jopenssl/version'
-warn "JRuby #{JRUBY_VERSION} is not supported by jruby-openssl #{JOpenSSL::VERSION}" if JRUBY_VERSION < '1.7.20'
 # NOTE: assuming user does pull in BC .jars from somewhere else on the CP
 unless ENV_JAVA['jruby.openssl.load.jars'].eql?('false')
   version = JOpenSSL::BOUNCY_CASTLE_VERSION
@@ -34,17 +32,5 @@ else; require 'jruby'
 end
 if RUBY_VERSION > '2.3'
-  load 'jopenssl23/openssl.rb'
   load 'jopenssl/_compat23.rb'
-elsif RUBY_VERSION > '2.2'
-  load 'jopenssl22/openssl.rb'
-elsif RUBY_VERSION > '2.1'
-  load 'jopenssl21/openssl.rb'
-else
-  load 'jopenssl19/openssl.rb'
-end
-module OpenSSL
-  autoload :Config, 'openssl/config' unless const_defined?(:Config, false)
-  autoload :PKCS12, 'openssl/pkcs12'
 end

data/lib/jopenssl/version.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 module JOpenSSL
-  VERSION = '0.10.5'
-  BOUNCY_CASTLE_VERSION = '1.65'
+  VERSION = '0.12.1'
+  BOUNCY_CASTLE_VERSION = '1.68'
 end
 Object.class_eval do

data/lib/jopenssl.jar CHANGED Viewed

Binary file

data/lib/openssl/bn.rb CHANGED Viewed

@@ -1,9 +1,40 @@
-if RUBY_VERSION > '2.3'
-  load "jopenssl23/openssl/#{File.basename(__FILE__)}"
-elsif RUBY_VERSION > '2.2'
-  load "jopenssl22/openssl/#{File.basename(__FILE__)}"
-elsif RUBY_VERSION > '2.1'
-  load "jopenssl21/openssl/#{File.basename(__FILE__)}"
-else
-  load "jopenssl19/openssl/#{File.basename(__FILE__)}"
-end
+# frozen_string_literal: true
+#--
+#
+# = Ruby-space definitions that completes C-space funcs for BN
+#
+# = Info
+# 'OpenSSL for Ruby 2' project
+# Copyright (C) 2002  Michal Rokos <m.[email protected]>
+# All rights reserved.
+#
+# = Licence
+# This program is licensed under the same licence as Ruby.
+# (See the file 'LICENCE'.)
+#++
+module OpenSSL
+  class BN
+    include Comparable
+    def pretty_print(q)
+      q.object_group(self) {
+        q.text ' '
+        q.text to_i.to_s
+      }
+    end
+  end # BN
+end # OpenSSL
+##
+#--
+# Add double dispatch to Integer
+#++
+class Integer
+  # Casts an Integer as an OpenSSL::BN
+  #
+  # See `man bn` for more info.
+  def to_bn
+    OpenSSL::BN::new(self)
+  end
+end # Integer