Skip to content

wolfSSL JNI and JSSE Provider 1.13.0
Compare
Choose a tag to compare
@cconlon cconlon released this 09 Apr 21:58
· 134 commits to master since this release
v1.13.0-stable
afd613b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Release 1.13.0 has bug fixes and new features including:

New JSSE Functionality:

  • Add SSLSocket.getApplicationProtocol(), returns negotiated ALPN protocol (PR 150)
  • Add native WOLFSSL_TRUST_PEER_CERT support in WolfSSLTrustX509 (PR 154)
  • Add implementation of javax.net.ssl.X509ExtendedTrustManager (PR 159)
  • Add getSSLParameters() to SSLEngine and SSLSocket (PR 159)
  • Add getHandshakeSession() to SSLSocket (PR 159)
  • Convert SSLSession to ExtendedSSLSession, add getRequestedServerNames() (PR 159)
  • Add ALPN API support to SSLSocket and SSLEngine with tests (PR 163)
  • Add implementation of X509ExtendedKeyManager (PR 167)

JSSE System/Security Property Support:

  • Add partial support for jdk.tls.disabledAlgorithms Security property (PR 136)
  • Add support for wolfjsse.enabledCipherSuites Security property (PR 136)
  • Add support for wolfjsse.enabledSignatureAlgorithms Security property (PR 136)
  • Add support for wolfjsse.enabledSupportedCurves Security property (PR 143)

JSSE Changes:

  • Get updated status before returning from SSLEngine.getHandshakeStatus() (PR 122)
  • Add synchronization to SSLEngine read/write buffers (PR 124)
  • Return null array from X509TrustManager.getAcceptedIssuers() if not yet initialized (PR 128)
  • Improve SSLEngine.unwrap() for better efficiency (PR 137)
  • Add native wolfSSL crypto callback (CryptoCb) support with WolfSSLProvider (PR 138)
  • Add synchronization around WolfSSLAuthStore lock (PR 139)
  • Fixes and improvements to SSLSocket/SSLEngine session resumption (PR 139, 144)
  • Fix for X509TrustManager to not add root CA twice in returned chains (PR 140)
  • Add synchronization around native pointer use and active states (PR 142)
  • Fix for SSLSocket to fall back to I/O callbacks if setting internal fd fails (PR 145)
  • Fix SSLSocket TLS 1.3 session cache and threading issues (PR 149)
  • Throw SocketException if native socket select() fails (PR 151)
  • Only call InetAddress.getHostName() when jdk.tls.trustNameService is true (PR 134)
  • Fix for SSLSession.getPeerCertificate() and cached certs during resumption (PR 162)
  • Save session at correct time for resumption in SSLEngine (PR 165)
  • Check TLS 1.3 session for ticket before saving to Java client cache (PR 175)
  • Fixes for SSLEngine.setWantClientAuth() (PR 172)
  • Release native verify callback when SSLEngine is closed (PR 180)
  • Avoid extra Java array allocation in SSLSocket InputStream/OutputStream (PR 183)

New JNI Wrapped APIs and Functionality:

  • wolfSSL_CTX_SetTmpDH() and wolfSSL_CTX_SetTmpDH_file() (PR 136)
  • wolfSSL_CTX_SetMinDh/Rsa/EccKey_Sz() (PR 136)
  • wolfSSL_set1_sigalgs_list() (PR 136)
  • wolfSSL_CTX_UseSupportedCurve() (PR 158)
  • wolfSSL_X509_check_host() and wolfSSL_SNI_GetRequest() (PR 159)
  • wolfSSL_CTX_set_groups() and wolfTLSv1_3_client/server_method() (PR 164)
  • SSL_CTX_set1_sigalgs_list() (PR 169)
  • wolfSSL_set_tls13_secret_cb(), add ability to set Java callback (PR 181)
  • Add X.509v3 certificate generation support in WolfSSLCertificate and examples (PR 141)
  • Add Certificate Signing Request (CSR) support and examples (PR 146)

JNI Changes:

  • Call wolfSSL_get1_session() when saving session for resumption (PR 139)
  • Call select() again on error with EINTR (PR 171)

New Platform Support:

  • Add Windows support with Visual Studio, see IDE/WIN/README.md (PR 125)

Build System Changes:

  • Add JAVA_HOME support in java.sh for use with custom Java install (PR 121)
  • New argument to java.sh for custom wolfSSL library name to be used (PR 126)
  • Add lib64 directory to library search path in java.sh (PR 130)
  • Standardize JNI library name on OSX to .dylib (PR 152)
  • Add Maven build support (PR 153)
  • Update Android Studio example project (PR 185)

Example Changes:

  • Update instructions for running examples (PR 133)
  • Fix example JSSE client -d option, add -g to send HTTP GET (PR 155)
  • Fix example JSSE client for resumption when sending HTTP GET (PR 157)
  • Add TLS 1.3 version support to example Client.java and Server.java (PR 169)
  • Expand JNI Client.java with support for doing session resumption with tickets (PR 169)

Debugging Changes:

  • Add WolfSSLDebug.logHex() for printing byte arrays as hex (PR 129)
  • Add synchronization and Thread ID to debug log messages (PR 129)
  • Add new debug System property wolfsslengine.io.debug for I/O debug logs (PR 137)
  • Add timestamp to debug logs (PR 148)
  • Fix for enabling JSSE debug logs after WolfSSLProvider has been registered (PR 166)
  • Make native wolfSSL debug log format consistent with wolfJSSE logs (PR 166)

Testing Changes:

  • Add Facebook Infer test script, make fixes (PR 127, 182)
  • Add extended threading test of SSLEngine (PR 124)
  • Testing with and fixes from SonarQube static analyzer (PR 131)
  • Add extended threading test of SSLSocket (PR 149)
  • Testing with and fixes for running SunJSSE tests on wolfJSSE (PR 170, 174)
  • Add GitHub Actions tests for Oracle/Zulu/Coretto/Temurin/Microsoft JDKs on Linux and OS X (PR 176)

Documentation Changes:

  • Clean up Javadoc warnings with Java 17 (PR 147)

The wolfSSL JNI Manual is available at:
https://www.wolfssl.com/documentation/manuals/wolfssljni. For build
instructions and more detailed comments, please check the manual.

Assets 3
Loading