wolfSSL JNI and JSSE Provider 1.13.0
cconlon
released this
09 Apr 21:58
·
159 commits
to master
since this release
Release 1.13.0 has bug fixes and new features including:
New JSSE Functionality:
- Add
SSLSocket.getApplicationProtocol()
, returns negotiated ALPN protocol (PR 150) - Add native
WOLFSSL_TRUST_PEER_CERT
support inWolfSSLTrustX509
(PR 154) - Add implementation of
javax.net.ssl.X509ExtendedTrustManager
(PR 159) - Add
getSSLParameters()
toSSLEngine
andSSLSocket
(PR 159) - Add
getHandshakeSession()
toSSLSocket
(PR 159) - Convert
SSLSession
toExtendedSSLSession
, addgetRequestedServerNames()
(PR 159) - Add ALPN API support to
SSLSocket
andSSLEngine
with tests (PR 163) - Add implementation of
X509ExtendedKeyManager
(PR 167)
JSSE System/Security Property Support:
- Add partial support for
jdk.tls.disabledAlgorithms
Security property (PR 136) - Add support for
wolfjsse.enabledCipherSuites
Security property (PR 136) - Add support for
wolfjsse.enabledSignatureAlgorithms
Security property (PR 136) - Add support for
wolfjsse.enabledSupportedCurves
Security property (PR 143)
JSSE Changes:
- Get updated status before returning from SSLEngine.getHandshakeStatus() (PR 122)
- Add synchronization to SSLEngine read/write buffers (PR 124)
- Return null array from X509TrustManager.getAcceptedIssuers() if not yet initialized (PR 128)
- Improve
SSLEngine.unwrap()
for better efficiency (PR 137) - Add native wolfSSL crypto callback (CryptoCb) support with WolfSSLProvider (PR 138)
- Add synchronization around
WolfSSLAuthStore
lock (PR 139) - Fixes and improvements to
SSLSocket
/SSLEngine
session resumption (PR 139, 144) - Fix for
X509TrustManager
to not add root CA twice in returned chains (PR 140) - Add synchronization around native pointer use and active states (PR 142)
- Fix for
SSLSocket
to fall back to I/O callbacks if setting internal fd fails (PR 145) - Fix
SSLSocket
TLS 1.3 session cache and threading issues (PR 149) - Throw
SocketException
if native socketselect()
fails (PR 151) - Only call
InetAddress.getHostName()
whenjdk.tls.trustNameService
is true (PR 134) - Fix for
SSLSession.getPeerCertificate()
and cached certs during resumption (PR 162) - Save session at correct time for resumption in SSLEngine (PR 165)
- Check TLS 1.3 session for ticket before saving to Java client cache (PR 175)
- Fixes for
SSLEngine.setWantClientAuth()
(PR 172) - Release native verify callback when
SSLEngine
is closed (PR 180) - Avoid extra Java array allocation in
SSLSocket
InputStream/OutputStream (PR 183)
New JNI Wrapped APIs and Functionality:
wolfSSL_CTX_SetTmpDH()
andwolfSSL_CTX_SetTmpDH_file()
(PR 136)wolfSSL_CTX_SetMinDh/Rsa/EccKey_Sz()
(PR 136)wolfSSL_set1_sigalgs_list()
(PR 136)wolfSSL_CTX_UseSupportedCurve()
(PR 158)wolfSSL_X509_check_host()
andwolfSSL_SNI_GetRequest()
(PR 159)wolfSSL_CTX_set_groups()
andwolfTLSv1_3_client/server_method()
(PR 164)SSL_CTX_set1_sigalgs_list()
(PR 169)wolfSSL_set_tls13_secret_cb()
, add ability to set Java callback (PR 181)- Add X.509v3 certificate generation support in
WolfSSLCertificate
and examples (PR 141) - Add Certificate Signing Request (CSR) support and examples (PR 146)
JNI Changes:
- Call
wolfSSL_get1_session()
when saving session for resumption (PR 139) - Call
select()
again on error withEINTR
(PR 171)
New Platform Support:
- Add Windows support with Visual Studio, see IDE/WIN/README.md (PR 125)
Build System Changes:
- Add
JAVA_HOME
support injava.sh
for use with custom Java install (PR 121) - New argument to
java.sh
for custom wolfSSL library name to be used (PR 126) - Add lib64 directory to library search path in
java.sh
(PR 130) - Standardize JNI library name on OSX to .dylib (PR 152)
- Add Maven build support (PR 153)
- Update Android Studio example project (PR 185)
Example Changes:
- Update instructions for running examples (PR 133)
- Fix example JSSE client
-d
option, add-g
to send HTTP GET (PR 155) - Fix example JSSE client for resumption when sending HTTP GET (PR 157)
- Add TLS 1.3 version support to example
Client.java
andServer.java
(PR 169) - Expand JNI
Client.java
with support for doing session resumption with tickets (PR 169)
Debugging Changes:
- Add WolfSSLDebug.logHex() for printing byte arrays as hex (PR 129)
- Add synchronization and Thread ID to debug log messages (PR 129)
- Add new debug System property
wolfsslengine.io.debug
for I/O debug logs (PR 137) - Add timestamp to debug logs (PR 148)
- Fix for enabling JSSE debug logs after WolfSSLProvider has been registered (PR 166)
- Make native wolfSSL debug log format consistent with wolfJSSE logs (PR 166)
Testing Changes:
- Add Facebook Infer test script, make fixes (PR 127, 182)
- Add extended threading test of
SSLEngine
(PR 124) - Testing with and fixes from SonarQube static analyzer (PR 131)
- Add extended threading test of
SSLSocket
(PR 149) - Testing with and fixes for running SunJSSE tests on wolfJSSE (PR 170, 174)
- Add GitHub Actions tests for Oracle/Zulu/Coretto/Temurin/Microsoft JDKs on Linux and OS X (PR 176)
Documentation Changes:
- Clean up Javadoc warnings with Java 17 (PR 147)
The wolfSSL JNI Manual is available at:
https://www.wolfssl.com/documentation/manuals/wolfssljni. For build
instructions and more detailed comments, please check the manual.