|
| 1 | +## 0.9.20 |
| 2 | + |
| 3 | +* upgrade Bouncy-Castle to 1.56 http://bouncycastle.org/releasenotes.html |
| 4 | + (additional security and robustness with 10 CVEs submitted as a result) |
| 5 | +* add a dummy SSLContext#security_level= implementation |
| 6 | +* no dup-ing for SSLContext/SSLSocket and X509 Store/StoreContext |
| 7 | +* implement PKey initialize_copy (dup-ing) |
| 8 | +* digest can be passed in as a String on PKey#sign/verify |
| 9 | +* DSA+SHA1 is actually a supported algorithm |
| 10 | +* reset signed-request -> sub-sequent req.verify will work correctly |
| 11 | +* allow for digest name to be passed into Cert#sign |
| 12 | +* be less fatal on Java 9 |
| 13 | + won't attempt reflective SPIs when accessibility checks fail! |
| 14 | +* remove obsolete (deprecated) renamed classes |
| 15 | +* verify correct WaitReadable is raised on connect_nonblock (jruby/jruby#1716) |
| 16 | +* non-connected ssl socket raises EPIPE on connect_nonblock (MRI compat) |
| 17 | +* fine to close a SSLSocket which is not-yet-connected (like in MRI) |
| 18 | +* fix NPE when reading private keys (with passwd) (jruby/jruby#1784) |
| 19 | + |
1 | 20 | ## 0.9.19 |
2 | 21 |
|
3 | 22 | * re-use secure random from thread-context on SSL context initialization |
4 | 23 | * preliminary OpenSSL 1.1 (Ruby 2.4) compatibility bits (#112) |
5 | 24 | * try using thread-shared secure random gen (in PKey-s) where possible |
6 | 25 | * implement PKeyDSA#syssign and PKeyDSA#sysverify methods |
7 | | -* avoid (unnecessary) byte[] copies in PKey#sign/verify |
| 26 | +* avoid (unnecessary) byte[] copies in PKey#sign/verify |
8 | 27 | * fix ClassCastException error in X509Store.verify (#113) |
9 | 28 | * align BH#hash with eql? (+ equals/hashCode on Java) |
10 | 29 |
|
|
0 commit comments