Wolfssljni Versions Save

wolfSSL JSSE provider and JNI wrapper for SSL/TLS, supporting up to TLS 1.3!

v1.13.0-stable

1 month ago

Release 1.13.0 has bug fixes and new features including:

New JSSE Functionality:

  • Add SSLSocket.getApplicationProtocol(), returns negotiated ALPN protocol (PR 150)
  • Add native WOLFSSL_TRUST_PEER_CERT support in WolfSSLTrustX509 (PR 154)
  • Add implementation of javax.net.ssl.X509ExtendedTrustManager (PR 159)
  • Add getSSLParameters() to SSLEngine and SSLSocket (PR 159)
  • Add getHandshakeSession() to SSLSocket (PR 159)
  • Convert SSLSession to ExtendedSSLSession, add getRequestedServerNames() (PR 159)
  • Add ALPN API support to SSLSocket and SSLEngine with tests (PR 163)
  • Add implementation of X509ExtendedKeyManager (PR 167)

JSSE System/Security Property Support:

  • Add partial support for jdk.tls.disabledAlgorithms Security property (PR 136)
  • Add support for wolfjsse.enabledCipherSuites Security property (PR 136)
  • Add support for wolfjsse.enabledSignatureAlgorithms Security property (PR 136)
  • Add support for wolfjsse.enabledSupportedCurves Security property (PR 143)

JSSE Changes:

  • Get updated status before returning from SSLEngine.getHandshakeStatus() (PR 122)
  • Add synchronization to SSLEngine read/write buffers (PR 124)
  • Return null array from X509TrustManager.getAcceptedIssuers() if not yet initialized (PR 128)
  • Improve SSLEngine.unwrap() for better efficiency (PR 137)
  • Add native wolfSSL crypto callback (CryptoCb) support with WolfSSLProvider (PR 138)
  • Add synchronization around WolfSSLAuthStore lock (PR 139)
  • Fixes and improvements to SSLSocket/SSLEngine session resumption (PR 139, 144)
  • Fix for X509TrustManager to not add root CA twice in returned chains (PR 140)
  • Add synchronization around native pointer use and active states (PR 142)
  • Fix for SSLSocket to fall back to I/O callbacks if setting internal fd fails (PR 145)
  • Fix SSLSocket TLS 1.3 session cache and threading issues (PR 149)
  • Throw SocketException if native socket select() fails (PR 151)
  • Only call InetAddress.getHostName() when jdk.tls.trustNameService is true (PR 134)
  • Fix for SSLSession.getPeerCertificate() and cached certs during resumption (PR 162)
  • Save session at correct time for resumption in SSLEngine (PR 165)
  • Check TLS 1.3 session for ticket before saving to Java client cache (PR 175)
  • Fixes for SSLEngine.setWantClientAuth() (PR 172)
  • Release native verify callback when SSLEngine is closed (PR 180)
  • Avoid extra Java array allocation in SSLSocket InputStream/OutputStream (PR 183)

New JNI Wrapped APIs and Functionality:

  • wolfSSL_CTX_SetTmpDH() and wolfSSL_CTX_SetTmpDH_file() (PR 136)
  • wolfSSL_CTX_SetMinDh/Rsa/EccKey_Sz() (PR 136)
  • wolfSSL_set1_sigalgs_list() (PR 136)
  • wolfSSL_CTX_UseSupportedCurve() (PR 158)
  • wolfSSL_X509_check_host() and wolfSSL_SNI_GetRequest() (PR 159)
  • wolfSSL_CTX_set_groups() and wolfTLSv1_3_client/server_method() (PR 164)
  • SSL_CTX_set1_sigalgs_list() (PR 169)
  • wolfSSL_set_tls13_secret_cb(), add ability to set Java callback (PR 181)
  • Add X.509v3 certificate generation support in WolfSSLCertificate and examples (PR 141)
  • Add Certificate Signing Request (CSR) support and examples (PR 146)

JNI Changes:

  • Call wolfSSL_get1_session() when saving session for resumption (PR 139)
  • Call select() again on error with EINTR (PR 171)

New Platform Support:

  • Add Windows support with Visual Studio, see IDE/WIN/README.md (PR 125)

Build System Changes:

  • Add JAVA_HOME support in java.sh for use with custom Java install (PR 121)
  • New argument to java.sh for custom wolfSSL library name to be used (PR 126)
  • Add lib64 directory to library search path in java.sh (PR 130)
  • Standardize JNI library name on OSX to .dylib (PR 152)
  • Add Maven build support (PR 153)
  • Update Android Studio example project (PR 185)

Example Changes:

  • Update instructions for running examples (PR 133)
  • Fix example JSSE client -d option, add -g to send HTTP GET (PR 155)
  • Fix example JSSE client for resumption when sending HTTP GET (PR 157)
  • Add TLS 1.3 version support to example Client.java and Server.java (PR 169)
  • Expand JNI Client.java with support for doing session resumption with tickets (PR 169)

Debugging Changes:

  • Add WolfSSLDebug.logHex() for printing byte arrays as hex (PR 129)
  • Add synchronization and Thread ID to debug log messages (PR 129)
  • Add new debug System property wolfsslengine.io.debug for I/O debug logs (PR 137)
  • Add timestamp to debug logs (PR 148)
  • Fix for enabling JSSE debug logs after WolfSSLProvider has been registered (PR 166)
  • Make native wolfSSL debug log format consistent with wolfJSSE logs (PR 166)

Testing Changes:

  • Add Facebook Infer test script, make fixes (PR 127, 182)
  • Add extended threading test of SSLEngine (PR 124)
  • Testing with and fixes from SonarQube static analyzer (PR 131)
  • Add extended threading test of SSLSocket (PR 149)
  • Testing with and fixes for running SunJSSE tests on wolfJSSE (PR 170, 174)
  • Add GitHub Actions tests for Oracle/Zulu/Coretto/Temurin/Microsoft JDKs on Linux and OS X (PR 176)

Documentation Changes:

  • Clean up Javadoc warnings with Java 17 (PR 147)

The wolfSSL JNI Manual is available at: https://www.wolfssl.com/documentation/manuals/wolfssljni. For build instructions and more detailed comments, please check the manual.

v1.12.0-stable

1 year ago

Release 1.12.0 has bug fixes and new features including:

JNI and JSSE Changes:

  • Additional synchronization support in WolfSSLCertificate (PR 118)
  • Prevent WolfSSLCertificate from freeing WOLFSSL_X509 if not owned (PR 118)
  • Fix X509KeyManager.getCertificateChain() to return null when alias is null (PR 119)

Documentation Changes:

  • Add Android Studio instructions for how to update source symlinks on Windows (PR 117)

The wolfSSL JNI Manual is available at: https://www.wolfssl.com/documentation/manuals/wolfssljni. For build instructions and more detailed comments, please check the manual.

v1.11.0-stable

1 year ago

Release 1.11.0 has bug fixes and new features including:

JNI and JSSE Changes:

  • Add support for system properties: keyStore, keyStoreType, keyStorePassword (PR 74)
  • Add support for secure renegotiation if available in native wolfSSL (PR 75)
  • Fix compilation against newer wolfSSL versions that have dtls.c (PR 107)
  • Fixes and cleanup to SSLEngine implementation (PR 108)
  • Fixes for SSLEngine synchronization issues (PR 108)
  • Add non-standard X509TrustManager.checkServerTrusted() for use on Android (PR 109)
  • Add RPM packaging support (PR 110)
  • Fix SSLSocketFactory.createSocket() to allow for null host (PR 111)
  • Remove Override on SSLEngine.getHandshakeSession() for older Java versions (PR 114)

The wolfSSL JNI Manual is available at: https://www.wolfssl.com/documentation/manuals/wolfssljni. For build instructions and more detailed comments, please check the manual.

v1.10.0-stable

1 year ago

Release 1.10.0 has bug fixes and new features including:

JNI and JSSE Changes:

  • Add SSLEngine.getApplicationProtocol(), fixes Undertow compatibility (PR 84)
  • Wrap wolfSSL_UseALPN() at JNI level (PR 84)
  • Fix compile error for wolfSSL < 4.2.0 and wolfSSL_set_alpn_protos() (PR 84)
  • Fix NullPointerException when no selected ALPN is available (PR 84)
  • Fix JNI build when wolfSSL compiled with --disable-filesystem (PR 104)
  • Fix SSLEngine compatibility with data larger than TLS record size (PR 105)
  • Refactor SSLEngine handshake status to be more inline with SunJSSE (PR 105)
  • Add verbose SSLEngine logging with "wolfsslengine.debug" property (PR 105)

Documentation Changes

  • Fix missing Javadoc warnings in ALPN code

Example Changes:

  • Update Android Studio IDE project to use Android 11 (SDK 30)

The wolfSSL JNI Manual is available at: https://www.wolfssl.com/documentation/manuals/wolfssljni. For build instructions and more detailed comments, please check the manual.

v1.9.0-stable

2 years ago

Release 1.9.0 has bug fixes and new features including:

JNI and JSSE Changes:

  • Add synchronization to class cleanup/free routines (PR 78)
  • Fix JNI native casting to use utintptr_t instead of intptr_t (PR 79)
  • Add support for newer Java versions (ex: Java 17) (PR 90)
  • Remove HC-128 support (PR 94). Native wolfSSL removed with https://github.com/wolfSSL/wolfssl/pull/4767
  • Remove RABBIT support (PR 96). Native wolfSSL removed with https://github.com/wolfSSL/wolfssl/pull/4767
  • Remove IDEA support (PR 97). Native wolfSSL removed in https://github.com/wolfSSL/wolfssl/pull/4806.
  • Fix typecasting issues and cleanup for native argument checking (PR 98, 99)
  • Add Socket timeout support for native SSL_connect/write() (PR 95)
  • SSLSocket.getSession() now tries to do TLS handshake if not completed (PR 76)
  • Fix shutdown/close_notify alert handling in WolfSSLEngine (PR 83)
  • Fix WolfSSLSocket to test if close() called before object init (PR 88)
  • Add support for loading default system CA certs on Java 9+ (PR 89)
  • Fix timeout behavior with WolfSSLSession.connect() (PR 100)

Example Changes:

  • Print wolfJSSE provider info in JSSE ProviderTest (PR 77)
  • Add option to ClientJSSE to do one session resumption (PR 80)
  • Update example certificates and keys (PR 81)

Documentation Changes:

  • Add missing Javadocs, fix warnings on newer Java versions (PR 92)

Testing Changes:

  • Update junit dependency to 4.13.2 (PR 91)

The wolfSSL JNI Manual is available at: http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build instructions and more detailed comments, please check the manual.

v1.8.0-stable

2 years ago

Release 1.8.0 has bug fixes and new features including:

  • wolfCrypt FIPS 140-3 and FIPS Ready compatibility
  • Add Socket method wrappers, fixes behavior when inner Socket used with JSSE
  • Add wrappers to get FIPS verifyCore hash (FIPS error cb or directly)
  • Fix potential NullPointerException with several clone() methods
  • Refactor of SSLSessionContext implementation
  • Fix behavior of WolfSSLSocket.getSoTimeout() when external Socket is wrapped
  • Fix timeout used in socketSelect to correctly handle fractional sec timeouts
  • Fix memory leak when custom X509TrustManager is used with wolfJSSE
  • Add support for multiple X509TrustManager objects across multiple sessions
  • Call WolfSSL.cleanup() in finalizer to release library resources earlier
  • Release native WOLFSSL memory sooner, when WolfSSLSocket is closed
  • Better management and freeing of native WolfSSLCertificate memory
  • Release native logging callback when library is freed
  • Release native wolfCrypt FIPS callback when library is freed
  • Release CTX-level Java verify callback when CTX is freed
  • Release CTX-level Java CRL callback when CTX is freed
  • Better global reference cleanup in error conditions
  • Fix unused variable warnings in non-FIPS builds
  • Use one static WolfSSL object across all WolfSSLProvider objects
  • Release local JNI array inside WolfSSLSession.read() on function exit
  • Add multi-threaded JSSE provider client and server examples
  • Update Android AOSP install script to create missing blank files if needed
  • Update Android AOSP build fies to define SIZEOF_LONG and SIZEOF_LONG_LONG
  • Update IDE/Android example Android Studio project
  • Fix default cipher suite list order used in JSSE WolfSSLContext objects
  • Fix FIPS Ready compatibility with WC_RNG_SEED_CB
  • Update Android AOSP Android.mk to compile wolfCrypt kdf.c

The wolfSSL JNI Manual is available at: http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build instructions and more detailed comments, please check the manual.