0.15.3

• [fix] keep curve name when group is set into another key
• [fix] make sure OpenSSL::PKey::EC#dup (copying) works
• [compat] make sure OpenSSL::PKey::EC#generate_key! exists
• [compat] missing OpenSSL:BN to_int, -@, +@, abs, negative?
• [compat] implement PKey::EC public_to_pem and xxx_to_der
• [fix] initialize @unused_bits = 0 for BitString
• [fix] raise ASN1Error when unused_bits out of range
• [fix] respect @unused_bits in BitString (#323)
• [fix] missing OpenSSL::ASN1::ObjectId#== (#311)
• [compat] implement PKey::DSA public_to_der and public_to_pem
• [compat] implement PKey::RSA public_to_der and public_to_pem
• [fix] DSA private key should generate after set_key
• [refactor] RSA key internals to always consider params
• [fix] DSA key compatibility when set_pqg
• [fix] RSA private key should generate after set_key
• [compat] add private? and public? methods on PKey::EC

0.15.2

• [deps] upgrade BC to version 1.79
• [fix] avoid PKey::EC.new failing with specific DER (#318)
• [fix] have a useful OPENSSL_VERSION_NUMBER

0.15.1

• [deps] upgrade BC to version 1.78.1

0.15.0

This version upgraded to latest Bouncy-Castle (1.78) and the minimum supported JRuby is now 9.2.

• [refactor] propagate IOError from selector exception
• [fix] convert IOException to Ruby exception correctly
  follow up on the fix (#242) in 0.14.6
• [fix] implement OpenSSL::PKey::EC::Point#mul and #add (#307)
• [fix] ASN.1 BitString pad bits being out of range
• [compat] support base64digest on OpenSSL::HMAC
• [compat] add Buffering#getbyte for SSLSocket
• [refactor] drop (unused) Config native impl
• [refactor] less locking when there's a shared SSLContext
• [fix] encoding of ASN1::Null primitive to_der
• [fix] ASN.1 tagged object tag-class encoding/decoding
• [fix] ASN1 primitive tagging (encoding) part (#122)
• [fix] encoding/decoding of all ASN1 string types
• [fix] ASN1Data encoding with Array primitive value (#119)
• [refactor] drop security restriction JCE work-around
• [refactor] drop long deprecated OpenSSLReal Java class
• [deps] upgrade BC to version 1.78

0.14.6

• [compat] OpenSSL::ConfigError and DEFAULT_CONFIG_FILE (#304)
• [fix] OpenSSL::PKey::DH#set_pqg regression (#300)
• Convert IOException to Ruby exception correctly (#242)
• [refactor] add exception debugging within SSLSocket#waitSelect
• [fix] sync SSLContext#setup as it could be shared (#302)
• [refactor] organize i-var sets (set @context after setup)

0.14.5

• [fix] OpenSSL::X509::Request#verify with DSA public key
  (this was a regression introduced in JOSSL 0.14.4)

0.14.4

• [fix] convert OpenSSL::ASN1::Sequence to an array on #to_der (#265)
• [feat] implement PKey::DH.generate and (dummy) q reader (#254)
• [fix] raise TypeError when arg isn't a Group
• [refactor] make sure ASN1Error has native cause
• [fix] stop assuming (JDK) EC key identifier
  "EC" with Sun provider but "ECDSA" with BC
• [fix] do not check empty string as curve name
• [fix] make sure PKeyEC#group.curve_name is always set
• [refactor] PKey.read to use BC fully when reading public keys
• [fix] OpenSSL::X509::CRL#sign to accept string digest
• [fix] OpenSSL::X509::Request#version default is -1
• [fix] resolving EC key from X509::Request.new(pem)
• [feat] implement OpenSSL::X509::Request#signature_algorithm
• [fix] work-around CSR failing with EC key (#294)
• [feat] implement OpenSSL::PKey::EC#to_text (#280)
• [feat] partial support for PKey::EC::Point#to_octet_string(form)
• [feat] implement OpenSSL::PKCS7::SignerInfo#signed_time (#269)
• [feat] implement #oid method for PKey classes (#281)
• [fix] raise PKeyError from PKey.read when no key (#285)
• [fix] restore PKCS#8 EC key handling (see #292)
• [fix] revert readPrivateKey so public key is not lost (#292)

0.14.3

• [fix] SSLSocket#alpn_protocol to be nil when not used (#287)
• [feat] try resolving curve-name from EC public key
• [feat] implement missing PKey::EC#dsa_verify_asn1 (#241)
• [feat] implement support for PKey::EC.generate (#255)
• [refactor] make sure curveName is set when using PKey.read (#289)
• [fix] add Cipher#auth_data(arg) override (Rails 7.x compatibility) (#290)
• [fix] raise TypeError when arg not of expected type (jruby/jruby#7875)

0.14.2

• [deps] upgrade BC to latest 1.74
• [fix] for CRL verify when signed with EC key (#276)
• [fix] OpenSSL::X509::Certificate#public_key raises for EC keys (#273)

0.14.1

• [refactor] improve performance of Diffie-Hellman key exchange (#272)

• Try to use JDK console to prompt for pass (#270)

• [fix] for PKCS8 EC private key support (#267)

• [fix] Java's default session timeout in 24h

• [fix] handle ArgumentError on SSLSession#timeout=

• [fix] buffer overflow after wrap-ing data - wait

• [refactor] try a few tricks to detect session re-use