== 0.7

- Follow MRI 1.8.7 openssl API changes
- Fixes so that jruby-openssl can run on appengine
- Many bug and compatibility fixes, see below.
- This is the last release that will be compatible with JRuby 1.4.x.
- Compatibility issues
-- JRUBY-4342: Follow ruby-openssl of CRuby 1.8.7.
-- JRUBY-4346: Sync tests with tests for ruby-openssl of CRuby 1.8.7.
-- JRUBY-4444: OpenSSL crash running RubyGems tests
-- JRUBY-4075: Net::SSH gives OpenSSL::Cipher::CipherError "No message available"
-- JRUBY-4076: Net::SSH padding error using 3des-cbc on Solaris
-- JRUBY-4541: jruby-openssl doesn't load on App Engine.
-- JRUBY-4077: Net::SSH "all authorization methods failed" Solaris -> Solaris
-- JRUBY-4535: Issues with the BouncyCastle provider
-- JRUBY-4510: JRuby-OpenSSL crashes when JCE fails a initialise bcprov
-- JRUBY-4343: Update BouncyCastle jar to upstream version; jdk14-139 -> jdk15-144
- Cipher issues
-- JRUBY-4012: Initialization vector length handled differently than in MRI (longer IV sequence are trimmed to fit the required)
-- JRUBY-4473: Implemented DSA key generation
-- JRUBY-4472: Cipher does not support RC4 and CAST
-- JRUBY-4577: InvalidParameterException 'Wrong keysize: must be equal to 112 or 168' for DES3 + SunJCE
- SSL and X.509(PKIX) issues
-- JRUBY-4384: TCP socket connection causes busy loop of SSL server
-- JRUBY-4370: Implement SSLContext#ciphers
-- JRUBY-4688: SSLContext#ciphers does not accept 'DEFAULT'
-- JRUBY-4357: SSLContext#{setup,ssl_version=} are not implemented
-- JRUBY-4397: SSLContext#extra_chain_cert and SSLContext#client_ca
-- JRUBY-4684: SSLContext#verify_depth is ignored
-- JRUBY-4398: SSLContext#options does not affect to SSL sessions
-- JRUBY-4360: Implement SSLSocket#verify_result and dependents
-- JRUBY-3829: SSLSocket#read should clear given buffer before concatenating (ByteBuffer.java:328:in `allocate': java.lang.IllegalArgumentException when returning SOAP queries over a certain size)
-- JRUBY-4686: SSLSocket can drop last chunk of data just before inbound channel close
-- JRUBY-4369: X509Store#verify_callback is not called
-- JRUBY-4409: OpenSSL::X509::Store#add_file corrupts when it includes certificates which have the same subject (problem with ruby-openid-apps-discovery (github jruby-openssl issue #2))
-- JRUBY-4333: PKCS#8 formatted privkey read
-- JRUBY-4454: Loading Key file as a Certificate causes NPE
-- JRUBY-4455: calling X509::Certificate#sign for the Certificate initialized from PEM causes IllegalStateException
- PKCS#7 issues
-- JRUBY-4379: PKCS7#sign failed for DES3 cipher algorithm
-- JRUBY-4428: Allow to use DES-EDE3-CBC in PKCS#7 w/o the Policy Files (rake test doesn't finish on JDK5 w/o policy files update)
-  Misc
-- JRUBY-4574: jruby-openssl deprecation warning cleanup
-- JRUBY-4591: jruby-1.4 support

== 0.6

- This is a recommended upgrade to jruby-openssl. A security problem
  involving peer certificate verification was found where failed
  verification silently did nothing, making affected applications
  vulnerable to attackers. Attackers could lead a client application
  to believe that a secure connection to a rogue SSL server is
  legitimate. Attackers could also penetrate client-validated SSL
  server applications with a dummy certificate. Your application would
  be vulnerable if you're using the 'net/https' library with
  OpenSSL::SSL::VERIFY_PEER mode and any version of jruby-openssl
  prior to 0.6. Thanks to NaHi (NAKAMURA Hiroshi) for finding the
  problem and providing the fix. See
  http://www.jruby.org/2009/12/07/vulnerability-in-jruby-openssl.html
  for details.
- This release addresses CVE-2009-4123 which was reserved for the
  above vulnerability.
- Many fixes from NaHi, including issues related to certificate
  verification and certificate store purpose verification.
  - implement OpenSSL::X509::Store#set_default_paths
  - MRI compat. fix: OpenSSL::X509::Store#add_file
  - Fix nsCertType handling.
  - Fix Cipher#key_len for DES-EDE3: 16 should be 24.
  - Modified test expectations around Cipher#final.
- Public keys are lazily instantiated when the
  X509::Certificate#public_key method is called (Dave Garcia)

== 0.5.2

* Multiple bugs fixed:
** JRUBY-3895	Could not verify server signature with net-ssh against Cygwin
** JRUBY-3864	jruby-openssl depends on Base64Coder from JvYAMLb
** JRUBY-3790	JRuby-OpenSSL test_post_connection_check is not passing
** JRUBY-3767	OpenSSL ssl implementation doesn't support client auth
** JRUBY-3673	jRuby-OpenSSL does not properly load certificate authority file

== 0.5.1

* Multiple fixes by Brice Figureau to get net/ssh working. Requires JRuby 1.3.1 to be 100%
* Fix by Frederic Jean for a character-decoding issue for some certificates

== 0.5

* Fixed JRUBY-3614: Unsupported HMAC algorithm (HMACSHA-256)
* Fixed JRUBY-3570: ActiveMerchant's AuthorizeNet Gateway throws OpenSSL Cert Validation Error, when there should be no error
* Fixed JRUBY-3557 Class cast exception in PKeyRSA.java
* Fixed JRUBY-3468 X.509 certificates: subjectKeyIdentifier corrupted
* Fixed JRUBY-3285 Unsupported HMAC algorithm (HMACSHA1) error when generating digest
* Misc code cleanup

== 0.2

- Enable remaining tests; fix a nil string issue in SSLSocket.sysread (JRUBY-1888)
- Fix socket buffering issue by setting socket IO sync = true
- Fix bad file descriptor issue caused by unnecessary close (JRUBY-2152)
- Fix AES key length (JRUBY-2187)
- Fix cipher initialization (JRUBY-1100)
- Now, only compatible with JRuby 1.1

== 0.1.1

- Fixed blocker issue preventing HTTPS/SSL from working (JRUBY-1222)

== 0.1

- PLEASE NOTE: This release is not compatible with JRuby releases earlier than
  1.0.3 or 1.1b2. If you must use JRuby 1.0.2 or earlier, please install the
  0.6 release.
- Release coincides with JRuby 1.0.3 and JRuby 1.1b2 releases
- Simultaneous support for JRuby trunk and 1.0 branch
- Start of support for OpenSSL::BN

== 0.0.5 and prior

- Initial versions with maintenance updates
