diff --git a/ChangeLog.md b/ChangeLog.md
new file mode 100644
index 00000000..0d42277a
--- /dev/null
+++ b/ChangeLog.md
@@ -0,0 +1,385 @@
+### wolfSSL JNI Release 1.13.0 (4/9/2024)
+
+Release 1.13.0 has bug fixes and new features including:
+
+**New JSSE Functionality:**
+* Add `SSLSocket.getApplicationProtocol()`, returns negotiated ALPN protocol (PR 150)
+* Add native `WOLFSSL_TRUST_PEER_CERT` support in `WolfSSLTrustX509` (PR 154)
+* Add implementation of `javax.net.ssl.X509ExtendedTrustManager` (PR 159)
+* Add `getSSLParameters()` to `SSLEngine` and `SSLSocket` (PR 159)
+* Add `getHandshakeSession()` to `SSLSocket` (PR 159)
+* Convert `SSLSession` to `ExtendedSSLSession`, add `getRequestedServerNames()` (PR 159)
+* Add ALPN API support to `SSLSocket` and `SSLEngine` with tests (PR 163)
+* Add implementation of `X509ExtendedKeyManager` (PR 167)
+
+**JSSE System/Security Property Support:**
+* Add partial support for `jdk.tls.disabledAlgorithms` Security property (PR 136)
+* Add support for `wolfjsse.enabledCipherSuites` Security property (PR 136)
+* Add support for `wolfjsse.enabledSignatureAlgorithms` Security property (PR 136)
+* Add support for `wolfjsse.enabledSupportedCurves` Security property (PR 143)
+
+**JSSE Changes:**
+* Get updated status before returning from SSLEngine.getHandshakeStatus() (PR 122)
+* Add synchronization to SSLEngine read/write buffers (PR 124)
+* Return null array from X509TrustManager.getAcceptedIssuers() if not yet initialized (PR 128)
+* Improve `SSLEngine.unwrap()` for better efficiency (PR 137)
+* Add native wolfSSL crypto callback (CryptoCb) support with WolfSSLProvider (PR 138)
+* Add synchronization around `WolfSSLAuthStore` lock (PR 139)
+* Fixes and improvements to `SSLSocket`/`SSLEngine` session resumption (PR 139, 144)
+* Fix for `X509TrustManager` to not add root CA twice in returned chains (PR 140)
+* Add synchronization around native pointer use and active states (PR 142)
+* Fix for `SSLSocket` to fall back to I/O callbacks if setting internal fd fails (PR 145)
+* Fix `SSLSocket` TLS 1.3 session cache and threading issues (PR 149)
+* Throw `SocketException` if native socket `select()` fails (PR 151)
+* Only call `InetAddress.getHostName()` when `jdk.tls.trustNameService` is true (PR 134)
+* Fix for `SSLSession.getPeerCertificate()` and cached certs during resumption (PR 162)
+* Save session at correct time for resumption in SSLEngine (PR 165)
+* Check TLS 1.3 session for ticket before saving to Java client cache (PR 175)
+* Fixes for `SSLEngine.setWantClientAuth()` (PR 172)
+* Release native verify callback when `SSLEngine` is closed (PR 180)
+* Avoid extra Java array allocation in `SSLSocket` InputStream/OutputStream (PR 183)
+
+**New JNI Wrapped APIs and Functionality:**
+* `wolfSSL_CTX_SetTmpDH()` and `wolfSSL_CTX_SetTmpDH_file()` (PR 136)
+* `wolfSSL_CTX_SetMinDh/Rsa/EccKey_Sz()` (PR 136)
+* `wolfSSL_set1_sigalgs_list()` (PR 136)
+* `wolfSSL_CTX_UseSupportedCurve()` (PR 158)
+* `wolfSSL_X509_check_host()` and `wolfSSL_SNI_GetRequest()` (PR 159)
+* `wolfSSL_CTX_set_groups()` and `wolfTLSv1_3_client/server_method()` (PR 164)
+* `SSL_CTX_set1_sigalgs_list()` (PR 169)
+* `wolfSSL_set_tls13_secret_cb()`, add ability to set Java callback (PR 181)
+* Add X.509v3 certificate generation support in `WolfSSLCertificate` and examples (PR 141)
+* Add Certificate Signing Request (CSR) support and examples (PR 146)
+
+**JNI Changes:**
+* Call `wolfSSL_get1_session()` when saving session for resumption (PR 139)
+* Call `select()` again on error with `EINTR` (PR 171)
+
+**New Platform Support:**
+* Add Windows support with Visual Studio, see IDE/WIN/README.md (PR 125)
+
+**Build System Changes:**
+* Add `JAVA_HOME` support in `java.sh` for use with custom Java install (PR 121)
+* New argument to `java.sh` for custom wolfSSL library name to be used (PR 126)
+* Add lib64 directory to library search path in `java.sh` (PR 130)
+* Standardize JNI library name on OSX to .dylib (PR 152)
+* Add Maven build support (PR 153)
+* Update Android Studio example project (PR 185)
+
+**Example Changes:**
+* Update instructions for running examples (PR 133)
+* Fix example JSSE client `-d` option, add `-g` to send HTTP GET (PR 155)
+* Fix example JSSE client for resumption when sending HTTP GET (PR 157)
+* Add TLS 1.3 version support to example `Client.java` and `Server.java` (PR 169)
+* Expand JNI `Client.java` with support for doing session resumption with tickets (PR 169)
+
+**Debugging Changes:**
+* Add WolfSSLDebug.logHex() for printing byte arrays as hex (PR 129)
+* Add synchronization and Thread ID to debug log messages (PR 129)
+* Add new debug System property `wolfsslengine.io.debug` for I/O debug logs (PR 137)
+* Add timestamp to debug logs (PR 148)
+* Fix for enabling JSSE debug logs after WolfSSLProvider has been registered (PR 166)
+* Make native wolfSSL debug log format consistent with wolfJSSE logs (PR 166)
+
+**Testing Changes:**
+* Add Facebook Infer test script, make fixes (PR 127, 182)
+* Add extended threading test of `SSLEngine` (PR 124)
+* Testing with and fixes from SonarQube static analyzer (PR 131)
+* Add extended threading test of `SSLSocket` (PR 149)
+* Testing with and fixes for running SunJSSE tests on wolfJSSE (PR 170, 174)
+* Add GitHub Actions tests for Oracle/Zulu/Coretto/Temurin/Microsoft JDKs on Linux and OS X (PR 176)
+
+**Documentation Changes:**
+* Clean up Javadoc warnings with Java 17 (PR 147)
+
+The wolfSSL JNI Manual is available at:
+https://www.wolfssl.com/documentation/manuals/wolfssljni. For build
+instructions and more detailed comments, please check the manual.
+
+### wolfSSL JNI Release 1.12.0 (03/31/2023)
+
+Release 1.12.0 has bug fixes and new features including:
+
+**JNI and JSSE Changes:**
+* Additional synchronization support in WolfSSLCertificate (PR 118)
+* Prevent WolfSSLCertificate from freeing `WOLFSSL_X509` if not owned (PR 118)
+* Fix `X509KeyManager.getCertificateChain()` to return `null` when alias is `null` (PR 119)
+
+**Documentation Changes:**
+* Add Android Studio instructions for how to update source symlinks on Windows (PR 117)
+
+The wolfSSL JNI Manual is available at:
+https://www.wolfssl.com/documentation/manuals/wolfssljni. For build
+instructions and more detailed comments, please check the manual.
+
+### wolfSSL JNI Release 1.11.0 (12/2/2022)
+
+Release 1.11.0 has bug fixes and new features including:
+
+**JNI and JSSE Changes:**
+* Add support for system properties: keyStore, keyStoreType, keyStorePassword (PR 74)
+* Add support for secure renegotiation if available in native wolfSSL (PR 75)
+* Fix compilation against newer wolfSSL versions that have dtls.c (PR 107)
+* Fixes and cleanup to SSLEngine implementation (PR 108)
+* Fixes for SSLEngine synchronization issues (PR 108)
+* Add non-standard X509TrustManager.checkServerTrusted() for use on Android (PR 109)
+* Add RPM packaging support (PR 110)
+* Fix SSLSocketFactory.createSocket() to allow for null host (PR 111)
+* Remove @Override on SSLEngine.getHandshakeSession() for older Java versions (PR 114)
+
+The wolfSSL JNI Manual is available at:
+https://www.wolfssl.com/documentation/manuals/wolfssljni. For build
+instructions and more detailed comments, please check the manual.
+
+### wolfSSL JNI Release 1.10.0 (8/11/2022)
+
+Release 1.10.0 has bug fixes and new features including:
+
+**JNI and JSSE Changes:**
+* Add SSLEngine.getApplicationProtocol(), fixes Undertow compatibility (PR 84)
+* Wrap wolfSSL\_UseALPN() at JNI level (PR 84)
+* Fix compile error for wolfSSL < 4.2.0 and wolfSSL\_set\_alpn\_protos() (PR 84)
+* Fix NullPointerException when no selected ALPN is available (PR 84)
+* Fix JNI build when wolfSSL compiled with --disable-filesystem (PR 104)
+* Fix SSLEngine compatibility with data larger than TLS record size (PR 105)
+* Refactor SSLEngine handshake status to be more inline with SunJSSE (PR 105)
+* Add verbose SSLEngine logging with "wolfsslengine.debug" property (PR 105)
+
+**Documentation Changes**
+* Fix missing Javadoc warnings in ALPN code
+
+**Example Changes:**
+* Update Android Studio IDE project to use Android 11 (SDK 30)
+
+The wolfSSL JNI Manual is available at:
+http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
+instructions and more detailed comments, please check the manual.
+
+### wolfSSL JNI Release 1.9.0 (5/5/2022)
+
+Release 1.9.0 has bug fixes and new features including:
+
+**JNI and JSSE Changes:**
+* Add synchronization to class cleanup/free routines (PR 78)
+* Fix JNI native casting to use utintptr\_t instead of intptr\_t (PR 79)
+* Add support for newer Java versions (ex: Java 17) (PR 90)
+* Remove HC-128 support (PR 94). Native wolfSSL removed with
+[PR #4767](https://github.com/wolfSSL/wolfssl/pull/4767)
+* Remove RABBIT support (PR 96). Native wolfSSL removed with
+[PR #4774](https://github.com/wolfSSL/wolfssl/pull/4767)
+* Remove IDEA support (PR 97). Native wolfSSL removed in
+[PR #4806](https://github.com/wolfSSL/wolfssl/pull/4806).
+* Fix typecasting issues and cleanup for native argument checking (PR 98, 99)
+* Add Socket timeout support for native SSL\_connect/write() (PR 95)
+* SSLSocket.getSession() now tries to do TLS handshake if not completed (PR 76)
+* Fix shutdown/close\_notify alert handling in WolfSSLEngine (PR 83)
+* Fix WolfSSLSocket to test if close() called before object init (PR 88)
+* Add support for loading default system CA certs on Java 9+ (PR 89)
+* Fix timeout behavior with WolfSSLSession.connect() (PR 100)
+
+**Example Changes:**
+* Print wolfJSSE provider info in JSSE ProviderTest (PR 77)
+* Add option to ClientJSSE to do one session resumption (PR 80)
+* Update example certificates and keys (PR 81)
+
+**Documentation Changes:**
+* Add missing Javadocs, fix warnings on newer Java versions (PR 92)
+
+**Testing Changes:**
+* Update junit dependency to 4.13.2 (PR 91)
+
+The wolfSSL JNI Manual is available at:
+http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
+instructions and more detailed comments, please check the manual.
+
+### wolfSSL JNI Release 1.8.0 (11/12/2021)
+
+Release 1.8.0 has bug fixes and new features including:
+
+* wolfCrypt FIPS 140-3 and FIPS Ready compatibility
+* Add Socket method wrappers, fixes behavior when inner Socket used with JSSE
+* Add wrappers to get FIPS verifyCore hash (FIPS error cb or directly)
+* Fix potential NullPointerException with several clone() methods
+* Refactor of SSLSessionContext implementation
+* Fix behavior of WolfSSLSocket.getSoTimeout() when external Socket is wrapped
+* Fix timeout used in socketSelect to correctly handle fractional sec timeouts
+* Fix memory leak when custom X509TrustManager is used with wolfJSSE
+* Add support for multiple X509TrustManager objects across multiple sessions
+* Call WolfSSL.cleanup() in finalizer to release library resources earlier
+* Release native WOLFSSL memory sooner, when WolfSSLSocket is closed
+* Better management and freeing of native WolfSSLCertificate memory
+* Release native logging callback when library is freed
+* Release native wolfCrypt FIPS callback when library is freed
+* Release CTX-level Java verify callback when CTX is freed
+* Release CTX-level Java CRL callback when CTX is freed
+* Better global reference cleanup in error conditions
+* Fix unused variable warnings in non-FIPS builds
+* Use one static WolfSSL object across all WolfSSLProvider objects
+* Release local JNI array inside WolfSSLSession.read() on function exit
+* Add multi-threaded JSSE provider client and server examples
+* Update Android AOSP install script to create missing blank files if needed
+* Update Android AOSP build fies to define `SIZEOF_LONG` and `SIZEOF_LONG_LONG`
+* Update IDE/Android example Android Studio project
+* Fix default cipher suite list order used in JSSE WolfSSLContext objects
+* Fix FIPS Ready compatibility with `WC_RNG_SEED_CB`
+* Update Android AOSP Android.mk to compile wolfCrypt kdf.c
+
+The wolfSSL JNI Manual is available at:
+http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
+instructions and more detailed comments, please check the manual.
+
+### wolfSSL JNI Release 1.7.0 (01/15/2021)
+
+Release 1.7.0 has bug fixes and new features including:
+
+* Fixes for Infer analysis warnings
+* Throw exception in DEFAULT\_Context creation if engineInit() fails
+* Defer creating DEFAULT WolfSSLContext until first use
+* Check if Socket is open before doing TLS shutdown in WolfSSLSocket.close()
+* Only load X509TrustStore issuers when needed by native wolfSSL verification
+* Fix compiler warnings when used with older versions of native wolfSSL
+* Verify and load intermediate CA certs in WolfSSLTrustX509.certManagerVerify()
+* Add support for setSoTimeout() in WolfSSLSocket
+* Fix suites length check in WolfSSLEngineHelper.setLocalCiphers()
+* Check for connection closed before completing handshake in SSLSocket.read/write
+
+The wolfSSL JNI Manual is available at:
+http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
+instructions and more detailed comments, please check the manual.
+
+
+### wolfSSL JNI Release 1.6.0 (08/26/2020)
+
+Release 1.6.0 has bug fixes and new features including:
+
+* Support for custom TrustManager checkClientTrusted(), checkServerTrusted()
+* wolfJSSE TrustManager registered as PKIX provider
+* Improved support for auto-loading system CA certificates
+* Improved Android TrustManager support
+* Use AndroidCAStore KeyStore when available on Android
+* Support for X509Certificate.getSubjectAlternativeNames()
+* Fix for native memory leak in JSSE WolfSSLTrustX509
+* Optimization of WolfSSLTrustX509 to hold less memory at idle
+* Addition of missing finalize() methods in some JSSE classes
+* Casts to uintptr\_t instead of intptr\_t at native JNI level
+* Conversion to use GetByteArrayElements for potential memory use savings
+* Consistently use wolfCrypt XMALLOC/XFREE for native memory allocation
+* Use javah in build.xml for older ant/Java versions without nativeheaderdir
+* Add JSSE debug logging for native wolfSSL with wolfssl.debug system parameter
+* Add more JSSE-level debug messages for easier troubleshooting
+* Add internal implementation of SSLParameters, WolfSSLParameters
+* Add client-side SNI support
+* Fix warnings when DH is disabled (--disable-dh)
+* Add Java thread ID to JSSE debug log messages for easier multithreaded debug
+* Improve handshake synchronization in WolfSSLSocket for multi-threaded apps
+* Add support for jsse.enableSNIExtension system property
+* Add client-side session ticket support
+* Add support for jdk.tls.client.enableSessionTicketExtension system property
+* Enable session ticket and session cert support by default on Android AOSP
+* Fixes compatibility with OkHttp on Android
+* Add support for non-blocking socket operations in WolfSSLSession/Socket
+* Moves I/O mutex locking to native level for more efficient locking
+
+The wolfSSL JNI Manual is available at:
+http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
+instructions and more detailed comments, please check the manual.
+
+
+### wolfSSL JNI Release 1.5.0 (01/17/2020)
+
+Release 1.5.0 has bug fixes and new features including:
+
+* New JSSE provider (wolfJSSE) including TLS 1.3 support!
+* Add JSSE debug logging with wolfjsse.debug system parameter
+* Add JSSE install script and helper files for Android AOSP
+* Add JSSE example apps (examples/provider)
+* Add JNI wrappers to detect if native features/protocols are compiled in
+* Add JNI wrapper for PKCS#8 offset getter
+* Add JNI wrapper for wolfSSL\_get\_ciphers\_iana()
+* Update build.xml to use nativeheaderdir instead of javah target
+* Update tests to use junit-4.13 / hamcrest-all-1.3
+* Update to build, now ant build does not build and run tests / examples
+
+The wolfSSL JNI Manual is available at:
+http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
+instructions and more detailed comments, please check the manual.
+
+
+### wolfSSL JNI Release 1.4.0 (11/16/2018)
+
+Release 1.4.0 has bug fixes and new features including:
+
+* Better support for conditional native wolfSSL feature dependencies
+* Adds methods for checking if native features are enabled
+* Optional method for loading native JNI library from a specific path
+* TLS 1.0 functions are compiled out unless WOLFSSL\_ALLOW\_TLSV10 is defined
+* Wrapper for native wolfCrypt ECC shared secret public key callback
+* Allow other HmacSHA hash types to be used in Atomic User callback examples
+* Error string buffer size set to use WOLFSSL\_MAX\_ERROR\_SZ
+* Fix for RSA doSign() output length
+* Fix for I/O, Atomic User, and Public Key callback registration in examples
+* Updated example key and certificate files
+
+The wolfSSL JNI Manual is available at:
+http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
+instructions and more detailed comments, please check the manual.
+
+
+### wolfSSL JNI Release 1.3.0 (12/04/2015)
+
+Release 1.3.0 has bug fixes and new features including:
+
+* Updated support to wolfSSL 3.7.0
+* Added finalizers for WolfSSLContext and WolfSSLSession classes
+* Fix for SSLv3 now disabled by default in wolfSSL proper
+* SSLv3 now marked as @Deprecated
+* PSK (pre-shared key) support for client and server
+* Better error checking and exception handling
+* New WolfSSLJNIException class
+* WolfSSLSession now cached in native WOLFSSL struct for callbacks
+* Easier inclusion of junit4 in build.xml
+
+The wolfSSL JNI Manual is available at:
+http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
+instructions and more detailed comments, please check the manual.
+
+
+### wolfSSL JNI Release 1.2.0 (06/02/2015)
+
+Release 1.2.0 has bug fixes and new features including:
+
+* Updated support for wolfSSL 3.4.6 and CyaSSL to wolfSSL name change
+* Benchmark functionality in example client
+* Updated example certificates
+* Better detection of Java home on Mac and Linux
+
+The wolfSSL JNI Manual is available at:
+http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
+instructions and more detailed comments, please check the manual.
+
+
+### wolfSSL JNI Release 1.1.0 (10/25/2013)
+
+Release 1.1.0 has bug fixes and new features including:
+
+* Updated support for CyaSSL 2.9.4
+* Updated example certificates and CRLs
+* Now expects user to have JUnit JARs pre-installed on dev platform
+* Updated unit tests, JUnit4 style
+* Android support
+* CRL monitor now optional in server mode
+
+The wolfSSL JNI Manual is available at:
+http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
+instructions and more detailed comments, please check the manual.
+
+
+### wolfSSL JNI Release 1.0.0 (10/25/2013)
+
+Release 1.0.0 is the first public release of wolfSSL JNI, the Java wrapper for
+the CyaSSL embedded SSL library.
+
+The wolfSSL JNI Manual is available at:
+http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
+instructions and more detailed comments, please check the manual.
+
diff --git a/README.md b/README.md
index c6a2e63c..60b1b4bd 100644
--- a/README.md
+++ b/README.md
@@ -26,7 +26,7 @@ and more!
## User Manual
The wolfSSL JNI/JSSE Manual is available on the wolfSSL website:
-[wolfSSL JNI Manual](https://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf).
+[wolfSSL JNI Manual](https://www.wolfssl.com/documentation/manuals/wolfssljni/).
For additional build instructions and more detailed comments, please reference
the manual.
@@ -186,7 +186,7 @@ an application can include this as a dependency in the application's
com.wolfssl
wolfssl-jsse
- 1.12.0-SNAPSHOT
+ 1.13.0-SNAPSHOT
...
@@ -303,9 +303,9 @@ wolfJSSE extends or implements the following JSSE classes:
- javax.net.ssl.TrustManagerFactorySpi
- PKIX, X509, SunX509
- javax.net.ssl.SSLEngine
-- javax.net.ssl.SSLSession
-- javax.net.ssl.X509KeyManager
-- javax.net.ssl.X509TrustManager
+- javax.net.ssl.SSLSession / ExtendedSSLSession
+- javax.net.ssl.X509KeyManager / X509ExtendedKeyManager
+- javax.net.ssl.X509TrustManager / X509ExtendedTrustManager
- javax.net.ssl.SSLServerSocket
- javax.net.ssl.SSLServerSocketFactory
- javax.net.ssl.SSLSocket
@@ -329,292 +329,7 @@ Or by defining `-DHAVE_SECURE_RENEGOTIATION`.
## Release Notes
-### wolfSSL JNI Release 1.12.0 (03/31/2023)
-
-Release 1.12.0 has bug fixes and new features including:
-
-**JNI and JSSE Changes:**
-* Additional synchronization support in WolfSSLCertificate (PR 118)
-* Prevent WolfSSLCertificate from freeing `WOLFSSL_X509` if not owned (PR 118)
-* Fix `X509KeyManager.getCertificateChain()` to return `null` when alias is `null` (PR 119)
-
-**Documentation Changes:**
-* Add Android Studio instructions for how to update source symlinks on Windows (PR 117)
-
-The wolfSSL JNI Manual is available at:
-https://www.wolfssl.com/documentation/manuals/wolfssljni. For build
-instructions and more detailed comments, please check the manual.
-
-### wolfSSL JNI Release 1.11.0 (12/2/2022)
-
-Release 1.11.0 has bug fixes and new features including:
-
-**JNI and JSSE Changes:**
-* Add support for system properties: keyStore, keyStoreType, keyStorePassword (PR 74)
-* Add support for secure renegotiation if available in native wolfSSL (PR 75)
-* Fix compilation against newer wolfSSL versions that have dtls.c (PR 107)
-* Fixes and cleanup to SSLEngine implementation (PR 108)
-* Fixes for SSLEngine synchronization issues (PR 108)
-* Add non-standard X509TrustManager.checkServerTrusted() for use on Android (PR 109)
-* Add RPM packaging support (PR 110)
-* Fix SSLSocketFactory.createSocket() to allow for null host (PR 111)
-* Remove @Override on SSLEngine.getHandshakeSession() for older Java versions (PR 114)
-
-The wolfSSL JNI Manual is available at:
-https://www.wolfssl.com/documentation/manuals/wolfssljni. For build
-instructions and more detailed comments, please check the manual.
-
-### wolfSSL JNI Release 1.10.0 (8/11/2022)
-
-Release 1.10.0 has bug fixes and new features including:
-
-**JNI and JSSE Changes:**
-* Add SSLEngine.getApplicationProtocol(), fixes Undertow compatibility (PR 84)
-* Wrap wolfSSL\_UseALPN() at JNI level (PR 84)
-* Fix compile error for wolfSSL < 4.2.0 and wolfSSL\_set\_alpn\_protos() (PR 84)
-* Fix NullPointerException when no selected ALPN is available (PR 84)
-* Fix JNI build when wolfSSL compiled with --disable-filesystem (PR 104)
-* Fix SSLEngine compatibility with data larger than TLS record size (PR 105)
-* Refactor SSLEngine handshake status to be more inline with SunJSSE (PR 105)
-* Add verbose SSLEngine logging with "wolfsslengine.debug" property (PR 105)
-
-**Documentation Changes**
-* Fix missing Javadoc warnings in ALPN code
-
-**Example Changes:**
-* Update Android Studio IDE project to use Android 11 (SDK 30)
-
-The wolfSSL JNI Manual is available at:
-http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
-instructions and more detailed comments, please check the manual.
-
-### wolfSSL JNI Release 1.9.0 (5/5/2022)
-
-Release 1.9.0 has bug fixes and new features including:
-
-**JNI and JSSE Changes:**
-* Add synchronization to class cleanup/free routines (PR 78)
-* Fix JNI native casting to use utintptr\_t instead of intptr\_t (PR 79)
-* Add support for newer Java versions (ex: Java 17) (PR 90)
-* Remove HC-128 support (PR 94). Native wolfSSL removed with
-[PR #4767](https://github.com/wolfSSL/wolfssl/pull/4767)
-* Remove RABBIT support (PR 96). Native wolfSSL removed with
-[PR #4774](https://github.com/wolfSSL/wolfssl/pull/4767)
-* Remove IDEA support (PR 97). Native wolfSSL removed in
-[PR #4806](https://github.com/wolfSSL/wolfssl/pull/4806).
-* Fix typecasting issues and cleanup for native argument checking (PR 98, 99)
-* Add Socket timeout support for native SSL\_connect/write() (PR 95)
-* SSLSocket.getSession() now tries to do TLS handshake if not completed (PR 76)
-* Fix shutdown/close\_notify alert handling in WolfSSLEngine (PR 83)
-* Fix WolfSSLSocket to test if close() called before object init (PR 88)
-* Add support for loading default system CA certs on Java 9+ (PR 89)
-* Fix timeout behavior with WolfSSLSession.connect() (PR 100)
-
-**Example Changes:**
-* Print wolfJSSE provider info in JSSE ProviderTest (PR 77)
-* Add option to ClientJSSE to do one session resumption (PR 80)
-* Update example certificates and keys (PR 81)
-
-**Documentation Changes:**
-* Add missing Javadocs, fix warnings on newer Java versions (PR 92)
-
-**Testing Changes:**
-* Update junit dependency to 4.13.2 (PR 91)
-
-The wolfSSL JNI Manual is available at:
-http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
-instructions and more detailed comments, please check the manual.
-
-### wolfSSL JNI Release 1.8.0 (11/12/2021)
-
-Release 1.8.0 has bug fixes and new features including:
-
-* wolfCrypt FIPS 140-3 and FIPS Ready compatibility
-* Add Socket method wrappers, fixes behavior when inner Socket used with JSSE
-* Add wrappers to get FIPS verifyCore hash (FIPS error cb or directly)
-* Fix potential NullPointerException with several clone() methods
-* Refactor of SSLSessionContext implementation
-* Fix behavior of WolfSSLSocket.getSoTimeout() when external Socket is wrapped
-* Fix timeout used in socketSelect to correctly handle fractional sec timeouts
-* Fix memory leak when custom X509TrustManager is used with wolfJSSE
-* Add support for multiple X509TrustManager objects across multiple sessions
-* Call WolfSSL.cleanup() in finalizer to release library resources earlier
-* Release native WOLFSSL memory sooner, when WolfSSLSocket is closed
-* Better management and freeing of native WolfSSLCertificate memory
-* Release native logging callback when library is freed
-* Release native wolfCrypt FIPS callback when library is freed
-* Release CTX-level Java verify callback when CTX is freed
-* Release CTX-level Java CRL callback when CTX is freed
-* Better global reference cleanup in error conditions
-* Fix unused variable warnings in non-FIPS builds
-* Use one static WolfSSL object across all WolfSSLProvider objects
-* Release local JNI array inside WolfSSLSession.read() on function exit
-* Add multi-threaded JSSE provider client and server examples
-* Update Android AOSP install script to create missing blank files if needed
-* Update Android AOSP build fies to define `SIZEOF_LONG` and `SIZEOF_LONG_LONG`
-* Update IDE/Android example Android Studio project
-* Fix default cipher suite list order used in JSSE WolfSSLContext objects
-* Fix FIPS Ready compatibility with `WC_RNG_SEED_CB`
-* Update Android AOSP Android.mk to compile wolfCrypt kdf.c
-
-The wolfSSL JNI Manual is available at:
-http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
-instructions and more detailed comments, please check the manual.
-
-### wolfSSL JNI Release 1.7.0 (01/15/2021)
-
-Release 1.7.0 has bug fixes and new features including:
-
-* Fixes for Infer analysis warnings
-* Throw exception in DEFAULT\_Context creation if engineInit() fails
-* Defer creating DEFAULT WolfSSLContext until first use
-* Check if Socket is open before doing TLS shutdown in WolfSSLSocket.close()
-* Only load X509TrustStore issuers when needed by native wolfSSL verification
-* Fix compiler warnings when used with older versions of native wolfSSL
-* Verify and load intermediate CA certs in WolfSSLTrustX509.certManagerVerify()
-* Add support for setSoTimeout() in WolfSSLSocket
-* Fix suites length check in WolfSSLEngineHelper.setLocalCiphers()
-* Check for connection closed before completing handshake in SSLSocket.read/write
-
-The wolfSSL JNI Manual is available at:
-http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
-instructions and more detailed comments, please check the manual.
-
-
-### wolfSSL JNI Release 1.6.0 (08/26/2020)
-
-Release 1.6.0 has bug fixes and new features including:
-
-* Support for custom TrustManager checkClientTrusted(), checkServerTrusted()
-* wolfJSSE TrustManager registered as PKIX provider
-* Improved support for auto-loading system CA certificates
-* Improved Android TrustManager support
-* Use AndroidCAStore KeyStore when available on Android
-* Support for X509Certificate.getSubjectAlternativeNames()
-* Fix for native memory leak in JSSE WolfSSLTrustX509
-* Optimization of WolfSSLTrustX509 to hold less memory at idle
-* Addition of missing finalize() methods in some JSSE classes
-* Casts to uintptr\_t instead of intptr\_t at native JNI level
-* Conversion to use GetByteArrayElements for potential memory use savings
-* Consistently use wolfCrypt XMALLOC/XFREE for native memory allocation
-* Use javah in build.xml for older ant/Java versions without nativeheaderdir
-* Add JSSE debug logging for native wolfSSL with wolfssl.debug system parameter
-* Add more JSSE-level debug messages for easier troubleshooting
-* Add internal implementation of SSLParameters, WolfSSLParameters
-* Add client-side SNI support
-* Fix warnings when DH is disabled (--disable-dh)
-* Add Java thread ID to JSSE debug log messages for easier multithreaded debug
-* Improve handshake synchronization in WolfSSLSocket for multi-threaded apps
-* Add support for jsse.enableSNIExtension system property
-* Add client-side session ticket support
-* Add support for jdk.tls.client.enableSessionTicketExtension system property
-* Enable session ticket and session cert support by default on Android AOSP
-* Fixes compatibility with OkHttp on Android
-* Add support for non-blocking socket operations in WolfSSLSession/Socket
-* Moves I/O mutex locking to native level for more efficient locking
-
-The wolfSSL JNI Manual is available at:
-http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
-instructions and more detailed comments, please check the manual.
-
-
-### wolfSSL JNI Release 1.5.0 (01/17/2020)
-
-Release 1.5.0 has bug fixes and new features including:
-
-* New JSSE provider (wolfJSSE) including TLS 1.3 support!
-* Add JSSE debug logging with wolfjsse.debug system parameter
-* Add JSSE install script and helper files for Android AOSP
-* Add JSSE example apps (examples/provider)
-* Add JNI wrappers to detect if native features/protocols are compiled in
-* Add JNI wrapper for PKCS#8 offset getter
-* Add JNI wrapper for wolfSSL\_get\_ciphers\_iana()
-* Update build.xml to use nativeheaderdir instead of javah target
-* Update tests to use junit-4.13 / hamcrest-all-1.3
-* Update to build, now ant build does not build and run tests / examples
-
-The wolfSSL JNI Manual is available at:
-http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
-instructions and more detailed comments, please check the manual.
-
-
-### wolfSSL JNI Release 1.4.0 (11/16/2018)
-
-Release 1.4.0 has bug fixes and new features including:
-
-* Better support for conditional native wolfSSL feature dependencies
-* Adds methods for checking if native features are enabled
-* Optional method for loading native JNI library from a specific path
-* TLS 1.0 functions are compiled out unless WOLFSSL\_ALLOW\_TLSV10 is defined
-* Wrapper for native wolfCrypt ECC shared secret public key callback
-* Allow other HmacSHA hash types to be used in Atomic User callback examples
-* Error string buffer size set to use WOLFSSL\_MAX\_ERROR\_SZ
-* Fix for RSA doSign() output length
-* Fix for I/O, Atomic User, and Public Key callback registration in examples
-* Updated example key and certificate files
-
-The wolfSSL JNI Manual is available at:
-http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
-instructions and more detailed comments, please check the manual.
-
-
-### wolfSSL JNI Release 1.3.0 (12/04/2015)
-
-Release 1.3.0 has bug fixes and new features including:
-
-* Updated support to wolfSSL 3.7.0
-* Added finalizers for WolfSSLContext and WolfSSLSession classes
-* Fix for SSLv3 now disabled by default in wolfSSL proper
-* SSLv3 now marked as @Deprecated
-* PSK (pre-shared key) support for client and server
-* Better error checking and exception handling
-* New WolfSSLJNIException class
-* WolfSSLSession now cached in native WOLFSSL struct for callbacks
-* Easier inclusion of junit4 in build.xml
-
-The wolfSSL JNI Manual is available at:
-http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
-instructions and more detailed comments, please check the manual.
-
-
-### wolfSSL JNI Release 1.2.0 (06/02/2015)
-
-Release 1.2.0 has bug fixes and new features including:
-
-* Updated support for wolfSSL 3.4.6 and CyaSSL to wolfSSL name change
-* Benchmark functionality in example client
-* Updated example certificates
-* Better detection of Java home on Mac and Linux
-
-The wolfSSL JNI Manual is available at:
-http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
-instructions and more detailed comments, please check the manual.
-
-
-### wolfSSL JNI Release 1.1.0 (10/25/2013)
-
-Release 1.1.0 has bug fixes and new features including:
-
-* Updated support for CyaSSL 2.9.4
-* Updated example certificates and CRLs
-* Now expects user to have JUnit JARs pre-installed on dev platform
-* Updated unit tests, JUnit4 style
-* Android support
-* CRL monitor now optional in server mode
-
-The wolfSSL JNI Manual is available at:
-http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
-instructions and more detailed comments, please check the manual.
-
-
-### wolfSSL JNI Release 1.0.0 (10/25/2013)
-
-Release 1.0.0 is the first public release of wolfSSL JNI, the Java wrapper for
-the CyaSSL embedded SSL library.
-
-The wolfSSL JNI Manual is available at:
-http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
-instructions and more detailed comments, please check the manual.
+Release notes can be found in [ChangeLog.md](./ChangeLog.md).
## Support
diff --git a/build.xml b/build.xml
index 13fe44b9..2f8087d3 100644
--- a/build.xml
+++ b/build.xml
@@ -14,7 +14,7 @@
-
+
diff --git a/pom.xml b/pom.xml
index d0ba8f4a..a0acf67a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,7 +4,7 @@
4.0.0
com.wolfssl
wolfssl-jsse
- 1.12.0-SNAPSHOT
+ 1.13.0-SNAPSHOT
jar
wolfssl-jsse
https://www.wolfssl.com
diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLProvider.java b/src/java/com/wolfssl/provider/jsse/WolfSSLProvider.java
index 054350a9..d47cfadb 100644
--- a/src/java/com/wolfssl/provider/jsse/WolfSSLProvider.java
+++ b/src/java/com/wolfssl/provider/jsse/WolfSSLProvider.java
@@ -71,8 +71,8 @@ public void errorCallback(int ok, int err, String hash) {
* wolfSSL JSSE Provider class
*/
public WolfSSLProvider() {
- super("wolfJSSE", 1.12, "wolfSSL JSSE Provider");
- //super("wolfJSSE", "1.12", "wolfSSL JSSE Provider");
+ super("wolfJSSE", 1.13, "wolfSSL JSSE Provider");
+ //super("wolfJSSE", "1.13", "wolfSSL JSSE Provider");
/* load native wolfSSLJNI library */
WolfSSL.loadLibrary();
diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLX509.java b/src/java/com/wolfssl/provider/jsse/WolfSSLX509.java
index d4938ae9..7e779ec2 100644
--- a/src/java/com/wolfssl/provider/jsse/WolfSSLX509.java
+++ b/src/java/com/wolfssl/provider/jsse/WolfSSLX509.java
@@ -29,7 +29,10 @@
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
+import java.security.KeyFactory;
import java.security.SignatureException;
+import java.security.spec.X509EncodedKeySpec;
+import java.security.spec.InvalidKeySpecException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
@@ -449,7 +452,7 @@ public void verify(PublicKey key, Provider p)
sig.initVerify(key);
sig.update(this.getTBSCertificate());
} catch (Exception e) {
- throw new CertificateException();
+ throw new CertificateException(e);
}
if (sig.verify(this.getSignature()) == false) {
@@ -487,20 +490,41 @@ public void free() {
@Override
public PublicKey getPublicKey() {
+ String type = null;
+ byte[] der = null;
+ KeyFactory kf = null;
+ PublicKey key = null;
+ X509EncodedKeySpec spec = null;
+
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
"entered getPublicKey()");
if (this.cert == null) {
return null;
}
- String type = this.cert.getPubkeyType();
- byte[] der = this.cert.getPubkey();
+
+ type = this.cert.getPubkeyType();
+ der = this.cert.getPubkey();
try {
- return new WolfSSLPubKey(der, type, "X.509");
- } catch (WolfSSLException e) {
+ if (type.equals("RSA")) {
+ kf = KeyFactory.getInstance("RSA");
+ } else if (type.equals("ECC")) {
+ kf = KeyFactory.getInstance("EC");
+ } else if (type.equals("DSA")) {
+ kf = KeyFactory.getInstance("DSA");
+ }
+
+ if (kf != null) {
+ spec = new X509EncodedKeySpec(der);
+ key = (PublicKey)kf.generatePublic(spec);
+ }
+
+ } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
return null;
}
+
+ return key;
}
/* If unsupported critical extension is found then wolfSSL should not parse
@@ -585,66 +609,6 @@ protected void finalize() throws Throwable {
}
}
-
- /* wolfSSL public key class */
- private class WolfSSLPubKey implements PublicKey {
- /**
- * Default serial ID
- */
- private static final long serialVersionUID = 1L;
- private byte[] encoding;
- private String type;
- private String format = "X.509";
-
- /**
- * Creates a new public key class
- * @param der DER format key
- * @param type key type i.e. WolfSSL.RSAk
- * @param curveOID can be null in RSA case
- * @throws WolfSSLException
- */
- private WolfSSLPubKey(byte[] der, String type, String format)
- throws WolfSSLException {
- this.format = format;
- this.encoding = der;
- if (this.encoding == null) {
- throw new WolfSSLException("Error creating key");
- }
- this.type = type;
-
- WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
- "created new WolfSSLPubKey");
- }
-
- @Override
- public String getAlgorithm() {
-
- WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
- "entered getAlgorithm()");
-
- return this.type;
- }
-
- @Override
- public String getFormat() {
-
- WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
- "entered getFormat()");
-
- return this.format;
- }
-
- @Override
- public byte[] getEncoded() {
-
- WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
- "entered getEncoded()");
-
- return this.encoding;
- }
-
- }
-
/* wolfSSL Principal class */
private class WolfSSLPrincipal implements Principal {
private String name;
diff --git a/src/test/com/wolfssl/provider/jsse/test/WolfSSLX509Test.java b/src/test/com/wolfssl/provider/jsse/test/WolfSSLX509Test.java
index 2b1ec369..2d35153b 100644
--- a/src/test/com/wolfssl/provider/jsse/test/WolfSSLX509Test.java
+++ b/src/test/com/wolfssl/provider/jsse/test/WolfSSLX509Test.java
@@ -365,7 +365,6 @@ public void testVerifyProvider() {
pass("\t\t\t... skipped");
return;
}
- System.out.print("\n\t Signature provider " + sigProvider.getName());
store = KeyStore.getInstance(tf.keyStoreType);
stream = new FileInputStream(tf.allJKS);
@@ -403,6 +402,7 @@ public void testVerifyProvider() {
} catch (KeyStoreException | NoSuchAlgorithmException |
CertificateException | IOException | WolfSSLException e) {
error("\t... failed");
+ e.printStackTrace();
fail("general failure");
}
pass("\t... passed");