v3.3.0

What's Changed

• Exact checks with assert_include by @nobu in #683
• Exact checks with assert_include by @nobu in #684
• CI: Upgrade OpenSSL and LibreSSL versions. by @junaruga in #689
• CONTRIBUTING.md: Update testing with debugging and FIPS use cases. [ci skip] by @junaruga in #688
• CI: Add OpenSSL 3.2.0. by @junaruga in #698
• History.md: Escape Markdown syntax Italic "*". [ci skip] by @junaruga in #697
• Use Markdown reference-style links in documents. [ci skip] by @junaruga in #696
• Fix test_pkey_dh.rb in FIPS. by @junaruga in #694
• Windows Ruby 3.3: Workaround: Set OPENSSL_MODULES to find providers. by @junaruga in #712
• CI: Added the rubyinstaller2 issue link that legacy provider is not loaded. by @junaruga in #713
• Add more methods to SocketForwarder. by @ioquatix in #708
• Only set min_version on OpenSSL < 1.1.0 by @ekohl in #710
• Add support for IO#timeout. by @ioquatix in #714
• test/openssl/test_ocsp.rb: fix flaky test by @rhenium in #702
• CI: Upgrade OpenSSL and LibreSSL versions. by @junaruga in #720
• omit tests related legacy provider by @hsbt in #718
• test_asn1.rb: Remove the assertions of the time string format without second. by @junaruga in #728
• test_provider.rb: Make a legacy provider test optional. by @junaruga in #721
• Revert openssl dir workaround on TruffleRuby by @eregon in #705
• Fix test_pkey_dsa.rb in FIPS. by @junaruga in #729
• Use www.rfc-editor.org for RFC text. by @hsbt in #737
• CI: Upgrade OpenSSL and LibreSSL versions. by @junaruga in #745
• Only CSR version 1 (encoded as 0) is allowed by PKIX standards by @botovq in #747
• Introduce basic support for close_read and close_write. by @ioquatix in #743
• CI: Remove workaround for Ruby-3.2 and 3.3 on Windows by @larskanis in #748
• Add OpenSSL::Digest.digests to get a list of available digests by @bdewater in #726
• Remove trailing space in test_ssl.rb by @peterzhu2118 in #750
• asn1: check error return from i2d_ASN1_TYPE() by @rhenium in #755
• read: don't clear buffer when nothing can be read by @casperisfine in #739
• Add to_text for PKCS7 and Timestamp::Response by @segiddins in #756
• [CI] test.yml - use bundle exec, use setup-ruby bundler-cache, fixes Windows issue by @MSP-Greg in #758
• Don't download OpenSSL from ftp.openssl.org anyomre by @KJTsanaktsidis in #763
• Fix test_create_with_mac_iter accidently setting keytype not maciter by @KJTsanaktsidis in #762
• Add X509::Certificate#tbs_bytes by @segiddins in #753
• Clarify license by @rhenium in #754
• Automatically update GitHub Pages from master branch by @rhenium in #764
• CI: Rely on setup-ruby to install Bundler gems by @olleolleolle in #766
• Pass through nil as digest when signing certificates by @gartens in #761
• rewriting most of the asn1 init code in ruby by @HoneyryderChuck in #740
• Add SSLSocket#readbyte by @lwoggardner in #771
• A temporary workaround to download OpenSSL archive files. by @junaruga in #779
• x509attr: avoid using OpenSSL::ASN1 internals in #value= by @rhenium in #773
• Set time directly on the x509 store by @segiddins in #770
• Revert "A temporary workaround to download OpenSSL archive files." by @junaruga in #781
• CI: Upgrade OpenSSL and LibreSSL versions by @junaruga in #782
• Make "rake debug" protective for a Ruby OpenSSL loading error. by @junaruga in #783
• Update .github/workflows/test.yml by @rhenium in #784
• test_s_generate_parameters: Consider a DSA error in FIPS. by @junaruga in #786
• Remove test_ed25519_not_approved_on_fips. by @junaruga in #789
• Fix test_pkey_rsa.rb in FIPS. by @junaruga in #790
• Fix test_provider.rb in FIPS. by @junaruga in #794
• CI: Upgrade OpenSSL versions by @junaruga in #799
• Add prime gem to d dependency by @takkanm in #810
• CI: Upgrade OpenSSL and LibreSSL versions by @rhenium in #813
• [DOC] Replace removed method in example for OpenSSL::Config#to_s by @hoshi-sano in #805
• ssl: remove redundant ossl_ssl_ex_vcb_idx by @rhenium in #795
• pkcs7: remove default cipher from PKCS7.encrypt by @rhenium in #796
• move ractor safe macro to ossl.h by @HoneyryderChuck in #811
• make bn shareable when frozen by @HoneyryderChuck in #808
• Add passing test files in FIPS. by @junaruga in #819
• Rakefile: Manage test files by excluding test files in the test_fips task. by @junaruga in #820
• Support signing requests and CRLs using ED25519 by @joshcooper in #804
• ssl: fix potential exception in servername_cb by @rhenium in #822
• ssl: handle callback exceptions in SSLSocket#sysread and #syswrite by @rhenium in #821
• ossl config: shareable when frozen by @HoneyryderChuck in #809
• Various small fixes in C extension code by @rhenium in #814
• ssl: do not enable OpenSSL::SSL::OP_ALL by default by @rhenium in #767
• pkcs12: add PKCS12#set_mac by @rhenium in #788
• digest: remove optional parameter from OpenSSL::Digest#finish by @rhenium in #825
• ssl: fix flaky test case test_ctx_client_session_cb_tls13_exception by @rhenium in #829
• Ruby/OpenSSL 3.3.0 by @rhenium in #827

New Contributors

• @ekohl made their first contribution in #710
• @casperisfine made their first contribution in #739
• @segiddins made their first contribution in #756
• @KJTsanaktsidis made their first contribution in #763
• @olleolleolle made their first contribution in #766
• @gartens made their first contribution in #761
• @HoneyryderChuck made their first contribution in #740
• @lwoggardner made their first contribution in #771
• @takkanm made their first contribution in #810
• @hoshi-sano made their first contribution in #805
• @joshcooper made their first contribution in #804

Full Changelog: v3.2.1...v3.3.0

v3.2.1

What's Changed

• Fix regression in do_write(s) causing significant performance issues when using large (>10meg) writes by @jaymzjulian in #706
• Backport test fixes to 3.0 by @rhenium in #751
• cipher: fix buffer overflow in Cipher#update by @rhenium in #717
• Handle missing content in PKCS7 by @rhenium in #752
• Remove "gemspec" from Gemfile by @rhenium in #768
• asn1: fix ObjectId#== by @rhenium in #792
• x509: fix handling of multiple URIs in Certificate#crl_uris by @rhenium in #776
• cipher: make output buffer String independent by @rhenium in #824
• Configure RubyGems Trusted Publishing by @rhenium in #815

New Contributors

• @jaymzjulian made their first contribution in #706

Full Changelog: v3.2.0...v3.2.1

v3.1.1

What's Changed

• pkey/ec: constify by @nobu in #584
• Fix regression in do_write(s) causing significant performance issues when using large (>10meg) writes by @jaymzjulian in #706
• Backport test fixes to 3.0 by @rhenium in #751
• cipher: fix buffer overflow in Cipher#update by @rhenium in #717
• Handle missing content in PKCS7 by @rhenium in #752
• Remove "gemspec" from Gemfile by @rhenium in #768
• asn1: fix ObjectId#== by @rhenium in #792
• x509: fix handling of multiple URIs in Certificate#crl_uris by @rhenium in #776
• cipher: make output buffer String independent by @rhenium in #824

New Contributors

• @jaymzjulian made their first contribution in #706

Full Changelog: v3.1.0...v3.1.1

v3.0.3

What's Changed

• Fix regression in do_write(s) causing significant performance issues when using large (>10meg) writes by @jaymzjulian in #706
• Backport test fixes to 3.0 by @rhenium in #751
• cipher: fix buffer overflow in Cipher#update by @rhenium in #717
• Handle missing content in PKCS7 by @rhenium in #752
• Remove "gemspec" from Gemfile by @rhenium in #768
• asn1: fix ObjectId#== by @rhenium in #792
• x509: fix handling of multiple URIs in Certificate#crl_uris by @rhenium in #776
• cipher: make output buffer String independent by @rhenium in #824

New Contributors

• @jaymzjulian made their first contribution in #706

Full Changelog: v3.0.2...v3.0.3

v3.2.0

What's Changed

• pkey/ec: constify by @nobu in #584
• [DOC] Remove repeated example from Digest by @Maumagnaguagno in #587
• Do not require a test file in a separately run test case by @andrykonchin in #591
• Update the latest version of EnvUtil by @hsbt in #593
• Improve GH Actions by @hsbt in #599
• Forward-port https://bugs.ruby-lang.org/issues/19386 by @hsbt in #596
• Skip failing test with truffleruby and ubuntu-22.04 by @hsbt in #600
• Stub gemspec for JRuby by @headius in #598
• .github/workflows/test.yml: Update OpenSSL versions by @junaruga in #602
• Relax error message for OpenSSL 3.1 by @nobu in #607
• Register global variables before assignment by @nobu in #613
• Add rdoc as a development dependency. by @junaruga in #616
• Implement FIPS functions, adding OpenSSL FIPS mode case on CI. by @junaruga in #608
• Fix warnings about the OPENSSL_FIPS macro in OpenSSL 1.1. by @junaruga in #621
• Revert "Skip OpenSSL::TestHMAC#test_dup when running with RHEL9" by @hsbt in #622
• CI: Enable the verbose mode in the mkmf.rb. by @junaruga in #623
• CI: Enable the verbose mode in the mkmf.rb by env MAKEFLAGS. by @junaruga in #624
• Remove usage of IO internals. by @ioquatix in #627
• Append flags from environment variables. by @junaruga in #629
• Print the Ruby and compiler info or the command itself before compiling. by @junaruga in #630
• Rakefile: Print the message with Rake.rake_output_message. by @junaruga in #632
• Fix OpenSSL::PKey.read that cannot parse PKey in the FIPS mode. by @junaruga in #615
• Implement Write Barrier for all OpenSSL types by @byroot in #604
• CI: Rename the key name "foo_bar" (underscore) to "foo-bar" (hyphen). by @junaruga in #634
• CI: Upgrade OpenSSL and LibreSSL versions. by @junaruga in #636
• extconf.rb: apply RUBY_OPENSSL_EXT{C,LD}FLAGS after checking features by @rhenium in #633
• pkey: use unsigned type for bit fields by @rhenium in #638
• Drop support for Ruby 2.6 by @rhenium in #639
• CI: Check compiler warnings. by @junaruga in #631
• CI: Fix a typo in the comment. [ci skip] by @junaruga in #641
• add OpenSSL Provider support by @QWYNG in #635
• Add support for raw private/public keys by @sylph01 in #646
• [DOC] remove top-level example for OpenSSL::Cipher#pkcs5_keyivgen by @rhenium in #647
• Always respect the openssl prefix chosen by truffle/openssl-prefix on TruffleRuby by @eregon in #653
• CI: Add OpenSSL 3.1 FIPS case. by @junaruga in #655
• CI: Upgrade OpenSSL versions. by @junaruga in #657
• Raise an error when the specified OpenSSL library directory doesn't exist. by @junaruga in #618
• CI: Add OpenSSL master branch head non-FIPS and FIPS cases. by @junaruga in #658
• Enhance printing OpenSSL versions. by @junaruga in #662
• Use openssl? instead of OpenSSL::OPENSSL_VERSION_NUMBER. by @junaruga in #663
• test/openssl/test_pkey.rb: Fix pending tests in FIPS case. by @junaruga in #664
• Include "additional data" message in OpenSSL errors by @rhenium in #648
• ssl: raise SSLError if loading ca_file or ca_path fails by @rhenium in #659
• [DOC] enhance RDoc for exporting pkeys by @rhenium in #645
• ssl: adjust "certificate verify failed" error on SSL_ERROR_SYSCALL by @rhenium in #640
• Fix LIBRESSL_VERSION_NUMBER document mistake. by @junaruga in #667
• Rakefile: Print FIPS information in the rake debug. by @junaruga in #666
• CI: Replace "mode" in "FIPS mode" with "module". by @junaruga in #670
• ossl_pkey.c: Workaround: Decode with non-zero selections. by @junaruga in #669
• Use the test-unit-ruby-core gem for Test::Unit::CoreAssertions by @rhenium in #673
• test/openssl/test_pkey_ec.rb: refactor tests for EC.builtin_curves by @rhenium in #675
• Refactor Buffering consume_rbuff and getbyte methods by @Maumagnaguagno in #585
• Prefer String#unpack1 by @Maumagnaguagno in #586
• ssl: use ffdhe2048 from RFC 7919 as the default DH group parameters by @rhenium in #674
• instead of looking of NIDs and then using X509V3_EXT_nconf_nid, by @mcr in #141
• Fix OCSP documentation by @p8 in #676
• Remove OSSL_DEBUG compile-time option by @rhenium in #677
• Fix test_pkey_ec.rb on FIPS. by @junaruga in #681
• Bump actions/checkout from 3 to 4 by @dependabot in #682
• Release 3.2.0 by @rhenium in #678

New Contributors

• @Maumagnaguagno made their first contribution in #587
• @andrykonchin made their first contribution in #591
• @headius made their first contribution in #598
• @byroot made their first contribution in #604
• @QWYNG made their first contribution in #635
• @sylph01 made their first contribution in #646
• @mcr made their first contribution in #141
• @p8 made their first contribution in #676
• @dependabot made their first contribution in #682

Full Changelog: v3.1.0...v3.2.0

v3.1.0

What's Changed

• Added 'ciphersuites=' method to allow setting of TLSv1.3 cipher suites along with some unit tests by @kmdz1 in #493
• Install openssl with vcpkg on mswin by @nobu in #504
• Make tests pass on LibreSSL 3.5 and 3.4 by @jeremyevans in #506
• Fix formatting in docs by @peterzhu2118 in #508
• Update actions at 2022/3 by @hsbt in #505
• Use SHA256 for OCSP BasicResponse and Request by @jackorp in #507
• [CI] add Ubuntu-22.04 and update mswin, all are OpenSSL 3 by @MSP-Greg in #514
• ignore pkgconfig when openssl-dir option is specified by @skaes in #486
• Skip a new test when old OpenSSL by @nobu in #524
• Check for OpenSSL functions in headers by @XrXr in #520
• [CI] test.yml - test-openssls - use 1.1.1q, 3.0.5 by @MSP-Greg in #528
• [CI] TestHMAC#test_dup - remove 'pend' for OpenSSL 3 by @MSP-Greg in #529
• implement SSLSocket#export_keying_material for doing RFC 5705 operations by @madblobfish in #530
• Add support to SSL_CTX_set_keylog_callback() by @cdelafuente-r7 in #536
• Use default IO#timeout if possible. by @ioquatix in #547
• Use default IO#timeout if possible. by @ioquatix in #548
• Call out insecure PKCS #1 v1.5 default padding for RSA by @bdewater in #549
• Add BN#mod_sqrt by @btoews in #553
• Use SHA256 instead of SHA1 where needed in tests. by @jackorp in #554
• Enable HKDF support for LibreSSL 3.6 and later by @botovq in #569
• Allow empty string to OpenSSL::Cipher#update by @unasuke in #568
• Fixes OPENSSL_LIBRARY_VERSION description on documentation by @hbontempo-br in #559
• Use EVP_Digest{Sign,Verify} when available by @botovq in #560
• Added dependebot for github actions by @hsbt in #574
• Rake and test-unit are only for development by @nobu in #578
• Actions - Use Ubuntu 20.04 for 1.1.1 CI, misc fixes by @MSP-Greg in #573
• Fix test failures with LibreSSL 3.6 by @rhenium in #579
• Check for functions with arguments by @nobu in #575
• Suppress OpenSSL-3 warnings by @nobu in #576
• Undefine OpenSSL::SSL for no socket platforms by @kateinoigakukun in #558
• Ruby/OpenSSL 3.1.0 by @rhenium in #583

New Contributors

• @kmdz1 made their first contribution in #493
• @peterzhu2118 made their first contribution in #508
• @jackorp made their first contribution in #507
• @skaes made their first contribution in #486
• @XrXr made their first contribution in #520
• @madblobfish made their first contribution in #530
• @cdelafuente-r7 made their first contribution in #536
• @botovq made their first contribution in #569
• @hbontempo-br made their first contribution in #559
• @kateinoigakukun made their first contribution in #558

Full Changelog: v3.0.2...v3.1.0

v3.0.2

What's Changed

• pkey/ec: fix multiple ossl_raise() calls using cEC_POINT instead of eEC_POINT by @bannable in #570
• raise when EC_POINT_cmp or EC_GROUP_cmp error instead of returning true by @bannable in #564
• maint-2.2 Actions - update workflow to use OpenSSL 1.1.1, actions/checkout@v3 by @MSP-Greg in #572
• pkey/ec: check private key validity with OpenSSL 3 by @rhenium in #580
• Ruby/OpenSSL 2.2.3 by @rhenium in #581
• Ruby/OpenSSL 3.0.2 by @rhenium in #582

New Contributors

• @bannable made their first contribution in #570

Full Changelog: v3.0.1...v3.0.2

v2.2.3

What's Changed

• pkey/ec: fix multiple ossl_raise() calls using cEC_POINT instead of eEC_POINT by @bannable in #570
• raise when EC_POINT_cmp or EC_GROUP_cmp error instead of returning true by @bannable in #564
• maint-2.2 Actions - update workflow to use OpenSSL 1.1.1, actions/checkout@v3 by @MSP-Greg in #572
• Ruby/OpenSSL 2.2.3 by @rhenium in #581

New Contributors

• @bannable made their first contribution in #570

Full Changelog: v2.2.2...v2.2.3