Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Changes in 2.8.2 Aug 15, 2016 - version 2.8.2 * Bug o 2.8.1 introduced JRuby + SSL connection problem; in some cases it cannot connect to trusted TLS server. 2.8.1 failed to load multiple CA certificates in a file. #327. Aug 16, 2016 - version 2.8.2.1 * Bug o 2.8.1 introduced another bug that causes NPE from JRuby when JRuby program loads httpclient and uses OpenSSL::X509::Store outside of httpclient. 2.8.3 fixed this problem. #325 Aug 28, 2016 - version 2.8.2.3 * Bug o 2.8.2 fixed VERIFY_NONE at JRuby but the fix was not enough. Sep 11, 2016 - version 2.8.2.4 * Bug o 2.8.2 caused unexpected resulting value change of OpenSSL::X509::Store#add_cert method. Fixed. Changes in 2.8.1 Aug 8, 2016 - version 2.8.1 * Changes o Use TLSv1.2 always on JRuby #320 o Do not reset keep-alive connection by configuration change #315 o Add strict_response_size_check option #316 false by default, meaning it behavies like browsers by default. o Add MIME type for XML #308 * Bug o Direct access to SSLConfig#cert_store in JRuby was broken from 2.7 #276 #317 o OpenSSL::SSL::VERIFY_NONE does not work in JRuby #319 o Allow receiving response body in block when follow_redirects => true. #304 o Fix blocking issue with request_async when Encoding.default_internal is set. #307 o Apply timeouts for chunked transfer encoding #309 Changes in 2.8.0 Apr 24, 2016 - version 2.8.0 * Changes o Force using RSA 2048bit CA cert set Use RSA 2048bit CA cert set every time if it runs with OpenSSL (== except JRuby.) Old openssl (<1.0.1p or <1.0.2d) cannot handle this CA set and causes SSL connection failure against some SSL servers including AWS S3 API. For such case you can manually specify RSA 1024bit CA cert set as a workaround. c = HTTPClient.new { |c| c.ssl_config.add_trust_ca("cacert1024.pem") } c.get("https://www.ruby-lang.org/") RSA 1024bit CA cert set is not maintained over years so you should consider updating OpenSSL version so that HTTPClient uses RSA 2048 bit CA cert set. Changes in 2.7.2 Apr 22, 2016 - version 2.7.2 * Changes o Use RSA 1024bit CA cert when linked to old openssl Based on comments to #297 this commit silently (without warning) accepts RSA 1024bit certificate set when runtime ruby is liked with old OpenSSL (<1.0.1p or <1.0.2d.) If you're unsure that your OpenSSL is patched or not, and want to make sure to use RSA 2048bit certificate set, please call HTTPClient::SSLConfig#add_trust_ca("cacert.pem"). c = HTTPClient.new { |c| c.ssl_config.add_trust_ca("cacert.pem") } c.get("https://www.ruby-lang.org/") I'm going to remove RSA 1024bit certificate set and bump httpclient version to 2.8.0 soon after I release this as 2.7.2. I believe almost all OpenSSL installation is patched quickly these days so it should not cause SSL connectivity problem.
- Loading branch information