Changes in 2.8.2
Aug 15, 2016 - version 2.8.2
* Bug
o 2.8.1 introduced JRuby + SSL connection problem; in some cases it cannot
connect to trusted TLS server. 2.8.1 failed to load multiple CA
certificates in a file. #327.
Aug 16, 2016 - version 2.8.2.1
* Bug
o 2.8.1 introduced another bug that causes NPE from JRuby when JRuby
program loads httpclient and uses OpenSSL::X509::Store outside of
httpclient. 2.8.3 fixed this problem. #325
Aug 28, 2016 - version 2.8.2.3
* Bug
o 2.8.2 fixed VERIFY_NONE at JRuby but the fix was not enough.
Sep 11, 2016 - version 2.8.2.4
* Bug
o 2.8.2 caused unexpected resulting value change of
OpenSSL::X509::Store#add_cert method. Fixed.
Changes in 2.8.1
Aug 8, 2016 - version 2.8.1
* Changes
o Use TLSv1.2 always on JRuby #320
o Do not reset keep-alive connection by configuration change #315
o Add strict_response_size_check option #316 false by default, meaning it
behavies like browsers by default.
o Add MIME type for XML #308
* Bug
o Direct access to SSLConfig#cert_store in JRuby was broken from 2.7
#276#317
o OpenSSL::SSL::VERIFY_NONE does not work in JRuby #319
o Allow receiving response body in block when follow_redirects => true. #304
o Fix blocking issue with request_async when Encoding.default_internal is
set. #307
o Apply timeouts for chunked transfer encoding #309
Changes in 2.8.0
Apr 24, 2016 - version 2.8.0
* Changes
o Force using RSA 2048bit CA cert set
Use RSA 2048bit CA cert set every time if it runs with OpenSSL (==
except JRuby.)
Old openssl (<1.0.1p or <1.0.2d) cannot handle this CA set and causes
SSL connection failure against some SSL servers including AWS S3
API. For such case you can manually specify RSA 1024bit CA cert set as a
workaround.
c = HTTPClient.new { |c| c.ssl_config.add_trust_ca("cacert1024.pem") }
c.get("https://www.ruby-lang.org/")
RSA 1024bit CA cert set is not maintained over years so you should
consider updating OpenSSL version so that HTTPClient uses RSA 2048 bit
CA cert set.
Changes in 2.7.2
Apr 22, 2016 - version 2.7.2
* Changes
o Use RSA 1024bit CA cert when linked to old openssl
Based on comments to #297 this commit silently (without warning) accepts
RSA 1024bit certificate set when runtime ruby is liked with old OpenSSL
(<1.0.1p or <1.0.2d.)
If you're unsure that your OpenSSL is patched or not, and want to make
sure to use RSA 2048bit certificate set, please call
HTTPClient::SSLConfig#add_trust_ca("cacert.pem").
c = HTTPClient.new { |c| c.ssl_config.add_trust_ca("cacert.pem") }
c.get("https://www.ruby-lang.org/")
I'm going to remove RSA 1024bit certificate set and bump httpclient
version to 2.8.0 soon after I release this as 2.7.2. I believe almost
all OpenSSL installation is patched quickly these days so it should not
cause SSL connectivity problem.
d548dd5b4a