Merge pull request #311 from cconlon/v1.16release

JacobBarthelmeh · web-flow · commit e83339429173 · 2025-12-31T16:30:21.000-07:00
Prep for 1.16 release
diff --git a/ChangeLog.md b/ChangeLog.md
@@ -1,3 +1,78 @@
+### wolfSSL JNI Release 1.16.0 (12/31/2025)
+
+Release 1.16.0 has bug fixes and new features including:
+
+**JSSE System/Security Property Support:**
+* Add `wolfjsse.autoSNI` Security property support to control auto setting SNI (PR 249)
+* Add partial support for `jdk.tls.client.SignatureSchemes` and `jdk.tls.server.SignatureSchemes` (PR 299)
+
+**JSSE Changes:**
+* Automatically set SNI for HttpsURLConnection connections (PR 249)
+* Add support for DTLS 1.3 (`DTLSv1.3`) in `SSLContext` / `SSLEngine` (PR 254)
+* Fix SNI storing/restoring at wolfJSSE level on session resumption (PR 255)
+* Improve `SSLEngine` send/received performance 20-30% (PR 257)
+* Implement SNI matcher logic for server-side `WolfSSLSocket` use (PR 259)
+* Cache system and security properties on `WolfSSLEngineHelper` creation vs each handshake (PR 273)
+* Reduce synchronization scope in `WolfSSLAuthStore` for lower contention (PR 274)
+* Cache KeyStore entries in `X509ExtendedKeyManager` to reduce contention for heavy concurrent use (PR 272)
+* Fix potential use-after-free issues with `WolfSSLSocket` (PR 275)
+* Fix NullPointerException on double `close()` in `WolfSSLSocket` (PR 277)
+* Implement `toString()` inside `WolfSSLPrincipal` (PR 281)
+* Fix certificate chain order returned from `WolfSSLX509StoreCtx.getCerts()` to match JSSE expectations (PR 282, 289)
+* Protect native sessions from being freed while I/O operations are in progress (PR 278)
+* Add support for honoring client cipher suite preference ordering (PR 287)
+* Fix potential memory leak in `SSLEngine` during JNI callback cleanup (PR 289)
+* Implement `X509Certificate.getExtendedKeyUsage()` in `WolfSSLX509Certificate` (PR 289)
+* Fix cert chain validation to handle cross-signed certs and chain paths (PR 292, 294)
+* Add Java ServiceLoader support for wolfJSSE provider for Java Module System (JPMS) compatibility (PR 296)
+* Implement `X509Certificate` `getSubjectX500Principal()` and `getIssuerX500Principal()` (PR 298)
+* Fall back to `java.home` property use when `JAVA_HOME` env var not set (PR 302)
+* Add `hashCode()` implementation to `SSLSession` (PR 303)
+* Allow `SSLSessionContext` access before `SSLContext` init (PR 304)
+* Add Android non-standard `checkServerTrusted()` in `X509TrustManager` (PR 288)
+* Fix ALPN to support non-ASCII protocol names (PR 305)
+
+**JNI Changes:**
+* Rename wolfCrypt JNI helper classes to avoid namespace conflicts with wolfcrypt-jni (PR 252)
+* Wrap Atomic Record VerifyDecrypt callback (PR 252)
+* Ensure peer ALPN protocol list is null terminated (PR 258)
+* Enhance error handling and return code checks in `WolfSSLSession.read()` (PR 260)
+* Improve ByteBuffer handling in `WolfSSLSession.read()` (PR 262)
+* Dynamically get algorithm and key ASN NID enum values from wolfSSL (PR 263)
+* Add pool of ByteBuffers to `WolfSSLSession`, improves performance and avoids unaligned memory access (PR 268)
+* Add `getSessionTicket()` and `setSessionTicket()` to `WolfSSLSession` (PR 270)
+* Correct call to `CallObjectMethod()` in `WolfSSLSession` ByteBuffer read (PR 286)
+* Wrap `wolfSSL_i2d_SSL_SESSION()` and `wolfSSL_d2i_SSL_SESSION()` allowing for session persistence (PR 290)
+* Add DTLS Connection ID (CID) support, wrapping native wolfSSL APIs (PR 297)
+
+**Debugging Changes:**
+* Switch to use Java logging (`java.util.logging`) framework for debug logs (PR 261)
+* Switch logging callback for wolfSSL debug messages to use stderr (PR 269)
+* Switch debug log timestamp to use Java `Instant.ofEpochMilli()`, remove dependency on `java.sql.Timestamp` (PR 301)
+
+**Example Changes:**
+* Add DTLS 1.3 example client and server applications (PR 264)
+
+**Testing Changes:**
+* Add GitHub Actions PRB test with `ubuntu-24.04-arm` runner for testing `--enable-armasm` builds (PR 267)
+* Add GitHub Actions PRB test for AddressSanitizer (`-fsanitize=address`) builds (PR 276)
+* Add GitHub Actions PRB tests for coding style (line length, comment style) (PR 285)
+* Add GitHub Actions PRB test for Clang scan-build static analysis (PR 285)
+* Add GitHub Actions PRB test for Visual Studio builds on Windows (PR 295)
+* Add GitHub Actions PRB test to build against last 5 stable wolfSSL releases (PR 306)
+* Add GitHub Actions PRB test to run unit tests on Android emulator (PR 307)
+* Use local server threads in some `WolfSSLSession` tests to avoid network access (PR 300)
+
+**Misc Changes:**
+* Clean up IDE warnings in Cursor and VSCode (PR 266)
+* Add `CLAUDE.md` for consumption by Claude Code (PR 265)
+* Add `-fPIC` to CFLAGS in `java.sh` for Aarch64 hosts (PR 267)
+* Modify `java.sh` to allow passing install directory (`./java.sh <install_dir>`) (PR 285)
+
+The wolfSSL JNI Manual is available at:
+https://www.wolfssl.com/documentation/manuals/wolfssljni. For build
+instructions and more detailed comments, please check the manual.
+
 ### wolfSSL JNI Release 1.15.0 (01/24/2025)
 
 Release 1.15.0 has bug fixes and new features including:
diff --git a/README.md b/README.md
@@ -224,7 +224,7 @@ an application can include this as a dependency in the application's
         <dependency>
             <groupId>com.wolfssl</groupId>
             <artifactId>wolfssl-jsse</artifactId>
-            <version>1.15.0-SNAPSHOT</version>
+            <version>1.16.0-SNAPSHOT</version>
         </dependency>
     </dependencies>
     ...
diff --git a/build.xml b/build.xml
@@ -14,7 +14,7 @@
     <!-- versioning/manifest properties -->
     <property name="implementation.vendor"  value="wolfSSL Inc." />
     <property name="implementation.title"   value="wolfSSL JNI/JSSE" />
-    <property name="implementation.version" value="1.15" />
+    <property name="implementation.version" value="1.16" />
 
     <!-- set properties for this build -->
     <property name="src.dir" value="src/java/"/>
diff --git a/native/com_wolfssl_WolfSSLSession.c b/native/com_wolfssl_WolfSSLSession.c
@@ -6358,7 +6358,7 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLSession_hasTicket
     (void)jenv;
     (void)jcl;
     (void)sessionPtr;
-    return (jint)WolfSSL.SSL_FAILURE;
+    return (jint)WOLFSSL_FAILURE;
 #endif
 }
 
diff --git a/pom.xml b/pom.xml
@@ -4,7 +4,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>com.wolfssl</groupId>
 	<artifactId>wolfssl-jsse</artifactId>
-	<version>1.15.0-SNAPSHOT</version>
+	<version>1.16.0-SNAPSHOT</version>
 	<packaging>jar</packaging>
 	<name>wolfssl-jsse</name>
     <url>https://www.wolfssl.com</url>
diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLProvider.java b/src/java/com/wolfssl/provider/jsse/WolfSSLProvider.java
@@ -76,8 +76,8 @@ public void errorCallback(int ok, int err, String hash) {
      * wolfSSL JSSE Provider class
      */
     public WolfSSLProvider() {
-        super("wolfJSSE", 1.15, "wolfSSL JSSE Provider");
-        //super("wolfJSSE", "1.15", "wolfSSL JSSE Provider");
+        super("wolfJSSE", 1.16, "wolfSSL JSSE Provider");
+        /* super("wolfJSSE", "1.16", "wolfSSL JSSE Provider"); */
 
         /* load native wolfSSLJNI library */
         WolfSSL.loadLibrary();
diff --git a/src/test/com/wolfssl/test/WolfSSLTestSuite.java b/src/test/com/wolfssl/test/WolfSSLTestSuite.java
@@ -21,9 +21,13 @@
 
 package com.wolfssl.test;
 
+import org.junit.BeforeClass;
 import org.junit.runner.RunWith;
 import org.junit.runners.Suite;
 
+import com.wolfssl.WolfSSL;
+import com.wolfssl.WolfSSLException;
+
 @RunWith(Suite.class)
 @Suite.SuiteClasses({
     WolfSSLTest.class,
@@ -38,8 +42,25 @@
 
 
 public class WolfSSLTestSuite {
-    /* this class remains empty,
-     * only used as a holder for the above
-     * annotations */
+
+    /* Static WolfSSL reference to keep library initialized for the duration
+     * of the entire test suite. Without this, a WolfSSL object created by
+     * an individual test class could be garbage collected after that test
+     * class finishes, triggering wolfSSL_Cleanup() in the finalizer and
+     * freeing session cache locks (and other items) while subsequent test
+     * classes are still running. This caused crashes on Windows when the
+     * garbage collector ran between test classes.
+     *
+     * We intentionally do not call cleanup() in @AfterClass because on
+     * Android all tests run in a single process and multiple test suites
+     * may be active. Cleanup will happen via the finalizer when the
+     * process exits. */
+    private static WolfSSL sslLib = null;
+
+    @BeforeClass
+    public static void initializeLibrary() throws WolfSSLException {
+        WolfSSL.loadLibrary();
+        sslLib = new WolfSSL();
+    }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -6358,7 +6358,7 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLSession_hasTicket`
`6358`	`6358`	`(void)jenv;`
`6359`	`6359`	`(void)jcl;`
`6360`	`6360`	`(void)sessionPtr;`
`6361`		`- return (jint)WolfSSL.SSL_FAILURE;`
	`6361`	`+ return (jint)WOLFSSL_FAILURE;`
`6362`	`6362`	`#endif`
`6363`	`6363`	`}`
`6364`	`6364`