From 0d65c7c27e3157684b68ac59ce95f6f70c636237 Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Wed, 4 Feb 2026 15:36:14 -0700 Subject: [PATCH] Update wolfSSL JNI/JSSE manual and update copyright to 2026 --- wolfSSL-JNI/header.txt | 2 +- wolfSSL-JNI/src/chapter03.md | 8 ++++---- wolfSSL-JNI/src/chapter04.md | 21 +++++++++++++++++---- wolfSSL-JNI/src/chapter05.md | 4 ++-- wolfSSL-JNI/src/chapter06.md | 2 ++ wolfSSL-JNI/src/chapter07.md | 13 ++++++++++--- wolfSSL-JNI/src/chapter08.md | 33 +++++++++++++++++++++++++++++++++ 7 files changed, 69 insertions(+), 14 deletions(-) diff --git a/wolfSSL-JNI/header.txt b/wolfSSL-JNI/header.txt index cd4bdde1..08070a79 100644 --- a/wolfSSL-JNI/header.txt +++ b/wolfSSL-JNI/header.txt @@ -8,7 +8,7 @@ header-includes: # Fancy page headers - \usepackage{fancyhdr} - \pagestyle{fancy} - - \fancyfoot[LO,RE]{COPYRIGHT \copyright 2024 wolfSSL Inc.} + - \fancyfoot[LO,RE]{COPYRIGHT \copyright 2026 wolfSSL Inc.} # Wrap long syntax highlighting code blocks - \usepackage{fvextra} - \DefineVerbatimEnvironment{Highlighting}{Verbatim}{breaklines,commandchars=\\\{\}} diff --git a/wolfSSL-JNI/src/chapter03.md b/wolfSSL-JNI/src/chapter03.md index 3ffdd102..5013bf15 100644 --- a/wolfSSL-JNI/src/chapter03.md +++ b/wolfSSL-JNI/src/chapter03.md @@ -13,7 +13,7 @@ JNI C source files into a shared library for either Unix/Linux or Mac OSX. This script tries to auto-detect between OSX (Darwin) and Linux to set up include paths and shared library extension type. This script directly calls gcc on the JNI C source files, producing `./lib/libwolfssljni.so` or -`./lib/libwolfssljni.jnilib`. +`./lib/libwolfssljni.dylib`. ``` $ ./java.sh @@ -51,7 +51,7 @@ Preset `CFLAGS` can be passed to the script via the environment: $ CFLAGS="-DWOLFJNI_USE_IO_SELECT" ./java.sh ``` -On Aarch64 hosts, `-fPIC` is automatically added to CFLAGS. +On x86_64 and Aarch64 Linux hosts, `-fPIC` is automatically added to CFLAGS. ## Building with ant @@ -300,14 +300,14 @@ from `src/java`. This will be the following packages: ``` com.wolfssl com.wolfssl.provider.jsse -com.wolfssl.wolfcrypt +com.wolfssl.provider.jsse.adapter ``` Run java.sh from the command line or have the IDE execute `java.sh` to generate the native shim layer linking against wolfSSL. Add native library reference to the project. It should look in the lib -directory for libwolfssl.jnilib (i.e. wolfssljni/lib/). +directory for libwolfssljni.so or libwolfssljni.dylib (i.e. wolfssljni/lib/). To compile test cases add the packages `com.wolfssl.provider.jsse.test` and `com.wolfssl.test` from the directory `src/test`. The project will also need diff --git a/wolfSSL-JNI/src/chapter04.md b/wolfSSL-JNI/src/chapter04.md index 0a84a853..7c3cfb6d 100644 --- a/wolfSSL-JNI/src/chapter04.md +++ b/wolfSSL-JNI/src/chapter04.md @@ -87,22 +87,27 @@ applications should register the provider directly using To install the wolfJSSE provider at the system/OS level, copy the `wolfssl.jar` and/or `wolfssl-jsse.jar` into the correct Java installation directory for your -OS and verify the `libwolfssljni.so` or `libwolfssljni.jnilib` shared library +OS and verify the `libwolfssljni.so` or `libwolfssljni.dylib` shared library is on your library search path. Add the JAR files (`wolfssl.jar`, `wolfssl-jsse.jar`) and shared library -(`libwolfssljni.so`) to the following directory: +(`libwolfssljni.so` or `libwolfssljni.dylib`) to the following directory. + +For **JDK 8**: ``` $JAVA_HOME/jre/lib/ext ``` -On Ubuntu with OpenJDK this path may be similar to: +On Ubuntu with OpenJDK 8 this path may be similar to: ``` /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/ext ``` +**Note:** The `jre/lib/ext` extension mechanism was removed in JDK 9. For +JDK 9 and newer, place the JAR files on the classpath or module path instead. + Next, add an entry to the `java.security` file similar to the following: ``` @@ -111,8 +116,16 @@ security.provider.N=com.wolfssl.provider.jsse.WolfSSLProvider The java.security file will be located at: +For **JDK 8**: + +``` +$JAVA_HOME/jre/lib/security/java.security +``` + +For **JDK 9+**: + ``` -$JAVA_HOME /jre/lib/security/java.security +$JAVA_HOME/conf/security/java.security ``` Replacing ā€œNā€ with the order of priority you would like wolfJSSE to have in diff --git a/wolfSSL-JNI/src/chapter05.md b/wolfSSL-JNI/src/chapter05.md index 7e74d601..1bf10a53 100644 --- a/wolfSSL-JNI/src/chapter05.md +++ b/wolfSSL-JNI/src/chapter05.md @@ -42,11 +42,11 @@ classes. Once wolfSSL JNI and wolfJSSE have been compiled, there are two JAR files and one native shared library that have been generated. These are located in the `./lib` directory. The native shared library could also be named -`libwolfssljni.jnilib` depending on the operating system. +`libwolfssljni.dylib` depending on the operating system. ``` lib/ - libwolfSSL.so (Native C JNI wrapper shared library) + libwolfssljni.so (Native C JNI wrapper shared library) wolfssl.jar (JAR with ONLY wolfSSL JNI Java classes) wolfssl-jsse.jar (JAR with BOTH wolfSSL JNI and wolfJSSE classes) ``` diff --git a/wolfSSL-JNI/src/chapter06.md b/wolfSSL-JNI/src/chapter06.md index c843d06b..0f4581e7 100644 --- a/wolfSSL-JNI/src/chapter06.md +++ b/wolfSSL-JNI/src/chapter06.md @@ -21,6 +21,8 @@ wolfJSSE extends or implements the following JSSE classes: javax.security.cert.X509Certificate **Note:** `DTLSv1.3` is only supported through the `SSLEngine` interface. +DTLSv1.0 and DTLSv1.2 are available through the lower-level wolfSSL JNI API +but are not currently registered as JSSE SSLContext types. ## Secure Renegotiation diff --git a/wolfSSL-JNI/src/chapter07.md b/wolfSSL-JNI/src/chapter07.md index d985e102..fb43f022 100644 --- a/wolfSSL-JNI/src/chapter07.md +++ b/wolfSSL-JNI/src/chapter07.md @@ -44,6 +44,9 @@ The following Security properties are specific to wolfJSSE: | `wolfjsse.keystore.type.required` | | Require specific KeyStore type | | `wolfjsse.clientSessionCache.disabled` | "false" | Disable client session cache | | `wolfjsse.X509KeyManager.disableCache` | "false" | Disable X509KeyManager caching | +| `wolfssl.readWriteByteBufferPool.disabled` | "false" | Disable direct ByteBuffer pool for read/write | +| `wolfssl.readWriteByteBufferPool.size` | | Set max number of ByteBuffers in per-thread pool | +| `wolfssl.readWriteByteBufferPool.bufferSize` | | Set size of individual ByteBuffers in pool | Example cipher suite restriction: @@ -80,10 +83,14 @@ The following standard Java System properties are supported by wolfJSSE: | `javax.net.ssl.trustStore` | KeyStore file for TrustManager | | `javax.net.ssl.trustStoreType` | KeyStore type for TrustManager | | `javax.net.ssl.trustStorePassword` | KeyStore password for TrustManager | -| `jdk.tls.client.enableSessionTicketExtension` | Enable session tickets (Java 13+) | +| `jdk.tls.client.enableSessionTicketExtension` | Enable client session tickets (Java 13+) | +| `jdk.tls.server.enableSessionTicketExtension` | Enable server session tickets (Java 13+, client-side only currently) | | `jdk.tls.client.SignatureSchemes` | Client signature algorithms (partial support) | | `jdk.tls.server.SignatureSchemes` | Server signature algorithms (partial support) | | `jdk.tls.useExtendedMasterSecret` | Enable/disable Extended Master Secret | +| `jdk.tls.ephemeralDHKeySize` | Control ephemeral DH key size | +| `jdk.tls.trustNameService` | Enable reverse DNS lookup for hostname verification | +| `jsse.enableSNIExtension` | Enable/disable SNI extension (default: true) | ### wolfJSSE-Specific System Properties @@ -97,7 +104,7 @@ wolfJSSE supports several System properties: | `wolfjsse.debugFormat` | | "JSON" | Output debug logs in JSON format | | `wolfsslengine.debug` | "false" | "true" | SSLEngine debug logging | | `wolfsslengine.io.debug` | "false" | "true" | SSLEngine I/O bytes logging | -| `wolfjsse.autoSNI` | "false" | Auto-set SNI from hostname | +| `wolfjsse.autoSNI` | "false" | "true" | Auto-set SNI from hostname | ## Debugging @@ -167,7 +174,7 @@ params.setServerNames(Arrays.asList(new SNIHostName("example.com"))); sslSocket.setSSLParameters(params); ``` -The `wolfjsse.autoSNI` Security property can enable automatic SNI configuration +The `wolfjsse.autoSNI` System property can enable automatic SNI configuration from the hostname for `HttpsURLConnection`. On the server, `SSLSession.getRequestedServerNames()` returns the SNI requested diff --git a/wolfSSL-JNI/src/chapter08.md b/wolfSSL-JNI/src/chapter08.md index 832ed289..875b0da3 100644 --- a/wolfSSL-JNI/src/chapter08.md +++ b/wolfSSL-JNI/src/chapter08.md @@ -49,6 +49,35 @@ argument: $ ./examples/server.sh --help ``` +## SimpleThreadedClient.java and SimpleThreadedServer.java + +Multi-threaded JNI client and server examples. These demonstrate using the +wolfSSL JNI wrapper in a multi-threaded environment. + +``` +$ ./examples/SimpleThreadedServer.sh +$ ./examples/SimpleThreadedClient.sh +``` + +## X509v3CertificateGeneration.java + +Example application demonstrating X.509v3 certificate generation using the +wolfSSL JNI `WolfSSLCertificate` API. Shows how to programmatically create +and sign X.509v3 certificates. + +``` +$ ./examples/X509v3CertificateGeneration.sh +``` + +## X509CertRequest.java + +Example application demonstrating X.509 Certificate Signing Request (CSR) +generation using the wolfSSL JNI `WolfSSLCertRequest` API. + +``` +$ ./examples/X509CertRequest.sh +``` + # wolfJSSE Provider Examples The `examples/provider` directory contains examples for the wolfSSL JSSE @@ -217,6 +246,10 @@ Method Invocation implementation in wolfJSSE. **RmiClient.java** - Example client, gets an object stub from the remote registry, and makes remote method invocations including `getMessage()`, `sendMessage()`, `getByteArray()`, `sendByteArray()`, and `getRegistryPorts()`. Supports multiple concurrent client connections. +**RmiRemoteInterface.java** - Remote interface definition that both the server and client use. + +**RmiTLSClientSocketFactory.java** / **RmiTLSServerSocketFactory.java** - Custom TLS socket factory implementations for RMI, using wolfJSSE for the underlying SSL/TLS connections. + Start the server and client: ``` $ ./examples/provider/rmi/RmiServer.sh