This list is not intended to be all-encompassing - it will document major and breaking API changes with their rationale when appropriate:
- Added Apache5SslUtils toTlsSocketStrategy method
- Marked Apache5SslUtils toSocketFactory method as deprecated
- Bumped dependencies
- Bumped dependencies
- Enhanced logging within LoggingX509ExtendedTrustManager
- Exposed JDK (aka cacert) keystore and System property derived keystore in KeyStoreUtils
- Removed verbose debug logging for CertificateUtils
- Added getters for hostname and port for TrustManagerParameters
- Simplify usage of Security Provider
- Bumped dependencies
- Bumped dependencies
- Bug-fix added support for reloading ciphers in SSLEngine, SSLSocketFactory and SSLServerSocketFactory
- Added reloadable ciphers
- Bumped dependencies
- Added custom security provider
- Bumped dependencies
- Bug-fix remove invalid characters when generating certificate alias
- Bug-fix handle timout exception correctly on java 8 when extracting certificates
- Bumped dependencies
- Added system name to the system trust manager
- Bug-fix clear certificate collector after each fetch
- Bug-fix resolve empty collector for certificate extracting client when disabling resolving root ca
- Added timeout to certificate extracting client
- Applied sonar recommendations
- Bumped dependencies
- Added option to extract public key from private key
- Added option to disable resolving root ca when extracting server certificates
- Added options to exclude ciphers and protocols in the SSLFactory
- Bug-fix allow adding new certificates in a nested TrustManager
- Simplified adding certificates to TrustManager
- Simplified swapping TrustManagers
- Added JdkX509ExtendedTrustManager wrapper for JDK trusted CA's from cacerts
- Added SystemX509ExtendedTrustManager wrapper for OS trusted CA's
- Added option to conceal trusted certificate names for a server
- Bumped dependencies
- Resolved CVE-2023-33201 LDAP injection vulnerability caused by transitive dependency of Bouncy Castle in the library of sslcontext-kickstart-for-pem
- Bumped dependencies
- Filter out duplicate extracted certificates
- Add appending capabilities to an existing keystore
- Added option to extract port from uri
- Bug-fix Resolved antivirus alert by removing shell script layer from Mac OS X command to fetch system trusted Certificate Authorities
- Bug-fix Resolved antivirus alert by excluding ~/Library/Keychains/login.keychain-db keychain file from MacCertificateUtils
- Bumped dependencies
- Added method to check if a certificate is a self-signed one in CertificateUtils
- Bug-fix Resolve exception for system certificates on Mac and Linux
- Bump dependencies
- Reduce code duplication
- Bug-fix Filter out unsupported ciphers and protocols
- Added default hostname verifier in HostnameVerifierUtils
- Marked a method in HostnameVerifierUtils as deprecated
- Align behaviour of SSLContext, SSLEngine, SSLSocketFactory and SSLServerSocketFactory with custom SSLContext
- Added Enhanceable HostnameVerifier
- Improve duplicate checker for InflatableTrustManager
- Add support for new Windows KeyStore types
- Added debug logger when using UnsafeTrustManager
- Bump dependencies
- Improve readability of InflatableTrustManager
- Reduced code duplication
- Additional methods for KeyStoreUtils
- Simplify usage of EnhanceableTrustManager and InflatableTrustManager
- Made CertificateExtractorUtils thread safe
- Applied sonar recommendations
- Bug fix InvalidAlgorithmParameterException: trustAnchors parameter must be non empty for InflatableTrustManager
- Bug fix InvalidAlgorithmParameterException: trustAnchors parameter must be non empty for CombinableTrustManager
- Add support for trusting additional certificates at runtime
- Bugfix concurrency issue FenixHostnameVerifier
- Improved generating aliases for certificates
- Use DefaultClientTlsStrategy with Apache for security purpose
- Added support for Java Modules
- Removed code duplication
- Disabled filtering duplicate trusted certificates
- Improved test coverage
- Fetch Mac OS X trusted certificates without concurrency
- Removed deprecated methods in CertificateUtils
- Improved dependency management
- Enhanced loading system trusted certificates
- Added option to disable invalidating caches in SSLFactoryUtils
- Replaced https://badssl.com integration test with local server
- Added verbose logging as debug for TrustManager
- Added verbose logging as debug for KeyManager
- Renamed internal method names and class names
- Refactored KeyStoreUtils, PemUtils and CertificateExtractorUtils to make it more readable
- Bumped dependencies
- Fixed releasing BOM (Bill of Materials)
- Added BOM (Bill of Materials)
- Bumped dependencies
- Enhanced CertificateUtils with additional methods
- Enhanced KeyStoreUtils with write method
- Added proxy and authentication for extracting server certificates
- Added additional methods for extracting single server certificates
- Marked some methods as deprecated for extracting server certificates, these methods will be removed at version 7.5.0
- Bumped dependencies
- Improved performance of PemUtils with filtering option in early stage of parsing the content
- Improved readability of source code for regex and some lambda's
- Feature request issue 241 - Added support for using one-liner pem formatted certificates
- Bumped dependencies
- Bug-fix issue 230 - Corrected validation with usage of absolute hostname
- Bumped dependencies
- Updated copyright owner to Thunderberry. The license type, Apache 2.0 license, has not changed
- Added more secure hostname verifier a.k.a. FenixHostnameVerifier
- Switched to FenixHostnameVerifier as default hostname verifier in the SSLFactory
- Improved creating truststore having duplicate certificates
- Improved creating base trust manager when having either unsafe trust manager, dummy trust manager, multiple trust managers and trust managers which does not have trusted certificates
- Added Android trusted CA as system trust material option
- Bumped dependencies
- Bug-fix issue 196 - Use UnsafeTrustManager as base TrustManager if enabled
- Improve issue 181 - Filtered out empty TrustManagers within TrustManagerUtils
- Bumped dependencies
- Added SSLFactoryUtils
- Bumped dependencies
- Bug-fix issue 181 - Continue validation counter-party while having empty trust managers
- Moved server certificate extraction into separate utility class
- Added Dummy KeyManager and TrustManager
- Reformatted license header
- Added missing license header
- Bumped dependencies
- Removed support for system properties jdk.tls.client.cipherSuites jdk.tls.server.cipherSuites jdk.tls.client.protocols jdk.tls.server.protocols
- Improved input validation for emptiness and improved exception messages
- Improved extracting server certificates
- Bug-fix issue 167 - Resolve initialization issue of trusted certificate by having lowercase aliases
- Added input validation for loading keystores and certificates from the classpath or as input stream
- Added system property based ssl configuration
- Exposed additional method from PemUtils
- Bumped dependencies
- Added Trust Enhancer for an optional custom trust validations
- Bumped dependencies
- Fix parsing PEM on Android v28 and above
- Bumped SLF4J dependency
- Code improvements (removed code duplications)
- Removed deprecated methods
- Updated dependencies
- Added option to route server identities
- Added option for unsafe hostname verifier
- Eliminated duplicate code within CompositeX509ExtendedKeyManager
- Simplified PemUtils
- Improved immutability
- Bumped transitive dependencies
- Removed logger from UnsafeHostNameVerifier and UnsafeX509ExtendedTrustManager
- Removed client timeout for fetching remote certificates
- Fixed base64 decoding issues
- Increased client timeout for fetching remote certificates
- Removed deprecated methods
- Added Additional methods to KeyStoreUtils
- Replaced all NPE with IllegalArgumentException with explaining message
- Removed optional password caching for KeyStores (was disabled by default)
- Added support for handling P7B and DER certificates
- Added basic Unsafe SSLSocketFactory
- Marked CertificateUtils.parseCertificate(String certificateContent) as deprecated, instead use CertificateUtils.parsePemCertificate(String certificateContent)
- Added support to return X509Certificate and PrivateKey from PemUtils
- Added OCSP support
- Disabled providing transitive dependencies for Netty, Jetty, Apache 4 and Apache 5
- Added shorter alternative for withTrustingAllCertificatesWithoutValidation option within SSLFactory called withUnsafeTrustMaterial
- Marked to be removal methods as deprecated within SSLFactory and KeyStoreUtils. Deprecated methods will be removed on version 7.0.0
- Made certificate extractor compatible with java 15+
- Included root-ca in the certificate extractor within CertificateUtils
- Added server certificate extractor to CertificateUtils
- Bumped the version of transitive dependencies
- Simplified PemUtils for parsing trust material
- Added detailed logging within the UnsafeX509ExtendedTrustManager
- Removed deprecated class and methods for SocketUtils
- Added null check for ssl sessions
- Fixed javadoc warnings
- Added close statements for streams within PemUtils
- Update client identity routes at runtime
- Performance improvements such as Lazy creation of some SSL materials
- Added SSLSessionUtils
- Marked SocketUtils as deprecated, alternative is SSLSocketUtils
- Added a toggle to hot swap identity material within the SSLFactory
- Added a toggle to hot swap trust material within the SSLFactory
- Added an option to route multiple client identities
- Added option to hot swap identity material at runtime
- Added option to hot swap trust material at runtime
- Added option to supply preconfigured ssl engine
- Added support for requiring client authentication from server side
- Removed deprecated method
- Switched to system line separator
- Simplified TrustManager
- Removed redundant wrapping of KeyManager and TrustManager
- Renamed sslContextProtocol to sslContextAlgorithm
- Marked sslContextProtocol method as deprecated
- Fixed typos
- Support for loading certificate with "-----BEGIN TRUSTED CERTIFICATE-----" header
- Added license header
- Added author
- Added option to create TrustManagerFactory from SSLFactory and TrustManagerUtils
- Added option to create KeyManagerFactory from SSLFactory and KeyManagerUtils
- Made SSLFactory less strict by supporting X509KeyManager and X509TrustManager
- Added option to supply identity as a InputStream for the SSLFactory Builder
- Added option to supply trustStore as a InputStream for the SSLFactory Builder
- Moved KeyManagerBuilder to KeyManagerUtils
- Moved TrustManagerBuilder to TrustManagerUtils
- Added SocketUtils
- Added SSLContextUtils
- Simplified SSLFactory
- Wrapped checked exceptions with unchecked exceptions
- Renamed package from nl.altindag.sslcontext to nl.altindag.ssl
- Added UnsafeTrustManager into the TrustManagerUtils
- Removed deprecated methods
- Renamed ApacheSslContextUtils to Apache4SslUtils
- Added Apache5SslUtils
- Renamed NettySslContextUtils to NettySslUtils
- Renamed JettySslContextUtils to JettySslUtils
- Added option to create X509ExtendedKeyManager from PEM as String
- Added option to create X509ExtendedTrustManager from PEM as String
- Ability to wrap old X509KeyManager into X509ExtendedKeyManager
- Ability to wrap old X509TrustManager into X509ExtendedTrustManager
- Added CertificateUtils
- Support for custom Security Provider and SSLContext protocol
- Marked ApacheSslContextUtils#toLayeredConnectionSocketFactory deprecated
- Added wrapped class for SSLServerSocketFactory and SSLSocketFactory
- Enriched SSLFactory with SSLServerSocketFactory and SSLSocketFactory
- Disabled lazy initialization of list of protocols and ciphers
- Support for custom list of ciphers and protocols
- Improved the algorithm for parsing PEM formatted private key
- Added support for parsing different types of PEM formatted private keys
- Support for loading PEM formatted ssl materials for SSLFactory
- With support for private key, certificate chain and trusted certificates
- Support for loading Windows and Mac OS X trusted certificates
- Added option to build SSLFactory with KeyStore for trust material without supplying password
- Construct SSLFactory with either key material or trust material
- Marked TrustManager as Optional
- Removed default SecureRandom object
- Disabled password validation
- Removed deprecated methods withTrustStore and withIdentity
- Marked withDefaultJdkTrustStore as deprecated
- Renamed method withTrustStore to withTrustMaterial
- Renamed method withIdentity to withIdentityMaterial
- Marked withTrustStore and withIdentity as deprecated
- Removed commons-lang3 lib of Apache
- Disabled password caching by default and added option to enable it
- Added option to initialize KeyMaterial with custom KeyStore password and Key password
- Limited the support of creating CompositeX509ExtendedKeyManager only with X509ExtendedKeyManager
- Limited the support of creating CompositeX509ExtendedTrustManager only with X509ExtendedTrustManager
- Removed support for less secure X509KeyManager and X509TrustManager
- Removed isSecurityEnabled function
- Removed isOneWayAuthenticationEnabled function
- Removed isTwoWayAuthenticationEnabled function
- Marked KeyManager as Optional
- Added Apache license
- Removed CompositeX509TrustManager
- Added CompositeX509ExtendedTrustManager
- Added CompositeX509ExtendedKeyManager
- Removed not required libraries from core library
- Created mapper as separate project for Netty
- Created mapper as separate project for Jetty
- Added JettySslContextUtils
- Added NettySslContextUtils
- Renamed KeyStoreUtils
- Added Netty mapper into the SSLFactory
- Improved exception handler of CompositeX509TrustManager
- Updated license and copyright
- Added logger into CompositeX509TrustManager
- Marked KeyManagerUtils as final
- Renamed getTrustedCertificate to getTrustedCertificates
- Improved exception handling
- Added support for using multiple key materials
- Added logger into UnsafeTrustManager
- Added KeyManagerUtils
- Renamed SSLContextHelper to SSLFactory
- Changed data type of passwords from String to char array
- Added license
- Made trust material optional for SSLFactory
- Added jar type within the pom
- Initial release