Merge pull request #249 from cconlon/jniUpdate

Update wolfSSL JNI/JSSE manual and update copyright to 2026

Author: rlm2002

wolfSSL-JNI/header.txt

@@ -8,7 +8,7 @@ header-includes:
     # Fancy page headers
     - \usepackage{fancyhdr}
     - \pagestyle{fancy}
-    - \fancyfoot[LO,RE]{COPYRIGHT \copyright 2024 wolfSSL Inc.}
+    - \fancyfoot[LO,RE]{COPYRIGHT \copyright 2026 wolfSSL Inc.}
     # Wrap long syntax highlighting code blocks
     - \usepackage{fvextra}
     - \DefineVerbatimEnvironment{Highlighting}{Verbatim}{breaklines,commandchars=\\\{\}}

wolfSSL-JNI/src/chapter03.md

@@ -13,7 +13,7 @@ JNI C source files into a shared library for either Unix/Linux or Mac OSX.
 This script tries to auto-detect between OSX (Darwin) and Linux to set up
 include paths and shared library extension type. This script directly calls gcc
 on the JNI C source files, producing `./lib/libwolfssljni.so` or
-`./lib/libwolfssljni.jnilib`.
+`./lib/libwolfssljni.dylib`.
 
 ```
 $ ./java.sh
@@ -51,7 +51,7 @@ Preset `CFLAGS` can be passed to the script via the environment:
 $ CFLAGS="-DWOLFJNI_USE_IO_SELECT" ./java.sh
 ```
 
-On Aarch64 hosts, `-fPIC` is automatically added to CFLAGS.
+On x86_64 and Aarch64 Linux hosts, `-fPIC` is automatically added to CFLAGS.
 
 ## Building with ant
 
@@ -300,14 +300,14 @@ from `src/java`. This will be the following packages:
 ```
 com.wolfssl
 com.wolfssl.provider.jsse
-com.wolfssl.wolfcrypt
+com.wolfssl.provider.jsse.adapter
 ```
 
 Run java.sh from the command line or have the IDE execute `java.sh` to generate
 the native shim layer linking against wolfSSL.
 
 Add native library reference to the project. It should look in the lib
-directory for libwolfssl.jnilib (i.e. wolfssljni/lib/).
+directory for libwolfssljni.so or libwolfssljni.dylib (i.e. wolfssljni/lib/).
 
 To compile test cases add the packages `com.wolfssl.provider.jsse.test` and
 `com.wolfssl.test` from the directory `src/test`. The project will also need

wolfSSL-JNI/src/chapter04.md

@@ -87,22 +87,27 @@ applications should register the provider directly using
 
 To install the wolfJSSE provider at the system/OS level, copy the `wolfssl.jar`
 and/or `wolfssl-jsse.jar` into the correct Java installation directory for your
-OS and verify the `libwolfssljni.so` or `libwolfssljni.jnilib` shared library
+OS and verify the `libwolfssljni.so` or `libwolfssljni.dylib` shared library
 is on your library search path.
 
 Add the JAR files (`wolfssl.jar`, `wolfssl-jsse.jar`) and shared library
-(`libwolfssljni.so`) to the following directory:
+(`libwolfssljni.so` or `libwolfssljni.dylib`) to the following directory.
+
+For **JDK 8**:
 
 ```
 $JAVA_HOME/jre/lib/ext
 ```
 
-On Ubuntu with OpenJDK this path may be similar to:
+On Ubuntu with OpenJDK 8 this path may be similar to:
 
 ```
 /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/ext
 ```
 
+**Note:** The `jre/lib/ext` extension mechanism was removed in JDK 9. For
+JDK 9 and newer, place the JAR files on the classpath or module path instead.
+
 Next, add an entry to the `java.security` file similar to the following:
 
 ```
@@ -111,8 +116,16 @@ security.provider.N=com.wolfssl.provider.jsse.WolfSSLProvider
 
 The java.security file will be located at:
 
+For **JDK 8**:
+
+```
+$JAVA_HOME/jre/lib/security/java.security
+```
+
+For **JDK 9+**:
+
 ```
-$JAVA_HOME /jre/lib/security/java.security
+$JAVA_HOME/conf/security/java.security
 ```
 
 Replacing “N” with the order of priority you would like wolfJSSE to have in

wolfSSL-JNI/src/chapter05.md

@@ -42,11 +42,11 @@ classes.
 Once wolfSSL JNI and wolfJSSE have been compiled, there are two JAR files and
 one native shared library that have been generated. These are located in the
 `./lib` directory. The native shared library could also be named
-`libwolfssljni.jnilib` depending on the operating system.
+`libwolfssljni.dylib` depending on the operating system.
 
 ```
 lib/
-    libwolfSSL.so     (Native C JNI wrapper shared library)
+    libwolfssljni.so  (Native C JNI wrapper shared library)
     wolfssl.jar       (JAR with ONLY wolfSSL JNI Java classes)
     wolfssl-jsse.jar  (JAR with BOTH wolfSSL JNI and wolfJSSE classes)
 ```

wolfSSL-JNI/src/chapter06.md

@@ -21,6 +21,8 @@ wolfJSSE extends or implements the following JSSE classes:
     javax.security.cert.X509Certificate
 
 **Note:** `DTLSv1.3` is only supported through the `SSLEngine` interface.
+DTLSv1.0 and DTLSv1.2 are available through the lower-level wolfSSL JNI API
+but are not currently registered as JSSE SSLContext types.
 
 ## Secure Renegotiation
 

wolfSSL-JNI/src/chapter07.md

@@ -44,6 +44,9 @@ The following Security properties are specific to wolfJSSE:
 | `wolfjsse.keystore.type.required` | | Require specific KeyStore type |
 | `wolfjsse.clientSessionCache.disabled` | "false" | Disable client session cache |
 | `wolfjsse.X509KeyManager.disableCache` | "false" | Disable X509KeyManager caching |
+| `wolfssl.readWriteByteBufferPool.disabled` | "false" | Disable direct ByteBuffer pool for read/write |
+| `wolfssl.readWriteByteBufferPool.size` | | Set max number of ByteBuffers in per-thread pool |
+| `wolfssl.readWriteByteBufferPool.bufferSize` | | Set size of individual ByteBuffers in pool |
 
 Example cipher suite restriction:
 
@@ -80,10 +83,14 @@ The following standard Java System properties are supported by wolfJSSE:
 | `javax.net.ssl.trustStore` | KeyStore file for TrustManager |
 | `javax.net.ssl.trustStoreType` | KeyStore type for TrustManager |
 | `javax.net.ssl.trustStorePassword` | KeyStore password for TrustManager |
-| `jdk.tls.client.enableSessionTicketExtension` | Enable session tickets (Java 13+) |
+| `jdk.tls.client.enableSessionTicketExtension` | Enable client session tickets (Java 13+) |
+| `jdk.tls.server.enableSessionTicketExtension` | Enable server session tickets (Java 13+, client-side only currently) |
 | `jdk.tls.client.SignatureSchemes` | Client signature algorithms (partial support) |
 | `jdk.tls.server.SignatureSchemes` | Server signature algorithms (partial support) |
 | `jdk.tls.useExtendedMasterSecret` | Enable/disable Extended Master Secret |
+| `jdk.tls.ephemeralDHKeySize` | Control ephemeral DH key size |
+| `jdk.tls.trustNameService` | Enable reverse DNS lookup for hostname verification |
+| `jsse.enableSNIExtension` | Enable/disable SNI extension (default: true) |
 
 ### wolfJSSE-Specific System Properties
 
@@ -97,7 +104,7 @@ wolfJSSE supports several System properties:
 | `wolfjsse.debugFormat` | | "JSON" | Output debug logs in JSON format |
 | `wolfsslengine.debug` | "false" | "true" | SSLEngine debug logging |
 | `wolfsslengine.io.debug` | "false" | "true" | SSLEngine I/O bytes logging |
-| `wolfjsse.autoSNI` | "false" | Auto-set SNI from hostname |
+| `wolfjsse.autoSNI` | "false" | "true" | Auto-set SNI from hostname |
 
 ## Debugging
 
@@ -167,7 +174,7 @@ params.setServerNames(Arrays.asList(new SNIHostName("example.com")));
 sslSocket.setSSLParameters(params);
 ```
 
-The `wolfjsse.autoSNI` Security property can enable automatic SNI configuration
+The `wolfjsse.autoSNI` System property can enable automatic SNI configuration
 from the hostname for `HttpsURLConnection`.
 
 On the server, `SSLSession.getRequestedServerNames()` returns the SNI requested

wolfSSL-JNI/src/chapter08.md

@@ -49,6 +49,35 @@ argument:
 $ ./examples/server.sh --help
 ```
 
+## SimpleThreadedClient.java and SimpleThreadedServer.java
+
+Multi-threaded JNI client and server examples. These demonstrate using the
+wolfSSL JNI wrapper in a multi-threaded environment.
+
+```
+$ ./examples/SimpleThreadedServer.sh
+$ ./examples/SimpleThreadedClient.sh
+```
+
+## X509v3CertificateGeneration.java
+
+Example application demonstrating X.509v3 certificate generation using the
+wolfSSL JNI `WolfSSLCertificate` API. Shows how to programmatically create
+and sign X.509v3 certificates.
+
+```
+$ ./examples/X509v3CertificateGeneration.sh
+```
+
+## X509CertRequest.java
+
+Example application demonstrating X.509 Certificate Signing Request (CSR)
+generation using the wolfSSL JNI `WolfSSLCertRequest` API.
+
+```
+$ ./examples/X509CertRequest.sh
+```
+
 # wolfJSSE Provider Examples
 
 The `examples/provider` directory contains examples for the wolfSSL JSSE
@@ -217,6 +246,10 @@ Method Invocation implementation in wolfJSSE.
 
 **RmiClient.java** - Example client, gets an object stub from the remote registry, and makes remote method invocations including `getMessage()`, `sendMessage()`, `getByteArray()`, `sendByteArray()`, and `getRegistryPorts()`. Supports multiple concurrent client connections.
 
+**RmiRemoteInterface.java** - Remote interface definition that both the server and client use.
+
+**RmiTLSClientSocketFactory.java** / **RmiTLSServerSocketFactory.java** - Custom TLS socket factory implementations for RMI, using wolfJSSE for the underlying SSL/TLS connections.
+
 Start the server and client:
 ```
 $ ./examples/provider/rmi/RmiServer.sh