This is an automated email from the ASF dual-hosted git repository. twolf pushed a commit to branch dev_3.0 in repository https://gitbox.apache.org/repos/asf/mina-sshd.git
commit 3f32b3a70ab9b10a103e726c2f44003c8de5e161 Author: Thomas Wolf <[email protected]> AuthorDate: Sat Oct 18 13:37:27 2025 +0200 [osgi] Bump upper bound for org.bouncycastle to 3.0.0 Widen the package import version range for org.bouncycastle.* from [1.82,2.0.0) to [1.82,3.0.0). This enables using BC-FIPS in an OSGi environment. BC-FIPS provides OSGi manifests since version 2.1.0. --- CHANGES.md | 3 +++ pom.xml | 3 +++ sshd-osgi/pom.xml | 5 ++--- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index cce564c69..41c02e219 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -74,3 +74,6 @@ Complete refactoring of the SSH transport protocol. New feature: support for cli Use the ML-KEM implementations from SunJCE if run on Java >= 24. For Java < 24, the Bouncy Castle implementations are used. The SunJCE ML-KEMs are advertised in the `SunJCESecurityProviderRegistrar`. + +* OSGi: the upper bound of the version range for package imports from `org.bouncycastle.*` has been raised from 2.0.0 + to 3.0.0. This enables using BC-FIPS in an OSGi environment. BC-FIPS provides OSGi manifests as of version 2.1.0. diff --git a/pom.xml b/pom.xml index 724516732..edcb092df 100644 --- a/pom.xml +++ b/pom.xml @@ -93,6 +93,8 @@ <groovy.version>4.0.17</groovy.version> <bouncycastle.version>1.82</bouncycastle.version> + <!-- BC FIPS has version numbers 2.x.y. --> + <bouncycastle.upper.bound>3</bouncycastle.upper.bound> <!-- NOTE: upgrading slf4j beyond this version causes Execution verify-style of goal org.apache.maven.plugins:maven-checkstyle-plugin:3.1.2:check failed.: NullPointerException @@ -1274,6 +1276,7 @@ <Import-Package><![CDATA[ org.apache.sshd*;version="$<range;[===,=+);$<maven_version;${project.version}>>", org.slf4j*;version="$<range;[==,${slf4j.upper.bound})>", + org.bouncycastle*;version="[${bouncycastle.version},${bouncycastle.upper.bound})", ${bnd.extraImports} * ]]></Import-Package> diff --git a/sshd-osgi/pom.xml b/sshd-osgi/pom.xml index 2b49d7931..19ad6e46f 100644 --- a/sshd-osgi/pom.xml +++ b/sshd-osgi/pom.xml @@ -37,13 +37,12 @@ <!-- The BC FIPS security provider class resides in a package that is referenced nowhere, except reflectively in the BouncyCastleSecurityRegistrar. The (optional) package import will thus be missing in the generated MANIFEST.MF. However, the BouncyCastleSecurityRegistrar expects to find - class org.bouncycastle.jce.provider.BouncyCastleProvider on the classpath; otherwise its isSupported() returns false and Bouncycastle is - considered not available. + the provider class on the classpath; otherwise its isSupported() returns false and Bouncycastle is considered not available. However, in OSGi the package will not be on the bundle classpath if there is no Import-Package for it. (And using a Require-Bundle would restrict bundle wiring too much.) --> - <bnd.extraImports>org.bouncycastle.jcajce.provider;version="$$<range;[==,+);${bouncycastle.version}>";resolution:=optional,</bnd.extraImports> + <bnd.extraImports>org.bouncycastle.jcajce.provider;version="[${bouncycastle.version},${bouncycastle.upper.bound})";resolution:=optional,</bnd.extraImports> </properties> <dependencies>
