History log of /external/openssl/ssl/s3_srvr.c
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
eeffacea337ec6a275e4c496acd12ca67a244533 11-Feb-2013 Brian Carlstrom <bdc@google.com> openssl-1.0.1e upgrade

Change-Id: I4520a7e044b1c6a1b9d09b365bc18b178826131e
/external/openssl/ssl/s3_srvr.c
04ef91b390dfcc6125913e2f2af502d23d7a5112 05-Feb-2013 Brian Carlstrom <bdc@google.com> openssl-1.0.1d upgrade

Change-Id: Ie980c8834cf2c843858182d98d1f60c65a2a9b70
/external/openssl/ssl/s3_srvr.c
45bcfbcc39acc2213abd00ebcc794dcc40be39f7 16-Jan-2013 Adam Langley <agl@chromium.org> Add support for the TLS Channel ID extension.

See http://tools.ietf.org/html/draft-balfanz-tls-channelid-00.

Change-Id: Id5b9799f96c0f7a1ef5ed8db9e40111a700d091f
/external/openssl/ssl/s3_srvr.c
a1a5710c055e139ea00e785f9eb55b3af3e4dab1 19-Apr-2012 Brian Carlstrom <bdc@google.com> openssl-1.0.1a upgrade

Bug: 6366068

Change-Id: I0b6ec75b5c2a8f082b4b0fe6db2697d24f2f9b00
/external/openssl/ssl/s3_srvr.c
392aa7cc7d2b122614c5393c3e357da07fd07af3 16-Mar-2012 Brian Carlstrom <bdc@google.com> openssl-1.0.1 upgrade

Bug: 6168278

Change-Id: I648f9172828120df5d19a14425e9ceec92647921
/external/openssl/ssl/s3_srvr.c
21c841450af61d0a9119cdc863e93d019127bfe1 12-Mar-2012 Brian Carlstrom <bdc@google.com> Upgrade to openssl-1.0.0h

Change-Id: I0bc9b6b486bf10ebae34b994b63cf6011afdf5e1
/external/openssl/ssl/s3_srvr.c
7b476c43f6a45574eb34697244b592e7b09f05a3 04-Jan-2012 Brian Carlstrom <bdc@google.com> Upgrade to openssl-1.0.0f

Bug: 5822335
Change-Id: Iadf81526a10b072ff323730db0e1897faea7a13f
/external/openssl/ssl/s3_srvr.c
ee7afb3c942c4eefef6ed06201eafaf8ec58e2e3 06-Sep-2011 Brian Carlstrom <bdc@google.com> Upgrade to openssl-1.0.0e

Bug: 5261862
Change-Id: I34d2d458aa85e61b1faacb8b5f386353be679d9b
/external/openssl/ssl/s3_srvr.c
976a034585c7e8ff9dda5ebe032f399b78887f70 04-Dec-2010 Brian Carlstrom <bdc@google.com> Upgrade to openssl-1.0.0c

Bug: 3249410
Change-Id: Iac938a7d2f17b73dcb82b031607dae96dbb35f34
/external/openssl/ssl/s3_srvr.c
bf9ac266e34f910ace31880ea92b8deaf6212aa6 29-Nov-2010 Kristian Monsen <kristianm@google.com> Patch OpenSSL to enable SPDY

Change-Id: Ie076e26ab49f1addd7a918271e85d779f47167ac
/external/openssl/ssl/s3_srvr.c
43c12e3d4f9bbbbd4a8ba7b149686437514bc6b6 16-Nov-2010 Brian Carlstrom <bdc@google.com> Upgrade to openssl-1.0.0b

Bug: 3201137
Change-Id: I20cd6bed7717e5982abc3734e9a6522067f2908e
/external/openssl/ssl/s3_srvr.c
fd113c07c3c2a6b07f8ab69dfae7d104e769f469 24-Apr-2010 Brian Carlstrom <bdc@google.com> Adding SSL_set_session_creation_enabled for SSLSocket.setEnableSessionCreation(false) support

SSL_set_session_creation_enabled implementation

Add session_creation_enabled to ssl_st (aka SSL)
Add SSL_set_session_creation_enabled(SSL*, int) declaration
Add SSL_R_SESSION_MAY_NOT_BE_CREATED error reason

include/openssl/ssl.h
ssl/ssl.h

Before creating session, check if session_creation_enabled.
If not, error out, sending alert when possible in SSL3+ cases.

ssl/d1_clnt.c
ssl/s23_clnt.c
ssl/s3_clnt.c
ssl/s3_srvr.c

Add error message for SSL_R_SESSION_MAY_NOT_BE_CREATED

ssl/ssl_err.c

Initialize session_creation_enabled to 1 in SSL_new

ssl/ssl_lib.c

Definition of SSL_set_session_creation_enabled. Add lower level
check for session_creation_enabled in ssl_get_new_session in case
it is not caught by higher levels.

ssl/ssl_sess.c

Patch details

Added jsse.patch to list and add list of patched files.
Fix whitespace to be tabs for consistency.

openssl.config

Add description of jsse.patch

patches/README

The patch itself, containing the above described changes

patches/jsse.patch

Testing

Updated with note to run javax.net.ssl tests now that they are working reliably.

README.android

Change-Id: I21763ffbb29278b1c2d88d947eb780f38f637b2d
/external/openssl/ssl/s3_srvr.c
221304ee937bc0910948a8be1320cb8cc4eb6d36 15-Apr-2010 Brian Carlstrom <bdc@google.com> openssl-1.0.0 upgrade

external/openssl

Updated version to 1.0.0
openssl.version

Updated small records patch for 1.0.0. This is probably the most significant change.
patches/small_records.patch

Removed bad_version.patch since fix is included in 0.9.8n and beyond
patches/README
patches/bad_version.patch
openssl.config

Changed import_openssl.sh to generate armv4 asm with the 1.0.0
scripts, not our backported 0.9.9-dev backported version in
patches/arm-asm.patch.
import_openssl.sh
openssl.config
patches/README
patches/arm-asm.patch

Added -DOPENSSL_NO_STORE to match ./Configure output
Added -DOPENSSL_NO_WHIRLPOOL (no-whrlpool) to skip new optional cipher
android-config.mk
openssl.config

Fixed import to remove include directory during import like other
imported directories (apps, ssl, crypto)
import_openssl.sh

Updated UNNEEDED_SOURCES. Pruned Makefiles which we don't use.
openssl.config

Updated to build newly required files
patches/apps_Android.mk
patches/crypto_Android.mk

Disable some new openssl tools
patches/progs.patch

Updated upgrade testing notes to include running BigInteger tests
README.android

Automatically imported
android.testssl/
apps/
crypto/
e_os.h
e_os2.h
include/
ssl/

dalvik

Change makeCipherList to skip SSLv2 ciphers that 1.0.0 now returns
so there are not duplicate ciphersuite names in getEnabledCipherSuites.
libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp

Updated OpenSSLSocketImpl_cipherauthenticationmethod for new
SSL_CIPHER algorithms -> algorithm_auth (and const-ness)
libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp

Update to const SSL_CIPHER in OpenSSLSessionImpl_getCipherSuite (and cipherauthenticationmethod)
libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp

test_EnabledCipherSuites on both SSLSocketTest and
SSLServerSocketTest caught the makeCipherList problem. However the
asserts where a bit out of sync and didn't give good messages
because they didn't actually show what was going on. As part of
debugging the issue they found, I tried to make align the asserts
and improve their output for the future.

libcore/x-net/src/test/java/tests/api/javax/net/ssl/SSLServerSocketTest.java
libcore/x-net/src/test/java/tests/api/javax/net/ssl/SSLSocketTest.java

vendor/google

Add const to X509V3_EXT_METHOD* for 1.0.0 compatibility
libraries/libjingle/talk/base/openssladapter.cc

Change-Id: I90fb1566dede6034eebc96d2b0dcf4533d9643bf
/external/openssl/ssl/s3_srvr.c
98d58bb80c64b02a33662f0ea80351d4a1535267 09-Mar-2010 Brian Carlstrom <bdc@google.com> Summary: upgrading to openssl-0.9.8m and adding new testssl.sh

Testing Summary:
- Passed new android.testssl/testssl.sh
- General testing with BrowserActivity based program

Details:

Expanded detail in README.android about how to build and test openssl
upgrades based on my first experience.

modified: README.android

Significant rework of import_openssl.sh script that does most of
the work of the upgrade. Most of the existing code became the main
and import functions. The newly regenerate code helps regenerate
patch files, building on the fact that import now keeps and
original unmodified read-only source tree for use for patch
generation. Patch generation relies on additions to openssl.config
for defining which patches include which files. Note that
sometimes a file may be patched multiple times, in that case
manual review is still necessary to prune the patch after
auto-regeneration. Other enhancements to import_openssl.sh include
generating android.testssl and printing Makefile defines for
android-config.mk review.

modified: import_openssl.sh

Test support files for openssl/

Add support for building /system/bin/ssltest as test executible for
use by testssl script. Need confirmation that this is the right way
to define such a test binary.

modified: patches/ssl_Android.mk

Driver script that generates user and CA keys and certs on the
device with /system/bin/openssl before running testssl. Based on
openssl/test/testss for generation and openssl/test/Makefile
test_ssl for test execution.

new file: patches/testssl.sh

Note all following android.testssl files are automatically
imported from openssl, although possible with modifications by
import_openssl.sh

testssl script imported from openssl/test that does the bulk of
the testing. Includes new tests patched in for our additions.

new file: android.testssl/testssl

CA and user certificate configuration files from openssl.
Automatically imported from openssl/test/

new file: android.testssl/CAss.cnf
new file: android.testssl/Uss.cnf

certificate and key test file imported from openssl/apps

new file: android.testssl/server2.pem

Actual 0.9.8m upgrade specific bits

Trying to bring ngm's small records support into 0.9.8m. Needs
signoff by ngm although it does pass testing.

modified: patches/small_records.patch

Update openssl.config for 0.9.8m. Expanded lists of undeeded
directories and files for easier update and review, adding new
excludes. Also added new definitions to support "import_openssl.sh
regenerate" for patch updating.

modified: openssl.config

Updated OPENSSL_VERSION to 0.9.8m

modified: openssl.version

Automatically imported/patched files. Seems like it could be
further pruned in by openssl.config UNNEEDED_SOURCES, but extra
stuff doesn't end up impacting device.

modified: apps/...
modified: crypto/...
modified: include/...
modified: ssl/...

Other Android build stuff.

Note for these patches/... is source, .../Android.mk is derived.

Split LOCAL_CFLAGS additions into lines based on openssl/Makefile
source for easier comparison when upgrading. I knowingly left the
lines long and unwrapped for easy vdiff with openssl/Makefile

modified: android-config.mk

Removed local -DOPENSSL_NO_ECDH already in android-config.mk.

modified: patches/apps_Android.mk

Sync up with changes that had crept into derived crypto/Android.mk

modified: patches/crypto_Android.mk

Change-Id: I73204c56cdaccfc45d03a9c8088a6a93003d7ce6
/external/openssl/ssl/s3_srvr.c
e45f106cb6b47af1f21efe76e933bdea2f5dd1ca 30-Sep-2009 Nagendra Modadugu <ngm@google.com> Upgrade to openssl-0.9.8k.
The source tree (and the size of the compiled library)
can be reduced further. This will be done in a future
commit.
/external/openssl/ssl/s3_srvr.c
656d9c7f52f88b3a3daccafa7655dec086c4756e 04-Mar-2009 The Android Open Source Project <initial-contribution@android.com> auto import from //depot/cupcake/@135843
/external/openssl/ssl/s3_srvr.c
d2cbe6ee0fd4269543a9a243f2b0963ce6f46280 04-Mar-2009 The Android Open Source Project <initial-contribution@android.com> auto import from //depot/cupcake/@135843
/external/openssl/ssl/s3_srvr.c
499ee9f31d10290f510c2f3785b6abe1314993ec 16-Jan-2009 The Android Open Source Project <initial-contribution@android.com> auto import from //branches/cupcake/...@126645
/external/openssl/ssl/s3_srvr.c
bdfb8ad83da0647e9b9a32792598e8ce7ba3ef4d 12-Jan-1970 Upstream <upstream-import@none> external/openssl 0.9.8h
/external/openssl/ssl/s3_srvr.c