| 7d9ce0e2bd093c5f35fe13b12617b0be5ce56b1b |
|
12-Feb-2016 |
Kenny Root <kroot@google.com> |
Infer what signature algorithms would be used
BoringSSL currently has no API to check which algorithms were sent in
the signature_algorithms extension, so just include the known signature
algorithms for BoringSSL plus the required signature algorithms for the
remote side. This may not be technically correct, but it's the best we
can do until we have an API in BoringSSL.
The previous behavior of throwing UnsupportedOperationException was not
very nice to users of this API.
(cherry picked from commit 2ff9e88c46b53338d1f0132fa32c4a4f9479ebeb)
Bug: 27123298
Change-Id: Icf99a82abfe827584ab80f6a13398119b23d35d5
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLExtendedSessionImpl.java
|
| edfc6deb2d029636273cb92d3372448b480af354 |
|
12-Feb-2016 |
Kenny Root <kroot@google.com> |
Wrap cached sessions before returning
SSLSession should be wrapped so that cached sessions might have the
functionality that ExtendedSSLSession offers. This also made the
SSLSessionTest fail because the pre-cached instance would be
ExtendedSSLSession and the post-cached session would be a regular
SSLSession.
To keep compatibility with older versions of the platform, it was
impossible to directly switch OpenSSLSessionImpl over to
ExtendedSSLSession. So the use of a delegate in the case when the
platform does have ExtendedSSLSession was required. Since older platform
versions still use OpenSSLSessionImpl that extends SSLSession, we just
directly inflate the serialized sessions to that.
The SSLSessionTest was changed to accomodate the delegate scheme since
SSLSession does not have an equals method, the tests for SSLSessionTest
were directly comparing object instance equality which fails when the
sessions are wrapped in a delegate like this.
(cherry picked from commit 710c0817a2a13135b35f14faaef5ca069daf7b6c)
Bug: 27123298
Change-Id: Iefbea03a72dbcc76ae0b439cfdcecd817926b7d0
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLExtendedSessionImpl.java
|
| 5012f2dc5bf0a28a47cf9b01bd1a63c1ebdc232f |
|
01-Feb-2016 |
Kenny Root <kroot@google.com> |
Add support for SNI API
This adds support for retrieving SNI name as a server and setting SNI name
as a client. It currently doesn't implement use of the SNIMatcher API.
Change-Id: I4f76fcbd96bd7c3398532f3858bbdd0d06103082
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLExtendedSessionImpl.java
|
| ce18fe693803e95ab627929b8e69d3362340dd06 |
|
02-Feb-2016 |
Kenny Root <kroot@google.com> |
Revert "Revert "Add ExtendedSSLSession, et al.""
This reverts commit 132c311de656e7396b78b388c6351be8a84a159c.
Some stubs were neded to allow building on unbundled builds.
Change-Id: I713d00923eecac7e323d53e561cf509794cc4fd4
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLExtendedSessionImpl.java
|
| 132c311de656e7396b78b388c6351be8a84a159c |
|
02-Feb-2016 |
Kenny Root <kroot@google.com> |
Revert "Add ExtendedSSLSession, et al."
This reverts commit 38d12ed4a7f6f7628120d0ef45ff29d472337102.
This breaks the unbundled build because of OpenSSLExtendedSessionImpl.
Change-Id: I73951a6f1d5cb14c70cd807c2c895bbbdc4c8e40
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLExtendedSessionImpl.java
|
| 38d12ed4a7f6f7628120d0ef45ff29d472337102 |
|
16-Jan-2016 |
Kenny Root <kroot@google.com> |
Add ExtendedSSLSession, et al.
In order to support SNI certificate selection of the server-side and
enhanced certificate verification on the client side, we add
ExtendedSSLSession and the getHandshakeSession support.
This is just to set up for future implementations of SNI and
ExtendedX509TrustManager and doesn't actually implement the logic needed
to fully support the new features.
Change-Id: I300d3134d8ab9c184d6473183612dc53658a8221
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLExtendedSessionImpl.java
|