dbe082cb70a1ffbe1a693bd583a06ecad585f46d |
|
21-Mar-2017 |
Nathan Mittler <nathanmittler@google.com> |
Introducing top-level Conscrypt class (#152) This is a one-stop-shop for creating and configuring Conscrypt types. It allows a standard way for configuring extended settings that are not currently supported by the standard Java APIs.
/external/conscrypt/common/src/main/java/org/conscrypt/NativeCrypto.java
|
5070bdfc6277af136b7eb5fe5d0d72ad2ff6a2eb |
|
16-Mar-2017 |
Kenny Root <kroot@google.com> |
Create @hide Doclet for public API docs This allows us to use @hide to prevent a class from showing up in the public API documentation.
/external/conscrypt/common/src/main/java/org/conscrypt/NativeCrypto.java
|
de343bb1ee01e6a866ffd484ecd897d0cac19014 |
|
02-Mar-2017 |
David Benjamin <davidben@google.com> |
Configure OCSP and SCTs on the SSL, not SSL_CTX. As Conscrypt is currently set up, one SSL_CTX (owned, ultimately, by the SSLContext) may correspond to multiple SSLParameters which, in the Java API, are configured on the SSLSocket or SSLEngine directly. Thus we should use the SSL versions of the APIs which now exist. This avoids mutating an SSL_CTX which may be shared by multiple SSLs with different configurations. Change-Id: I19485c316087004c6050d85520b0169f2ca0d493
/external/conscrypt/common/src/main/java/org/conscrypt/NativeCrypto.java
|
eefe4decab17c7bf98059fc2962849020cc82d96 |
|
07-Mar-2017 |
Nathan Mittler <nathanmittler@google.com> |
Adding conversion utility ALPN protocols (#140) Exposing additional set methods in OpenSSLEngineImpl and OpenSSLSocketImpl to allow the caller to set the ALPN protocols without having to manually encode. Also simplifying the exposure of the maxSealOverhead value.
/external/conscrypt/common/src/main/java/org/conscrypt/NativeCrypto.java
|
5efa30bb44aaa6fad687d7670e83097f92b9e81f |
|
03-Mar-2017 |
Nathan Mittler <nathanmittler@google.com> |
Exposing SSL_max_seal_overhead (#135) Also adding a method to calculate the maximum buffer size required for a wrap operation.
/external/conscrypt/common/src/main/java/org/conscrypt/NativeCrypto.java
|
ae6e905323df3356e110c15808c7d4102da554c8 |
|
01-Mar-2017 |
Nathan Mittler <nathanmittler@google.com> |
Fixing various javadoc issues. (#124) Also locking down access to a couple utility classes.
/external/conscrypt/common/src/main/java/org/conscrypt/NativeCrypto.java
|
bfab4d650d92fc8075a19fc73489641fcf91946a |
|
23-Feb-2017 |
Robert Sloan <varomodt@google.com> |
Remove DHE
/external/conscrypt/common/src/main/java/org/conscrypt/NativeCrypto.java
|
4f475909f9659c5163717354dc81704650493e66 |
|
10-Jan-2017 |
Nathan Mittler <nathanmittler@google.com> |
Set default symbol visibility to hidden except for JNI methods. (#26)
/external/conscrypt/common/src/main/java/org/conscrypt/NativeCrypto.java
|
3949a53b6c20783e4d7ce834e49666c261cd6c39 |
|
20-Dec-2016 |
David Benjamin <davidben@google.com> |
Revert "Blacklisting TLS 1.3 ciphersuites from Android" This reverts commit 0a944bbc7caea047a04fa885fd5fab8251492f6d. We've since decided to detach TLS 1.3 ciphers from the cipher suite language entirely, so this isn't needed. Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a -t com.android.org.conscrypt.NativeCryptoTest Change-Id: I3de427a1bdd545927f3ec418a41a89f0afa8f84e
/external/conscrypt/common/src/main/java/org/conscrypt/NativeCrypto.java
|
dd3f86b4b9b1b10245f4fa3bc1cec4747e6dde4b |
|
19-Dec-2016 |
Kenny Root <kroot@google.com> |
d2i_X509 throw exception on failure It seems that invalid d2i_X509 input would return NULL with an error on the BoringSSL stack. A new test uncovered this failure. Make sure it throws an exception on any error in the future and add tests to make sure it happens. Test: cts-tradefed run cts -m CtsLibcoreOkHttpTestCases -a arm64-v8a Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a Change-Id: I79d45085a5cfa246224b6457e57c656349707902
/external/conscrypt/common/src/main/java/org/conscrypt/NativeCrypto.java
|
c92860619ed129c9f2ca753ce4659a4d8f83ba49 |
|
03-Dec-2016 |
Kenny Root <kroot@google.com> |
Do not pass SSL_SESSION on verification callbacks In order to prepare for better SSLSession handling, eliminate the places in which SSL_SESSION objects are passed in and centralize it on SSL_get1_session in order to reduce the callsites of this to zero in the future. Test: cts-tradefed run cts -m CtsLibcoreOkHttpTestCases -a arm64-v8a Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a Change-Id: Id185b283f3d3e30d3d1b1d2b0f7a31a1f0831660
/external/conscrypt/common/src/main/java/org/conscrypt/NativeCrypto.java
|
10a7a5612942317aac847c673eacad91edc65e0a |
|
01-Dec-2016 |
Kenny Root <kroot@google.com> |
OpenSSLSocketImpl: set client mode before handshake Setting the client/server mode used to be done intrinsically during the SSL_do_handshake JNI call. Pull it out so client_mode doesn't need to be passed to the SSL_do_handshake call. Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a Test: cts-tradefed run cts -m CtsLibcoreOkHttpTestCases -a arm64-v8a Change-Id: I46ab82ba5ef2d851bf4f81fb3d1e905a78c2cc76
/external/conscrypt/common/src/main/java/org/conscrypt/NativeCrypto.java
|
7782d132fab6ac9f30b97d76ed3a51126ed3e6d1 |
|
22-Nov-2016 |
nmittler <nathanmittler@google.com> |
Restructuring conscrypt into submodules Change-Id: I2a4dea5d2a5f35b29fdbb96bcdae1888a4fe2b7e
/external/conscrypt/common/src/main/java/org/conscrypt/NativeCrypto.java
|