| f0e05d561147458e3a10b4806e24d0752dfd5d4b |
|
20-Jun-2017 |
Nathan Mittler <nathanmittler@google.com> |
Refactoring session management (#172)
This change breaks session management into two distinct types:
- SslSessionWrapper: These are created as BoringSSL calls back the new session handler, allowing the application to cache sessions. Clients will also offer these to BoringSSL for reuse if a compatible session was found. BoringSSL is free to use it or not, but the Conscrypt code no longer makes assumptions here. Instead, it always uses the ActiveSession.
- ActiveSession: This is a session that wraps the SSL instance (rather than the SSL_SESSION wherever possible). That way no concern has to be paid to what BoringSSL is doing with sessions under the covers.
Fixes #98
/external/conscrypt/common/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| 0f7a5fc2d6a5467a0a5006e769f64213ed2a5ad3 |
|
01-May-2017 |
Ken Payson <kpayson@google.com> |
Default to true for jsse.SNIEnabled on restricted platforms
/external/conscrypt/common/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| 29916ef38dc9cb4e4c6e3fdb87d4e921546d3ef4 |
|
28-Mar-2017 |
Nathan Mittler <nathanmittler@google.com> |
Locking down public APIs (#157)
Tried to be as aggressive as I could, so this probably deserves a fairly thorough review. I left most of OpenSSLSocketImpl public, because I think it's needed by a few external projects.
I also did some cleanup work to get rid of a bunch of compiler warnings that we seem to have accumulated.
Fixes #142
/external/conscrypt/common/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| dbe082cb70a1ffbe1a693bd583a06ecad585f46d |
|
21-Mar-2017 |
Nathan Mittler <nathanmittler@google.com> |
Introducing top-level Conscrypt class (#152)
This is a one-stop-shop for creating and configuring Conscrypt types. It allows a standard way for configuring extended settings that are not currently supported by the standard Java APIs.
/external/conscrypt/common/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| 5070bdfc6277af136b7eb5fe5d0d72ad2ff6a2eb |
|
16-Mar-2017 |
Kenny Root <kroot@google.com> |
Create @hide Doclet for public API docs
This allows us to use @hide to prevent a class from showing up in the
public API documentation.
/external/conscrypt/common/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| de343bb1ee01e6a866ffd484ecd897d0cac19014 |
|
02-Mar-2017 |
David Benjamin <davidben@google.com> |
Configure OCSP and SCTs on the SSL, not SSL_CTX.
As Conscrypt is currently set up, one SSL_CTX (owned, ultimately, by the
SSLContext) may correspond to multiple SSLParameters which, in the Java
API, are configured on the SSLSocket or SSLEngine directly. Thus we
should use the SSL versions of the APIs which now exist. This avoids
mutating an SSL_CTX which may be shared by multiple SSLs with different
configurations.
Change-Id: I19485c316087004c6050d85520b0169f2ca0d493
/external/conscrypt/common/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| eefe4decab17c7bf98059fc2962849020cc82d96 |
|
07-Mar-2017 |
Nathan Mittler <nathanmittler@google.com> |
Adding conversion utility ALPN protocols (#140)
Exposing additional set methods in OpenSSLEngineImpl and OpenSSLSocketImpl to allow the caller to set the ALPN protocols without having to manually encode.
Also simplifying the exposure of the maxSealOverhead value.
/external/conscrypt/common/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| ae6e905323df3356e110c15808c7d4102da554c8 |
|
01-Mar-2017 |
Nathan Mittler <nathanmittler@google.com> |
Fixing various javadoc issues. (#124)
Also locking down access to a couple utility classes.
/external/conscrypt/common/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| d5d2c11d5491e4e9192f9d0e7bae086d31a7d472 |
|
09-Feb-2017 |
Kenny Root <kroot@google.com> |
Reduce Java lint warnings
This reduces the number of Java lint warnings down to just the
[serialization] class of warnings as well as the Sun proprietary
warnings for the OpenJDK implementation.
These changes do not result in any change of behavior, but the
serialization changes might. Those will be fixed in a separate CL.
/external/conscrypt/common/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| 0d92f89dcb5b34ff4c182520ec10c4220cc465ec |
|
14-Dec-2016 |
Steven Valdez <svaldez@google.com> |
Fixing order of SSL_CTX/SSL initialization.
Test: cts-tradefed run cts -m CtsLibcoreOkHttpTestCases -a arm64-v8a
Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a
Change-Id: I4a926afb5bf1b7ed29a2066b1d088b41a8ca845b
/external/conscrypt/common/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| 6389f951c91d586377d1d7b47dd7ae9fde8fc7ba |
|
13-Dec-2016 |
Kenny Root <kroot@google.com> |
Do not reference ExtendedSSLSession directly
Android SDK 23 and before does not have ExtendedSSLSession so we can't
reference any subclass of that directly since NoClassDefFound error
would be thrown. Hide away the instanceof check in Platform where we can
check for an SDK version before referencing the class.
Test: cts-tradefed run cts -m CtsLibcoreOkHttpTestCases -a arm64-v8a
Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a
Change-Id: Idcab66b0fa2275491226ad80e1a499897739deaa
/external/conscrypt/common/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| 485f59ef78a981b17c53659fa7a5509a0d357478 |
|
01-Dec-2016 |
Kenny Root <kroot@google.com> |
Create abstract base for OpenSSL-backed SSLSession
This will aid in creating an SSL*-backed implementation of the Java
language SSLSession class for use when we have not established a session
already during handshake or when in False Start.
Test: cts-tradefed run cts -m CtsLibcoreOkHttpTestCases -a arm64-v8a
Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a
Change-Id: I58cfbee2940412beaed4a8d4d38211ecfbce7ec9
/external/conscrypt/common/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| 26875721cef9ba233c7e6901d58d061d8c78b2cc |
|
09-Dec-2016 |
Kenny Root <kroot@google.com> |
SSLParametersImpl: rearrange cached session check
We only support setting from an OpenSSLSessionImpl which is a reusable
session from BoringSSL. OpenSSLExtendedSessionImpl is a delegate holder
to support newer APIs on platforms that support it. Extract out the
delegate which is an OpenSSLSessionImpl currently. In the future, the
OpenSSLExtendedSessionImpl will also hold a transient session.
Test: cts-tradefed run cts -m CtsLibcoreOkHttpTestCases -a arm64-v8a
Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a
Change-Id: I0243cae10bc09d608e02d2414e06286c07e979b3
/external/conscrypt/common/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| 6822ee0ad197f08ec325e35bb7176d1e84dd23ea |
|
03-Dec-2016 |
Kenny Root <kroot@google.com> |
Move cert reference chain building function
This is going to be used in a couple more places in the future, so move
it to OpenSSLX509Certificate.
Test: cts-tradefed run cts -m CtsLibcoreOkHttpTestCases -a arm64-v8a
Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a
Change-Id: Ic8dd2483475528ae5c5eb8ee9ad98120459dc1bc
/external/conscrypt/common/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| 7782d132fab6ac9f30b97d76ed3a51126ed3e6d1 |
|
22-Nov-2016 |
nmittler <nathanmittler@google.com> |
Restructuring conscrypt into submodules
Change-Id: I2a4dea5d2a5f35b29fdbb96bcdae1888a4fe2b7e
/external/conscrypt/common/src/main/java/org/conscrypt/SSLParametersImpl.java
|