Skip to content

GitLab

Switch branch/tag
  1. 15 Aug, 2017 1 commit
  3. 01 Feb, 2017 1 commit
  5. 15 Nov, 2016 1 commit
  7. 04 Nov, 2016 1 commit
  9. 24 Oct, 2016 1 commit
  11. 18 Oct, 2016 2 commits
  13. 17 Oct, 2016 1 commit
  15. 12 Oct, 2016 2 commits
    • Adam Langley's avatar
      crypto/tls: support X25519. · 8a11cb31
      Adam Langley authored 
      X25519 (RFC 7748) is now commonly used for key agreement in TLS
connections, as specified in
https://tools.ietf.org/html/draft-ietf-tls-curve25519-01.

This change adds support for that in crypto/tls, but does not enabled it
by default so that there's less test noise. A future change will enable
it by default and will update all the test data at the same time.

Change-Id: I91802ecd776d73aae5c65bcb653d12e23c413ed4
Reviewed-on: https://go-review.googlesource.com/30824

Reviewed-by: default avatarBrad Fitzpatrick <bradfitz@golang.org>
      8a11cb31
    • Adam Langley's avatar
      crypto/tls: switch to OpenSSL 1.1.0 for test data. · 9d88292c
      Adam Langley authored 
      We will need OpenSSL 1.1.0 in order to test some of the features
expected for Go 1.8. However, 1.1.0 also disables (by default) some
things that we still want to test, such as RC4, 3DES and SSLv3. Thus
developers wanting to update the crypto/tls test data will need to build
OpenSSL from source.

This change updates the test data with transcripts generated by 1.1.0
(in order to reduce future diffs) and also causes a banner to be printed
if 1.1.0 is not used when updating.

(The test for an ALPN mismatch is removed because OpenSSL now terminates
the connection with a fatal alert if no known ALPN protocols are
offered. There's no point testing against this because it's an OpenSSL
behaviour.)

Change-Id: I957516975e0b8c7def84184f65c81d0b68f1c551
Reviewed-on: https://go-review.googlesource.com/30821


Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: default avatarBrad Fitzpatrick <bradfitz@golang.org>
      9d88292c
  17. 01 Oct, 2016 1 commit
  19. 01 Sep, 2016 1 commit
    • Brad Fitzpatrick's avatar
      crypto/tls: add Config.Clone · d24f446a
      Brad Fitzpatrick authored 
      In Go 1.0, the Config struct consisted only of exported fields.

In Go 1.1, it started to grow private, uncopyable fields (sync.Once,
sync.Mutex, etc).

Ever since, people have been writing their own private Config.Clone
methods, or risking it and doing a language-level shallow copy and
copying the unexported sync variables.

Clean this up and export the Config.clone method as Config.Clone.
This matches the convention of Template.Clone from text/template and
html/template at least.

Fixes #15771
Updates #16228 (needs update in x/net/http2 before fixed)
Updates #16492 (not sure whether @agl wants to do more)

Change-Id: I48c2825d4fef55a75d2f99640a7079c56fce39ca
Reviewed-on: https://go-review.googlesource.com/28075


Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: default avatarAndrew Gerrand <adg@golang.org>
      d24f446a
  21. 27 Aug, 2016 1 commit
  23. 17 Aug, 2016 2 commits
  25. 27 Jun, 2016 1 commit
  27. 18 May, 2016 1 commit
    • David Benjamin's avatar
      crypto/tls: Never resume sessions across different versions. · ebbe4f8d
      David Benjamin authored 
      Instead, decline the session and do a full handshake. The semantics of
cross-version resume are unclear, and all major client implementations
treat this as a fatal error. (This doesn't come up very much, mostly if
the client does the browser version fallback without sharding the
session cache.)

See BoringSSL's bdf5e72f50e25f0e45e825c156168766d8442dde and OpenSSL's
9e189b9dc10786c755919e6792e923c584c918a1.

Change-Id: I51ca95ac1691870dd0c148fd967739e2d4f58824
Reviewed-on: https://go-review.googlesource.com/21152

Reviewed-by: default avatarAdam Langley <agl@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
      ebbe4f8d
  29. 28 Apr, 2016 1 commit
    • Adam Langley's avatar
      crypto/tls: allow renegotiation to be handled by a client. · af125a51
      Adam Langley authored 
      This change adds Config.Renegotiation which controls whether a TLS
client will accept renegotiation requests from a server. This is used,
for example, by some web servers that wish to “add” a client certificate
to an HTTPS connection.

This is disabled by default because it significantly complicates the
state machine.

Originally, handshakeMutex was taken before locking either Conn.in or
Conn.out. However, if renegotiation is permitted then a handshake may
be triggered during a Read() call. If Conn.in were unlocked before
taking handshakeMutex then a concurrent Read() call could see an
intermediate state and trigger an error. Thus handshakeMutex is now
locked after Conn.in and the handshake functions assume that Conn.in is
locked for the duration of the handshake.

Additionally, handshakeMutex used to protect Conn.out also. With the
possibility of renegotiation that's no longer viable and so
writeRecordLocked has been split off.

Fixes #5742.

Change-Id: I935914db1f185d507ff39bba8274c148d756a1c8
Reviewed-on: https://go-review.googlesource.com/22475


Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: default avatarRuss Cox <rsc@golang.org>
      af125a51
  31. 02 Mar, 2016 2 commits
    • Tamir Duberstein's avatar
      crypto/tls: check errors from (*Conn).writeRecord · 37c28759
      Tamir Duberstein authored 
      This promotes a connection hang during TLS handshake to a proper error.
This doesn't fully address #14539 because the error reported in that
case is a write-on-socket-not-connected error, which implies that an
earlier error during connection setup is not being checked, but it is
an improvement over the current behaviour.

Updates #14539.

Change-Id: I0571a752d32d5303db48149ab448226868b19495
Reviewed-on: https://go-review.googlesource.com/19990

Reviewed-by: default avatarAdam Langley <agl@golang.org>
      37c28759
    • Brad Fitzpatrick's avatar
      all: single space after period. · 5fea2ccc
      Brad Fitzpatrick authored 
      The tree's pretty inconsistent about single space vs double space
after a period in documentation. Make it consistently a single space,
per earlier decisions. This means contributors won't be confused by
misleading precedence.

This CL doesn't use go/doc to parse. It only addresses // comments.
It was generated with:

$ perl -i -npe 's,^(\s*// .+[a-z]\.)  +([A-Z]),$1 $2,' $(git grep -l -E '^\s*//(.+\.)  +([A-Z])')
$ go test go/doc -update

Change-Id: Iccdb99c37c797ef1f804a94b22ba5ee4b500c4f7
Reviewed-on: https://go-review.googlesource.com/20022

Reviewed-by: default avatarRob Pike <r@golang.org>
Reviewed-by: default avatarDave Day <djd@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
      5fea2ccc
  33. 28 Feb, 2016 2 commits
  35. 21 Aug, 2015 1 commit
  37. 05 Aug, 2015 1 commit
  39. 26 Apr, 2015 2 commits
  41. 16 Apr, 2015 1 commit
  43. 04 Apr, 2015 1 commit
  45. 18 Mar, 2015 1 commit
  47. 06 Mar, 2015 1 commit
  49. 04 Feb, 2015 1 commit
  51. 06 Jan, 2015 1 commit
    • Adam Langley's avatar
      crypto/tls: fix renegotiation extension. · ea64e578
      Adam Langley authored 
      There are two methods by which TLS clients signal the renegotiation
extension: either a special cipher suite value or a TLS extension.

It appears that I left debugging code in when I landed support for the
extension because there's a "+ 1" in the switch statement that shouldn't
be there.

The effect of this is very small, but it will break Firefox if
security.ssl.require_safe_negotiation is enabled in about:config.
(Although almost nobody does this.)

This change fixes the original bug and adds a test. Sadly the test is a
little complex because there's no OpenSSL s_client option that mirrors
that behaviour of require_safe_negotiation.

Change-Id: Ia6925c7d9bbc0713e7104228a57d2d61d537c07a
Reviewed-on: https://go-review.googlesource.com/1900

Reviewed-by: default avatarRuss Cox <rsc@golang.org>
Reviewed-by: default avatarBrad Fitzpatrick <bradfitz@golang.org>
      ea64e578
  53. 18 Dec, 2014 1 commit
  55. 16 Oct, 2014 1 commit
  57. 26 Sep, 2014 1 commit
  59. 08 Sep, 2014 1 commit
  61. 06 Aug, 2014 1 commit
  63. 05 Aug, 2014 1 commit
  65. 01 Jul, 2014 1 commit
  67. 24 Feb, 2014 1 commit
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7