GitLab

am: 5d827183

* commit '5d827183':
  X509 certificates: exception for no Signature provider found

am: 3892ccde

* commit '3892ccde':
  X509 certificates: exception for no Signature provider found

If the X.509 certificate's signature algorithm OID is not satisfied by
any provider registered, a NoSuchAlgorithmException should be thrown.
The previous behavior was an unchecked NullPointerException was thrown
during the attempt to set up the (actually null) signature instance.

Bug: 26954162
Change-Id: Iac3e27c823580738a54d75a45d39411456934dd5

Change-Id: Ibf746a1c9d459e87aca1a63b7aef54e6ab262445

am: 50dcd032

* commit '50dcd032':
  Add handshake session and ExtendedX509TrustManager support

This enables the new API to specify when a host should be verified by
hostname. Before there was no public API that was capable of indicating
to the TrustManager which DNS hostname you were intending to connect
with.

Change-Id: Ic5845d1e93f02b54d971673a280d0a3571739fbf

am: 84ea487b

* commit '84ea487b':
  Add getFileDescriptor$ call for compat

am: 346d38ac

* commit '346d38ac':
  Add getFileDescriptor$ call for compat

Newer Android versions have implemented getFileDescriptor$ to fix a bug
in Conscrypt since libcore commit
5d3f5200f3511c9a7107bcc0a996c7afa1b39aaf which has continued to do the
right thing. Use this method instead since newer versions don't
necessarily set the "impl" field on Socket instances.

Bug: 25857624
Change-Id: I64fbda844ea3b632023822f1436bd674852e327a

am: 84fa713b

* commit '84fa713b':
  Revert "Revert "Add ExtendedSSLSession, et al.""

am: ce18fe69

* commit 'ce18fe69':
  Revert "Revert "Add ExtendedSSLSession, et al.""

This reverts commit 132c311d.

Some stubs were neded to allow building on unbundled builds.

Change-Id: I713d00923eecac7e323d53e561cf509794cc4fd4

am: 85ef1e25

* commit '85ef1e25':
  Revert "Add ExtendedSSLSession, et al."

am: 132c311d

* commit '132c311d':
  Revert "Add ExtendedSSLSession, et al."

This reverts commit 38d12ed4.

This breaks the unbundled build because of OpenSSLExtendedSessionImpl.

Change-Id: I73951a6f1d5cb14c70cd807c2c895bbbdc4c8e40

am: b12cf067

* commit 'b12cf067':
  Add ExtendedSSLSession, et al.

am: 38d12ed4

* commit '38d12ed4':
  Add ExtendedSSLSession, et al.

In order to support SNI certificate selection of the server-side and
enhanced certificate verification on the client side, we add
ExtendedSSLSession and the getHandshakeSession support.

This is just to set up for future implementations of SNI and
ExtendedX509TrustManager and doesn't actually implement the logic needed
to fully support the new features.

Change-Id: I300d3134d8ab9c184d6473183612dc53658a8221

am: 0278b99b

* commit '0278b99b':
  Add ChaCha20-Poly1305 as an enabled cipher suite

am: 6f9dffd8

* commit '6f9dffd8':
  Add ChaCha20-Poly1305 as an enabled cipher suite

Change-Id: Idc143d37c63cf3436ccdddc22abcb11802fc6615

am: 98274583

* commit '98274583':
  Compare keys using encoded form as a fallback

am: e06e7423

* commit 'e06e7423':
  Compare keys using encoded form as a fallback

PublicKey.equals is not required to return true on the same public key
but from different providers, this causes incorrect lookup failures when
the key comes from keystore.

Change-Id: Iaedaa91c64eeede1d5021430c015aac746afbc97

am: 34382647

* commit '34382647':
  Make OpenSSLX509Certificate.hashCode match the RI

am: 45fad1a9

* commit '45fad1a9':
  Make OpenSSLX509Certificate.hashCode match the RI

Use super.hashCode to make sure that hashCode matches the RI. Since the
underlying certificate (and therefore the hashcode) is immutable the
value is cached after the first call to avoid needlessly recomputing the
hash.

Bug:26386620
Change-Id: Ic480b48e57144ac730a33dcc313cdff57fe71157

am: 49b9ae20  -s ours

* commit '49b9ae20':

am: 25f8f983

* commit '25f8f983':

am: 4ddae91b

* commit '4ddae91b':

am: dfeefc23

* commit 'dfeefc23':

am: 7dc2b75e

* commit '7dc2b75e':

am: bad46e59

* commit 'bad46e59':