GitLab

* commit 'dbc347b9':
  Remove direct reference to PROVIDER_NAME

* commit 'd704c478':
  Assert that the padding extension is enabled by default.

* commit '35f7742c':
  Make setEnabledProtocols/CipherSuites copy their inputs.

It's unnecessary and this is the only code that does it like this. It
casuses problems with unbundling since the PROVIDER_NAME can change when
used unbundled.

Bug: 15771893
Change-Id: I1450cf7033b0629e7b79616c3660ec12b8afb8d6

SSLSocket, SSLServerSocket, and SSLEngine offer setEnabledProtocols
and setEnabledCipherSuites methods which take an array of protocols
or cipher suites as input. If these methods store references to the
input arrays, then the internal state (lists of enabled protocols and
cipher suites) of SSLSocket, SSLServerSocket, and SSLEngine could be
modified without going through the setter methods of these classes.

Bug: 15753142
Change-Id: Ia5248050d81320ed1da99892278bd60872605f52

* commit 'f17361e7':
  Remove unnecessary comments in SSLParametersImpl.

This is a follow-up cleanup requested during the code review of
ae2ecac0.

Change-Id: I6c8ac2392c5f88ee732f5aa204e20cc1ee7e32d8

* commit 'b2713e36':
  Adjust the list of supported ECDHE-PSK cipher suites.

Change-Id: I1c8aa589e3274bfd3a5fc66c3e948828903c1966

* commit '8a624688':
  SSLParametersImpl is the source of enabled cipher suites and protocols.

* commit 'ecd29abc':
  Switch from core to core-libart

Bug: 14298175
Change-Id: I5035075f2453b692f86fff8fe852c954698e40ed

The SHA-2 based cipher suites cannot be used with SSLv3 but there is
no way to express that in OpenSSL's configuration. This CL thus
adjusts the list of supported cipher suites accordingly.

Bug: 15073623
Change-Id: I427c99f4c1c72690d95e5a3c63763631c41ddae2

* commit '69c36470':
  Use the new version of TLS Channel ID extension.

Bug: 14083889
Change-Id: I5fe0a1558184d44eb8a24bd92c0e7517937f3a5c

* commit '90c92a2b':
  Add support for a Google Play Services version of the JNI lib

* commit 'ea7cf2a1':
  Make TLS Channel ID tests use ECDHE_RSA key exchange.

TLS Channel ID requires ECDHE-based key exchange.

Change-Id: I722135c96a3ce700dcdf1646d2a71654923bb85c

* commit '1b60d4ff':
  Fix 64-bit build error.

Change-Id: I7ff48af2991fc03811c7874a974b9052934d27ae

* commit 'f24ba062':
  Add ability to wrap platform keys

This is mostly useful for unbundled Conscrypt currently when working
with KeyChain-based keys, but could be good for use with PKCS11-like
keys in other JSSE providers.

Bug: 15469749
Change-Id: I56bf2eaf3228bdf42d671437f4fffdafb8b47b12

* commit 'ba94b3df':
  Build conscrypt_unbundled using Gradle

* commit '47e40a5c':
  Move FileClientSessionCache to main directory

Change-Id: I96ae5539b6195ccbeb92af1beb7e78660ef757a1

Change-Id: I282c701b191d68bc4dcfa390505968f97a5c7d3c

Change-Id: Ie0d9f83e366c0b99994eb861ae567d454cbbea5b

* commit 'cc58989f':
  Remove deprecated WITH_HOST_DALVIK.

* commit 'fee2d0f1':
  Add more debugging for getting methods

When JNI registration fails, we should log it immediately to help
with debugging. Otherwise, it will tell you that you called a JNI
function with an exception pending.

Change-Id: I7cbba4d6639265a79a9d043d120f1a2bf72a85f7

Switch host build to clang as conscrypt uses C++11 and not all GCC
host compilers support it.

Bug: 13751317
Change-Id: I74ffdda695e47967b61a133c8b6fc52f6547a3a0

* commit 'ff12765d':
  Make default user CA storage location configurable

Allows overriding the defaults in misc/keychain/ with different
defaults, for example when the whole process uses another directory
and this needs to be reflected in every new TrustedCertificateStore
that is created.

Change-Id: I22db18178600668053a17517e9b47eef7b9be5ed

* commit 'f92e61e2':
  Move platform-only files out to separate directory