- 20 Jan, 2016 10 commits
-
-
-
Chad Brubaker authored
am: b65bd711 * commit 'b65bd711': Cache intermediate CA separately
-
-
Chad Brubaker authored
am: 7e3bc71b * commit '7e3bc71b': Cache intermediate CA separately
-
Chad Brubaker authored
am: 825390d5 * commit '825390d5': Prevent duplicate certificates in TrustedCertificateIndex
-
Chad Brubaker authored
am: edac1314 * commit 'edac1314': Cache intermediate CA separately
-
Chad Brubaker authored
am: 1a86d309 * commit '1a86d309': Prevent duplicate certificates in TrustedCertificateIndex
-
Chad Brubaker authored
am: 2138a380 * commit '2138a380': Cache intermediate CA separately
-
Chad Brubaker authored
am: 4c9f9c22 * commit '4c9f9c22': Prevent duplicate certificates in TrustedCertificateIndex
-
Chad Brubaker authored
am: c4ab1b95 * commit 'c4ab1b95': Cache intermediate CA separately
-
- 19 Jan, 2016 2 commits
-
-
Chad Brubaker authored
With the separate caching of intermediate certificates in TrustManagerImpl a given intermediate may be passed into .index multiple times. Avoid adding the certificate to the list each time. (cherry-picked from commit d080e064) Bug: 26232830 Change-Id: I6bed2c65d9e42e052b9b1b129200a997e7dca745
-
Chad Brubaker authored
Intermediate CAs are cached in order to support servers that fail to sent a complete chain to a root. These certificates should be cached to support these servers but these certificates must not be trusted as trust anchors. Store them separately to prevent confusion between trusted roots and cached intermediates. (cherry-picked from commit 198aca1f) Bug: 26232830 Change-Id: I520f50729b55fc7412c7d133335bc9e3c190bbf6
-
- 05 Oct, 2015 1 commit
-
-
Kenny Root authored
This adds support for the latest BoringSSL revision and fixes quite a few bugs. Change-Id: I6eafb04d7c15d3b365191d1fe2fe107308cea894
-
- 03 Oct, 2015 8 commits
-
-
David Benjamin authored
* commit 'c061be0f': Remove OpenSSLEngine.getSecretKeyById.
-
Adam Langley authored
* commit '59c13044': Remove references to OpenSSL's |wbuf|.
-
David Benjamin authored
* commit 'ec8f7ef3': Switch OpenSSLMac from EVP_PKEY_HMAC to HMAC_CTX.
-
Kenny Root authored
-
David Benjamin authored
This codepath was never completed and has since been superceded by the AndrodKeyStore work and not useful for Conscrypt since all HMAC keys in TLS are derived from the key exchange. (cherry picked from commit 922aa71c) Change-Id: Id8dd7cd63f19ee8f2c07edbfcb503c568da45f92
-
Adam Langley authored
The |wbuf| member is an internal field that disappears in the latest BoringSSL revision. Also, it doesn't appear to be neccessary: SSL_write won't report that bytes were written until the record has hit the transport, so there's no need to be sensitive to an implementation detail. (See also cl/100529082.) (cherry picked from commit eced839c) Change-Id: I036bb7ebf69649025967a2af467313d7676e62ca
-
David Benjamin authored
EVP_PKEY_HMAC is just a wrapper over HMAC_CTX, so this is slightly more efficient. This is also the last consumer of BoringSSL's EVP_PKEY_HMAC, so the API may be removed after this. (cherry picked from commit a0014219) Change-Id: I545914b429b23631efd3cacaa22c6d2e7d165fab
-
Adam Langley authored
This change tweaks things as needed so that the code will compile against both the BoringSSL that's currently in Android and a version from upstream. The BORINGSSL_201509 define is temporary to allow the switch to happen without breaking the build and a followup change will remove it. (cherry picked from commit f417aca8) Change-Id: Ie60d8fc4d88154feaca8ab5ea85645b78a85640f
-
- 02 Oct, 2015 8 commits
-
-
Kenny Root authored
Change-Id: Ia38d49f07f298967d4a42ceb2b3c63a9ee8a29af
-
Kenny Root authored
* commit 'fc62838b': Move BlockGuard and CloseGuard to Platform
-
Kenny Root authored
* commit '126ec77a': Move BlockGuard and CloseGuard to Platform
-
Kenny Root authored
This was causing issues on Gingerbread devices since CloseGuard was not in that release yet. Move them out to Platform so we can filter on release when we decide whether to instantiate or not. (cherry picked from commit 126ec77a) Bug: 24607028 Change-Id: Iba0bbb0b878076319ace40f848aa5e307e2c3ad8
-
Kenny Root authored
This was causing issues on Gingerbread devices since CloseGuard was not in that release yet. Move them out to Platform so we can filter on release when we decide whether to instantiate or not. Bug: 24607028 Change-Id: Iba0bbb0b878076319ace40f848aa5e307e2c3ad8
-
Paul Lietar authored
* commit 'a6c6deb1': ct: Add code to verify timestamps for certificates.
-
Paul Lietar authored
* commit '9a648e90': ct: Add code to verify timestamps for certificates.
-
Paul Lietar authored
This change only provides the implementation. The verifier is not invoked during handshake yet. Change-Id: I4c270e518f0fc678972cbfe5f8da6f46874dc306
-
- 01 Oct, 2015 11 commits
-
-
Paul Lietar authored
* commit '7fd087f5': ct: Add basic data structures and serialization routines.
-
Kenny Root authored
* commit '68b4b9f5': NativeCrypto: Add TLS SCT extension support.
-
Paul Lietar authored
* commit '05f3b16a': ct: Add basic data structures and serialization routines.
-
Kenny Root authored
* commit 'a5e36192': NativeCrypto: Add TLS SCT extension support.
-
Kenny Root authored
* commit 'ea436918': NativeCrypto: support OCSP stapling
-
Kenny Root authored
* commit 'c25fff23': NativeCrypto: add method to extract extensions from an OCSP response.
-
Paul Lietar authored
This is to prepare for the implementation of Certificate Transparency in conscrypt. These structures are described by RFC6962. Change-Id: Ic2b53a1ac009d58fc0e6ca23b8d9170d921f715c
-
Kenny Root authored
-
Kenny Root authored
* commit '95067e1c': NativeCrypto: support OCSP stapling
-
Kenny Root authored
Change-Id: I48fba18a177802720f67b1d1b0b77cafe9b0c4e8
-
Kenny Root authored
-
