Commit Graph

108 Commits

Author SHA1 Message Date
Alex Brainman
ba4d79c54f crypto/tls: cleanup certificate load on windows
- correct syscall.CertEnumCertificatesInStore so it returns error
- remove "reflect" dependency

R=hectorchu, agl, rsc
CC=golang-dev, krautz
https://golang.org/cl/5441052
2011-12-01 12:38:00 -05:00
Adam Langley
c08ab14bad Add a []byte argument to hash.Hash to allow an allocation to be saved.
This is the result of running `gofix -r hashsum` over the tree, changing
the hash function implementations by hand and then fixing a couple of
instances where gofix didn't catch something.

The changed implementations are as simple as possible while still
working: I'm not trying to optimise in this CL.

R=rsc, cw, rogpeppe
CC=golang-dev
https://golang.org/cl/5448065
2011-12-01 12:35:37 -05:00
Russ Cox
37bb6649e2 use new time API
R=bradfitz, gri, r, dsymonds
CC=golang-dev
https://golang.org/cl/5390042
2011-11-30 12:01:46 -05:00
Joel Sing
ff828b16dd crypto/tls: add openbsd root certificate location
R=golang-dev, bradfitz
CC=golang-dev
https://golang.org/cl/5437079
2011-11-29 09:20:59 -05:00
Adam Langley
c9662b8656 crypto/tls: don't rely on map iteration order.
Previously we were using the map iteration order to set the order of
the cipher suites in the ClientHello.

R=bradfitz
CC=golang-dev
https://golang.org/cl/5440048
2011-11-28 15:34:16 -05:00
Adam Langley
82f6e24f53 crypto/x509, crypto/tls: support PKCS#8 private keys.
OpenSSL 1.0.0 has switched to generating PKCS#8 format private keys by
default. This change allows http.ListenAndServeTLS to work with either
types of keys.

See http://groups.google.com/group/golang-nuts/browse_thread/thread/84715b5f0c9e3c30/63a8a27b53e102a6

R=bradfitz
CC=golang-dev
https://golang.org/cl/5416059
2011-11-21 14:18:42 -05:00
Russ Cox
30373ac5f7 crypto/tls: fix handshake message test
This test breaks when I make reflect.DeepEqual
distinguish empty slices from nil slices.

R=agl
CC=golang-dev
https://golang.org/cl/5369110
2011-11-14 15:21:08 -05:00
Russ Cox
a070fcf2bd syscall: use error
- syscall (not os) now defines the Errno type.
- the low-level assembly functions Syscall, Syscall6, and so on
  return Errno, not uintptr
- syscall wrappers all return error, not uintptr.

R=golang-dev, mikioh.mikioh, r, alex.brainman
CC=golang-dev
https://golang.org/cl/5372080
2011-11-13 22:44:52 -05:00
Russ Cox
51b59f6a88 various: reduce overuse of os.EINVAL + others
R=golang-dev, r
CC=golang-dev
https://golang.org/cl/5372081
2011-11-13 22:42:42 -05:00
Rob Pike
1530d25d4f renaming_2: gofix -r go1pkgrename src/pkg/[a-l]*
R=rsc
CC=golang-dev
https://golang.org/cl/5358041
2011-11-08 15:40:58 -08:00
Vincent Vanackere
3d2f7f086e all: rename os.EOF to io.EOF in various non-code contexts
R=golang-dev, r
CC=golang-dev
https://golang.org/cl/5334050
2011-11-03 14:01:30 -07:00
Russ Cox
4fa24e9f66 all: sort imports
R=golang-dev, r
CC=golang-dev
https://golang.org/cl/5319072
2011-11-02 15:54:16 -04:00
Russ Cox
da5cf2d336 all: rename os.Error to error in various non-code contexts
R=adg
CC=golang-dev
https://golang.org/cl/5328062
2011-11-01 22:58:09 -04:00
Russ Cox
107fb7400c src/pkg/[a-m]*: gofix -r error -force=error
R=golang-dev, iant
CC=golang-dev
https://golang.org/cl/5322051
2011-11-01 22:04:37 -04:00
Russ Cox
bc69be28e7 crypto/tls: add Error method to alert
alerts get used as both values and errors.
Rather than introduce an alertError wrapper,
this CL just adds an Error method, which will
satisfy the error interface when the time comes.

R=agl, bradfitz
CC=golang-dev
https://golang.org/cl/5294073
2011-10-27 19:42:32 -07:00
Adam Langley
dcbc7ee6c7 http, crypto/tls: fix read timeouts and closing.
tls.Conn.Close() didn't close the underlying connection and tried to
do a handshake in order to send the close notify alert.

http didn't look for errors from the TLS handshake.

Fixes #2281.

R=bradfitz
CC=golang-dev
https://golang.org/cl/5283045
2011-10-18 12:59:32 -04:00
Mikkel Krautz
0fef8ff181 crypto/tls: fix broken looping code in windows root CA fetcher
R=alex.brainman, hectorchu, rsc
CC=golang-dev
https://golang.org/cl/5263045
2011-10-14 12:26:38 -04:00
Alex Brainman
908d8ff498 crypto/tls: disable root cert fetching to fix windows build
R=golang-dev
CC=golang-dev
https://golang.org/cl/5267044
2011-10-14 17:53:01 +11:00
Mikkel Krautz
4b68d836de crypto/tls: fetch root CA from Windows store
R=rsc
CC=golang-dev
https://golang.org/cl/5281044
2011-10-13 22:58:19 -04:00
Russ Cox
382d395ebb crypto/tls: more Unix root certificate locations
Hard work done by
http://mercurial.selenic.com/wiki/CACertificates

R=golang-dev, gri
CC=golang-dev
https://golang.org/cl/5276043
2011-10-13 16:17:15 -04:00
Mikkel Krautz
7697013b51 crypto/tls: fetch root certificates using Mac OS API
Fixes #1009.

R=adg, rsc
CC=golang-dev
https://golang.org/cl/5262041
2011-10-13 13:59:13 -04:00
Louis Kruger
0d32935135 crypto/tls: add 3DES ciphersuites
The following ciphersuites are added:
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
This change helps conform to the TLS1.1 standard because
the first ciphersuite is "mandatory" in RFC4346

R=golang-dev, agl, rsc
CC=golang-dev
https://golang.org/cl/5164042
2011-10-11 13:07:32 -04:00
Adam Langley
0078a89874 crypto/tls: forgot this file in the last change.
R=bradfitz
CC=golang-dev
https://golang.org/cl/5244042
2011-10-08 10:11:38 -04:00
Adam Langley
6f1dcf99be crypto/tls: add server side SNI support.
With this in place, a TLS server is capable of selecting the correct
certificate based on the client's ServerNameIndication extension.

The need to call Config.BuildNameToCertificate is unfortunate, but
adding a sync.Once to the Config structure made it uncopyable and I
felt that was too high a price to pay. Parsing the leaf certificates
in each handshake was too inefficient to consider.

R=bradfitz, rsc
CC=golang-dev
https://golang.org/cl/5151048
2011-10-08 10:06:53 -04:00
Adam Langley
76c2ff557a crypto/tls: support SSLv3
It would be nice not to have to support this since all the clients
that we care about support TLSv1 by now. However, due to buggy
implementations of SSLv3 on the Internet which can't do version
negotiation correctly, browsers will sometimes switch to SSLv3. Since
there's no good way for a browser tell a network problem from a buggy
server, this downgrade can occur even if the server in question is
actually working correctly.

So we need to support SSLv3 for robustness :(

Fixes #1703.

R=bradfitz
CC=golang-dev
https://golang.org/cl/5018045
2011-09-14 15:32:19 -04:00
Russ Cox
39082848cf crypto/tls: handle non-TLS more robustly
Fixes #2253.

R=agl
CC=golang-dev
https://golang.org/cl/4960066
2011-09-12 16:52:49 -04:00
Robert Griesemer
5085d142c2 go/printer: changed max. number of newlines from 3 to 2
manual changes in src/pkg/go/printer, src/cmd/gofix/signal_test.go
(cd src/cmd/gofix/testdata; gofmt -w *.in *.out)
(cd src/pkg/go/printer; gotest -update)
gofmt -w misc src

runs all tests

R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/4715041
2011-07-14 14:39:40 -07:00
Adam Langley
9c8b32c2d6 crypto/tls: fix generate_cert.go
Fixes #2030.

R=golang-dev, gri
CC=golang-dev
https://golang.org/cl/4635092
2011-07-06 16:22:21 -04:00
Robert Griesemer
a5b2e93aa2 os.Error API: don't export os.ErrorString, use os.NewError consistently
This is a core API change.

1) gofix misc src
2) Manual adjustments to the following files under src/pkg:
   gob/decode.go
   rpc/client.go
   os/error.go
   io/io.go
   bufio/bufio.go
   http/request.go
   websocket/client.go
as well as:
   src/cmd/gofix/testdata/*.go.in (reverted)
   test/fixedbugs/bug243.go
3) Implemented gofix patch (oserrorstring.go) and test case (oserrorstring_test.go)

Compiles and runs all tests.

R=r, rsc, gri
CC=golang-dev
https://golang.org/cl/4607052
2011-06-22 10:52:47 -07:00
Russ Cox
35e8279c86 respect goto restrictions
R=gri
CC=golang-dev
https://golang.org/cl/4625044
2011-06-17 06:07:13 -04:00
Adam Langley
5a4918e635 crypto: reorg, cleanup and add function for generating CRLs.
This change moves a number of common PKIX structures into
crypto/x509/pkix, from where x509, and ocsp can reference
them, saving duplication. It also removes x509/crl and merges it into
x509 and x509/pkix.

x509 is changed to take advantage of the big.Int support that now
exists in asn1. Because of this, the public/private key pair in
http/httptest/server.go had to be updated because it was serialised
with an old version of the code that didn't zero pad ASN.1 INTEGERs.

R=bradfitz, rsc
CC=golang-dev
https://golang.org/cl/4532115
2011-06-06 10:35:46 -04:00
Rob Pike
1b7f4ea6c3 crypto/tls/generate_cert.go: fix misspelling of O_CREATE.
Fixes #1888.

R=ken
CC=golang-dev
https://golang.org/cl/4515148
2011-05-27 21:06:50 +10:00
Robert Hencke
3bdd4f3140 pkg: spelling tweaks, A-H
R=ality, bradfitz, rsc, dsymonds, adg, qyzhai, dchest
CC=golang-dev
https://golang.org/cl/4536063
2011-05-18 13:14:56 -04:00
Adam Langley
cf7be9b458 crypto/tls: export the verified chains.
The verified chains are the chains that were actually verified.

R=bradfitz
CC=golang-dev
https://golang.org/cl/4462046
2011-05-05 13:44:36 -04:00
Russ Cox
f23d109356 fix tree for reflect rename
R=golang-dev, r
CC=golang-dev
https://golang.org/cl/4435067
2011-04-25 13:39:36 -04:00
Adam Langley
c282fa0f0b crypto/tls: use time(), not Time().
The unexported version returns a sensible default when the user hasn't
set a value. The exported version crashes in that case.

R=bradfitzgo, rsc1
CC=golang-dev
https://golang.org/cl/4435070
2011-04-25 10:27:36 -04:00
Adam Langley
de4a706aa9 crypto/rsa: support > 3 primes.
With full multi-prime support we can support version 1 PKCS#1 private
keys. This means exporting all the members of rsa.PrivateKey, thus
making the API a little messy. However there has already been another
request to export this so it seems to be something that's needed.

Over time, rsa.GenerateMultiPrimeKey will replace rsa.GenerateKey, but
I need to work on the prime balance first because we're no longer
generating primes which are a multiples of 8 bits.

Fixes #987.

R=rsc
CC=golang-dev
https://golang.org/cl/4378046
2011-04-22 15:33:41 -04:00
Nigel Tao
5a11e9ba00 src/pkg: make package doc comments consistently start with "Package foo".
R=rsc
CC=golang-dev
https://golang.org/cl/4442064
2011-04-20 09:57:05 +10:00
Adam Langley
24df228d7a crypto: move certificate verification into x509.
People have a need to verify certificates in situations other than TLS
client handshaking. Thus this CL moves certificate verification into
x509 and expands its abilities.

R=bradfitzgo
CC=golang-dev
https://golang.org/cl/4407046
2011-04-19 09:57:58 -04:00
Adam Langley
4f813669cb crypto/tls: add server-side OCSP stapling support.
We already had support on the client side. I also changed the name of
the flag in the ServerHello structure to match the name of the same
flag in the ClientHello (ocspStapling).

R=bradfitzgo
CC=golang-dev
https://golang.org/cl/4408044
2011-04-14 14:47:28 -04:00
Robert Griesemer
8cf428d710 gofmt: gofmt -s -w src misc
R=r, bradfitzwork
CC=golang-dev
https://golang.org/cl/4406044
2011-04-13 15:13:59 -07:00
Russ Cox
32d22d1fb1 gofix: don't rewrite O_APPEND opens
R=r, rog
CC=golang-dev
https://golang.org/cl/4364041
2011-04-05 11:12:02 -04:00
Rob Pike
abbbdb168d os: New Open API.
We replace the current Open with:
OpenFile(name, flag, perm) // same as old Open
Open(name) // same as old Open(name, O_RDONLY, 0)
Create(name) // same as old Open(name, O_RDWR|O_TRUNC|O_CREAT, 0666)

This CL includes a gofix module and full code updates: all.bash passes.
(There may be a few comments I missed.)

The interesting packages are:
        gofix
        os
Everything else is automatically generated except for hand tweaks to:
        src/pkg/io/ioutil/ioutil.go
        src/pkg/io/ioutil/tempfile.go
        src/pkg/crypto/tls/generate_cert.go
        src/cmd/goyacc/goyacc.go
        src/cmd/goyacc/units.y

R=golang-dev, bradfitzwork, rsc, r2
CC=golang-dev
https://golang.org/cl/4357052
2011-04-04 23:42:14 -07:00
Brad Fitzpatrick
1721e53cdf httptest: add NewTLSServer
Enables the use of https servers in tests.

R=agl, rsc, agl1
CC=golang-dev
https://golang.org/cl/4284063
2011-04-04 08:32:59 -07:00
Adam Langley
78f486a80c crypto/tls: extend NPN support to the client.
R=bradfitzgo, rsc1, bradfitzwork
CC=golang-dev
https://golang.org/cl/4277085
2011-03-29 17:53:09 -04:00
Russ Cox
9fe949aa97 net: drop laddr from Dial, cname from LookupHost; new functions
Drop laddr argument from Dial.

Drop cname return from LookupHost.

Add LookupIP, LookupCNAME, ParseCIDR, IP.Equal.
Export SplitHostPort, JoinHostPort.
Add AAAA (IPv6) support to host lookups.

Preparations for implementing some of the
lookups using cgo.

ParseCIDR and IP.Equal are logically new in this CL
but accidentally snuck into an earlier CL about unused
labels that was in the same client.

In crypto/tls, drop laddr from Dial to match net.

R=golang-dev, dsymonds, adg, rh
CC=golang-dev
https://golang.org/cl/4244055
2011-03-28 23:28:42 -04:00
Rob Pike
dc6468fcf1 testing: shorten some more tests
R=rsc
CC=golang-dev
https://golang.org/cl/4314044
2011-03-26 11:25:22 -07:00
Dave Cheney
a39229ebc1 crypto/tls: fix compile error
Fixes #1555.

R=rsc, bradfitzgo
CC=golang-dev
https://golang.org/cl/4284047
2011-03-12 19:35:41 -08:00
Brad Fitzpatrick
36cddf2fc1 tls: move PeerCertificates to ConnectionState
R=agl, agl1
CC=golang-dev, rsc
https://golang.org/cl/4248078
2011-03-10 07:22:53 -08:00
Kyle Consalus
6e38ce296e Make.pkg, doc: Replace references to "-benchmarks" and "-match" with "-test.bench" and "-test.run".
R=r
CC=golang-dev
https://golang.org/cl/4197041
2011-02-22 20:23:21 -08:00