Commit Graph

77 Commits

Author SHA1 Message Date
Russ Cox
51b59f6a88 various: reduce overuse of os.EINVAL + others
R=golang-dev, r
CC=golang-dev
https://golang.org/cl/5372081
2011-11-13 22:42:42 -05:00
Vincent Vanackere
3d2f7f086e all: rename os.EOF to io.EOF in various non-code contexts
R=golang-dev, r
CC=golang-dev
https://golang.org/cl/5334050
2011-11-03 14:01:30 -07:00
Russ Cox
da5cf2d336 all: rename os.Error to error in various non-code contexts
R=adg
CC=golang-dev
https://golang.org/cl/5328062
2011-11-01 22:58:09 -04:00
Russ Cox
107fb7400c src/pkg/[a-m]*: gofix -r error -force=error
R=golang-dev, iant
CC=golang-dev
https://golang.org/cl/5322051
2011-11-01 22:04:37 -04:00
Adam Langley
dcbc7ee6c7 http, crypto/tls: fix read timeouts and closing.
tls.Conn.Close() didn't close the underlying connection and tried to
do a handshake in order to send the close notify alert.

http didn't look for errors from the TLS handshake.

Fixes #2281.

R=bradfitz
CC=golang-dev
https://golang.org/cl/5283045
2011-10-18 12:59:32 -04:00
Adam Langley
0078a89874 crypto/tls: forgot this file in the last change.
R=bradfitz
CC=golang-dev
https://golang.org/cl/5244042
2011-10-08 10:11:38 -04:00
Adam Langley
76c2ff557a crypto/tls: support SSLv3
It would be nice not to have to support this since all the clients
that we care about support TLSv1 by now. However, due to buggy
implementations of SSLv3 on the Internet which can't do version
negotiation correctly, browsers will sometimes switch to SSLv3. Since
there's no good way for a browser tell a network problem from a buggy
server, this downgrade can occur even if the server in question is
actually working correctly.

So we need to support SSLv3 for robustness :(

Fixes #1703.

R=bradfitz
CC=golang-dev
https://golang.org/cl/5018045
2011-09-14 15:32:19 -04:00
Russ Cox
39082848cf crypto/tls: handle non-TLS more robustly
Fixes #2253.

R=agl
CC=golang-dev
https://golang.org/cl/4960066
2011-09-12 16:52:49 -04:00
Robert Griesemer
a5b2e93aa2 os.Error API: don't export os.ErrorString, use os.NewError consistently
This is a core API change.

1) gofix misc src
2) Manual adjustments to the following files under src/pkg:
   gob/decode.go
   rpc/client.go
   os/error.go
   io/io.go
   bufio/bufio.go
   http/request.go
   websocket/client.go
as well as:
   src/cmd/gofix/testdata/*.go.in (reverted)
   test/fixedbugs/bug243.go
3) Implemented gofix patch (oserrorstring.go) and test case (oserrorstring_test.go)

Compiles and runs all tests.

R=r, rsc, gri
CC=golang-dev
https://golang.org/cl/4607052
2011-06-22 10:52:47 -07:00
Robert Hencke
3bdd4f3140 pkg: spelling tweaks, A-H
R=ality, bradfitz, rsc, dsymonds, adg, qyzhai, dchest
CC=golang-dev
https://golang.org/cl/4536063
2011-05-18 13:14:56 -04:00
Adam Langley
cf7be9b458 crypto/tls: export the verified chains.
The verified chains are the chains that were actually verified.

R=bradfitz
CC=golang-dev
https://golang.org/cl/4462046
2011-05-05 13:44:36 -04:00
Adam Langley
24df228d7a crypto: move certificate verification into x509.
People have a need to verify certificates in situations other than TLS
client handshaking. Thus this CL moves certificate verification into
x509 and expands its abilities.

R=bradfitzgo
CC=golang-dev
https://golang.org/cl/4407046
2011-04-19 09:57:58 -04:00
Adam Langley
78f486a80c crypto/tls: extend NPN support to the client.
R=bradfitzgo, rsc1, bradfitzwork
CC=golang-dev
https://golang.org/cl/4277085
2011-03-29 17:53:09 -04:00
Brad Fitzpatrick
36cddf2fc1 tls: move PeerCertificates to ConnectionState
R=agl, agl1
CC=golang-dev, rsc
https://golang.org/cl/4248078
2011-03-10 07:22:53 -08:00
Adam Langley
954c3ec034 crypto/tls: add ECDHE support
(ECDHE is "Elliptic Curve Diffie Hellman Ephemeral")

R=rsc
CC=golang-dev
https://golang.org/cl/3668042
2010-12-16 17:10:50 -05:00
Adam Langley
50ac183397 crypto/tls: support CBC ciphers
This is largely based on ality's CL 2747042.

crypto/rc4: API break in order to conform to crypto/cipher's
Stream interface

cipher/cipher: promote to the default build

Since CBC differs between TLS 1.0 and 1.1, we downgrade and
support only 1.0 at the current time. 1.0 is what most of the
world uses.

Given this CL, it would be trival to add support for AES 256,
SHA 256 etc, but I haven't in order to keep the change smaller.

R=rsc
CC=ality, golang-dev
https://golang.org/cl/3659041
2010-12-15 11:49:55 -05:00
Kyle Consalus
67c5445327 Removed bytes.Add and bytes.AddByte; we now have 'append'.
Changed all uses of bytes.Add (aside from those testing bytes.Add) to append(a, b...).
Also ran "gofmt -s" and made use of copy([]byte, string) in the fasta benchmark.

R=golang-dev, r, r2
CC=golang-dev
https://golang.org/cl/3302042
2010-12-01 11:59:13 -08:00
Adam Langley
597324882f crypto/tls: make SetReadTimeout work.
Fixes #1181.

R=rsc, agl1, cw, r2
CC=golang-dev
https://golang.org/cl/2414041
2010-10-11 10:41:01 -04:00
Adam Langley
ed8da7bff6 Fix certificate validation.
asn1: add support for T61String because this is the string type which
    several www.google.com certificates are now using for fields like
    CommonName
tls: force a handshake in Dial so that certificates are ready
    afterwards.

Fixes #1114.

R=rsc
CC=golang-dev
https://golang.org/cl/2216043
2010-09-20 10:32:08 -04:00
Russ Cox
657e8dab30 http: check https certificate against host name
Fixes #1093.

R=agl, agl1
CC=golang-dev
https://golang.org/cl/2115045
2010-09-11 23:41:12 -04:00
Adam Langley
4c5892dcab crypto/tls: don't return an error from Close()
Fixes #1037.

R=adg, rsc1
CC=golang-dev
https://golang.org/cl/2107048
2010-09-10 15:55:35 -04:00
Evan Shaw
99e338e9ec crypto/tls: Fix doc typo
R=golang-dev, adg
CC=golang-dev
https://golang.org/cl/2073041
2010-08-30 09:59:59 +10:00
Mikkel Krautz
e85c1c3393 crypto/tls: client certificate support.
This changeset implements client certificate support in crypto/tls
for both handshake_server.go and handshake_client.go

The updated server implementation sends an empty CertificateAuthorities
field in the CertificateRequest, thus allowing clients to send any
certificates they wish. Likewise, the client code will only respond
with its certificate when the server requests a certificate with this
field empty.

R=agl, rsc, agl1
CC=golang-dev
https://golang.org/cl/1975042
2010-08-16 11:22:22 -04:00
Adam Langley
cbf5c897cb crypto/tls: add client-side SNI support and PeerCertificates.
SNI (Server Name Indication) is a way for a TLS client to
indicate to the server which name it knows the server by. This
allows the server to have several names and return the correct
certificate for each (virtual hosting).

PeerCertificates returns the list of certificates presented by
server.

R=r
CC=golang-dev
https://golang.org/cl/1741053
2010-07-21 11:36:01 -04:00
Adam Langley
a54a4371e7 crypto/tls: add client OCSP stapling support.
R=r, rsc
CC=golang-dev
https://golang.org/cl/1750042
2010-07-14 10:40:15 -04:00
Russ Cox
06f6131702 changes &x -> x[0:] for array to slice conversion
R=gri
CC=golang-dev
https://golang.org/cl/1326042
2010-05-27 14:51:47 -07:00
Russ Cox
751062bb0e crypto/tls: simpler implementation of record layer
Depends on CL 957045, 980043, 1004043.
Fixes #715.

R=agl1, agl
CC=golang-dev
https://golang.org/cl/943043
2010-04-26 22:19:04 -07:00