Commit Graph

454 Commits

Author SHA1 Message Date
Rob Pike
45b573322e tls: fix argument mistake in Error call.
R=agl, agl1, rsc
CC=golang-dev
https://golang.org/cl/3753041
2010-12-17 13:47:52 -08:00
Adam Langley
9d188d7c03 crypto/tls: missed a file
R=rsc
CC=golang-dev
https://golang.org/cl/3674043
2010-12-16 17:14:02 -05:00
Adam Langley
954c3ec034 crypto/tls: add ECDHE support
(ECDHE is "Elliptic Curve Diffie Hellman Ephemeral")

R=rsc
CC=golang-dev
https://golang.org/cl/3668042
2010-12-16 17:10:50 -05:00
Adam Langley
4dcd8890aa crypto/tls: check in support code.
This support code helps in generating the handshake scripts
which are used for testing.

R=rsc, ality
CC=golang-dev
https://golang.org/cl/3680041
2010-12-16 10:39:53 -05:00
Adam Langley
effe736267 crypto/tls: commit fixes which I hadn't saved.
R=rsc
CC=golang-dev
https://golang.org/cl/3685041
2010-12-15 13:58:57 -05:00
Adam Langley
50ac183397 crypto/tls: support CBC ciphers
This is largely based on ality's CL 2747042.

crypto/rc4: API break in order to conform to crypto/cipher's
Stream interface

cipher/cipher: promote to the default build

Since CBC differs between TLS 1.0 and 1.1, we downgrade and
support only 1.0 at the current time. 1.0 is what most of the
world uses.

Given this CL, it would be trival to add support for AES 256,
SHA 256 etc, but I haven't in order to keep the change smaller.

R=rsc
CC=ality, golang-dev
https://golang.org/cl/3659041
2010-12-15 11:49:55 -05:00
Anthony Martin
368c7fa03e crypto/tls: use rand.Reader in cert generation example
R=rsc, agl1
CC=golang-dev
https://golang.org/cl/3536043
2010-12-14 12:22:28 -05:00
Russ Cox
f98d01fb7e crypto/tls: add *Config argument to Dial
Document undocumented exported names.
Allow nil Rand, Time, RootCAs in Config.

Fixes #1248.

R=agl1
CC=golang-dev
https://golang.org/cl/3481042
2010-12-07 16:15:15 -05:00
Christian Himpel
24b6f5d63e crypto/tls: fix build of certificate generation example
R=agl1, rsc
CC=golang-dev
https://golang.org/cl/3366041
2010-12-07 16:14:55 -05:00
Kyle Consalus
67c5445327 Removed bytes.Add and bytes.AddByte; we now have 'append'.
Changed all uses of bytes.Add (aside from those testing bytes.Add) to append(a, b...).
Also ran "gofmt -s" and made use of copy([]byte, string) in the fasta benchmark.

R=golang-dev, r, r2
CC=golang-dev
https://golang.org/cl/3302042
2010-12-01 11:59:13 -08:00
Adam Langley
93eb884c98 crypto/tls: use pool building for certificate checking
Previously we checked the certificate chain from the leaf
upwards and expected to jump from the last cert in the chain to
a root certificate.

Although technically correct, there are a number of sites with
problems including out-of-order certs, superfluous certs and
missing certs.

The last of these requires AIA chasing, which is a lot of
complexity. However, we can address the more common cases by
using a pool building algorithm, as browsers do.

We build a pool of root certificates and a pool from the
server's chain. We then try to build a path to a root
certificate, using either of these pools.

This differs from the behaviour of, say, Firefox in that Firefox
will accumulate intermedite certificate in a persistent pool in
the hope that it can use them to fill in gaps in future chains.

We don't do that because it leads to confusing errors which only
occur based on the order to sites visited.

This change also enabled SNI for tls.Dial so that sites will return
the correct certificate chain.

R=rsc
CC=golang-dev
https://golang.org/cl/2916041
2010-11-05 09:54:56 -04:00
Russ Cox
8fe46b4768 use append
R=gri, r, r2
CC=golang-dev
https://golang.org/cl/2743042
2010-10-27 19:47:23 -07:00
Robert Griesemer
b1f31f442e gofmt -s -w src misc
R=r, rsc
CC=golang-dev
https://golang.org/cl/2662041
2010-10-22 10:06:33 -07:00
Rob Pike
feb7be32ae log: new interface
New logging interface simplifies and generalizes.

1) Loggers now have only one output.
2) log.Stdout, Stderr, Crash and friends are gone.
	Logging is now always to standard error by default.
3) log.Panic* replaces log.Crash*.
4) Exiting and panicking are not part of the logger's state; instead
	the functions Exit* and Panic* simply call Exit or panic after
	printing.
5) There is now one 'standard logger'.  Instead of calling Stderr,
	use Print etc.  There are now triples, by analogy with fmt:
		Print, Println, Printf
	What was log.Stderr is now best represented by log.Println,
	since there are now separate Print and Println functions
	(and methods).
6) New functions SetOutput, SetFlags, and SetPrefix allow global
	editing of the standard logger's properties.   This is new
	functionality. For instance, one can call
		log.SetFlags(log.Lshortfile|log.Ltime|log.Lmicroseconds)
	to get all logging output to show file name, line number, and
	time stamp.

In short, for most purposes
	log.Stderr -> log.Println or log.Print
	log.Stderrf -> log.Printf
	log.Crash -> log.Panicln or log.Panic
	log.Crashf -> log.Panicf
	log.Exit -> log.Exitln or log.Exit
	log.Exitf -> log.Exitf (no change)

This has a slight breakage: since loggers now write only to one
output, existing calls to log.New() need to delete the second argument.
Also, custom loggers with exit or panic properties will need to be
reworked.

All package code updated to new interface.

The test has been reworked somewhat.

The old interface will be removed after the new release.
For now, its elements are marked 'deprecated' in their comments.

Fixes #1184.

R=rsc
CC=golang-dev
https://golang.org/cl/2419042
2010-10-12 12:59:18 -07:00
Adam Langley
597324882f crypto/tls: make SetReadTimeout work.
Fixes #1181.

R=rsc, agl1, cw, r2
CC=golang-dev
https://golang.org/cl/2414041
2010-10-11 10:41:01 -04:00
Adam Langley
dd9f217e6a crypto/tls: better error messages for certificate issues.
Fixes #1146.

R=rsc, agl1
CC=golang-dev
https://golang.org/cl/2380042
2010-10-11 10:39:56 -04:00
Adam Langley
f4b6e2236c crypto/x509, crypto/tls: improve root matching and observe CA flag.
The key/value format of X.500 names means that it's possible to encode
a name with multiple values for, say, organisation. RFC5280
doesn't seem to consider this, but there are Verisign root
certificates which do this and, in order to find the correct
root certificate in some cases, we need to handle it.

Also, CA certificates should set the CA flag and we now check
this. After looking at the other X.509 extensions it appears
that they are universally ignored/bit rotted away so we ignore
them.

R=rsc
CC=golang-dev
https://golang.org/cl/2249042
2010-09-20 12:17:31 -04:00
Adam Langley
ed8da7bff6 Fix certificate validation.
asn1: add support for T61String because this is the string type which
    several www.google.com certificates are now using for fields like
    CommonName
tls: force a handshake in Dial so that certificates are ready
    afterwards.

Fixes #1114.

R=rsc
CC=golang-dev
https://golang.org/cl/2216043
2010-09-20 10:32:08 -04:00
Russ Cox
657e8dab30 http: check https certificate against host name
Fixes #1093.

R=agl, agl1
CC=golang-dev
https://golang.org/cl/2115045
2010-09-11 23:41:12 -04:00
Adam Langley
4c5892dcab crypto/tls: don't return an error from Close()
Fixes #1037.

R=adg, rsc1
CC=golang-dev
https://golang.org/cl/2107048
2010-09-10 15:55:35 -04:00
Evan Shaw
99e338e9ec crypto/tls: Fix doc typo
R=golang-dev, adg
CC=golang-dev
https://golang.org/cl/2073041
2010-08-30 09:59:59 +10:00
Jukka-Pekka Kekkonen
f610c8e06b crypto/hmac: make Sum idempotent
Fixes #978.

R=rsc
CC=golang-dev
https://golang.org/cl/1967045
2010-08-26 13:32:29 -04:00
Russ Cox
c6f2f6c1ab build: no required environment variables
R=adg, r, PeterGo
CC=golang-dev
https://golang.org/cl/1942044
2010-08-18 10:08:49 -04:00
Mikkel Krautz
e85c1c3393 crypto/tls: client certificate support.
This changeset implements client certificate support in crypto/tls
for both handshake_server.go and handshake_client.go

The updated server implementation sends an empty CertificateAuthorities
field in the CertificateRequest, thus allowing clients to send any
certificates they wish. Likewise, the client code will only respond
with its certificate when the server requests a certificate with this
field empty.

R=agl, rsc, agl1
CC=golang-dev
https://golang.org/cl/1975042
2010-08-16 11:22:22 -04:00
Rob Pike
10589a7c24 once: replace all uses of package once with sync.Once.
package once remains for now; will be deleted after next release.

R=golang-dev, brainman
CC=golang-dev
https://golang.org/cl/1914046
2010-08-06 06:14:41 +10:00
Fazlul Shahriar
5f134f7d77 http: add https client support
Fixes #851.

R=rsc
CC=golang-dev
https://golang.org/cl/1729052
2010-07-28 18:13:56 -07:00
Adam Langley
cbf5c897cb crypto/tls: add client-side SNI support and PeerCertificates.
SNI (Server Name Indication) is a way for a TLS client to
indicate to the server which name it knows the server by. This
allows the server to have several names and return the correct
certificate for each (virtual hosting).

PeerCertificates returns the list of certificates presented by
server.

R=r
CC=golang-dev
https://golang.org/cl/1741053
2010-07-21 11:36:01 -04:00
Adam Langley
a54a4371e7 crypto/tls: add client OCSP stapling support.
R=r, rsc
CC=golang-dev
https://golang.org/cl/1750042
2010-07-14 10:40:15 -04:00
Adam Langley
08ec2a8e44 http, crypto/tls: followup fixes from 1684051.
(TBR because this is just addressing previous review comments.)

R=r
CC=golang-dev
https://golang.org/cl/1697048
2010-07-02 16:43:48 -04:00
Adam Langley
7b22e867e7 crypto/tls, http: Make HTTPS servers easier.
R=r, adg, rsc
CC=golang-dev
https://golang.org/cl/1684051
2010-07-02 13:00:18 -04:00
Russ Cox
06f6131702 changes &x -> x[0:] for array to slice conversion
R=gri
CC=golang-dev
https://golang.org/cl/1326042
2010-05-27 14:51:47 -07:00
Russ Cox
751062bb0e crypto/tls: simpler implementation of record layer
Depends on CL 957045, 980043, 1004043.
Fixes #715.

R=agl1, agl
CC=golang-dev
https://golang.org/cl/943043
2010-04-26 22:19:04 -07:00
Russ Cox
91a07280c8 crypto/tls: good defaults
R=agl1
CC=golang-dev
https://golang.org/cl/851041
2010-04-05 14:38:02 -07:00
Russ Cox
d821ad088a simplify various code using new map index rule
R=r
CC=golang-dev
https://golang.org/cl/833044
2010-03-30 10:51:11 -07:00
Robert Griesemer
c2e73307b5 gofmt: experiment: align values in map composites where possible
- gofmt -w src misc
- looking for feedback

R=rsc, r
CC=golang-dev
https://golang.org/cl/223076
2010-03-02 13:46:51 -08:00
Russ Cox
000416e795 strings: delete Runes, Bytes
gofmt -w -r 'strings.Bytes(a) -> []byte(a)' src/cmd src/pkg test/bench
gofmt -w -r 'strings.Runes(a) -> []int(a)' src/cmd src/pkg test/bench
delete unused imports

R=r
CC=golang-dev
https://golang.org/cl/224062
2010-02-25 16:01:29 -08:00
Adam Langley
956950bb13 crypto/tls: typo fix
R=rsc
CC=golang-dev
https://golang.org/cl/201047
2010-02-05 05:39:49 -05:00
Adam Langley
016dd4b5cb crypto/tls: make Listener a pointer.
Listener contains private members and 6g now enforces that private
members cannot be assigned outside of their package.

R=rsc
CC=golang-dev
https://golang.org/cl/183073
2009-12-28 11:40:01 -08:00
Adam Langley
581072a866 crypto/tls: extensions and Next Protocol Negotiation
Add support for TLS extensions in general and Next Protocol
Negotiation in particular.

R=rsc
CC=golang-dev
https://golang.org/cl/181045
2009-12-23 11:13:09 -08:00
Robert Griesemer
536df07f72 1) Change default gofmt default settings for
parsing and printing to new syntax.

                  Use -oldparser to parse the old syntax,
                  use -oldprinter to print the old syntax.

               2) Change default gofmt formatting settings
                  to use tabs for indentation only and to use
                  spaces for alignment. This will make the code
                  alignment insensitive to an editor's tabwidth.

                  Use -spaces=false to use tabs for alignment.

               3) Manually changed src/exp/parser/parser_test.go
                  so that it doesn't try to parse the parser's
                  source files using the old syntax (they have
                  new syntax now).

               4) gofmt -w src misc test/bench

	       1st set of files.

R=rsc
CC=agl, golang-dev, iant, ken2, r
https://golang.org/cl/180047
2009-12-15 15:33:31 -08:00
Christopher Wedgwood
b80146a4c9 a[b:len(a)] -> a[b:]
R=r, rsc
CC=agl1
https://golang.org/cl/161070
2009-11-30 12:03:43 -08:00
Sergio Luis O. B. Correia
a6ab3720e1 go: makes it build for the case $GOROOT has whitespaces
the bash scripts and makefiles for building go didn't take into account
the fact $GOROOT / $GOBIN could both be directories containing whitespaces,
and was not possible to build it in such a situation.

this commit adjusts the various makefiles/scripts to make it aware of that
possibility, and now it builds successfully when using a path with whitespaces
as well.

Fixes #115.

R=rsc, dsymonds1
https://golang.org/cl/157067
2009-11-23 17:32:51 -08:00
Adam Langley
79f2a55aea crypto/tls: add initial client implementation.
R=rsc, agl
CC=golang-dev
https://golang.org/cl/157076
2009-11-21 15:53:03 -08:00
Russ Cox
4625777977 gofmt -r 'α[β:len(α)] -> α[β:]' -w src/cmd src/pkg
R=r, gri
CC=golang-dev
https://golang.org/cl/156115
2009-11-20 11:45:05 -08:00
Rob Pike
a1e7e65e2d remove bytes.Copy
replace all calls with calls to copy
use copy in regexp and bytes.Buffer

R=rsc
CC=golang-dev
https://golang.org/cl/157073
2009-11-18 15:24:24 -08:00
Robert Griesemer
d1f931a694 - replaced gofmt expression formatting algorithm with
rsc's algorithm
	- applied gofmt -w misc src
	- partial CL (remaining files in other CLs)

R=rsc, r
http://go/go-review/1026036
2009-11-09 21:13:17 -08:00
Robert Griesemer
395b73f134 remove semis after statements in one-statement statement lists
R=rsc, r
http://go/go-review/1025029
2009-11-09 12:07:39 -08:00
Robert Griesemer
372b6eb4c5 - fine-tuning of one-line func heuristic (nodes.go)
- enabled for function declarations (not just function literals)
- applied gofmt -w $GOROOT/src
(look for instance at src/pkg/debug/elf/elf.go)

R=r, rsc
CC=go-dev
http://go/go-review/1026006
2009-11-06 14:24:38 -08:00
Adam Langley
b501f32b50 crypto/tls (part 6/5)
Results of running gofmt again.

R=rsc
CC=go-dev
http://go/go-review/1022006
2009-11-05 16:59:39 -08:00
Adam Langley
9c63ad9791 crypto/tls (part 4/5)
R=rsc
CC=go-dev
http://go/go-review/1019002
2009-11-05 16:43:29 -08:00