diff options
| author | Brian Carlstrom <bdc@google.com> | 2010-05-17 15:23:45 -0700 |
|---|---|---|
| committer | Brian Carlstrom <bdc@google.com> | 2010-05-17 15:23:45 -0700 |
| commit | 204cab3c22b4d75c866c95e2d2eec42e14cbd924 (patch) | |
| tree | 5f88b1cc17cf6abfe59f28956e21bce71090ecf9 /openssl/src | |
| parent | c1e74f07ebf5ee1db99bb5ac717fb1c0ffd7969e (diff) | |
| download | libcore-204cab3c22b4d75c866c95e2d2eec42e14cbd924.zip libcore-204cab3c22b4d75c866c95e2d2eec42e14cbd924.tar.gz libcore-204cab3c22b4d75c866c95e2d2eec42e14cbd924.tar.bz2 | |
Supported cipher suites improvements
Added new test_SSLSocket_getSupportedCipherSuites_connect to make sure
all cipher suites we claim work actually do. It clearly exposed that
although a large number of cipher suites are supported by libssl.so,
they are not properly wired up into the OpenSSL JSSE
implementation. In particular Elliptic Curve has been disabled in our
version Bouncy Castle does not work. In addition Diffie-Hellman does
not work because we need to further integration work with OpenSSL via
SSL_set_tmp_dh_callback or SSL_set_tmp_dh. Finally,
SSL_RSA_EXPORT_WITH_RC4_40_MD5 doesn't work but that is being left as
KnownFailure for more immediate cleanup based on ServerHandshakeImpl's
handling of KeyExchange_RSA_EXPORT as part of having OpenSSL call us
back for certificates dynamically.
luni/src/test/java/javax/net/ssl/SSLSocketTest.java
Refactored TestSSLContext.createKeyStore to create TestKeyStore which
now factors out TestSSLContext.createKeys from the old createKeyStore
method, which allows createKeys to be called multiple times for
different key algorithms (for example DSA in addition to RSA). Also
added a reusable singleton instance to cut down on test execution
time.
support/src/test/java/javax/net/ssl/TestKeyStore.java
Removed publicAlias/privateAlias from TestSSLContext since we now
include both RSA and DSA key pairs in they KeyStore by default. Added
TestSSLContext.assertCertificateInKeyStore methods to help tests the
previously used the alias fields fields. TestSSLContext.create API
changed as well since the alias names are no longer
required. TestSSLContext.createClient now needs to iterate over all
server certificates when setting up its TrustManager instead of just
grabbing one by alias name.
support/src/test/java/javax/net/ssl/TestSSLContext.java
luni/src/test/java/javax/net/ssl/SSLContextTest.java
luni/src/test/java/javax/net/ssl/SSLSessionTest.java
luni/src/test/java/javax/net/ssl/SSLSocketTest.java
TestSSLSocketPair.connect now allows optional inclusion of server
cipher suite list.
support/src/test/java/javax/net/ssl/TestSSLSocketPair.java
luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java
Turning off Elliptic Curve and Diffie-Hellman which are not currently
working. Updating test expectations to match.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
support/src/test/java/javax/net/ssl/StandardNames.java
Turn on registration of ECDSA and DSA since this part is currently
functional (and excercised by TestKeyStore.create())
luni/src/main/java/org/bouncycastle/x509/X509Util.java
Improve logging by including SSL pointer in error messages, which
makes it easier to relate these errors to JNI_TRACE messages.
luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
Change-Id: I014d001a6a21a46c360678a346d3a3c8232f4d53
Diffstat (limited to 'openssl/src')
0 files changed, 0 insertions, 0 deletions