| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Merge xml except xmlpull and kxml into luni
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
- SSLSocket.startHandshake now generalized to handle both client and
server handshaking as well as client/server role reversal
- handshake_cutthrough.patch is properly integrated with support
delayed handshake completion now integrated with delayed updates to
session cache and callbacks to HandshakeCompletedListeners
- Many fixes to SSLSession, which is the end product of the handshake
- Generally more RI and SSLEngine compliant behavior.
- More native code deletion through unification of client/server
handshake, unification of client/server certificate chain
verification, etc. More native code moved from various OpenSSL
classes to cleaner NativeCrypto interfaces that more directly mirror
the OpenSSL interfaces.
Details:
Delay SSL_new call until handshake time when we know for sure whether
the OpenSSLSocket will be used in client or server mode and we can
allocate the SSL_new from the apppriate client or server SSL_CTX used
for session caching.
Now that no SSL is allocated for an OpenSSLServerSocketImpl,
store enabledProtocols and enabledCipherSuites in instance String
arrays. Use new NativeCrypto.checkEnabled* methdods for argument
validation. OpenSSLServerSocketImpl passes these enabled arrays to
a new OpenSSLSocket constructor during accept(). Removed finalizer
from OpenSSLServerSocketImpl since it no longer has any native
storage and socket is already closed by PlainSocketImpl finalizer.
X-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
OpenSSLSocket major overhaul to properly implement handshaking
including switching client and server roles and session ID caching
with handshake_cutthrough.patch.
- now implements NativeCrypto.HandshakeCompletedListeners for
properly timed callback when handshake_cutthrough.patch delays
handshake completion until first SSLSocket.getInputStream()
read.
- similar enabledProtocols/enabledCipherSuites changes as
OpenSSLServerSocketImpl since we need to store the state
somewhere other than an openssl SSL struct until we are sure if
we are doing a client or server handshake.
- added handshake completed field so that startHandshake can tell
if handshake was completed during SSL_do_handshake or will be
completed later by a call to HandshakeCompletedCallback.handshakeCompleted.
- removed nativegetsession as the equivalent value is now returned by SSL_do_handshake
- removed nativecipherauthenticationmethod as the value is now passed to verifyCertificateChain
- startHandshake is now a wrapper that forces a fully synchronous handshake
- startHandshake(boolean) is the the most changed method in this
changelist, combinding both the old startHandshake logic, but
also the OpenSSLSocketImpl.accept code as well. Notable
differences from the old code:
* now responsible for SSL_new
* single code path for client/server handshaking dealing with SSLSession caching
* now handles server certificate requests previously in
OpenSSLServerSocketImpl, since a client can request to act
like a server and therefore need to be able to make suck
demands on its peer.
* supports turning off handshake_cutthrough at a callers request
via explicit call to startHandshake()
* certificate verification happens during an upcall from openssl
during SSL_do_handshake to verifyCertificateChain for both
client and server cases. previously there was not quite right
upcall support on the server side and post-handshake checking
on the client, which did not allow for a proper alert to be
sent to the peer informing them of the issue, which the RI and
SSLEngine code do.
* Similarly, setEnableSessionCreation(false) did not send an
alert to the peer as the RI and SSLEngine code in the client
case. In the server case, nothing was previously done.
* The use of local certificates was not determined from
introspecting the SSL struct post-handshake. This is now
partially implemented and will be completed in a later change.
- SSLSocket.{shutdownInput,shutdownOutput} are now restored to the
proper behavior of throwing UnsupportedOperationException.
- Gutted OpenSSLSocketImpl finalizer. The comment explains in
detail the trouble of having the finalizer do anything more than
touch its the instances own state due to unpredictable order of
finalization and the future possability of parallel
finalization.
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
SSLSession fixes
- Made OpenSSLSessionImpl.sessionContext non-final so it could be
nulled by SSLSession.invalidate to match RI behavior.
- As noted in AbstractSessionContext discussion, removed
OpenSSLSessionImpl constructor that took SSLParameters, instead
we take the possibly null localCertificates
directly. OpenSSLSessionImpl.getLocalCertificates now simply
returns the localCertificates member variable instead of
incorrectly trying to query the KeyManager for certificates that
may not have been used.
- OpenSSLSessionImpl now caches its native ID to avoid numerious
native calls but also now provides as resetId which will update
the cache when a delayed handshake happens due to the
handshake_cutthrough.patch
- Fixed bug in getPeerPrincipal that it wasn't calling
getPeerCertificates to initialize peerCertificates field.
- freeImpl is now 'public static' in preparation for move to NativeCrypto.
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java
The old SSLSessionImpl class that is still used for representing
the invalid session now returns
isValid => false
and
getProtocol => "NONE"
to match the RI.
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSessionImpl.java
NativeCrypto improvements
- Adding NativeCrypto.SSL_{get,set,clear}_mode similar to
NativeCrypto.SSL_{get,set,clear}_options along with
SSL_MODE_HANDSHAKE_CUTTHROUGH constant which is used to
explicitly disable/enable the Android handshake_cutthrough.patch
behavior.
- Added missing NativeCrypto.SSL_clear_options and used to properly
implement NativeCrypto.setEnabledProtocols.
- Added NativeCrypto.checkEnabledProtocols and
NativeCrypto.checkEnabledCipherSuites helpers to implement
exception compatability with the RI. While some of this code is
refactored from existing NativeCrypto code, it is now also used
by OpenSSLServerSocketImpl and OpenSSLSocketImpl which maintain
their own String[]s of what is enabled until startHandshake time. (see below)
- Changed NativeCrypto.findSuite to use foreach style loop for clarity.
- Moved OpenSSLServerSocketImpl nativesetclientauth and
SSL_VERIFY_* constants to NativeCrypto.SSL_set_verify
- Added NativeCrypto.SSL_set_session based on part of old OpenSSLSocketImpl.nativeconnect
- Added NativeCrypto.SSL_set_session_creation_enabled to properly implement
SSLSocket.setEnableSessionCreation(false) which uses new
external/openssl/patches/jsse.patch functionality.
- New NativeCrypto.SSL_do_handshake consolidates
OpenSSLSocketImpl.{nativeconnect, nativeaccept} while properly
implementing SSLSocket.setUseClientMode(false) for clients and
SSLSocket.setUseClientMode(true) for servers.
- New NativeCrypto.SSL_get_certificate is determine if local
certificate requested by peer. While functional, currently
NativeCrypto.SSL_new always sets a value via SSL_use_certificate
instead of relying on a callback set via SSL_CTX_set_client_cert_cb.
- Changed NativeCrypto.CertificateChainVerifier.verifyCertificateChain
to throw a checked CertificateException to match TrustManager.{checkServerTrusted,
checkClientTrusted}. It also takes an authMethod so avoid the need to call
the old OpenSSLSocketImpl.nativecipherauthenticationmethod.
- Added NativeCrypto.HandshakeCompletedCallback which has its
handshakeCompleted method called from OpenSSL when the now
delayed handshake_cutthrough.patch handshake is completed so
SSLSession caching can be delayed until a session ID is available
and to provide a better time for HandshakeCompletedListeners to
be notified.
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
Some other changes specific to the naitve side of the code
- Added JNITRACE calls (enabled at compile time with JNI_TRACE)
for future debugging.
- throw SSLException subclass of IOException instead IOException
itself for better RI compatability
x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
- changed from old struct app_data to new class AppData at enh's request
Remove dubious usage of SSLParameters within AbstractSessionContext
to pass through to OpenSSLSessionImpl constructor for use in
calling getLocalCertificates for sessions created from a byte array
with AbstractSessionContext.toSession. Our
AbstractSessionContext.toBytes doesn't currently include the local
certificates in its output, so it cannot be expected to have in toSession.
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/AbstractSessionContext.java
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java
Test maintenance
openssl 1.0.0 adds support for RFC 4507 session tickets which
remove the need for server side session state. These tests needed
to be updated for this new behavior. If IS_RI is true, they still
follow the old behavior.
luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java
luni/src/test/java/javax/net/ssl/SSLSessionTest.java
luni/src/test/java/javax/net/ssl/SSLSocketTest.java
Update KnownFailures and add specific comments at point of failure
about what remains to be fixed.
luni/src/test/java/javax/net/ssl/SSLSessionTest.java
Added tests to cover the use of standard cipher suite
names. Historically Android has used OpenSSL string constants for
cipher suite names, but JSSE actually specifies supported and
expected names.
luni/src/test/java/javax/net/ssl/SSLSocketFactoryTest.java
luni/src/test/java/javax/net/ssl/SSLSocketTest.java
Create new support/src/test/java/javax/net/ssl with old Helper
support code pulled from javax.net.ssl tests:
SSLContextTest.Helper -> TestSSLContext
SSLSocketTest.Helper -> TestSSLSocketPair
SSLSessionTest.Helper -> TestSSLSessions
Also added new StandardNames here, which contains a collection of
expected constants for test validation.
luni/src/test/java/javax/net/ssl/SSLContextTest.java
luni/src/test/java/javax/net/ssl/SSLSocketTest.java
luni/src/test/java/javax/net/ssl/SSLSessionTest.java
support/src/test/java/javax/net/ssl/TestSSLContext.java
support/src/test/java/javax/net/ssl/TestSSLSocketPair.java
support/src/test/java/javax/net/ssl/TestSSLSessions.java
support/src/test/java/javax/net/ssl/StandardNames.java
Removed some now fixed KnownFailures and unneeded !IS_RI
code. Marked some [Un]KnownFailures where exceptions are thrown
and visible in the output but aren't correctly causing the test to
fail. Fixed assertNonNull to assertTrue in
test_SSLSocketTest_Test_create. Added
stress_test_SSLSocketTest_Test_create to track down test
flakiness, leading to rewrite of SSLSocket finalization.
luni/src/test/java/javax/net/ssl/SSLSocketTest.java
Reenable javax.net.ssl.AllTests now that it is does not hang
luni/src/test/java/tests/AllTests.java
Improve error messages while debugging overflow problem.
Added new assert when debugging new RFC 4507 behavior.
Removed KnownFailure annotation for now working test case.
x-net/src/test/java/tests/api/javax/net/ssl/SSLSessionTest.java
Client code changes
Now that startHandshake implies synchronous vs Android's default async handshake, remove unneeded explict calls to SSLSocket.startHandshake
luni/src/main/java/org/apache/harmony/luni/internal/net/www/protocol/http/HttpConnection.java
Removed IBM 1.4.x codepath that involved startHandshake
x-net/src/main/java/javax/net/ssl/DefaultHostnameVerifier.java
Unrelated
Remove unneed SSLSocket.setUseClientMode while removing unneeded SSLSocket.startHandshake
luni/src/main/java/org/apache/harmony/luni/internal/net/www/protocol/http/HttpConnection.java
Removed warnings due to now missing modules in classpath
run-core-tests
Change-Id: I6e149ae259b3feccdfb0673209c85cfeb60befc8
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SSLSessionContext
Summary:
b/1758225: Revisit OpenSSL locking
Removed the locking original put in to address b/1678800 which
had been causing problems for the HeapWorker thread which was
timing out waiting for the lock in the finalizers while other
threads were connecting.
b/1678800: Reliability tool: Crash in libcrypto @ https://opac.ntu.ac.uk
Properly fixed the native crash by avoid sharing SSL_SESSION objects
between SSL_CTX objects
Testing:
- adb shell run-core-tests --verbose tests.xnet.AllTests
- adb shell run-core-tests --verbose javax.net.ssl.AllTests
- Test app that reloads https://opac.ntu.ac.uk
Details:
Each AbstractSessionContext now has an associated SSL_CTX,
referenced through the sslCtxNativePointer. SSL_CTX on the native
side defines the scope of SSL_SESSION caching, and this brings the
Java SSLSessionContext caching into alignment with the native
code. OpenSSLSessionImpl now uses AbstractSessionContext instead
of SSLSessionContext for access to the underlying SSL_CTX.
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/AbstractSessionContext.java
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java
Added AbstractSessionContext.putSession so OpenSSLSocketImpl/OpenSSLSessionImpl can
directly assign to the current AbstractSessionContext (whether it
be a ClientSessionContext or a ServerSessionContext) without
casting.
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/AbstractSessionContext.java
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java
Cleaning up use of SSL_CTX and SSL instances in SSLSocket/SSLServerSocket implementation
The major change is that openssl SSL instances are allocated for
the life of the matching Java object, replacing the SSL_CTX and
the SSL objects that had previously been allocated only starting
at handshake time. We should never have been sharing SSL_SESSION
instances between SSL_CTX instances, which was the source of the
native crashes dating back to cupcake which the
OpenSSLSocket.class locking had been preventing.
- NativeCrypto now has better defined and independant wrappers on
openssl functionality. A followon checkin should move the
remaining openssl JNI code here with the intent of being able to
write and end-to-end test of the openssl code using NativeCrypto
without the JSSE implementation classes. The following gives a
list of the new native functions with a mapping to the old
implementation code. The new code has a more functional style
where SSL_CTX and SSL instances are passed and returned as
arguments, not extracted from Java instances
SSL_CTX_new OpenSSLSocketImpl.nativeinit, OpenSSLServerSocketImpl.nativeinit, SSLParameters.nativeinitsslctx
SSL_CTX_get_ciphers_list OpenSSLSocketImpl.nativeGetEnabledCipherSuites
SSL_CTX_free OpenSSLSocketImpl.nativefree, OpenSSLServerSocketImpl.nativefree
SSL_new OpenSSLSocketImpl.nativeinit, OpenSSLSocketImpl.init, OpenSSLServerSocketImpl.nativeinit, OpenSSLServerSocketImpl.init
SSL_get_options OpenSSLSocketImpl.nativesetenabledprotocols
SSL_set_options OpenSSLSocketImpl.nativesetenabledprotocols
SSL_get_ciphers OpenSSLSocketImpl.nativeGetEnabledCipherSuites
SSL_set_cipher_list OpenSSLSocketImpl.nativeSetEnabledCipherSuites
SSL_free OpenSSLSocketImpl.nativefree, OpenSSLServerSocketImpl.nativefree
- While the focus in NativeCrypto is on native code, it also
contains some helpers/wrappers especially for code that doesn't
depend on specific SSL_CTX, SSL instances or that needs to do
massaging of data formats between Java and OpenSSL. Some of
these had previously been duplicated in the client and server
versions of the code. For example:
getSupportedCipherSuites OpenSSLSocketImpl.nativegetsupportedciphersuites, OpenSSLServerSocketImpl.nativegetsupportedciphersuites
getSupportedProtocols OpenSSLSocketImpl.getSupportedProtocols, OpenSSLServerSocketImpl.getSupportedProtocols
getEnabledProtocols OpenSSLSocketImpl.getEnabledProtocols,OpenSSLServerSocketImpl.getEnabledProtocols
setEnabledProtocols OpenSSLSocketImpl.setEnabledProtocols
setEnabledCipherSuites OpenSSLSocketImpl.setEnabledCipherSuites
- Moved JNI initialization from OpenSSLSocketImpl to NativeCrypto
which is the future home of all the openssl related native code.
clinit OpenSSLSocketImpl.nativeinitstatic
- NativeCrypto.CertificateChainVerifier is a new interface to
decouple callbacks from openssl from a specific dependence on a
OpenSSLSocketImpl.verify_callback method. Changed to return
boolean instead of int.
- Renamed OpenSSLSocketImpl.ssl to OpenSSLSocketImpl.sslNativePointer for consistency
- Changed OpenSSLSocketImpl nativeconnect, nativegetsslsession,
nativecipherauthenticationmethod, nativeaccept, nativeread,
nativewrite, nativeinterrupt, nativeclose, nativefree to take
arguments instead of inspect object state in preparation for
moving to NativeCrypto
- other notable NativeCrypto changes included
* adding SSL_SESSION_get_peer_cert_chain,
SSL_SESSION_get_version, and SSL_get_version (and
get_ssl_version) which are "missing methods" in openssl
* ssl_msg_callback_LOG callback and get_content_type for handshake debugging
* removing jfieldID's for our classes now that we pass in values in arguments
* changed aliveAndKicking to be volative since we poll on it to communicate between threads
* changed from C style declarations at beginning of block to C++ at first use on methods with major changes
* stop freeing SSL instances on error, only SSL_clear it
* improved session reuse logging when reproducing b/1678800
* change verify_callback to return verifyCertificateChain result
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketFactoryImpl.java
When we accept a server socket, we pass the existing SSL state
instance from the server socket to the newly accepted socket via
the constructor where it is copied with SSL_dup, instead of
through both the constructor and later the accept method.
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java
Cleaned up nativesetclientauth from using SSL_CTX to SSL, passing
ssl as argument in preparation for future movement to
NativeCrypto.
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java
Removed ssl_op_no cache for rarely used enabled protocol methods
so that code could more easily be shared in NativeCrypto between
client and server.
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
Changed public getId, getCreationTime, getPeerCertificates,
getCipherSuite, getProtocol from being instance methods that
looked at the OpenSSLSessionImpl object state to be static mthods
that take the native pointers as arguments in preparation for
moving to NativeCrypto. Rename session -> sslSessionNativePointer
for consistency. Inlined initializeNative, which wasn't really
the native code.
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java
Removed lock on OpenSSLSocketImpl.class lock from around
OpenSSLSocketImpl's use of nativeconnect, nativegetsslsession, and
nativecipherauthenticationmethod as well as OpenSSLSessionImpl's
use of freeImpl, fixing b/1758225: Revisit OpenSSL locking
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java
Unrelated changes
Removed unused ssl_ctx, nativeinitsslctx, getSSLCTX
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java
Fix bug in both putSession implementations where we cached
sessions with zero length id. Also change indexById to pass in id
in client implementation.
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java
Make sure we clone SSLParameters passed to the SSLSocketFactory
and SSLServerSocketFactory so that muting the client instance does
not change the server instance and vice versa. Explicitly set
setUseClientMode(false) on the server SSLParameters. These changes
are to bring things more into alignment with the original harmony
classes which properly support client/server role switching during
handshaking.
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketFactoryImpl.java
Make locks object fields final
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
Moved updateInstanceCount(1) logic and sslParameters assignment to init method
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
Changed getCachedClientSession to respect getUseClientMode
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
Spelling of listensers to listeners in javadoc
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
Spelling SSLInputStream to SSLOutputStream in comment
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
Changed shutdownInput and shutdownOutput to call to the underlying socket
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
Set sslNativePointer to 0 when freeing underlying SSL object
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
Removed IOException logging in getSession, which is expected to
simply return SSL_NULL_WITH_NULL_NULL when there are problems.
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
Disabled "Using factory" message on successful creation of
SocketFactory which was a bit noisy running tests. However, added
logging in failure case including the related exception:
x-net/src/main/java/javax/net/ssl/SSLSocketFactory.java
Disabled logging of OpenSSL session deallocation
x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
Register SSLContextImpl as a source of SSL and SSL3 SSLContexts,
not just TLS and TLSv1.
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/JSSEProvider.java
Fix whitespace in comment
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/CertificateRequest.java
Change-Id: I99975ae22599c7df0d249fa013ae7ea7c9c08051
|
| |
|
|
|
|
|
| |
I've fixed a few typos, and removed a few of the more egregiously nonsensical
or incorrect comments that were nearby.
Change-Id: I35851baebd532f949cc269f4738a26eeb9b6e697
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Notable changes
- synchronization added where it was needed!
- try/finally added to reliably tear down in DefaultSSLContext
- ContextImpl deleted, it wasn't necessary
- methods reordered to make statics first in the class
- PrivilegedActions parameterized with <Void>
- DigitalSignature now throws AssertionErrors in impossible states
and throws AlertExceptions on invalid keys (rather than dumping
a stacktrace)
- ValueKeys added to SSLSessionImpl instead of TwoKeyMaps
- SSLSessionImpl.clone() simplified to do a traditional clone
Squashed commit of the following:
commit 2d9e43d542ab7086af271bf52e847c582decbab1
Merge: 8b79eb4 a8dc377
Author: Jesse Wilson <jessewilson@google.com>
Date: Tue Aug 25 15:25:21 2009 -0700
Merge branch 'x-net_802921' into x-net_dalvik
Conflicts:
libcore/x-net/.classpath
libcore/x-net/.settings/org.eclipse.jdt.core.prefs
libcore/x-net/build.xml
libcore/x-net/src/main/java/javax/net/DefaultServerSocketFactory.java
libcore/x-net/src/main/java/javax/net/DefaultSocketFactory.java
libcore/x-net/src/main/java/javax/net/ServerSocketFactory.java
libcore/x-net/src/main/java/javax/net/SocketFactory.java
libcore/x-net/src/main/java/javax/net/ssl/CertPathTrustManagerParameters.java
libcore/x-net/src/main/java/javax/net/ssl/DefaultHostnameVerifier.java
libcore/x-net/src/main/java/javax/net/ssl/DefaultSSLContext.java
libcore/x-net/src/main/java/javax/net/ssl/DefaultSSLSocketFactory.java
libcore/x-net/src/main/java/javax/net/ssl/HandshakeCompletedEvent.java
libcore/x-net/src/main/java/javax/net/ssl/HandshakeCompletedListener.java
libcore/x-net/src/main/java/javax/net/ssl/HostnameVerifier.java
libcore/x-net/src/main/java/javax/net/ssl/HttpsURLConnection.java
libcore/x-net/src/main/java/javax/net/ssl/KeyManager.java
libcore/x-net/src/main/java/javax/net/ssl/KeyManagerFactory.java
libcore/x-net/src/main/java/javax/net/ssl/KeyManagerFactorySpi.java
libcore/x-net/src/main/java/javax/net/ssl/KeyStoreBuilderParameters.java
libcore/x-net/src/main/java/javax/net/ssl/ManagerFactoryParameters.java
libcore/x-net/src/main/java/javax/net/ssl/SSLContext.java
libcore/x-net/src/main/java/javax/net/ssl/SSLContextSpi.java
libcore/x-net/src/main/java/javax/net/ssl/SSLEngine.java
libcore/x-net/src/main/java/javax/net/ssl/SSLEngineResult.java
libcore/x-net/src/main/java/javax/net/ssl/SSLException.java
libcore/x-net/src/main/java/javax/net/ssl/SSLHandshakeException.java
libcore/x-net/src/main/java/javax/net/ssl/SSLKeyException.java
libcore/x-net/src/main/java/javax/net/ssl/SSLPeerUnverifiedException.java
libcore/x-net/src/main/java/javax/net/ssl/SSLPermission.java
libcore/x-net/src/main/java/javax/net/ssl/SSLProtocolException.java
libcore/x-net/src/main/java/javax/net/ssl/SSLServerSocket.java
libcore/x-net/src/main/java/javax/net/ssl/SSLServerSocketFactory.java
libcore/x-net/src/main/java/javax/net/ssl/SSLSession.java
libcore/x-net/src/main/java/javax/net/ssl/SSLSessionBindingEvent.java
libcore/x-net/src/main/java/javax/net/ssl/SSLSessionBindingListener.java
libcore/x-net/src/main/java/javax/net/ssl/SSLSessionContext.java
libcore/x-net/src/main/java/javax/net/ssl/SSLSocket.java
libcore/x-net/src/main/java/javax/net/ssl/SSLSocketFactory.java
libcore/x-net/src/main/java/javax/net/ssl/TrustManager.java
libcore/x-net/src/main/java/javax/net/ssl/TrustManagerFactory.java
libcore/x-net/src/main/java/javax/net/ssl/TrustManagerFactorySpi.java
libcore/x-net/src/main/java/javax/net/ssl/X509ExtendedKeyManager.java
libcore/x-net/src/main/java/javax/net/ssl/X509KeyManager.java
libcore/x-net/src/main/java/javax/net/ssl/X509TrustManager.java
libcore/x-net/src/main/java/javax/net/ssl/package-info.java
libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java
libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/HandshakeProtocol.java
libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/JSSEProvider.java
libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/KeyManagerImpl.java
libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImplWrapper.java
libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java
libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLServerSocketFactoryImpl.java
libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLServerSocketImpl.java
libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSessionContextImpl.java
libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSessionImpl.java
libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSocketFactoryImpl.java
libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSocketImpl.java
libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSocketInputStream.java
libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSocketOutputStream.java
libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/CertPathTrustManagerParametersTest.java
libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/HandshakeCompletedEventTest.java
libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/HttpsURLConnectionTest.java
libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/KeyStoreBuilderParametersTest.java
libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/SSLContext1Test.java
libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/SSLEngineTest.java
libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/SSLPermissionTest.java
libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/SSLServerSocketTest.java
libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/SSLSocketTest.java
libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/TrustManagerFactory1Test.java
libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/serialization/HandshakeCompletedEventTest.java
libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/serialization/SSLExceptionTest.java
libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/serialization/SSLHandshakeExceptionTest.java
libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/serialization/SSLKeyExceptionTest.java
libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/serialization/SSLPeerUnverifiedExceptionTest.java
libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/serialization/SSLProtocolExceptionTest.java
libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/serialization/SSLSessionBindingEventTest.java
libcore/x-net/src/test/impl/java.injected/javax/net/ServerSocketFactoryTest.java
libcore/x-net/src/test/impl/java.injected/javax/net/SocketFactoryTest.java
libcore/x-net/src/test/impl/java.injected/javax/net/ssl/DefaultSSLServerSocketFactoryTest.java
libcore/x-net/src/test/impl/java.injected/javax/net/ssl/DefaultSSLSocketFactoryTest.java
libcore/x-net/src/test/impl/java.injected/javax/net/ssl/HttpsURLConnection_ImplTest.java
libcore/x-net/src/test/impl/java.injected/javax/net/ssl/SSLServerSocketFactoryTest.java
libcore/x-net/src/test/impl/java.injected/javax/net/ssl/SSLSocketFactoryTest.java
libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/CipherSuiteTest.java
libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/DigitalSignatureTest.java
libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/HandshakeProtocolTest.java
libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/KeyManagerImplTest.java
libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/SSLEngineImplTest.java
libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/SSLServerSocketImplTest.java
libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/SSLSessionContextImplTest.java
libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/SSLSessionImplTest.java
libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/SSLSocketFactoriesTest.java
libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/SSLSocketFunctionalTest.java
libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/SSLSocketImplTest.java
libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/SSLStreamedInputTest.java
libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/ServerHandshakeImplTest.java
libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/TrustManagerImplTest.java
libcore/x-net/src/test/impl/java/org/apache/harmony/xnet/tests/provider/jsse/DigitalSignatureTest.java
libcore/x-net/src/test/impl/java/org/apache/harmony/xnet/tests/provider/jsse/KeyManagerFactoryImplTest.java
libcore/x-net/src/test/impl/java/org/apache/harmony/xnet/tests/provider/jsse/ProtocolVersionTest.java
libcore/x-net/src/test/impl/java/org/apache/harmony/xnet/tests/provider/jsse/TrustManagerFactoryImplTest.java
libcore/x-net/src/test/java/javax/net/ssl/KeyManagerFactorySpiTests.java
libcore/x-net/src/test/java/javax/net/ssl/MyKeyManagerFactorySpi.java
libcore/x-net/src/test/java/javax/net/ssl/MySSLContextSpi.java
libcore/x-net/src/test/java/javax/net/ssl/MyTrustManagerFactorySpi.java
libcore/x-net/src/test/java/javax/net/ssl/SSLContextSpiTests.java
libcore/x-net/src/test/java/javax/net/ssl/TrustManagerFactorySpiTests.java
libcore/x-net/src/test/java/tests/api/javax/net/ssl/KeyManagerFactory1Test.java
libcore/x-net/src/test/java/tests/api/javax/net/ssl/KeyManagerFactory2Test.java
libcore/x-net/src/test/java/tests/api/javax/net/ssl/SSLContext2Test.java
libcore/x-net/src/test/java/tests/api/javax/net/ssl/SSLSessionBindingEventTest.java
libcore/x-net/src/test/java/tests/api/javax/net/ssl/TrustManagerFactory2Test.java
libcore/x-net/src/test/support/common/java/org/apache/harmony/xnet/tests/support/MyKeyManagerFactorySpi.java
libcore/x-net/src/test/support/common/java/org/apache/harmony/xnet/tests/support/MySSLContextSpi.java
libcore/x-net/src/test/support/common/java/org/apache/harmony/xnet/tests/support/MyTrustManagerFactorySpi.java
commit 8b79eb40a27f0b336d5516606d43162ecead09ca
Author: Jesse Wilson <jessewilson@google.com>
Date: Tue Aug 25 12:58:17 2009 -0700
x-net_dalvik
commit a8dc3778cd2a1a5d6d0cfff6eec22e7bfbdb9c14
Author: Jesse Wilson <jessewilson@google.com>
Date: Tue Aug 25 12:56:55 2009 -0700
x-net_802921
commit 07ca0ed8aa5927c909f880559c17d162c111608e
Author: Jesse Wilson <jessewilson@google.com>
Date: Tue Aug 25 12:56:07 2009 -0700
x-net_527399
commit 9b44ccfc38c2fc2a6cf2c3cc39a13cc5bce635ba
Author: Jesse Wilson <jessewilson@google.com>
Date: Tue Aug 25 11:14:01 2009 -0700
Small changes missed in the original submission of 22482.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
