| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Merge xml except xmlpull and kxml into luni
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
- SSLSocket.startHandshake now generalized to handle both client and
server handshaking as well as client/server role reversal
- handshake_cutthrough.patch is properly integrated with support
delayed handshake completion now integrated with delayed updates to
session cache and callbacks to HandshakeCompletedListeners
- Many fixes to SSLSession, which is the end product of the handshake
- Generally more RI and SSLEngine compliant behavior.
- More native code deletion through unification of client/server
handshake, unification of client/server certificate chain
verification, etc. More native code moved from various OpenSSL
classes to cleaner NativeCrypto interfaces that more directly mirror
the OpenSSL interfaces.
Details:
Delay SSL_new call until handshake time when we know for sure whether
the OpenSSLSocket will be used in client or server mode and we can
allocate the SSL_new from the apppriate client or server SSL_CTX used
for session caching.
Now that no SSL is allocated for an OpenSSLServerSocketImpl,
store enabledProtocols and enabledCipherSuites in instance String
arrays. Use new NativeCrypto.checkEnabled* methdods for argument
validation. OpenSSLServerSocketImpl passes these enabled arrays to
a new OpenSSLSocket constructor during accept(). Removed finalizer
from OpenSSLServerSocketImpl since it no longer has any native
storage and socket is already closed by PlainSocketImpl finalizer.
X-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
OpenSSLSocket major overhaul to properly implement handshaking
including switching client and server roles and session ID caching
with handshake_cutthrough.patch.
- now implements NativeCrypto.HandshakeCompletedListeners for
properly timed callback when handshake_cutthrough.patch delays
handshake completion until first SSLSocket.getInputStream()
read.
- similar enabledProtocols/enabledCipherSuites changes as
OpenSSLServerSocketImpl since we need to store the state
somewhere other than an openssl SSL struct until we are sure if
we are doing a client or server handshake.
- added handshake completed field so that startHandshake can tell
if handshake was completed during SSL_do_handshake or will be
completed later by a call to HandshakeCompletedCallback.handshakeCompleted.
- removed nativegetsession as the equivalent value is now returned by SSL_do_handshake
- removed nativecipherauthenticationmethod as the value is now passed to verifyCertificateChain
- startHandshake is now a wrapper that forces a fully synchronous handshake
- startHandshake(boolean) is the the most changed method in this
changelist, combinding both the old startHandshake logic, but
also the OpenSSLSocketImpl.accept code as well. Notable
differences from the old code:
* now responsible for SSL_new
* single code path for client/server handshaking dealing with SSLSession caching
* now handles server certificate requests previously in
OpenSSLServerSocketImpl, since a client can request to act
like a server and therefore need to be able to make suck
demands on its peer.
* supports turning off handshake_cutthrough at a callers request
via explicit call to startHandshake()
* certificate verification happens during an upcall from openssl
during SSL_do_handshake to verifyCertificateChain for both
client and server cases. previously there was not quite right
upcall support on the server side and post-handshake checking
on the client, which did not allow for a proper alert to be
sent to the peer informing them of the issue, which the RI and
SSLEngine code do.
* Similarly, setEnableSessionCreation(false) did not send an
alert to the peer as the RI and SSLEngine code in the client
case. In the server case, nothing was previously done.
* The use of local certificates was not determined from
introspecting the SSL struct post-handshake. This is now
partially implemented and will be completed in a later change.
- SSLSocket.{shutdownInput,shutdownOutput} are now restored to the
proper behavior of throwing UnsupportedOperationException.
- Gutted OpenSSLSocketImpl finalizer. The comment explains in
detail the trouble of having the finalizer do anything more than
touch its the instances own state due to unpredictable order of
finalization and the future possability of parallel
finalization.
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
SSLSession fixes
- Made OpenSSLSessionImpl.sessionContext non-final so it could be
nulled by SSLSession.invalidate to match RI behavior.
- As noted in AbstractSessionContext discussion, removed
OpenSSLSessionImpl constructor that took SSLParameters, instead
we take the possibly null localCertificates
directly. OpenSSLSessionImpl.getLocalCertificates now simply
returns the localCertificates member variable instead of
incorrectly trying to query the KeyManager for certificates that
may not have been used.
- OpenSSLSessionImpl now caches its native ID to avoid numerious
native calls but also now provides as resetId which will update
the cache when a delayed handshake happens due to the
handshake_cutthrough.patch
- Fixed bug in getPeerPrincipal that it wasn't calling
getPeerCertificates to initialize peerCertificates field.
- freeImpl is now 'public static' in preparation for move to NativeCrypto.
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java
The old SSLSessionImpl class that is still used for representing
the invalid session now returns
isValid => false
and
getProtocol => "NONE"
to match the RI.
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSessionImpl.java
NativeCrypto improvements
- Adding NativeCrypto.SSL_{get,set,clear}_mode similar to
NativeCrypto.SSL_{get,set,clear}_options along with
SSL_MODE_HANDSHAKE_CUTTHROUGH constant which is used to
explicitly disable/enable the Android handshake_cutthrough.patch
behavior.
- Added missing NativeCrypto.SSL_clear_options and used to properly
implement NativeCrypto.setEnabledProtocols.
- Added NativeCrypto.checkEnabledProtocols and
NativeCrypto.checkEnabledCipherSuites helpers to implement
exception compatability with the RI. While some of this code is
refactored from existing NativeCrypto code, it is now also used
by OpenSSLServerSocketImpl and OpenSSLSocketImpl which maintain
their own String[]s of what is enabled until startHandshake time. (see below)
- Changed NativeCrypto.findSuite to use foreach style loop for clarity.
- Moved OpenSSLServerSocketImpl nativesetclientauth and
SSL_VERIFY_* constants to NativeCrypto.SSL_set_verify
- Added NativeCrypto.SSL_set_session based on part of old OpenSSLSocketImpl.nativeconnect
- Added NativeCrypto.SSL_set_session_creation_enabled to properly implement
SSLSocket.setEnableSessionCreation(false) which uses new
external/openssl/patches/jsse.patch functionality.
- New NativeCrypto.SSL_do_handshake consolidates
OpenSSLSocketImpl.{nativeconnect, nativeaccept} while properly
implementing SSLSocket.setUseClientMode(false) for clients and
SSLSocket.setUseClientMode(true) for servers.
- New NativeCrypto.SSL_get_certificate is determine if local
certificate requested by peer. While functional, currently
NativeCrypto.SSL_new always sets a value via SSL_use_certificate
instead of relying on a callback set via SSL_CTX_set_client_cert_cb.
- Changed NativeCrypto.CertificateChainVerifier.verifyCertificateChain
to throw a checked CertificateException to match TrustManager.{checkServerTrusted,
checkClientTrusted}. It also takes an authMethod so avoid the need to call
the old OpenSSLSocketImpl.nativecipherauthenticationmethod.
- Added NativeCrypto.HandshakeCompletedCallback which has its
handshakeCompleted method called from OpenSSL when the now
delayed handshake_cutthrough.patch handshake is completed so
SSLSession caching can be delayed until a session ID is available
and to provide a better time for HandshakeCompletedListeners to
be notified.
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
Some other changes specific to the naitve side of the code
- Added JNITRACE calls (enabled at compile time with JNI_TRACE)
for future debugging.
- throw SSLException subclass of IOException instead IOException
itself for better RI compatability
x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
- changed from old struct app_data to new class AppData at enh's request
Remove dubious usage of SSLParameters within AbstractSessionContext
to pass through to OpenSSLSessionImpl constructor for use in
calling getLocalCertificates for sessions created from a byte array
with AbstractSessionContext.toSession. Our
AbstractSessionContext.toBytes doesn't currently include the local
certificates in its output, so it cannot be expected to have in toSession.
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/AbstractSessionContext.java
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java
Test maintenance
openssl 1.0.0 adds support for RFC 4507 session tickets which
remove the need for server side session state. These tests needed
to be updated for this new behavior. If IS_RI is true, they still
follow the old behavior.
luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java
luni/src/test/java/javax/net/ssl/SSLSessionTest.java
luni/src/test/java/javax/net/ssl/SSLSocketTest.java
Update KnownFailures and add specific comments at point of failure
about what remains to be fixed.
luni/src/test/java/javax/net/ssl/SSLSessionTest.java
Added tests to cover the use of standard cipher suite
names. Historically Android has used OpenSSL string constants for
cipher suite names, but JSSE actually specifies supported and
expected names.
luni/src/test/java/javax/net/ssl/SSLSocketFactoryTest.java
luni/src/test/java/javax/net/ssl/SSLSocketTest.java
Create new support/src/test/java/javax/net/ssl with old Helper
support code pulled from javax.net.ssl tests:
SSLContextTest.Helper -> TestSSLContext
SSLSocketTest.Helper -> TestSSLSocketPair
SSLSessionTest.Helper -> TestSSLSessions
Also added new StandardNames here, which contains a collection of
expected constants for test validation.
luni/src/test/java/javax/net/ssl/SSLContextTest.java
luni/src/test/java/javax/net/ssl/SSLSocketTest.java
luni/src/test/java/javax/net/ssl/SSLSessionTest.java
support/src/test/java/javax/net/ssl/TestSSLContext.java
support/src/test/java/javax/net/ssl/TestSSLSocketPair.java
support/src/test/java/javax/net/ssl/TestSSLSessions.java
support/src/test/java/javax/net/ssl/StandardNames.java
Removed some now fixed KnownFailures and unneeded !IS_RI
code. Marked some [Un]KnownFailures where exceptions are thrown
and visible in the output but aren't correctly causing the test to
fail. Fixed assertNonNull to assertTrue in
test_SSLSocketTest_Test_create. Added
stress_test_SSLSocketTest_Test_create to track down test
flakiness, leading to rewrite of SSLSocket finalization.
luni/src/test/java/javax/net/ssl/SSLSocketTest.java
Reenable javax.net.ssl.AllTests now that it is does not hang
luni/src/test/java/tests/AllTests.java
Improve error messages while debugging overflow problem.
Added new assert when debugging new RFC 4507 behavior.
Removed KnownFailure annotation for now working test case.
x-net/src/test/java/tests/api/javax/net/ssl/SSLSessionTest.java
Client code changes
Now that startHandshake implies synchronous vs Android's default async handshake, remove unneeded explict calls to SSLSocket.startHandshake
luni/src/main/java/org/apache/harmony/luni/internal/net/www/protocol/http/HttpConnection.java
Removed IBM 1.4.x codepath that involved startHandshake
x-net/src/main/java/javax/net/ssl/DefaultHostnameVerifier.java
Unrelated
Remove unneed SSLSocket.setUseClientMode while removing unneeded SSLSocket.startHandshake
luni/src/main/java/org/apache/harmony/luni/internal/net/www/protocol/http/HttpConnection.java
Removed warnings due to now missing modules in classpath
run-core-tests
Change-Id: I6e149ae259b3feccdfb0673209c85cfeb60befc8
|
| |\
| |
| |
| |
| |
| |
| |
| |
| | |
reads something from the server. This is needed when cut-through feature is needed as in b/2586347. Dr. No approved in http://b/issue?id=2511073 .
Merge commit '91be9e671d7db5444aa8fa5f0101867ba8a73075' into dalvik-dev
* commit '91be9e671d7db5444aa8fa5f0101867ba8a73075':
Update the ssl test so the client reads something from the server.
|
| | |\
| | |
| | |
| | | |
from the server. This is needed when cut-through feature is needed as in b/2586347. Dr. No approved in http://b/issue?id=2511073 .
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is needed when cut-through feature is needed as in b/2586347.
Dr. No approved in http://b/issue?id=2511073 .
Change-Id: Id84724873522fe0435dbda342616da02783f7d6b
|
| |\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | | |
Conflicts:
libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
Change-Id: I23508e348c5de4103e9dda619ca230d0575f57ca
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
external/openssl
Updated version to 1.0.0
openssl.version
Updated small records patch for 1.0.0. This is probably the most significant change.
patches/small_records.patch
Removed bad_version.patch since fix is included in 0.9.8n and beyond
patches/README
patches/bad_version.patch
openssl.config
Changed import_openssl.sh to generate armv4 asm with the 1.0.0
scripts, not our backported 0.9.9-dev backported version in
patches/arm-asm.patch.
import_openssl.sh
openssl.config
patches/README
patches/arm-asm.patch
Added -DOPENSSL_NO_STORE to match ./Configure output
Added -DOPENSSL_NO_WHIRLPOOL (no-whrlpool) to skip new optional cipher
android-config.mk
openssl.config
Fixed import to remove include directory during import like other
imported directories (apps, ssl, crypto)
import_openssl.sh
Updated UNNEEDED_SOURCES. Pruned Makefiles which we don't use.
openssl.config
Updated to build newly required files
patches/apps_Android.mk
patches/crypto_Android.mk
Disable some new openssl tools
patches/progs.patch
Automatically imported
android.testssl/
apps/
crypto/
e_os.h
e_os2.h
include/
ssl/
dalvik
Change makeCipherList to skip SSLv2 ciphers that 1.0.0 now returns
so there are not duplicate ciphersuite names in getEnabledCipherSuites.
libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
Updated OpenSSLSocketImpl_cipherauthenticationmethod for new
SSL_CIPHER algorithms -> algorithm_auth (and const-ness)
libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
Update to const SSL_CIPHER in OpenSSLSessionImpl_getCipherSuite (and cipherauthenticationmethod)
libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
test_EnabledCipherSuites on both SSLSocketTest and
SSLServerSocketTest caught the makeCipherList problem. However the
asserts where a bit out of sync and didn't give good messages
because they didn't actually show what was going on. As part of
debugging the issue they found, I tried to make align the asserts
and improve their output for the future.
libcore/x-net/src/test/java/tests/api/javax/net/ssl/SSLServerSocketTest.java
libcore/x-net/src/test/java/tests/api/javax/net/ssl/SSLSocketTest.java
vendor/google
Add const to X509V3_EXT_METHOD* for 1.0.0 compatibility
libraries/libjingle/talk/base/openssladapter.cc
Change-Id: I9e848c79772211d3956f8561ec526339b30e24a4
|
| | |
| |
| |
| |
| | |
Bug: 754114
Change-Id: Iaa03def509c10cbaa12fd2128584b93d4be4a6b7
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Also remove an file of unused messages from luni, and inline one of luni's
other files. (There are plenty more.)
Also remove some German translations of bouncycastle messages (that are
actually in English anyway).
Change-Id: I9c565f6f2201a5d877eba5bf0af4ffad7b769984
|
| |\ \
| |/
| |
| |
| |
| |
| | |
Conflicts:
libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
Change-Id: I7cf63f6a1ca7c7604301cb8bb947633ad704a2c0
|
| | |
| |
| |
| |
| |
| | |
There are other problematic error reporting cases to be fixed later, but this one seems to be the frequently occuring.
Change-Id: Ia5910cffb60cc694066be03d43ac1bb7eab47357
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
SSLSessionContext
Summary:
b/1758225: Revisit OpenSSL locking
Removed the locking original put in to address b/1678800 which
had been causing problems for the HeapWorker thread which was
timing out waiting for the lock in the finalizers while other
threads were connecting.
b/1678800: Reliability tool: Crash in libcrypto @ https://opac.ntu.ac.uk
Properly fixed the native crash by avoid sharing SSL_SESSION objects
between SSL_CTX objects
Testing:
- adb shell run-core-tests --verbose tests.xnet.AllTests
- adb shell run-core-tests --verbose javax.net.ssl.AllTests
- Test app that reloads https://opac.ntu.ac.uk
Details:
Each AbstractSessionContext now has an associated SSL_CTX,
referenced through the sslCtxNativePointer. SSL_CTX on the native
side defines the scope of SSL_SESSION caching, and this brings the
Java SSLSessionContext caching into alignment with the native
code. OpenSSLSessionImpl now uses AbstractSessionContext instead
of SSLSessionContext for access to the underlying SSL_CTX.
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/AbstractSessionContext.java
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java
Added AbstractSessionContext.putSession so OpenSSLSocketImpl/OpenSSLSessionImpl can
directly assign to the current AbstractSessionContext (whether it
be a ClientSessionContext or a ServerSessionContext) without
casting.
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/AbstractSessionContext.java
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java
Cleaning up use of SSL_CTX and SSL instances in SSLSocket/SSLServerSocket implementation
The major change is that openssl SSL instances are allocated for
the life of the matching Java object, replacing the SSL_CTX and
the SSL objects that had previously been allocated only starting
at handshake time. We should never have been sharing SSL_SESSION
instances between SSL_CTX instances, which was the source of the
native crashes dating back to cupcake which the
OpenSSLSocket.class locking had been preventing.
- NativeCrypto now has better defined and independant wrappers on
openssl functionality. A followon checkin should move the
remaining openssl JNI code here with the intent of being able to
write and end-to-end test of the openssl code using NativeCrypto
without the JSSE implementation classes. The following gives a
list of the new native functions with a mapping to the old
implementation code. The new code has a more functional style
where SSL_CTX and SSL instances are passed and returned as
arguments, not extracted from Java instances
SSL_CTX_new OpenSSLSocketImpl.nativeinit, OpenSSLServerSocketImpl.nativeinit, SSLParameters.nativeinitsslctx
SSL_CTX_get_ciphers_list OpenSSLSocketImpl.nativeGetEnabledCipherSuites
SSL_CTX_free OpenSSLSocketImpl.nativefree, OpenSSLServerSocketImpl.nativefree
SSL_new OpenSSLSocketImpl.nativeinit, OpenSSLSocketImpl.init, OpenSSLServerSocketImpl.nativeinit, OpenSSLServerSocketImpl.init
SSL_get_options OpenSSLSocketImpl.nativesetenabledprotocols
SSL_set_options OpenSSLSocketImpl.nativesetenabledprotocols
SSL_get_ciphers OpenSSLSocketImpl.nativeGetEnabledCipherSuites
SSL_set_cipher_list OpenSSLSocketImpl.nativeSetEnabledCipherSuites
SSL_free OpenSSLSocketImpl.nativefree, OpenSSLServerSocketImpl.nativefree
- While the focus in NativeCrypto is on native code, it also
contains some helpers/wrappers especially for code that doesn't
depend on specific SSL_CTX, SSL instances or that needs to do
massaging of data formats between Java and OpenSSL. Some of
these had previously been duplicated in the client and server
versions of the code. For example:
getSupportedCipherSuites OpenSSLSocketImpl.nativegetsupportedciphersuites, OpenSSLServerSocketImpl.nativegetsupportedciphersuites
getSupportedProtocols OpenSSLSocketImpl.getSupportedProtocols, OpenSSLServerSocketImpl.getSupportedProtocols
getEnabledProtocols OpenSSLSocketImpl.getEnabledProtocols,OpenSSLServerSocketImpl.getEnabledProtocols
setEnabledProtocols OpenSSLSocketImpl.setEnabledProtocols
setEnabledCipherSuites OpenSSLSocketImpl.setEnabledCipherSuites
- Moved JNI initialization from OpenSSLSocketImpl to NativeCrypto
which is the future home of all the openssl related native code.
clinit OpenSSLSocketImpl.nativeinitstatic
- NativeCrypto.CertificateChainVerifier is a new interface to
decouple callbacks from openssl from a specific dependence on a
OpenSSLSocketImpl.verify_callback method. Changed to return
boolean instead of int.
- Renamed OpenSSLSocketImpl.ssl to OpenSSLSocketImpl.sslNativePointer for consistency
- Changed OpenSSLSocketImpl nativeconnect, nativegetsslsession,
nativecipherauthenticationmethod, nativeaccept, nativeread,
nativewrite, nativeinterrupt, nativeclose, nativefree to take
arguments instead of inspect object state in preparation for
moving to NativeCrypto
- other notable NativeCrypto changes included
* adding SSL_SESSION_get_peer_cert_chain,
SSL_SESSION_get_version, and SSL_get_version (and
get_ssl_version) which are "missing methods" in openssl
* ssl_msg_callback_LOG callback and get_content_type for handshake debugging
* removing jfieldID's for our classes now that we pass in values in arguments
* changed aliveAndKicking to be volative since we poll on it to communicate between threads
* changed from C style declarations at beginning of block to C++ at first use on methods with major changes
* stop freeing SSL instances on error, only SSL_clear it
* improved session reuse logging when reproducing b/1678800
* change verify_callback to return verifyCertificateChain result
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketFactoryImpl.java
When we accept a server socket, we pass the existing SSL state
instance from the server socket to the newly accepted socket via
the constructor where it is copied with SSL_dup, instead of
through both the constructor and later the accept method.
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java
Cleaned up nativesetclientauth from using SSL_CTX to SSL, passing
ssl as argument in preparation for future movement to
NativeCrypto.
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java
Removed ssl_op_no cache for rarely used enabled protocol methods
so that code could more easily be shared in NativeCrypto between
client and server.
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
Changed public getId, getCreationTime, getPeerCertificates,
getCipherSuite, getProtocol from being instance methods that
looked at the OpenSSLSessionImpl object state to be static mthods
that take the native pointers as arguments in preparation for
moving to NativeCrypto. Rename session -> sslSessionNativePointer
for consistency. Inlined initializeNative, which wasn't really
the native code.
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java
Removed lock on OpenSSLSocketImpl.class lock from around
OpenSSLSocketImpl's use of nativeconnect, nativegetsslsession, and
nativecipherauthenticationmethod as well as OpenSSLSessionImpl's
use of freeImpl, fixing b/1758225: Revisit OpenSSL locking
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java
Unrelated changes
Removed unused ssl_ctx, nativeinitsslctx, getSSLCTX
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java
Fix bug in both putSession implementations where we cached
sessions with zero length id. Also change indexById to pass in id
in client implementation.
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java
Make sure we clone SSLParameters passed to the SSLSocketFactory
and SSLServerSocketFactory so that muting the client instance does
not change the server instance and vice versa. Explicitly set
setUseClientMode(false) on the server SSLParameters. These changes
are to bring things more into alignment with the original harmony
classes which properly support client/server role switching during
handshaking.
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketFactoryImpl.java
Make locks object fields final
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
Moved updateInstanceCount(1) logic and sslParameters assignment to init method
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
Changed getCachedClientSession to respect getUseClientMode
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
Spelling of listensers to listeners in javadoc
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
Spelling SSLInputStream to SSLOutputStream in comment
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
Changed shutdownInput and shutdownOutput to call to the underlying socket
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
Set sslNativePointer to 0 when freeing underlying SSL object
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
Removed IOException logging in getSession, which is expected to
simply return SSL_NULL_WITH_NULL_NULL when there are problems.
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
Disabled "Using factory" message on successful creation of
SocketFactory which was a bit noisy running tests. However, added
logging in failure case including the related exception:
x-net/src/main/java/javax/net/ssl/SSLSocketFactory.java
Disabled logging of OpenSSL session deallocation
x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
Register SSLContextImpl as a source of SSL and SSL3 SSLContexts,
not just TLS and TLSv1.
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/JSSEProvider.java
Fix whitespace in comment
x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/CertificateRequest.java
Change-Id: I99975ae22599c7df0d249fa013ae7ea7c9c08051
|
| |\ \
| |/
| |
| | |
Change-Id: Ia95af76e2995ce7fb0778b020baf2882a8b0a3dd
|
| | |\ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This method causes a lot of confusion, and we can do a lot better. (Ideally,
the API would either not exist or be something like "public boolean ready()".)
I've removed poor-quality documentation overrides too, so the full
documentation is visible in most places. (InflaterInputStream is an obvious
exception.)
Also, to a lesser extent, improve the InputStream.skip documentation.
Change-Id: I6d6cd788e6a32ad4a2613d1e381610f1ad8575fe
|
| |\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | | |
Merge commit 'ea527bc08f4d7128eb9d927a16723d20b9d1d217' into dalvik-dev
* commit 'ea527bc08f4d7128eb9d927a16723d20b9d1d217':
Remove debug message from OpenSSL JNI code
|
| | |/
| |
| |
| | |
Change-Id: I70c68087b7d109634eb3240dca1f27e6f20d3da6
|
| |\ \
| |/
| |
| |
| |
| |
| | |
Merge commit 'f87ab9616697b8bae08c5e8007cbdd0039a1f8ce' into dalvik-dev
* commit 'f87ab9616697b8bae08c5e8007cbdd0039a1f8ce':
Don't leak memory on failed pipe or mutex init
|
| | |
| |
| |
| |
| |
| |
| | |
SSL allocation might fail on pipe or mutex creation, so free allocated
memory when that happens.
Change-Id: Ibe3813cb652db1e880e3acf0dc1fa37fbe0ad455
|
| | |
| |
| |
| |
| |
| |
| | |
I've fixed a few typos, and removed a few of the more egregiously nonsensical
or incorrect comments that were nearby.
Change-Id: I35851baebd532f949cc269f4738a26eeb9b6e697
|
| |\ \
| |/
| |
| |
| |
| |
| | |
Merge commit '1a29c735752f4082c8e32347f4a6b10c4fdeb1f5' into dalvik-dev
* commit '1a29c735752f4082c8e32347f4a6b10c4fdeb1f5':
Fix server side SSLEngine ServerKeyExchange signature.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Code using SSLEngine for non-blocking SSL can't talk with openssl as a client,
since the signature is computed on different content (and openssl checks it,
unlike java). The fix is to use strip the 0x00 prefix when signing - like
it is done when generating the message, refactored both to use a common
method. We also include the length in the signature, it was also missing.
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
into a single file.
At enh's suggestion, I'm consoldiating the OpenSSL related native code
into a single wrapper class NativeCrypto. This changes is the firs
step, combining the cpp code into a single NativeCode.cpp. The next
step will involved introducting a single SSL_CTX in NativeCode and
cleaning up SSL_CTX use. As part of this, I'll start moving the native
wrappers to from various OpenSSL*.java classes into NativeCode.
|
| |\ \
| |/
| |
| |
| | |
Conflicts:
libcore/JavaLibrary.mk
|
| | |
| |
| |
| |
| |
| | |
a read timeout that only applies to the SSL handshake step.
Bug: 2362543
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I started off with a mission to remove uses of dalvik.annotation.* (stuff
like @TestTargetNew and other useless junk that just makes it harder to
stay in sync with upstream). I wrote a script to go through tests showing
me the diff between what we have and what upstream has, thinking that in
cases where upstream has also added tests, I may as well pull them in at
the same time...
...but I didn't realize how close we were to having dx fill its 1.5GiB heap.
After trying various alternatives, I decided to bite the bullet and break
core-tests up into one .jar per module. This adds parallelism back into this,
the slowest part of our build. (I can do even better, but I'll do that in a
separate patch, preferably after we've merged recent changes from master.)
Only a couple of dependencies were problematic: the worthless TestSuiteFactory
which already contained a comment suggesting we get rid of it, and the fact
that some tests -- most notably the concurrent ones -- also contained main
methods that started the JUnit tty-based TestRunner.
(In the long run, we want to be running the harmony tests directly from a
pristine "svn co" of upstream, using DalvikRunner. But this will be a big
help in the meantime, and starts the work of getting our current copy of
the tests into a state where we can start to extract any meaningful
changes/additions we've made.)
|
| |/
|
|
|
|
|
| |
Signed/unsigned comparison in "File.cpp", and && and || without parentheses
in "OpenSSLSocketImpl.cpp". There's another signed/unsigned comparison in
"ifaddrs-android.h" but that isn't fixable (http://b/2417132), which is
going to stand in the way of turning on -Werror.
|
| |
|
|
| |
...and switch all NPE throwers over to the helper.
|
| |
|
|
| |
Bug: http://code.google.com/p/android/issues/detail?id=4914
|
| |
|
|
|
| |
This addresses the other problem from the following abandoned change:
https://android-git.corp.google.com/g/4743
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This addresses one part of this abandoned change from ursg:
https://android-git.corp.google.com/g/4743
I've also tidied up the native method names to use the harmony "-Impl"
convention, removed useless methods that just forward to a native method,
and removed dead code. I've canonicalized some of the duplication too,
but I want to go through the rest of out OpenSSL code before I really start
trying to remove the duplication.
When this is submitted, I'll fix the other (unrelated) bug the abandoned
change addressed.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
A new LocalArray C++ class lets us specify a "reasonable" amount of stack to
use, but transparently fall back to using the heap if we need more space.
The three places I've chosen to use LocalArray in this patch are fairly
random; all they have in common is that they're the places where we call
GetStringUTFRegion. There are more places LocalArray will be useful: the
java.io.File JNI in particular.
Bug: 2257819
|
| | |
|
| |
|
|
| |
This replaces PrefsTester and is more general purpose.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
I first spotted the missing ReleaseStringUTFChars, but then noticed all
the duplication in the cipher suites functions, and noticed that no
copy appeared to be completely correct. The factored-out replacements
shouldn't leak, and should check all error conditions.
|
| | |
|
| |
|
|
|
|
| |
Always use our best-of-breed code for throwing exceptions. The remaining
callers of Throw have good reason, and the only caller of ThrowNew is
now JNIHelp.c (jniThrowException) itself.
|
| |
|
|
|
|
| |
This code isn't actually called by us, but it's public API.
Bug: 2099901
|
| |\
| |
| |
| |
| |
| |
| | |
Merge commit '158135f49f5372f24557d9d1e0917fd746acf6f2'
* commit '158135f49f5372f24557d9d1e0917fd746acf6f2':
Replaced an O(N) algorithm with an O(1) algorithm. This shaves off 2/3 of the server cert checking time or ~200ms on Sapphire. This is in preparation for tripling the number of certs in an upcoming change.
|
| | |
| |
| |
| | |
the server cert checking time or ~200ms on Sapphire. This is in preparation for tripling the number of certs in an upcoming change.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Don't throw OutOfMemoryError manually in Adler32/CRC32: the VM does that for
us if GetPrimitiveArrayCritical needs, but fails, to allocate memory.
* Don't use anything but NULL for the "iscopy" argument to Get*ArrayElements.
The other users of this argument (removed earlier this week) were under the
mistaken impression that it's an "in" parameter rather than an "out" parameter,
and since these remaining callers aren't actually using the result, let's
remove the cruft.
* Move the null check in harmony_io_openImpl for "path" to come *before* the
first dereference.
* Make harmony_io_ttyReadImpl just delegate to harmony_io_readImpl since,
apart from the zero-length read check, they were identical.
* Remove the dead function throwIOExceptionStr from the OpenSSLSessionImpl
native code.
Tested on sapphire-eng.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This fixes all instances in the networking code, but doesn't address similar
patterns, nor non-networking code. This seemed like a reasonably-sized
meaningful chunk. Tested on sapphire-eng.
Bug: 1639287
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Without this fix, the two new tests cause the VM to abort like this:
W/dalvikvm( 386): ReferenceTable overflow (max=1024)
W/dalvikvm( 386): Last 10 entries in JNI pinned array reference table:
W/dalvikvm( 386): 1014: 0x4038e018 cls=[B (1044 bytes)
W/dalvikvm( 386): 1015: 0x4038e430 cls=[B (1044 bytes)
W/dalvikvm( 386): 1016: 0x4038e848 cls=[B (1044 bytes)
W/dalvikvm( 386): 1017: 0x4038ec60 cls=[B (1044 bytes)
W/dalvikvm( 386): 1018: 0x4038f078 cls=[B (1044 bytes)
W/dalvikvm( 386): 1019: 0x4038f490 cls=[B (1044 bytes)
W/dalvikvm( 386): 1020: 0x4038f8a8 cls=[B (1044 bytes)
W/dalvikvm( 386): 1021: 0x4038fcc0 cls=[B (1044 bytes)
W/dalvikvm( 386): 1022: 0x403900d8 cls=[B (1044 bytes)
W/dalvikvm( 386): 1023: 0x403904f0 cls=[B (1044 bytes)
W/dalvikvm( 386): JNI pinned array reference table summary (1024 entries):
W/dalvikvm( 386): 1024 of [B 1044B (1024 unique)
W/dalvikvm( 386): Memory held directly by native code is 1069056 bytes
E/dalvikvm( 386): Failed adding to JNI pinned array ref table (1024 entries)
I/dalvikvm( 386): "main" prio=5 tid=3 RUNNABLE
I/dalvikvm( 386): | group="main" sCount=0 dsCount=0 s=N obj=0x4001e2b8 self=0xb488
I/dalvikvm( 386): | sysTid=386 nice=0 sched=0/0 cgrp=default handle=-1344005452
I/dalvikvm( 386): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.nativeinit(Native Method)
I/dalvikvm( 386): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.init(OpenSSLSocketImpl.java:126)
I/dalvikvm( 386): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.<init>(OpenSSLSocketImpl.java:158)
I/dalvikvm( 386): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketFactoryImpl.createSocket(OpenSSLSocketFactoryImpl.java:61)
I/dalvikvm( 386): at tests.api.javax.net.ssl.SSLSocketTest.test_creationStressTest(SSLSocketTest.java:359)
...
Tested on sapphire-eng.
No bug; found by inspection when investigating bug 1639287.
|
| |
|
|
|
|
|
|
|
| |
External bug 3358 reported the libcore/x-net instance. Manual inspection
turned up another instance in vm, but nothing else in the dalvik package.
Tested by booting sapphire-eng and running the x-net tests.
Bug: 1999244
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Notable changes
- synchronization added where it was needed!
- try/finally added to reliably tear down in DefaultSSLContext
- ContextImpl deleted, it wasn't necessary
- methods reordered to make statics first in the class
- PrivilegedActions parameterized with <Void>
- DigitalSignature now throws AssertionErrors in impossible states
and throws AlertExceptions on invalid keys (rather than dumping
a stacktrace)
- ValueKeys added to SSLSessionImpl instead of TwoKeyMaps
- SSLSessionImpl.clone() simplified to do a traditional clone
Squashed commit of the following:
commit 2d9e43d542ab7086af271bf52e847c582decbab1
Merge: 8b79eb4 a8dc377
Author: Jesse Wilson <jessewilson@google.com>
Date: Tue Aug 25 15:25:21 2009 -0700
Merge branch 'x-net_802921' into x-net_dalvik
Conflicts:
libcore/x-net/.classpath
libcore/x-net/.settings/org.eclipse.jdt.core.prefs
libcore/x-net/build.xml
libcore/x-net/src/main/java/javax/net/DefaultServerSocketFactory.java
libcore/x-net/src/main/java/javax/net/DefaultSocketFactory.java
libcore/x-net/src/main/java/javax/net/ServerSocketFactory.java
libcore/x-net/src/main/java/javax/net/SocketFactory.java
libcore/x-net/src/main/java/javax/net/ssl/CertPathTrustManagerParameters.java
libcore/x-net/src/main/java/javax/net/ssl/DefaultHostnameVerifier.java
libcore/x-net/src/main/java/javax/net/ssl/DefaultSSLContext.java
libcore/x-net/src/main/java/javax/net/ssl/DefaultSSLSocketFactory.java
libcore/x-net/src/main/java/javax/net/ssl/HandshakeCompletedEvent.java
libcore/x-net/src/main/java/javax/net/ssl/HandshakeCompletedListener.java
libcore/x-net/src/main/java/javax/net/ssl/HostnameVerifier.java
libcore/x-net/src/main/java/javax/net/ssl/HttpsURLConnection.java
libcore/x-net/src/main/java/javax/net/ssl/KeyManager.java
libcore/x-net/src/main/java/javax/net/ssl/KeyManagerFactory.java
libcore/x-net/src/main/java/javax/net/ssl/KeyManagerFactorySpi.java
libcore/x-net/src/main/java/javax/net/ssl/KeyStoreBuilderParameters.java
libcore/x-net/src/main/java/javax/net/ssl/ManagerFactoryParameters.java
libcore/x-net/src/main/java/javax/net/ssl/SSLContext.java
libcore/x-net/src/main/java/javax/net/ssl/SSLContextSpi.java
libcore/x-net/src/main/java/javax/net/ssl/SSLEngine.java
libcore/x-net/src/main/java/javax/net/ssl/SSLEngineResult.java
libcore/x-net/src/main/java/javax/net/ssl/SSLException.java
libcore/x-net/src/main/java/javax/net/ssl/SSLHandshakeException.java
libcore/x-net/src/main/java/javax/net/ssl/SSLKeyException.java
libcore/x-net/src/main/java/javax/net/ssl/SSLPeerUnverifiedException.java
libcore/x-net/src/main/java/javax/net/ssl/SSLPermission.java
libcore/x-net/src/main/java/javax/net/ssl/SSLProtocolException.java
libcore/x-net/src/main/java/javax/net/ssl/SSLServerSocket.java
libcore/x-net/src/main/java/javax/net/ssl/SSLServerSocketFactory.java
libcore/x-net/src/main/java/javax/net/ssl/SSLSession.java
libcore/x-net/src/main/java/javax/net/ssl/SSLSessionBindingEvent.java
libcore/x-net/src/main/java/javax/net/ssl/SSLSessionBindingListener.java
libcore/x-net/src/main/java/javax/net/ssl/SSLSessionContext.java
libcore/x-net/src/main/java/javax/net/ssl/SSLSocket.java
libcore/x-net/src/main/java/javax/net/ssl/SSLSocketFactory.java
libcore/x-net/src/main/java/javax/net/ssl/TrustManager.java
libcore/x-net/src/main/java/javax/net/ssl/TrustManagerFactory.java
libcore/x-net/src/main/java/javax/net/ssl/TrustManagerFactorySpi.java
libcore/x-net/src/main/java/javax/net/ssl/X509ExtendedKeyManager.java
libcore/x-net/src/main/java/javax/net/ssl/X509KeyManager.java
libcore/x-net/src/main/java/javax/net/ssl/X509TrustManager.java
libcore/x-net/src/main/java/javax/net/ssl/package-info.java
libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java
libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/HandshakeProtocol.java
libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/JSSEProvider.java
libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/KeyManagerImpl.java
libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImplWrapper.java
libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java
libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLServerSocketFactoryImpl.java
libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLServerSocketImpl.java
libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSessionContextImpl.java
libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSessionImpl.java
libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSocketFactoryImpl.java
libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSocketImpl.java
libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSocketInputStream.java
libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSocketOutputStream.java
libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/CertPathTrustManagerParametersTest.java
libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/HandshakeCompletedEventTest.java
libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/HttpsURLConnectionTest.java
libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/KeyStoreBuilderParametersTest.java
libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/SSLContext1Test.java
libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/SSLEngineTest.java
libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/SSLPermissionTest.java
libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/SSLServerSocketTest.java
libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/SSLSocketTest.java
libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/TrustManagerFactory1Test.java
libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/serialization/HandshakeCompletedEventTest.java
libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/serialization/SSLExceptionTest.java
libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/serialization/SSLHandshakeExceptionTest.java
libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/serialization/SSLKeyExceptionTest.java
libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/serialization/SSLPeerUnverifiedExceptionTest.java
libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/serialization/SSLProtocolExceptionTest.java
libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/serialization/SSLSessionBindingEventTest.java
libcore/x-net/src/test/impl/java.injected/javax/net/ServerSocketFactoryTest.java
libcore/x-net/src/test/impl/java.injected/javax/net/SocketFactoryTest.java
libcore/x-net/src/test/impl/java.injected/javax/net/ssl/DefaultSSLServerSocketFactoryTest.java
libcore/x-net/src/test/impl/java.injected/javax/net/ssl/DefaultSSLSocketFactoryTest.java
libcore/x-net/src/test/impl/java.injected/javax/net/ssl/HttpsURLConnection_ImplTest.java
libcore/x-net/src/test/impl/java.injected/javax/net/ssl/SSLServerSocketFactoryTest.java
libcore/x-net/src/test/impl/java.injected/javax/net/ssl/SSLSocketFactoryTest.java
libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/CipherSuiteTest.java
libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/DigitalSignatureTest.java
libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/HandshakeProtocolTest.java
libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/KeyManagerImplTest.java
libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/SSLEngineImplTest.java
libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/SSLServerSocketImplTest.java
libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/SSLSessionContextImplTest.java
libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/SSLSessionImplTest.java
libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/SSLSocketFactoriesTest.java
libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/SSLSocketFunctionalTest.java
libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/SSLSocketImplTest.java
libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/SSLStreamedInputTest.java
libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/ServerHandshakeImplTest.java
libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/TrustManagerImplTest.java
libcore/x-net/src/test/impl/java/org/apache/harmony/xnet/tests/provider/jsse/DigitalSignatureTest.java
libcore/x-net/src/test/impl/java/org/apache/harmony/xnet/tests/provider/jsse/KeyManagerFactoryImplTest.java
libcore/x-net/src/test/impl/java/org/apache/harmony/xnet/tests/provider/jsse/ProtocolVersionTest.java
libcore/x-net/src/test/impl/java/org/apache/harmony/xnet/tests/provider/jsse/TrustManagerFactoryImplTest.java
libcore/x-net/src/test/java/javax/net/ssl/KeyManagerFactorySpiTests.java
libcore/x-net/src/test/java/javax/net/ssl/MyKeyManagerFactorySpi.java
libcore/x-net/src/test/java/javax/net/ssl/MySSLContextSpi.java
libcore/x-net/src/test/java/javax/net/ssl/MyTrustManagerFactorySpi.java
libcore/x-net/src/test/java/javax/net/ssl/SSLContextSpiTests.java
libcore/x-net/src/test/java/javax/net/ssl/TrustManagerFactorySpiTests.java
libcore/x-net/src/test/java/tests/api/javax/net/ssl/KeyManagerFactory1Test.java
libcore/x-net/src/test/java/tests/api/javax/net/ssl/KeyManagerFactory2Test.java
libcore/x-net/src/test/java/tests/api/javax/net/ssl/SSLContext2Test.java
libcore/x-net/src/test/java/tests/api/javax/net/ssl/SSLSessionBindingEventTest.java
libcore/x-net/src/test/java/tests/api/javax/net/ssl/TrustManagerFactory2Test.java
libcore/x-net/src/test/support/common/java/org/apache/harmony/xnet/tests/support/MyKeyManagerFactorySpi.java
libcore/x-net/src/test/support/common/java/org/apache/harmony/xnet/tests/support/MySSLContextSpi.java
libcore/x-net/src/test/support/common/java/org/apache/harmony/xnet/tests/support/MyTrustManagerFactorySpi.java
commit 8b79eb40a27f0b336d5516606d43162ecead09ca
Author: Jesse Wilson <jessewilson@google.com>
Date: Tue Aug 25 12:58:17 2009 -0700
x-net_dalvik
commit a8dc3778cd2a1a5d6d0cfff6eec22e7bfbdb9c14
Author: Jesse Wilson <jessewilson@google.com>
Date: Tue Aug 25 12:56:55 2009 -0700
x-net_802921
commit 07ca0ed8aa5927c909f880559c17d162c111608e
Author: Jesse Wilson <jessewilson@google.com>
Date: Tue Aug 25 12:56:07 2009 -0700
x-net_527399
commit 9b44ccfc38c2fc2a6cf2c3cc39a13cc5bce635ba
Author: Jesse Wilson <jessewilson@google.com>
Date: Tue Aug 25 11:14:01 2009 -0700
Small changes missed in the original submission of 22482.
|
| |\
| |
| |
| |
| |
| |
| |
| |
| | |
anchor. This used to be an O(N) operation. If the trust anchor we\'re looking for was close to N, finding it could take a couple seconds. This change makes the operation O(1).
Merge commit 'dfd0afbcb08b871e224a28ecb4ed427a7693545c' into eclair
* commit 'dfd0afbcb08b871e224a28ecb4ed427a7693545c':
Each time we start an SSL session, we have to find the trust anchor. This used to be an O(N) operation. If the trust anchor we're looking for was close to N, finding it could take a couple seconds. This change makes the operation O(1).
|
