Stowage/go
2
0
Fork 0
mirror of https://github.com/golang/go.git synced 2025-12-08 06:10:04 +00:00
Code Issues Projects Releases Packages Wiki Activity
16324 commits 64 branches 468 tags 812 MiB
Commit graph

9 commits

Author SHA1 Message Date
Adam Langley
a1dbfee15b crypto/tls: ignore empty TLS records. 
OpenSSL can be configured to send empty records in order to randomise
the CBC IV. This is an early version of 1/n-1 record splitting (that Go
does) and is quite reasonable, but it results in tls.Conn.Read
returning (0, nil).

This change ignores up to 100 consecutive, empty records to avoid
returning (0, nil) to callers.

Fixes 5309.

R=golang-dev, r, minux.ma
CC=golang-dev
https://golang.org/cl/8852044
 2013-05-15 10:25:54 -04:00
Anthony Martin
1de4d313dd crypto/tls: use 1/n-1 record splitting to protect against BEAST 
This requires rebasing the block-mode test scripts.
I used GnuTLS version 3.1.4.

R=agl
CC=golang-dev
https://golang.org/cl/6844073
 2012-11-26 10:56:39 -08:00
Adam Langley
cfa1ba34cc crypto/tls: make closeNotify a warning alert. 
The RFC doesn't actually have an opinion on whether this is a fatal or
warning level alert, but common practice suggests that it should be a
warning.

This involves rebasing most of the tests.

Fixes #3413.

R=golang-dev, shanemhansen, rsc
CC=golang-dev
https://golang.org/cl/6654050
 2012-10-16 15:40:37 -04:00
Adam Langley
7247dcab92 crypto/tls: update how we create testing scripts. 
crypto/tls is tested, in part, by replaying recorded TLS connections
and checking that the bytes sent by the Go code haven't changed.

Previously we used GnuTLS's debug output and extracted the bytes of
the TLS connection using a Python script. That wasn't great, and I
think GnuTLS removed that level of debugging in a more current
release.

This change records the connection with Go code and adds a test for
ECDHE-AES clients generating using this method.

R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/5988048
 2012-04-11 12:55:57 -04:00
Shenghou Ma
9a4487458a all: update 'gotest' to 'go test' 
R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/5645099
 2012-02-13 13:58:17 -05:00
Adam Langley
a775fbf8a4 crypto/tls: support SSLv3 
It would be nice not to have to support this since all the clients
that we care about support TLSv1 by now. However, due to buggy
implementations of SSLv3 on the Internet which can't do version
negotiation correctly, browsers will sometimes switch to SSLv3. Since
there's no good way for a browser tell a network problem from a buggy
server, this downgrade can occur even if the server in question is
actually working correctly.

So we need to support SSLv3 for robustness :(

Fixes #1703.

R=bradfitz
CC=golang-dev
https://golang.org/cl/5018045
 2011-09-14 15:32:19 -04:00
Russ Cox
41f93a430f net: drop laddr from Dial, cname from LookupHost; new functions 
Drop laddr argument from Dial.

Drop cname return from LookupHost.

Add LookupIP, LookupCNAME, ParseCIDR, IP.Equal.
Export SplitHostPort, JoinHostPort.
Add AAAA (IPv6) support to host lookups.

Preparations for implementing some of the
lookups using cgo.

ParseCIDR and IP.Equal are logically new in this CL
but accidentally snuck into an earlier CL about unused
labels that was in the same client.

In crypto/tls, drop laddr from Dial to match net.

R=golang-dev, dsymonds, adg, rh
CC=golang-dev
https://golang.org/cl/4244055
 2011-03-28 23:28:42 -04:00
Kyle Consalus
07cc8b9ad2 Make.pkg, doc: Replace references to "-benchmarks" and "-match" with "-test.bench" and "-test.run". 
R=r
CC=golang-dev
https://golang.org/cl/4197041
 2011-02-22 20:23:21 -08:00
Adam Langley
4883b73982 crypto/tls: add ECDHE support 
(ECDHE is "Elliptic Curve Diffie Hellman Ephemeral")

R=rsc
CC=golang-dev
https://golang.org/cl/3668042
 2010-12-16 17:10:50 -05:00