Ecosyste.ms: OpenCollective
An open API service for software projects hosted on Open Collective.
github.com/ooni/oocrypto
Fork of Go crypto/tls with extra patches from the OONI team
https://github.com/ooni/oocrypto
RC4 is frowned upon[1] at this point and major providers are disabling it
by default[2].
Those ...
b007a3d57c75aca7b4604b2d1845a3829754ed16 authored almost 10 years ago by Adam Langley <[email protected]>
Just so that we notice in the future if another hash function is added
without updating this uti...
crypto/rand.Reader doesn't ensure that short reads don't happen. This
change contains a couple o...
Commit f1d669aee994b28e1afcfe974680565932d25b70 added support for
AES_256_GCM_SHA384 cipher suit...
Decrypter is an interface to support opaque private keys that perform
decryption operations. Thi...
Change-Id: Ia9f39250619ea6e94157efceddfb2e02d35f3ae2
Reviewed-on: https://go-review.googlesource...
Change-Id: I8b18dc840425b72d7172a35cb0ba004bd156492d
Reviewed-on: https://go-review.googlesource...
Previously, we didn't handle absolute DNS names in certificates the same
way as Chromium, and we...
RFC 6125 now specifies that wildcards are only allowed for the leftmost
label in a pattern: http...
Some servers which misunderstood the point of the CertificateRequest
message send huge reply rec...
There was a missing continue that caused certificates with critical
certificate-policy extension...
This check is expensive and adversely impacts startup times for some
servers with several, large...
Applying my post-submit comments from CL 5120.
The rewrite there changed the code from writing t...
This time for sure!
Change-Id: I7e7ea24edb7c2f711489e162fb97237a87533089
6dcf0cf48a27c699ebf8ef4ddf9654af85771ebd authored almost 10 years ago by Russ Cox <[email protected]>
Change-Id: Ia6b06f19e5ac424f01a1b90b78b507363b0c4577
Reviewed-on: https://go-review.googlesource...
Require a name to be specified when referencing the pseudo-stack.
If you want a real stack offse...
The mechanical edit in the last round managed to miss ROUND1, among
other indgnities.
Change-Id...
0f67bb0582270e1bbcddafe1201f2993404bb165 authored almost 10 years ago by Rob Pike <[email protected]>
Several .s files for ARM had several properties the new assembler will not support.
These includ...
If an absolute domain name (i.e. ends in a '.' like "example.com.") is used
with ssl/tls, the ce...
Only documentation / comment changes. Update references to
point to golang.org permalinks or go....
Generalizes PRF calculation for TLS 1.2 to support arbitrary hashes (SHA-384 instead of SHA-256)...
a788f6b48db2a60ef0a95e0ba5a784cfe9812528 authored almost 10 years ago by Jacob H. Haven <[email protected]>
Additional elements in a DN can be added in via ExtraNames. This
option can also be used for sor...
ECDSA is unsafe to use if an entropy source produces predictable
output for the ephemeral nonces...
This reverts commit 8d7bf2291b095d3a2ecaa2609e1101be46d80deb.
Change-Id: Iad2c74a504d64bcf7ca70...
7769ae6ae6acc7c8d6781ffe162dd38f62de9cc8 authored almost 10 years ago by Adam Langley <[email protected]>
ECDSA is unsafe to use if an entropy source produces predictable
output for the ephemeral nonces...
Signer is an interface to support opaque private keys.
These keys typically result from being ke...
This reverts commit cef15faafe5d15ba6242bad3504a52d287f78b88.
Change-Id: I6df3e9ea48cd588938925...
e2d303c5041f046e6980e0dafbee3fe22ca826cb authored almost 10 years ago by Adam Langley <[email protected]>
According to RFC5280 the authority key identifier extension MUST included in all
CRLs issued. Th...
Signer is an interface to support opaque private keys.
These keys typically result from being ke...
The encoded value of the certificate KeyUsage did contain additonal padding
that was not present...
Fix SmartOS build that was broken in 682922908f7.
SmartOS pretends to be Ubuntu/Debian with res...
a5acfd69138325797035da2a517816b04e0e4e84 authored almost 10 years ago by Dave Cheney <[email protected]>Per https://golang.org/s/style#named-result-parameters
Change-Id: If69d3e6d3dbef385a0f41e743fa4...
bf7d5fade0779692b1c724f1abdf7069ce1eed97 authored almost 10 years ago by Brad Fitzpatrick <[email protected]>RFC5280 states:
"This optional field describes the version of the encoded CRL. When
extension...
And add names for the curve implemented in crypto/elliptic.
This permits a safer alternative to...
b491821b1e0b3aaa4863b9ab285370662a14213b authored almost 10 years ago by David Leon Gil <[email protected]>
According to RFC4055 a NULL parameter MUST be present in the signature
algorithm. This patch add...
There are two methods by which TLS clients signal the renegotiation
extension: either a special ...
SignPSS is documented as allowing opts to be nil, but actually
crashes in that case. This change...
Change-Id: Ida3b431a06527f6cd604ab4af5ce517959c8619b
Reviewed-on: https://go-review.googlesource...
Change-Id: Ie47c6460c1749aef3cf6d7c6ba44d43305d7ca7b
Reviewed-on: https://go-review.googlesource...
This CL splits the (ever growing) list of ca cert locations by major unix
platforms (darwin, win...
Specify what will happen if len(dst) != len(src).
Change-Id: I66afa3730f637753b825189687418f14d...
705037d8cc5e8e0d6b92f397685f4f9a2474c756 authored almost 10 years ago by Shenghou Ma <[email protected]>
SSLv3 (the old minimum) is still supported and can be enabled via the
tls.Config, but this chang...
Fix TLS_FALLBACK_SCSV check when comparing the client version to the
default max version. This e...
Fixes #9205
Change-Id: Iacd608ba43332008984aa8ece17dcb5757f27b3f
Reviewed-on: https://go-review...
Fixes #9078.
LGTM=adg
R=golang-codereviews, adg
CC=golang-codereviews
https://golang.org/cl/172...
LGTM=rsc, r
R=r, rsc
CC=golang-codereview, golang-codereviews
https://golang.org/cl/168050043
A new attack on CBC padding in SSLv3 was released yesterday[1]. Go only
supports SSLv3 as a serv...
Fixes #8936.
LGTM=bradfitz
R=agl, bradfitz
CC=golang-codereviews
https://golang.org/cl/152590043
In [1] the behaviour of encoding/asn1 with respect to marshaling
optional integers was changed. ...
Fixes #8349.
LGTM=rsc
R=rsc
CC=golang-codereviews
https://golang.org/cl/147320043
The ASN.1 encoding of the CRL Distribution Points extension showed an invalid false 'IsCompound'...
454e398fedf1a3a1409eebd5a8e05d92a5019b5e authored about 10 years ago by Paul van Brouwershaven <[email protected]>
On android, root certificates appear to be stored in the folder
/system/etc/security/cacerts, wh...
RFC5280 says that the nextUpdate field is optional.
Fixes #8085.
R=bradfitz
CC=golang-coderevi...
LGTM=r
R=r, adg, rsc
https://golang.org/cl/148080043
Preparation was in CL 134570043.
This CL contains only the effect of 'hg mv src/pkg/* src'.
For ...