aboutsummaryrefslogtreecommitdiffstats
path: root/security-utils/src/main/java/com/yahoo/security/tls
Commit message (Expand)AuthorAgeFilesLines
* Add new capabilities in node specific capability setsBjørn Christian Seime2023-02-132-8/+22
* Rename 'from()' to 'of()'Bjørn Christian Seime2023-02-132-6/+6
* Define required capabilities for existing JRT RPC methodsBjørn Christian Seime2023-02-091-0/+12
* Introduce capbilities for unclassified APIsBjørn Christian Seime2023-02-091-0/+3
* Move definition of predefined capability set to parent classBjørn Christian Seime2023-02-093-29/+45
* Add 'vespa.none' capabilityBjørn Christian Seime2023-02-061-0/+1
* Unify on Streams.toListHenning Baldersheim2023-01-172-4/+2
* Ensure that HTTPS clients only use allowed ciphers and protocol versionsBjørn Christian Seime2023-01-091-1/+22
* Revert "Ensure that HTTPS clients only use allowed ciphers and protocol versi...Andreas Eriksen2023-01-061-22/+1
* Ensure that HTTPS clients only use allowed ciphers and protocol versionsBjørn Christian Seime2023-01-061-1/+22
* Ignore calls to SystemTlsContext.close()Bjørn Christian Seime2022-08-301-2/+1
* Force caller to handle failed capability verification checkBjørn Christian Seime2022-07-212-14/+28
* Improve error messageBjørn Christian Seime2022-07-211-1/+1
* Move logic for capability checking/logging to ConnectionAuthContextBjørn Christian Seime2022-07-213-9/+63
* Use getSubjectCommonName()Bjørn Christian Seime2022-07-211-7/+1
* Get ConnectionAuthContext from SSL session after handshake is completeBjørn Christian Seime2022-07-213-28/+67
* Include client certificate chain even when authorization is disabledBjørn Christian Seime2022-07-203-4/+11
* Implement RequireCapabilitiesFilter in jrt + miscBjørn Christian Seime2022-07-203-8/+9
* Add to-string helper to ConnectionAuthContextBjørn Christian Seime2022-07-201-1/+38
* Simplify type definition for subject alternative namesBjørn Christian Seime2022-07-201-4/+4
* Move generic crypto helpers from 'c.y.s.tls' to 'c.y.s'Bjørn Christian Seime2022-07-208-482/+3
* Merge Java package 'c.y.s.tls.{auth,json,policy}' into 'c.y.s.tls'Bjørn Christian Seime2022-07-2019-66/+20
* Remove empty packageBjørn Christian Seime2022-07-201-8/+0
* Add 'CapabilitySet.has()' methodsBjørn Christian Seime2022-07-201-0/+3
* Add environment variable for capabilities enforcement modeBjørn Christian Seime2022-07-202-0/+33
* Rename method/variable names to match new class nameBjørn Christian Seime2022-07-191-1/+1
* Include mode in log messageBjørn Christian Seime2022-07-151-3/+4
* Rename 'toCapabilityNames()' to 'toNames()'Bjørn Christian Seime2022-07-152-2/+2
* Always run PeerAutorizerBjørn Christian Seime2022-07-159-45/+44
* Rename 'hasAllCapabilities()' => 'hasAll()'Bjørn Christian Seime2022-07-152-2/+2
* Change type from SortedSet to SetBjørn Christian Seime2022-07-152-7/+4
* Rename 'succeeded' => 'authorized'Bjørn Christian Seime2022-07-152-2/+2
* Include full certificate chain in auth contextBjørn Christian Seime2022-07-153-15/+26
* Return granted capabilities from PeerAuthorizerBjørn Christian Seime2022-07-155-53/+46
* Add Capability and CapabilitySet including JSON serializationBjørn Christian Seime2022-07-135-4/+147
* Convert POJOs to recordBjørn Christian Seime2022-07-132-79/+9
* Remove 'role' concept from 'authorized-peers'Bjørn Christian Seime2022-07-116-86/+9
* Disable '?' as single char wildcard for URI matchingBjørn Christian Seime2021-12-093-6/+6
* Support glob pattern for URIs with '/' as boundaryBjørn Christian Seime2021-12-022-15/+11
* Add glob pattern helper that handles multiple alternative boundariesBjørn Christian Seime2021-12-022-35/+89
* Disable ciphers that are only supported by some JDK-11 versionsBjørn Christian Seime2021-11-091-4/+5
* Update 2020 Oath copyrights.gjoranv2021-10-271-1/+1
* Update 2019 Oath copyrights.gjoranv2021-10-277-7/+7
* Update Verizon Media copyright notices.gjoranv2021-10-072-2/+2
* Update 2018 copyright notices.gjoranv2021-10-0721-21/+21
* Remove com.yahoo.vespa.jdk8compatBjørn Christian Seime2021-03-106-13/+21
* Make TLS protocol version configurable in TLS config fileBjørn Christian Seime2021-02-245-10/+44
* Disable TLSV1.3Bjørn Christian Seime2021-02-241-1/+2
* Allow TLSv1.3Bjørn Christian Seime2021-02-181-1/+1
* Use singleton already present.Henning Baldersheim2021-01-281-4/+0