Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Remove TlsAwareHttpClientBuilder | Bjørn Christian Seime | 2019-04-08 | 4 | -310/+0 |
| | |||||
* | Remove VespaHttpClientBuilder from security-utils | Bjørn Christian Seime | 2019-04-08 | 1 | -109/+0 |
| | |||||
* | Revert "Bjorncs/http utils" | Håkon Hallingstad | 2019-04-08 | 1 | -0/+109 |
| | |||||
* | Remove VespaHttpClientBuilder from security-utils | Bjørn Christian Seime | 2019-04-05 | 1 | -109/+0 |
| | |||||
* | Revert "Remove TlsAwareHttpClientBuilder" | Bjørn Christian Seime | 2019-04-05 | 4 | -0/+310 |
| | | | | This reverts commit e962344ba28b9f84028a129a24c92b40fdc076b8. | ||||
* | Export package 'com.yahoo.security.tls.https' | Bjørn Christian Seime | 2019-04-04 | 1 | -0/+8 |
| | |||||
* | Use URIBuilder | Bjørn Christian Seime | 2019-04-03 | 1 | -1/+2 |
| | |||||
* | Remove TlsAwareHttpClientBuilder | Bjørn Christian Seime | 2019-04-03 | 5 | -318/+0 |
| | |||||
* | Add VespaHttpClientBuilder based on apache httpclient | Bjørn Christian Seime | 2019-04-03 | 1 | -0/+108 |
| | |||||
* | Stop reload task when there are no external references to the managers | Bjørn Christian Seime | 2019-03-01 | 1 | -18/+56 |
| | | | | | The reload task will shut down the executor service when the GC has determined that there are no other references to the key/trust manager. | ||||
* | Add utility method to construct http client | Bjørn Christian Seime | 2019-02-25 | 1 | -0/+9 |
| | |||||
* | Add withCertificateEntries() to KeyStoreBuilder | Bjørn Christian Seime | 2019-02-25 | 2 | -14/+7 |
| | |||||
* | Add utility method to construct tls context | Bjørn Christian Seime | 2019-02-25 | 1 | -0/+5 |
| | |||||
* | Add constructor without tls context parameter | Bjørn Christian Seime | 2019-02-25 | 1 | -3/+7 |
| | |||||
* | User agent must be specified | Bjørn Christian Seime | 2019-02-25 | 1 | -4/+0 |
| | |||||
* | Merge pull request #8572 from vespa-engine/bjorncs/jdisc-mixed-mode | Bjørn Christian Seime | 2019-02-25 | 4 | -29/+42 |
|\ | | | | | Bjorncs/jdisc mixed mode | ||||
| * | Override default hostname verification in PeerAuthorizerTrustManager | Bjørn Christian Seime | 2019-02-22 | 4 | -29/+42 |
| | | | | | | | | | | Ensure that the default hostname verification is not applied for the Vespa TLS certificates. Use the custom trust manager even when no authorized peers rules are present. | ||||
* | | Introduce http client that follows Vespa TLS config | Bjørn Christian Seime | 2019-02-21 | 4 | -0/+309 |
|/ | |||||
* | Fix spelling errors | Bjørn Christian Seime | 2019-02-19 | 2 | -2/+2 |
| | |||||
* | Misc changes to TlsContext and its implementations | Bjørn Christian Seime | 2019-02-19 | 3 | -49/+147 |
| | | | | | | | | - Add methods to retrieve underlying SSLContext and SSLParameters - Add createSslEngine() overload with peer host and port - Remove constructor DefaultTlsContext constructor taking path to config file. - Resolve valid ciphers and protcols in constructor. - Use mutual x509 key/trust manager in ReloadingTlsContext | ||||
* | Add withKeyManagerFactory() to specify custom key manager | Bjørn Christian Seime | 2019-02-19 | 2 | -24/+6 |
| | | | | | | | - Introduce an interface for key manager factory. - Change SslContextBuilder to call trust/key manager factory even when no truststore/keystore has been specified. - Change trust manager factory to be specific for x509. - Use TrustManagerUtils/KeyManagerUtil to construct default managers. | ||||
* | Require client auth for ssl engines constructed by DefaultTlsContext | Bjørn Christian Seime | 2019-02-19 | 1 | -0/+1 |
| | |||||
* | Add mutable x509 trust manager | Bjørn Christian Seime | 2019-02-19 | 1 | -0/+70 |
| | | | | Add a x509 trust manager where certificates can be updated while the manager is in use. | ||||
* | Add x509 key manager that regularly updates cert chain from PEM files | Bjørn Christian Seime | 2019-02-19 | 1 | -0/+150 |
| | |||||
* | Add mutable x509 key manager | Bjørn Christian Seime | 2019-02-19 | 1 | -0/+106 |
| | | | | | Add a x509 key manager where certificates can be updated while the manager is in use. | ||||
* | Add utility classes for constructing default x509 trust/key manager | Bjørn Christian Seime | 2019-02-19 | 2 | -0/+99 |
| | |||||
* | Revert "Bjorncs/jdisc mixed mode preparations" | Arnstein Ressem | 2019-02-18 | 10 | -578/+72 |
| | |||||
* | Fix spelling errors | Bjørn Christian Seime | 2019-02-18 | 2 | -2/+2 |
| | |||||
* | Misc changes to TlsContext and its implementations | Bjørn Christian Seime | 2019-02-14 | 3 | -49/+147 |
| | | | | | | | | - Add methods to retrieve underlying SSLContext and SSLParameters - Add createSslEngine() overload with peer host and port - Remove constructor DefaultTlsContext constructor taking path to config file. - Resolve valid ciphers and protcols in constructor. - Use mutual x509 key/trust manager in ReloadingTlsContext | ||||
* | Add withKeyManagerFactory() to specify custom key manager | Bjørn Christian Seime | 2019-02-14 | 2 | -24/+6 |
| | | | | | | | - Introduce an interface for key manager factory. - Change SslContextBuilder to call trust/key manager factory even when no truststore/keystore has been specified. - Change trust manager factory to be specific for x509. - Use TrustManagerUtils/KeyManagerUtil to construct default managers. | ||||
* | Require client auth for ssl engines constructed by DefaultTlsContext | Bjørn Christian Seime | 2019-02-14 | 1 | -0/+1 |
| | |||||
* | Add mutable x509 trust manager | Bjørn Christian Seime | 2019-02-14 | 1 | -0/+70 |
| | | | | Add a x509 trust manager where certificates can be updated while the manager is in use. | ||||
* | Add x509 key manager that regularly updates cert chain from PEM files | Bjørn Christian Seime | 2019-02-14 | 1 | -0/+150 |
| | |||||
* | Add mutable x509 key manager | Bjørn Christian Seime | 2019-02-14 | 1 | -0/+106 |
| | | | | | Add a x509 key manager where certificates can be updated while the manager is in use. | ||||
* | Add utility classes for constructing default x509 trust/key manager | Bjørn Christian Seime | 2019-02-14 | 2 | -0/+99 |
| | |||||
* | Fix typo | Bjørn Christian Seime | 2019-02-01 | 1 | -1/+1 |
| | |||||
* | Restrict enabled protocols | Bjørn Christian Seime | 2019-02-01 | 1 | -0/+16 |
| | |||||
* | Allow configuration of accepted ciphers | Bjørn Christian Seime | 2019-01-23 | 4 | -10/+41 |
| | |||||
* | Add TLSv1.3 cipher suites to whitelist | Bjørn Christian Seime | 2019-01-23 | 1 | -1/+4 |
| | |||||
* | Change access modifier to 'public' for 'fromConfigValue()' | Bjørn Christian Seime | 2019-01-15 | 2 | -2/+2 |
| | |||||
* | Return default values when env vars are not present | Bjørn Christian Seime | 2019-01-15 | 1 | -10/+6 |
| | |||||
* | Define default value for tls authorization mode | Bjørn Christian Seime | 2019-01-15 | 1 | -0/+8 |
| | |||||
* | Add 'tls_client_tls_server' as tls mixed mode option | Bjørn Christian Seime | 2019-01-15 | 1 | -1/+9 |
| | | | | Also introduce default value for mixed mode. | ||||
* | Store authorization result in TlsCryptoSocket | Bjørn Christian Seime | 2019-01-08 | 1 | -0/+9 |
| | |||||
* | Change LOG_ONLY config value from 'log-only' to 'log_only' | Bjørn Christian Seime | 2018-12-10 | 1 | -1/+1 |
| | |||||
* | Fix spelling error ('suits' -> 'suites') | Bjørn Christian Seime | 2018-12-05 | 1 | -7/+7 |
| | |||||
* | Remove whitelisting of AES-CBC ciphers | Bjørn Christian Seime | 2018-12-05 | 1 | -5/+1 |
| | |||||
* | Use AuthorizationMode to configure behaviour of PeerAuthorizerTrustManager | Bjørn Christian Seime | 2018-12-05 | 5 | -26/+29 |
| | |||||
* | Add AutorizationMode | Bjørn Christian Seime | 2018-12-05 | 1 | -0/+30 |
| | |||||
* | Move MixedMode to separate class | Bjørn Christian Seime | 2018-12-05 | 2 | -23/+29 |
| |