Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Revert "Revert "Expose underlying certificate and private key from ↵ | Bjørn Christian Seime | 2020-06-02 | 2 | -1/+42 |
| | | | | SiaIdentityProvider "" | ||||
* | Revert "Expose underlying certificate and private key from SiaIdentityProvider " | Harald Musum | 2020-05-28 | 2 | -42/+1 |
| | |||||
* | Merge pull request #13257 from ↵ | Bjørn Christian Seime | 2020-05-28 | 2 | -1/+42 |
|\ | | | | | | | | | vespa-engine/bjorncs/service-identity-provider-improvements Expose underlying certificate and private key from SiaIdentityProvider | ||||
| * | Expose underlying certificate and private key from SiaIdentityProvider | Bjørn Christian Seime | 2020-05-18 | 2 | -1/+42 |
| | | | | | | | | | | | | Extend ServiceIdentityProvider interface with new methods. Add class that bundles certificate with private key. Use Path instead of File for better compatibility with mocked file system in unit tests. | ||||
* | | Ignore unknown fields in subclasses as well | Bjørn Christian Seime | 2020-05-18 | 1 | -0/+3 |
|/ | |||||
* | Support construction of PeerPolicy with description | Bjørn Christian Seime | 2020-05-13 | 4 | -3/+17 |
| | |||||
* | Use reference counting to avoid relying on GC to drop threads. | Henning Baldersheim | 2020-04-23 | 2 | -8/+36 |
| | |||||
* | Use a single reloader per tls config file, and not one per instance. | Henning Baldersheim | 2020-04-23 | 2 | -135/+162 |
| | |||||
* | Override hostname verification in PeerAuthorizerTrustManager | Bjørn Christian Seime | 2020-02-17 | 5 | -29/+59 |
| | | | | | Override hostname verification on client-side. Remove overriding of hostname verification for server-side. | ||||
* | Use 'withTrustManager' in ConfigFileBasedTlsContext | Bjørn Christian Seime | 2020-02-17 | 1 | -5/+5 |
| | |||||
* | Allow specifying custom trust manager instance to SslContextBuilder | Bjørn Christian Seime | 2020-02-17 | 1 | -3/+14 |
| | |||||
* | Introduce 'disable-hostname-validation' to TLS json format | Bjørn Christian Seime | 2020-02-13 | 7 | -5/+53 |
| | |||||
* | Allow SSLContext implementation that supports TLSv1.3+ | Bjørn Christian Seime | 2020-01-31 | 1 | -1/+1 |
| | |||||
* | Revert "Revert "accept and store json endpoint cert metadata on deploy"" | Andreas Eriksen | 2020-01-21 | 2 | -0/+37 |
| | |||||
* | Revert "accept and store json endpoint cert metadata on deploy" | Jon Marius Venstad | 2020-01-20 | 2 | -37/+0 |
| | |||||
* | verify public key matches private key | andreer | 2020-01-20 | 2 | -0/+37 |
| | |||||
* | Non-functional changes | Jon Bratseth | 2020-01-06 | 2 | -0/+7 |
| | |||||
* | Add/corect copyright headers | Jon Bratseth | 2020-01-03 | 1 | -1/+2 |
| | |||||
* | Revert "Allow SSLContext implementation that supports TLSv1.3+" | Valerij Fredriksen | 2019-12-09 | 1 | -1/+1 |
| | |||||
* | Merge branch 'master' into bjorncs/sslcontext-version | Bjørn Christian Seime | 2019-12-03 | 18 | -28/+140 |
|\ | |||||
| * | Use JDK8 as build target for security-utils | Bjørn Christian Seime | 2019-12-02 | 18 | -28/+140 |
| | | |||||
* | | Allow SSLContext implementation that supports TLSv1.3+ | Bjørn Christian Seime | 2019-12-03 | 1 | -1/+1 |
|/ | |||||
* | Add constant for SSLContext version | Bjørn Christian Seime | 2019-11-25 | 2 | -1/+3 |
| | |||||
* | Add helper methods in TlsContext to determine allowed ciphers/protocols | Bjørn Christian Seime | 2019-11-25 | 2 | -26/+49 |
| | |||||
* | Remove more cipher suites not supported by Java 11 from set configured for ↵ | Harald Musum | 2019-11-21 | 1 | -1/+10 |
| | | | | use by ZooKeeper | ||||
* | Remove cipher suite not supported by Java | Harald Musum | 2019-11-20 | 1 | -0/+1 |
| | |||||
* | Remove unneeded install of java artifact dependencies. | Tor Egge | 2019-11-18 | 1 | -1/+0 |
| | |||||
* | Use mockito-core 3.1.0 | Håkon Hallingstad | 2019-10-18 | 1 | -2/+2 |
| | |||||
* | Merge pull request #10905 from ↵ | Bjørn Christian Seime | 2019-10-07 | 1 | -19/+23 |
|\ | | | | | | | | | vespa-engine/hakonhall/order-authorized-peers-in-json-to-stabilize-tests Order authorized peers in JSON to stabilize tests | ||||
| * | Order authorized peers in JSON to stabilize tests | Håkon Hallingstad | 2019-10-07 | 1 | -19/+23 |
| | | |||||
* | | Decode SAN IP address field from CSR | Martin Polden | 2019-10-07 | 1 | -0/+15 |
|/ | |||||
* | Revert "Bjorncs/jdisc tls13" | Bjørn Christian Seime | 2019-10-04 | 4 | -4/+4 |
| | |||||
* | Enable TLSv1.3 for servers/clients based on TlsContext | Bjørn Christian Seime | 2019-10-03 | 3 | -3/+3 |
| | |||||
* | Create SSLContext that supports all TLS versions | Bjørn Christian Seime | 2019-10-03 | 1 | -1/+1 |
| | | | | | | - Previous value "TLSv1.2" also enabled older SSL/TLS versions - The actual versions enabled must be restricted on the SSLSocket/SSLEngine instance (using a SSLParameters object). | ||||
* | Read signature algorithm from key | Morten Tokle | 2019-10-03 | 1 | -0/+23 |
| | |||||
* | Implement equals in Pkcs10Csr | Martin Polden | 2019-09-20 | 1 | -0/+14 |
| | |||||
* | Add additional constructor for custom peer authentication mode | Bjørn Christian Seime | 2019-09-13 | 1 | -3/+12 |
| | |||||
* | Refactor private key serialization tests | Bjørn Christian Seime | 2019-08-23 | 1 | -28/+14 |
| | |||||
* | Allow output of PEM private keys using PKCS#8 | Bjørn Christian Seime | 2019-08-23 | 3 | -7/+66 |
| | |||||
* | Use correct key factory for key type | Bjørn Christian Seime | 2019-08-23 | 1 | -1/+2 |
| | |||||
* | Use current certificate manager to find certificate expiry | Bjørn Christian Seime | 2019-07-04 | 1 | -1/+6 |
| | |||||
* | Merge pull request #9951 from vespa-engine/bjorncs/fix-for-race-condition | Andreas Eriksen | 2019-07-04 | 1 | -13/+26 |
|\ | | | | | Make access to hashmap and current manager synchronized | ||||
| * | Make access to hashmap and current manager synchronized | Bjørn Christian Seime | 2019-07-03 | 1 | -13/+26 |
| | | |||||
* | | Fix typo in class name | Bjørn Christian Seime | 2019-07-04 | 3 | -6/+6 |
| | | |||||
* | | Make alias a constant | Bjørn Christian Seime | 2019-07-03 | 1 | -1/+3 |
| | | |||||
* | | Use withKeyManager instead of withKeyManagerFactory | Bjørn Christian Seime | 2019-07-03 | 1 | -1/+1 |
| | | |||||
* | | Allow configuration of x509 key manager instance to SslContextBuilder | Bjørn Christian Seime | 2019-07-03 | 1 | -1/+14 |
| | | |||||
* | | Make peer authentication in TlsContext configurable | Bjørn Christian Seime | 2019-07-03 | 4 | -8/+34 |
| | | |||||
* | | Rename 'ReloadingTlsContext' -> 'ConfigFiledBasedTlsContext' | Bjørn Christian Seime | 2019-07-03 | 3 | -7/+8 |
| | | |||||
* | | Remove ciphers from DefaultTlsContext public constructors | Bjørn Christian Seime | 2019-07-03 | 3 | -9/+12 |
| | |