Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Revert "Revert mortent/cfg operator cert" | Morten Tokle | 2021-05-28 | 1 | -0/+17 |
| | |||||
* | Revert "Add top-level object, simplify tests" | Morten Tokle | 2021-05-25 | 1 | -17/+0 |
| | | | | This reverts commit d97430f1bb633fc9eb541f2fb057a41a012d088f. | ||||
* | Add top-level object, simplify tests | Morten Tokle | 2021-05-25 | 1 | -0/+17 |
| | |||||
* | Remove com.yahoo.vespa.jdk8compat | Bjørn Christian Seime | 2021-03-10 | 15 | -104/+31 |
| | | | | These types are often accidentally imported, and the JDK8 replacement is typically a one-liner. | ||||
* | Make TLS protocol version configurable in TLS config file | Bjørn Christian Seime | 2021-02-24 | 8 | -11/+49 |
| | | | | | Only protocols listed in allowlist can be configured. TLSv1.2 is the only supported version at the moment, but TLSv1.3 will most likely be included in the future. | ||||
* | Disable TLSV1.3 | Bjørn Christian Seime | 2021-02-24 | 1 | -1/+2 |
| | |||||
* | Allow TLSv1.3 | Bjørn Christian Seime | 2021-02-18 | 1 | -1/+1 |
| | |||||
* | Use singleton already present. | Henning Baldersheim | 2021-01-28 | 1 | -4/+0 |
| | |||||
* | Use a single, shared TlsContext instance | Bjørn Christian Seime | 2021-01-14 | 2 | -18/+31 |
| | | | | | The configuration is based on environment variables, which are effectively fixed through the life of the JVM instance. This simplifaction removes the need for complex cleanup logic based on manual reference counting and weak references. | ||||
* | Revert "Use a single reloader per tls config file, and not one per instance." | Bjørn Christian Seime | 2021-01-14 | 2 | -162/+135 |
| | | | | This reverts commit c58415566e23dcac5f0daa352f39f567a4d7b44f. | ||||
* | Revert "Use reference counting to avoid relying on GC to drop threads." | Bjørn Christian Seime | 2021-01-14 | 2 | -36/+8 |
| | | | | This reverts commit 1c6c89eb52ac80c583c0cd90efdd0784344af434. | ||||
* | Test that certificate with non-matching SAN URI is rejected | Bjørn Christian Seime | 2020-11-26 | 1 | -0/+2 |
| | |||||
* | Support SAN URI based rules in authorization policies | Bjørn Christian Seime | 2020-11-26 | 8 | -19/+121 |
| | |||||
* | Add convenience method for adding SAN | Bjørn Christian Seime | 2020-11-25 | 1 | -0/+5 |
| | |||||
* | Encapsulate pattern implementation in RequiredPeerCredential | Bjørn Christian Seime | 2020-11-25 | 7 | -16/+33 |
| | |||||
* | Revert "Revert "Bjorncs/health check proxy https"" | Bjørn Christian Seime | 2020-10-15 | 1 | -0/+27 |
| | |||||
* | Revert "Bjorncs/health check proxy https" | Arnstein Ressem | 2020-10-15 | 1 | -27/+0 |
| | |||||
* | Add trust manager that accepts any server certificate | Bjørn Christian Seime | 2020-10-14 | 1 | -0/+27 |
| | |||||
* | Revert "Revert "Expose underlying certificate and private key from ↵ | Bjørn Christian Seime | 2020-06-02 | 2 | -1/+42 |
| | | | | SiaIdentityProvider "" | ||||
* | Revert "Expose underlying certificate and private key from SiaIdentityProvider " | Harald Musum | 2020-05-28 | 2 | -42/+1 |
| | |||||
* | Merge pull request #13257 from ↵ | Bjørn Christian Seime | 2020-05-28 | 2 | -1/+42 |
|\ | | | | | | | | | vespa-engine/bjorncs/service-identity-provider-improvements Expose underlying certificate and private key from SiaIdentityProvider | ||||
| * | Expose underlying certificate and private key from SiaIdentityProvider | Bjørn Christian Seime | 2020-05-18 | 2 | -1/+42 |
| | | | | | | | | | | | | Extend ServiceIdentityProvider interface with new methods. Add class that bundles certificate with private key. Use Path instead of File for better compatibility with mocked file system in unit tests. | ||||
* | | Ignore unknown fields in subclasses as well | Bjørn Christian Seime | 2020-05-18 | 1 | -0/+3 |
|/ | |||||
* | Support construction of PeerPolicy with description | Bjørn Christian Seime | 2020-05-13 | 4 | -3/+17 |
| | |||||
* | Use reference counting to avoid relying on GC to drop threads. | Henning Baldersheim | 2020-04-23 | 2 | -8/+36 |
| | |||||
* | Use a single reloader per tls config file, and not one per instance. | Henning Baldersheim | 2020-04-23 | 2 | -135/+162 |
| | |||||
* | Override hostname verification in PeerAuthorizerTrustManager | Bjørn Christian Seime | 2020-02-17 | 5 | -29/+59 |
| | | | | | Override hostname verification on client-side. Remove overriding of hostname verification for server-side. | ||||
* | Use 'withTrustManager' in ConfigFileBasedTlsContext | Bjørn Christian Seime | 2020-02-17 | 1 | -5/+5 |
| | |||||
* | Allow specifying custom trust manager instance to SslContextBuilder | Bjørn Christian Seime | 2020-02-17 | 1 | -3/+14 |
| | |||||
* | Introduce 'disable-hostname-validation' to TLS json format | Bjørn Christian Seime | 2020-02-13 | 7 | -5/+53 |
| | |||||
* | Allow SSLContext implementation that supports TLSv1.3+ | Bjørn Christian Seime | 2020-01-31 | 1 | -1/+1 |
| | |||||
* | Revert "Revert "accept and store json endpoint cert metadata on deploy"" | Andreas Eriksen | 2020-01-21 | 2 | -0/+37 |
| | |||||
* | Revert "accept and store json endpoint cert metadata on deploy" | Jon Marius Venstad | 2020-01-20 | 2 | -37/+0 |
| | |||||
* | verify public key matches private key | andreer | 2020-01-20 | 2 | -0/+37 |
| | |||||
* | Non-functional changes | Jon Bratseth | 2020-01-06 | 2 | -0/+7 |
| | |||||
* | Add/corect copyright headers | Jon Bratseth | 2020-01-03 | 1 | -1/+2 |
| | |||||
* | Revert "Allow SSLContext implementation that supports TLSv1.3+" | Valerij Fredriksen | 2019-12-09 | 1 | -1/+1 |
| | |||||
* | Merge branch 'master' into bjorncs/sslcontext-version | Bjørn Christian Seime | 2019-12-03 | 18 | -28/+140 |
|\ | |||||
| * | Use JDK8 as build target for security-utils | Bjørn Christian Seime | 2019-12-02 | 18 | -28/+140 |
| | | |||||
* | | Allow SSLContext implementation that supports TLSv1.3+ | Bjørn Christian Seime | 2019-12-03 | 1 | -1/+1 |
|/ | |||||
* | Add constant for SSLContext version | Bjørn Christian Seime | 2019-11-25 | 2 | -1/+3 |
| | |||||
* | Add helper methods in TlsContext to determine allowed ciphers/protocols | Bjørn Christian Seime | 2019-11-25 | 2 | -26/+49 |
| | |||||
* | Remove more cipher suites not supported by Java 11 from set configured for ↵ | Harald Musum | 2019-11-21 | 1 | -1/+10 |
| | | | | use by ZooKeeper | ||||
* | Remove cipher suite not supported by Java | Harald Musum | 2019-11-20 | 1 | -0/+1 |
| | |||||
* | Remove unneeded install of java artifact dependencies. | Tor Egge | 2019-11-18 | 1 | -1/+0 |
| | |||||
* | Use mockito-core 3.1.0 | Håkon Hallingstad | 2019-10-18 | 1 | -2/+2 |
| | |||||
* | Merge pull request #10905 from ↵ | Bjørn Christian Seime | 2019-10-07 | 1 | -19/+23 |
|\ | | | | | | | | | vespa-engine/hakonhall/order-authorized-peers-in-json-to-stabilize-tests Order authorized peers in JSON to stabilize tests | ||||
| * | Order authorized peers in JSON to stabilize tests | Håkon Hallingstad | 2019-10-07 | 1 | -19/+23 |
| | | |||||
* | | Decode SAN IP address field from CSR | Martin Polden | 2019-10-07 | 1 | -0/+15 |
|/ | |||||
* | Revert "Bjorncs/jdisc tls13" | Bjørn Christian Seime | 2019-10-04 | 4 | -4/+4 |
| |