Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Comments explaining how EC keys were obtained | Jon Marius Venstad | 2019-04-30 | 1 | -0/+2 |
| | |||||
* | BCP for Signature, to handle ECDSA keys | Jon Marius Venstad | 2019-04-30 | 2 | -3/+38 |
| | |||||
* | Add support for parsing public keys to KeyUtils | Jon Marius Venstad | 2019-04-30 | 2 | -1/+65 |
| | |||||
* | Remove TlsAwareHttpClientBuilder | Bjørn Christian Seime | 2019-04-08 | 4 | -310/+0 |
| | |||||
* | Remove VespaHttpClientBuilder from security-utils | Bjørn Christian Seime | 2019-04-08 | 3 | -158/+0 |
| | |||||
* | Revert "Bjorncs/http utils" | Håkon Hallingstad | 2019-04-08 | 3 | -0/+158 |
| | |||||
* | Remove VespaHttpClientBuilder from security-utils | Bjørn Christian Seime | 2019-04-05 | 3 | -158/+0 |
| | |||||
* | Revert "Remove TlsAwareHttpClientBuilder" | Bjørn Christian Seime | 2019-04-05 | 4 | -0/+310 |
| | | | | This reverts commit e962344ba28b9f84028a129a24c92b40fdc076b8. | ||||
* | Apache httpclient must be included in compile scope | Bjørn Christian Seime | 2019-04-04 | 1 | -6/+10 |
| | | | | | | The apache http libraries are not osgi bundles. Including them as provided scope does not work as the required import-package statements are not added to the jar manifest. | ||||
* | Export package 'com.yahoo.security.tls.https' | Bjørn Christian Seime | 2019-04-04 | 1 | -0/+8 |
| | |||||
* | Use URIBuilder | Bjørn Christian Seime | 2019-04-03 | 1 | -1/+2 |
| | |||||
* | Remove TlsAwareHttpClientBuilder | Bjørn Christian Seime | 2019-04-03 | 5 | -318/+0 |
| | |||||
* | Add VespaHttpClientBuilder based on apache httpclient | Bjørn Christian Seime | 2019-04-03 | 3 | -0/+153 |
| | |||||
* | Stop reload task when there are no external references to the managers | Bjørn Christian Seime | 2019-03-01 | 2 | -18/+126 |
| | | | | | The reload task will shut down the executor service when the GC has determined that there are no other references to the key/trust manager. | ||||
* | Add utility method to construct http client | Bjørn Christian Seime | 2019-02-25 | 1 | -0/+9 |
| | |||||
* | Add withCertificateEntries() to KeyStoreBuilder | Bjørn Christian Seime | 2019-02-25 | 4 | -19/+17 |
| | |||||
* | Add utility method to construct tls context | Bjørn Christian Seime | 2019-02-25 | 1 | -0/+5 |
| | |||||
* | Add constructor without tls context parameter | Bjørn Christian Seime | 2019-02-25 | 1 | -3/+7 |
| | |||||
* | User agent must be specified | Bjørn Christian Seime | 2019-02-25 | 1 | -4/+0 |
| | |||||
* | Merge pull request #8572 from vespa-engine/bjorncs/jdisc-mixed-mode | Bjørn Christian Seime | 2019-02-25 | 4 | -29/+42 |
|\ | | | | | Bjorncs/jdisc mixed mode | ||||
| * | Override default hostname verification in PeerAuthorizerTrustManager | Bjørn Christian Seime | 2019-02-22 | 4 | -29/+42 |
| | | | | | | | | | | Ensure that the default hostname verification is not applied for the Vespa TLS certificates. Use the custom trust manager even when no authorized peers rules are present. | ||||
* | | Introduce http client that follows Vespa TLS config | Bjørn Christian Seime | 2019-02-21 | 4 | -0/+309 |
|/ | |||||
* | Stop using Bouncycastle for PKCS12 keystore | Bjørn Christian Seime | 2019-02-20 | 1 | -1/+1 |
| | |||||
* | Fix spelling errors | Bjørn Christian Seime | 2019-02-19 | 2 | -2/+2 |
| | |||||
* | Misc changes to TlsContext and its implementations | Bjørn Christian Seime | 2019-02-19 | 3 | -49/+147 |
| | | | | | | | | - Add methods to retrieve underlying SSLContext and SSLParameters - Add createSslEngine() overload with peer host and port - Remove constructor DefaultTlsContext constructor taking path to config file. - Resolve valid ciphers and protcols in constructor. - Use mutual x509 key/trust manager in ReloadingTlsContext | ||||
* | Add withKeyManagerFactory() to specify custom key manager | Bjørn Christian Seime | 2019-02-19 | 3 | -59/+37 |
| | | | | | | | - Introduce an interface for key manager factory. - Change SslContextBuilder to call trust/key manager factory even when no truststore/keystore has been specified. - Change trust manager factory to be specific for x509. - Use TrustManagerUtils/KeyManagerUtil to construct default managers. | ||||
* | Require client auth for ssl engines constructed by DefaultTlsContext | Bjørn Christian Seime | 2019-02-19 | 1 | -0/+1 |
| | |||||
* | Add mutable x509 trust manager | Bjørn Christian Seime | 2019-02-19 | 2 | -0/+129 |
| | | | | Add a x509 trust manager where certificates can be updated while the manager is in use. | ||||
* | Add x509 key manager that regularly updates cert chain from PEM files | Bjørn Christian Seime | 2019-02-19 | 3 | -0/+239 |
| | |||||
* | Add mutable x509 key manager | Bjørn Christian Seime | 2019-02-19 | 2 | -0/+171 |
| | | | | | Add a x509 key manager where certificates can be updated while the manager is in use. | ||||
* | Add utility classes for constructing default x509 trust/key manager | Bjørn Christian Seime | 2019-02-19 | 2 | -0/+99 |
| | |||||
* | Revert "Bjorncs/jdisc mixed mode preparations" | Arnstein Ressem | 2019-02-18 | 15 | -822/+107 |
| | |||||
* | Fix spelling errors | Bjørn Christian Seime | 2019-02-18 | 2 | -2/+2 |
| | |||||
* | Misc changes to TlsContext and its implementations | Bjørn Christian Seime | 2019-02-14 | 3 | -49/+147 |
| | | | | | | | | - Add methods to retrieve underlying SSLContext and SSLParameters - Add createSslEngine() overload with peer host and port - Remove constructor DefaultTlsContext constructor taking path to config file. - Resolve valid ciphers and protcols in constructor. - Use mutual x509 key/trust manager in ReloadingTlsContext | ||||
* | Add withKeyManagerFactory() to specify custom key manager | Bjørn Christian Seime | 2019-02-14 | 3 | -59/+37 |
| | | | | | | | - Introduce an interface for key manager factory. - Change SslContextBuilder to call trust/key manager factory even when no truststore/keystore has been specified. - Change trust manager factory to be specific for x509. - Use TrustManagerUtils/KeyManagerUtil to construct default managers. | ||||
* | Require client auth for ssl engines constructed by DefaultTlsContext | Bjørn Christian Seime | 2019-02-14 | 1 | -0/+1 |
| | |||||
* | Add mutable x509 trust manager | Bjørn Christian Seime | 2019-02-14 | 2 | -0/+129 |
| | | | | Add a x509 trust manager where certificates can be updated while the manager is in use. | ||||
* | Add x509 key manager that regularly updates cert chain from PEM files | Bjørn Christian Seime | 2019-02-14 | 3 | -0/+239 |
| | |||||
* | Add mutable x509 key manager | Bjørn Christian Seime | 2019-02-14 | 2 | -0/+171 |
| | | | | | Add a x509 key manager where certificates can be updated while the manager is in use. | ||||
* | Add utility classes for constructing default x509 trust/key manager | Bjørn Christian Seime | 2019-02-14 | 2 | -0/+99 |
| | |||||
* | Fix typo | Bjørn Christian Seime | 2019-02-01 | 1 | -1/+1 |
| | |||||
* | Remove throw declaration of unused exception | Bjørn Christian Seime | 2019-02-01 | 1 | -2/+1 |
| | |||||
* | Restrict enabled protocols | Bjørn Christian Seime | 2019-02-01 | 2 | -1/+21 |
| | |||||
* | Nonfunctional changes only | Jon Bratseth | 2019-01-31 | 2 | -0/+2 |
| | |||||
* | Use 'prime256v1' curve for EC keys | Bjørn Christian Seime | 2019-01-23 | 3 | -7/+18 |
| | | | | | This allows the TLS test in jrt to use elliptic curves crypto in unit tests (fixes issue where JSSE cannot find matching cipher). | ||||
* | Allow configuration of accepted ciphers | Bjørn Christian Seime | 2019-01-23 | 8 | -12/+49 |
| | |||||
* | Add TLSv1.3 cipher suites to whitelist | Bjørn Christian Seime | 2019-01-23 | 1 | -1/+4 |
| | |||||
* | Fix accidental import of java.sql.Date | Bjørn Christian Seime | 2019-01-21 | 1 | -1/+1 |
| | |||||
* | 6-SNAPSHOT -> 7-SNAPSHOT. | Arnstein Ressem | 2019-01-21 | 1 | -2/+2 |
| | |||||
* | Revert "Bratseth/disallow dash " | Jon Bratseth | 2019-01-16 | 2 | -2/+0 |
| |