gostls13.git log

commit 2b7a7b710f096b1b7e6f2ab5e9e3ec003ad7cd12 [browse]
Author: Chris Broadfoot
Date: 2017-05-23 10:48:04 -07:00

[release-branch.go1.7] go1.7.6

Change-Id: I6361937bb2684c6b64edafc19d7d175210638063
Reviewed-on: https://go-review.googlesource.com/43992
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

commit 9a9b015a959abc2514378939be54f60369951a24 [browse]
Author: Adam Langley
Date: 2017-04-19 10:00:32 -07:00

[release-branch.go1.7] crypto/elliptic: fix carry bug in x86-64 P-256 implementation.

Patch from Vlad Krasnov and confirmed to be under CLA.

Fixes #20040.

Change-Id: Ieb8436c4dcb6669a1620f1e0d257efd047b1b87c
Reviewed-on: https://go-review.googlesource.com/41070
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
(cherry picked from commit 9294fa2749ffee7edbbb817a0ef9fe633136fa9c)
Reviewed-on: https://go-review.googlesource.com/43773
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Chris Broadfoot <cbro@golang.org>

commit 753452fac6f6963b5a6e38a239b05362385a3842 [browse]
Author: Chris Broadfoot
Date: 2017-01-26 09:32:41 -08:00

[release-branch.go1.7] go1.7.5

Change-Id: I09b5f6f3c79ec691f6d2fd28551dc06d79105c42
Reviewed-on: https://go-review.googlesource.com/35834
Run-TryBot: Chris Broadfoot <cbro@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

commit 6ceba5d5e85bbbbfa2e03c600cc3a74b296095c9 [browse]
Author: Chris Broadfoot
Date: 2017-01-26 09:30:04 -08:00

[release-branch.go1.7] doc: document go1.7.5

Change-Id: Ic8d4e971edebba9412f2e7c3d3c29f296c4977ff
Reviewed-on: https://go-review.googlesource.com/35833
Reviewed-by: Josh Bleecher Snyder <josharian@gmail.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-on: https://go-review.googlesource.com/35835
Reviewed-by: Chris Broadfoot <cbro@golang.org>

commit 5c2b5ee3c8271c3d19d8f0c38804983950c752bf [browse]
Author: Brad Fitzpatrick
Date: 2016-12-15 05:53:01 Z

[release-branch.go1.7] crypto/x509: speed up and deflake non-cgo Darwin root cert discovery

Backporting Go 1.8's fix to #18203
Fixes #18688

---

Piping into security verify-cert only worked on macOS Sierra, and was
flaky for unknown reasons. Users reported that the number of trusted
root certs stopped randomly jumping around once they switched to using
verify-cert against files on disk instead of /dev/stdin.

But even using "security verify-cert" on 150-200 certs took too
long. It took 3.5 seconds on my machine. More than 4 goroutines
hitting verify-cert didn't help much, and soon started to hurt
instead.

New strategy, from comments in the code:

// 1. Run "security trust-settings-export" and "security
//    trust-settings-export -d" to discover the set of certs with some
//    user-tweaked trusy policy. We're too lazy to parse the XML (at
//    least at this stage of Go 1.8) to understand what the trust
//    policy actually is. We just learn that there is _some_ policy.
//
// 2. Run "security find-certificate" to dump the list of system root
//    CAs in PEM format.
//
// 3. For each dumped cert, conditionally verify it with "security
//    verify-cert" if that cert was in the set discovered in Step 1.
//    Without the Step 1 optimization, running "security verify-cert"
//    150-200 times takes 3.5 seconds. With the optimization, the
//    whole process takes about 180 milliseconds with 1 untrusted root
//    CA. (Compared to 110ms in the cgo path)

Change-Id: I79737d9f2cb9b020ba297a326d4d31d68c7e9fee
Reviewed-on: https://go-review.googlesource.com/35634
Reviewed-by: Joe Tsai <thebrokentoaster@gmail.com>

clone the repository to get more history