Age | Commit message (Collapse) | Author |
|
Change-Id: I51ef6060b607e7f36cda817250abd3ef3624b71f
|
|
am: 7b2984872c
Change-Id: I22b9309820d6c58afedd563332bb705812bbd63e
|
|
am: cf68884f8d
Change-Id: Ife2724dc966ce135f312150bde44970a01f29cf6
|
|
am: 9d428efdba
Change-Id: I0e02b1bb97277c6970cc19694f6610f7fdf421f3
|
|
An earlier CL added IPPS support via BoringSSL, but the change had many
issues. This fixes the following:
- random() with srandom(time(NULL)) is not an acceptable source of
entropy for a cryptographic library. Fortunately, BoringSSL ignores
calls to RAND_seed anyway, so delete it all.
- ERR_error_string(NULL) is not thread-safe. (We've really got to get
rid of that function, but there are a lot of callers to clear
through.) Use ERR_error_string_n with a local buffer.
- Using the version-specific APIs disables TLS 1.2. Instead, use
TLS_method (client and server distinctions on methods are ignored in
BoringSSL), and configure the minimum protocol version accordingly.
- SSL 3.0 is gone. Ignore _HTTP_TLS_ALLOW_SSL3 altogether. The old code
called SSLv3_*_method() which always fail in BoringSSL and, were they
not to fail, would have disabled all secure versions of TLS!
- The SSL_set_tlsext_host_name call was guarded by a
HAVE_SSL_SET_TLSEXT_HOST_NAME, but config.h was not updated. Remove
the guard.
- Server support was not added, so make the operation actually fail.
Remove the commented out code (which wouldn't work as calling
SSL_CTX_* functions after SSL_new doesn't do anything).
- The code to call SSL_connect vs SSL_accept had a typo and only called
SSL_accept. In case someone wants server support in the future, use
the generic SSL_do_handshake which is equivalent, provided the caller
uses SSL_set_{connect,accept}_state.
This also cleans a couple things up:
- SSL_load_error_strings is a no-op in BoringSSL. SSL_library_init is
also a no-op on Android, but there do exist configuations where it is
not, so I've left it in.
- SSL_write returns int, not ssize_t. The casts are unnecessary.
- Extracting the SSL_CTX from the SSL to free it is weird. One can just
free it earlier. The SSL owns a reference to the SSL_CTX and will
do the rest for you.
- Delete some unused functions whose comments even still say "gnutls" on
them.
IMPORTANT: This does NOT fix the following:
- This file does not verify peer certificates at all. This means any
network attacker could use a different certificate and break the
connection anyway. I do not know how printer certificates are
typically checked or how Android's trust store is set up, so someone
with more domain knowledge may need to help out here. (Are printer
certs typically checked at all? [0] suggests yes, amazingly.)
[0] https://support.microsoft.com/en-us/help/2021626/when-attempting-to-add-an-ipp-printer-over-https--you-receive-an-error
Test: mma. Additionally tested by Mopria folks. See review comments.
Change-Id: Ife007038290ff79f3413179a26c0d40c1bb2c85b
|
|
Change-Id: I6e9b8211b8164ced85221384b049d3ecd2337817
|
|
a6d0e472a6
am: 6ac867026a
Change-Id: I5bf84c83c94f14029c5ef6698fb4549f62d0c247
|
|
am: a6d0e472a6
Change-Id: Idd89de3c241fbbc72657d81fedceb9ac80677069
|
|
am: 1d9caee49b
Change-Id: I41022950fa848497bcbcf7b4af96996dd3660dc0
|
|
am: 4518e60237
Change-Id: I6fce3063d5cf508081408f66fb3d74d332cda43f
|
|
Test: Compiled
Change-Id: Icb458772079b0a6743d833a7b6fd8ec3ff5e2ccd
|
|
am: 66793744a8
Change-Id: I8322b341e2237d87a6c7b04a781fa8925cd85064
|
|
am: 03df29ccee
Change-Id: I8a86e641444797be4868e56ea48d68fcbb638447
|
|
am: 2b3d0e2ea5
Change-Id: I52714a4883ca8106289d79322efa3ef5ea01eb9d
|
|
am: 1fa15a0053
Change-Id: I1411e9d2b984e6c6b2370acaf8c6548fccdcedd1
|
|
* Do not use -Wno-error.
Bug: 66996870
Test: build with WITH_TIDY=1
Change-Id: Idf13d21003934b5c7e5ff28a1ec0e5e8e55451b3
|
|
Change-Id: Idb4bb8d48794d7c258e2fb10e7c5a934ae9c3246
|
|
am: f0373b344e
Change-Id: I5e582ed7e4ed4e71260846290be270116fd881cf
|
|
am: 9eafdc6d27
Change-Id: I1f8d56df1e38212e523bc4f231f822d960bb76a4
|
|
Fixes: 67460226
Test: Use Default Print Service with an IPPS-only printer
Change-Id: I5794906ddf176d62c9727c98417efa2c1ceba7ff
Signed-off-by: Glade Diviney <mopriadevteam@gmail.com>
|
|
am: 011527a13a
Change-Id: I35e82470cc2c5119d83baabedc34231870d555fd
|
|
am: 15d6e41cf2
Change-Id: I44b8767a96b8b3550ff657cfe79dc59768cb3307
|
|
am: 168da1cd37
Change-Id: Ice4e69087782aa515e974411677a7fecdd9d351c
|
|
am: 65a175f66f
Change-Id: I1f88c174a4c8255e2a86f525738b442afd0975ff
|
|
Test: Use Default Print Service with an IPPS-only printer
Change-Id: I5794906ddf176d62c9727c98417efa2c1ceba7ff
Signed-off-by: Glade Diviney <mopriadevteam@gmail.com>
|
|
am: 8eacdf6145
Change-Id: I81fc4b74f8337761bcb5ceaa9831b778ba59dd3a
|
|
am: cae10aa570
Change-Id: I73ccefe659bccdbcc05acf11049c2b409dada182
|
|
am: 757e3477ff
Change-Id: I85410e76327f0ee886a756a968ad29d5fc613311
|
|
4faf284244
am: 713d904c3b
Change-Id: Ifed6dcfab397fbdaff6f91ac80272882adccd683
|
|
am: 1fa6c24757 -s ours
Change-Id: I859d34fe034cb4b34d34bbd32c456a5ba639fd85
|
|
am: f03fe600ea -s ours
Change-Id: I8758e8bb95f1f3e2586de70433fccacd4b8d37b0
|
|
am: 1f409d5f8e
Change-Id: Ibaa7713759ad20abde7bb44e162bf46025d07e15
|
|
am: 4faf284244
Change-Id: I59604abf990739b648d2aca4ca1f33db22412302
|
|
am: 8c6e1893e8
Change-Id: I50decb70398b6b843df475212a3c741fa8452e53
|
|
am: 0c904dcfc0
Change-Id: I8fe0c79267a9a4cf430f461d2e929b46e969084d
|
|
am: 2447373f18
Change-Id: I67e0d69ea4524f7a172bcbfc8e6f97a50c407211
|
|
am: e78fa6dfe2
Change-Id: If3556ce2e553bbdcb12a354e11b4195251dd071a
|
|
Bug: 38203442
Test: built
Change-Id: I8f363c71c291363514100690ca7f8c463d98eb78
Merged-In: I8f363c71c291363514100690ca7f8c463d98eb78
|
|
Bug: 38203442
Test: update_libcups
Change-Id: I4432c0e42db5c6e243ff40cc5ab7502c5e5e7f88
Merged-In: I4432c0e42db5c6e243ff40cc5ab7502c5e5e7f88
|
|
Bug: 38203442
Test: built
Change-Id: I8f363c71c291363514100690ca7f8c463d98eb78
|
|
Bug: 38203442
Test: update_libcups
Change-Id: I4432c0e42db5c6e243ff40cc5ab7502c5e5e7f88
|
|
am: 7a07142552
Change-Id: I4c89fdcea0c63fb0830592478e518cbba95ff6d0
|
|
am: 9979077883
Change-Id: I3e61fc6d3894bcbf7e6d071924a2cff4ec387b52
|
|
am: bbf4f35ea3
Change-Id: Ic0713c2e60e2dc1e10b12f7349633a484c07f380
|
|
am: 475aad7be8
Change-Id: I32a2c8702438554c516c8c42c8d898f70f04789e
|
|
Test: mm -j64
Change-Id: I1a6c5f04aa39754ddcac558dfe185f37d1ae0efc
|
|
am: 94455991af
Change-Id: I61275dc63ec4080ef76e7a58989483afaa05994e
|
|
am: 85d2583616
Change-Id: I6b597e236062cd7ca1b1ace2a152804aec686b5e
|
|
am: a7a53b313f
Change-Id: I10f4c91fe8cec4690dc51cbbfb198b288be96ddb
|
|
am: 1e26deb80f
Change-Id: I43d413388b466a9cfd1a25a77cca5829b2e9fb4a
|