commit | 951f67c62df9e855eb5ac3a92820b1313e37fd1f | [log] [tgz] |
---|---|---|
author | Pete Bentley <44170157+prbprbprb@users.noreply.github.com> | Wed Sep 11 15:51:17 2024 +0100 |
committer | GitHub <noreply@github.com> | Wed Sep 11 15:51:17 2024 +0100 |
tree | f2d1c46a0f7475a2f4eda17050c339846a773c7e | |
parent | 3c32ef73b4ddcc08ece53e83e5f339ded2eec5d3 [diff] |
Upstream multiple AOSP changes. (#1226) With working tests this time. Passing on OpenJDK with both isTlsV1Enabled() returning true and file (We should make that configurable from Conscrypt.Builder). Contains the following AOSP changes + test fixes: e6827ba2b Validate LogStore against the Policy 3fe1ea3e9 Filter out SCTs emitted after a log expired e841e6c0d Use enum as outcome of doesResultConformToPolicy dbdd64cfd Add PolicyImplTest for Certificate Transparency 97918a0cd Implement Android CT Policy for embedded SCTs c9f38dbdb Remove logStore attribute from Policy 9d5f0c3aa Fix hashcode for LogInfo a59840d01 Keep LogInfo in VerifiedSCT 2eb5e7506 Add operator name to LogInfo d8519cf7e Remove PolicyImpl minimumLogCount argument 92961a569 Remove "CT" prefix from org.conscrypt.ct classes 81d0929eb Use Flags.certificateTransparencyPlatform() 30b81399 Use ByteArray consistently 98f0f2b1 Support parsing CT v3 JSON log list bb60a900 TrustedCertificateStore: Mitigate NPE when checking updateable certs directory feacee50 Add State to CTLogInfo 633a2475 Remove ct SystemLogDir dab378e0 Remove InternalUtil 4c224130 Remove ct fallback logs 9b48e0e5 Add a java_library target for conscrypt-tests e33c851e Gate tls removal by api level 65e6c8ef Bring back sslv3 c90bd39b Add caching for cert blocklist 5de91066 Read default SHA256 pubkey blocklist 8e656b13 Add support for SHA256 blocklist entries 12c479ac Deprecate the serial-based blocklist 396823df Rename SSL_CONTEXT_ALL b0825731 Filter protocols when creating SSLParameterImpl
Conscrypt is a Java Security Provider (JSP) that implements parts of the Java Cryptography Extension (JCE) and Java Secure Socket Extension (JSSE). It uses BoringSSL to provide cryptographic primitives and Transport Layer Security (TLS) for Java applications on Android and OpenJDK. See the capabilities documentation for detailed information on what is provided.
The core SSL engine has borrowed liberally from the Netty project and their work on netty-tcnative, giving Conscrypt
similar performance.
Conscrypt supports Java 7 or later on OpenJDK and Gingerbread (API Level 9) or later on Android. The build artifacts are available on Maven Central.
You can download the JARs directly from the Maven repositories.
The OpenJDK artifacts are platform-dependent since each embeds a native library for a particular platform. We publish artifacts to Maven Central for the following platforms:
Classifier | OS | Architecture |
---|---|---|
linux-x86_64 | Linux | x86_64 (64-bit) |
osx-x86_64 | Mac | x86_64 (64-bit) |
windows-x86 | Windows | x86 (32-bit) |
windows-x86_64 | Windows | x86_64 (64-bit) |
Use the os-maven-plugin to add the dependency:
<build> <extensions> <extension> <groupId>kr.motd.maven</groupId> <artifactId>os-maven-plugin</artifactId> <version>1.4.1.Final</version> </extension> </extensions> </build> <dependency> <groupId>org.conscrypt</groupId> <artifactId>conscrypt-openjdk</artifactId> <version>2.5.2</version> <classifier>${os.detected.classifier}</classifier> </dependency>
Use the osdetector-gradle-plugin (which is a wrapper around the os-maven-plugin) to add the dependency:
buildscript { repositories { mavenCentral() } dependencies { classpath 'com.google.gradle:osdetector-gradle-plugin:1.4.0' } } // Use the osdetector-gradle-plugin apply plugin: "com.google.osdetector" dependencies { compile 'org.conscrypt:conscrypt-openjdk:2.5.2:' + osdetector.classifier }
For convenience, we also publish an Uber JAR to Maven Central that contains the shared libraries for all of the published platforms. While the overall size of the JAR is larger than depending on a platform-specific artifact, it greatly simplifies the task of dependency management for most platforms.
To depend on the uber jar, simply use the conscrypt-openjdk-uber
artifacts.
<dependency> <groupId>org.conscrypt</groupId> <artifactId>conscrypt-openjdk-uber</artifactId> <version>2.5.2</version> </dependency>
dependencies { compile 'org.conscrypt:conscrypt-openjdk-uber:2.5.2' }
The Android AAR file contains native libraries for x86, x86_64, armeabi-v7a, and arm64-v8a.
dependencies { implementation 'org.conscrypt:conscrypt-android:2.5.2' }
If you are making changes to Conscrypt, see the building instructions.