This moves the various CA root fetchers from crypto/tls into crypto/x509.
The move was brought about by issue 2997. Windows doesn't ship with all
its root certificates, but will instead download them as-needed when using
CryptoAPI for certificate verification.
This CL changes crypto/x509 to verify a certificate using the system root
CAs when VerifyOptions.RootCAs == nil. On Windows, this verification is
now implemented using Windows's CryptoAPI. All other root fetchers are
unchanged, and still use Go's own verification code.
The CL also fixes the hostname matching logic in crypto/tls/tls.go, in
order to be able to test whether hostname mismatches are honored by the
Windows verification code.
The move to crypto/x509 also allows other packages to use the OS-provided
root certificates, instead of hiding them inside the crypto/tls package.
Fixes#2997.
R=agl, golang-dev, alex.brainman, rsc, mikkel
CC=golang-dev
https://golang.org/cl/5700087
The old way to find a port was to listen :0 and then
look at what port it picked, close the listener, and then
immediately try to listen on that port.
On some Windows 7 machines that sequence fails at
the second listen, because the first one is still lingering
in the TCP/IP stack somewhere. (Ironically, most of these
are used in tests of a "second listen", which in this case
ends up being the third listen.)
Instead of this race, just return the listener from the
function, replacing usableLocalPort+Listen with
usableListenPort.
Fixes#3219.
R=golang-dev, bradfitz
CC=golang-dev
https://golang.org/cl/5769045
I don't know what's out there, but something
is answering to 127.0.71.111:80 on our builder,
so use a different port.
Also insert a check that the dial fails, which
would have diagnosed this problem.
Fixes#3016.
R=golang-dev, mikioh.mikioh, r
CC=golang-dev
https://golang.org/cl/5754062
I don't know enough about multicast.
Should this be disabled on all systems, not just Windows?
R=golang-dev
CC=golang-dev
https://golang.org/cl/5754060
By default the all.bash tests must not ever announce
on an external address. It's not just an OS X issue.
R=golang-dev, mikioh.mikioh
CC=golang-dev
https://golang.org/cl/5753067
We need a compact, reasonably efficient IsPrint. That adds about 2K of data,
plus a modest amount of code, but now strconv is a near-leaf package.
R=r, bradfitz, adg, rsc, minux.ma
CC=golang-dev
https://golang.org/cl/5756050
In order to land 5700087 (which moves the knowledge of how to get the
root certificates for the system from crypto/tls to crypto/x509), we
need to relax the restrictions on crypto/x509. Afterwards, we can
probably tighten them up in crypto/tls.
R=golang-dev, rsc, krautz
CC=golang-dev
https://golang.org/cl/5753060
This exercises the Import function but more importantly
gives us a place to write down the policy for dependencies
within the Go tree. It also forces us to look at the dependencies,
which may lead to adjustments.
Surprises:
- go/doc imports text/template, for HTMLEscape (could fix)
- it is impossible to use math/big without fmt (unfixable)
- it is impossible to use crypto/rand without math/big (unfixable)
R=golang-dev, bradfitz, gri, r
CC=golang-dev
https://golang.org/cl/5732062
In the test, verify the copied constants are correct.
Also put the test into package utf16 rather than utf16_test;
the old location was probably due creating the test from
utf8, but the separation is not needed here.
R=golang-dev, bradfitz, rsc, rsc, r
CC=golang-dev
https://golang.org/cl/5752047
* Splits into three server tests.
- TestStreamConnServer for tcp, tcp4, tcp6 and unix networks
- TestSeqpacketConnServer for unixpacket networks
- TestDatagramPacketConnServer for udp, udp4, udp6 and unixgram networks
* Adds both PacketConn and Conn test clients to datagram packet conn tests.
* Fixes wildcard listen test cases on dual IP stack platform.
R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/5701066
The dependency was there only to pull in two constants.
Now we define them locally and verify equality in the test.
R=golang-dev, bradfitz
CC=golang-dev
https://golang.org/cl/5754046
CL 3075041 says ARM is not little-endian, but my test suggests otherwise.
My test program is:
package main
import ("fmt"; "syscall"; "os")
func main() {
err := syscall.Fallocate(1, 1/*FALLOC_FL_KEEP_SIZE*/, 0, int64(40960));
fmt.Fprintln(os.Stderr, err)
}
Without this CL, ./test > testfile will show: file too large; and strace shows:
fallocate(1, 01, 0, 175921860444160) = -1 EFBIG (File too large)
With this CL, ./test > testfile will show: <nil>; and strace shows:
fallocate(1, 01, 0, 40960) = 0
Quoting rsc:
"[It turns out that] ARM syscall ABI requires 64-bit arguments to use an
(even, odd) register pair, not an (odd, even) pair. Switching to "big-endian"
worked because it ended up using the high 32-bits (always zero in the tests
we had) as the padding word, because the 64-bit argument was the last one,
and because we fill in zeros for the rest of the system call arguments, up to
six. So it happened to work."
I updated mksyscall_linux.pl to accommodate the register pair ABI requirement,
and removed all hand-tweaked syscall routines in favor of the auto-generated
ones. These including: Ftruncate, Truncate, Pread and Pwrite.
Some recent Linux/ARM distributions do not bundle kernel asm headers,
so instead we always get latest asm/unistd.h from git.kernel.org (just like
what we do for FreeBSD).
R=ken, r, rsc, r, dave, iant
CC=golang-dev
https://golang.org/cl/5726051
Mikkel Krautz
Russ Cox
Mikio Hara
Alex Brainman
Shenghou Ma
Rob Pike
Brad Fitzpatrick
Adam Langley
Robert Griesemer
Ian Lance Taylor
Rémy Oudompheng
David Symonds
Paul Borman