Implemented a Basic TLS #34
Conversation
| macSize = 64 | ||
| } | ||
|
|
||
| for { |
There was a problem hiding this comment.
I would prefer if all of this wasnt a single anonymous function inside of handshake, if we could break this down a little that would be nice (and slightly more readable!)
|
tl;dr: this is not yet audited. we need to audit a lot of stuff, so merging in with the massive disclaimer that this is not yet known to be secure. |
|
cc @perfmode @cleichner if you want to help CR something |
|
doesn't this leak metadata - who is connecting to who? isn't it possible to be encrypted from the first byte by doing the EECDH exchange first? |
|
@dominictarr Yep. But afaik IPFS has no interest in anonymity and following TLS' pattern of authenticating and verifying the secure channel before using it for anything important makes me feel warm and fuzzy inside (and is probably a good way to avoid strange vulns). |
|
@dominictarr Unless you know who you're connecting to beforehand, a listener you're connecting to will have to get your public key. But yes, fair point, there could be two modes, for initializing connections to new unknown public keys, and for known ones. |
|
If you are gonna use something similar to tls why not just use tls? I think there are two strong positions here - either use something that is so well studied and the other strong position is making something so simple that it's obviously secure. I think the possibility for simplicity is considerable here, given that, ipfs, etc, doesn't rely on the security of the connection for it's security. the data is already secure, and it' would still be secure |
|
@dominictarr Because TLS is designed for a server-client model and heavily utilizes CAs--both of which are contrary to IPFS' design. There's also the point that TLS is incredibly complicated and has a lot of legacy to it, which makes it hard to re-implement securely in situations where we don't have access to standard TLS libraries. The protocol is already as simple as possible while still satisfying the requirements placed upon it. (Those requirements being forward secrecy, mutual authentication, confidentiality & integrity of data, in addition to being extensible.) Edit: I realized there was a point I could address. The reason it's better to build a secure channel is largely because of the mutual authentication. Before I wrote this, that's all that was being done--you authenticate each other and then you go back to communicating in plaintext. That scheme achieves its objective in the presence of malicious actors inside the network, but it doesn't do anything to deter active adversaries (outside the network). So you come to the point that all the hard bits are done--it's incredibly cheap to just build the rest of the secure channel and then I get the guarantee that if I contact Alice, I know that everything I read is legitimately from Alice. |
|
I agree that we should keep the protocol as simple as possible to allow it to be easily audited and understood. TLS is great, but has way too much baggage for what were after |
|
okay to be honest, I am not well versed on exactly how complicated tls is, I can imagine it's more complicated than this, though, sure. But I just feel that this could be even simpler. There are really two distinct things here - privacy and security. ipfs is secure even over plain text, If you just did privacy, and required the application/next layer to handle authentication and integrity then you could simplify this. And if you had an out of channel way of setting the parameters then you would not need cipher suite negotiation you could just put |
Reverse engineering someone's TLS implementation is a multi-week effort (I've done it). This protocol took me a few hours to design and implement. It took a few minutes to figure out how it worked after I'd been away from the codebase for a while. This is only a few hundred lines, whereas TLS implementations are thousands of lines. Personally, I think it's incredibly easy to reason about the security of this, and I would think you do too since you started finding caveats within minutes of being told where the code was.
I don't know what either of those words mean in this context... I'm guessing confidentiality and integrity? If so, as I said, confidentiality was added for the reason "why not?" and integrity is there so that I know everything I read off of my channel with Alice was actually written by Alice and meant for me--remember, there'll be more going through our channel than items from the DAGStore. Information about Alice's health, what she wants, what she knows.
Disregarding the fact that the logic is circular and that this doesn't add anything, how is putting information into an incredibly complex system of computers simpler than just sending it over the wire to people who ask? |
|
Okay good point, this is relatively simple. But, I think you should consider the out-of-band ciphersuit thing. Sure, you could negotiate a different suite, but you can't remove the negotiation, In a p2p system like ipfs, there is already a lookup to go from a peer id (i.e. hash(pubkey)) |
|
So like this: # current multiaddr
/ip4/10.20.30.40/tcp/1234/ipfs/QmZSWmvJdrjtUo9TAVnRnRZbMfgcVbMbwMBhvsYTjBZ9es
# multiaddr specifying tls cypher
# 0xcc14 = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
/ip4/10.20.30.40/tcp/1234/tls/cc14/ipfs/QmZSWmvJdrjtUo9TAVnRnRZbMfgcVbMbwMBhvsYTjBZ9es/
# some future
/ip8/QmZSWmvJdrjtUo9TAVnRn/sc/cc14/ipfs/QmZSWmvJdrjtUo9TAVnRnRZbMfgcVbMbwMBhvsYTjBZ9es/ |
@dominictarr The protocol is already trivial to upgrade. Want to add a new cipher? Implement it and add it to the supported ciphers list. You never remove negotiation because there is always a need to negotiate something. TLS (even dating back to SSL) has never changed the ClientHello and SeverHello messages because there's no reason to.
The protocol is always going to be trivially distinguishable from random. There's structure to the timing of messages in the protocol. There's structure in the objects sent. IPFS nodes will always behave in predictable ways (unless @jbenet decides to recast the project as a DRBG). If I look up someone's preferences in the DHT, I can calculate the suite we should use because I have both variables, but how do I convey that knowledge to them if my only way of talking to them is walking up and just using the suite? Negotiation is a function of two variables, so how does the person on the other end make that calculation if they don't know anything about me?
If you're new to the network or have limited connectivity, how do you find someone's preferences to make a new connection to them to improve connectivity? How do you avoid the circular dependency of "I want to talk to Alice, so I need to look her up in the DHT, and that requires making a connection to someone, so I look them up in the DHT, which requires making a connection to someone, so I look..." |
|
I do agree that all the information in the handshake should be available in the DHT for lookup, but i do also think it needs to be in the handshake for the very same reasons @Bren2010 expressed in his last paragraph. |
|
So, i think the world has changed a lot since tls was conceived. The most important thing is how updates occur - I remember getting netscape navigator on a CDROM from my isp. Of course, you are not gonna get an update out very quick that way, and some people will never upgrade. Nowadays we have automatic updates - sure, that is back door, but lets say we can create a decentralized way to do something like that (I have ideas, we can discuss later) I don't think we have the same concern for legacy code with ipfs, etc. But also - http has a default port, and surfers follow links to your site, and you can't break links or you break the web. web protocols had to be on the same port. Ipfs does not have links that will break like this - because links are to data, not to servers. How does a new peer find the network? A completely new node still needs an entry point, right? If we need to keep the start list servers accessable, that start list could contain the cipher suite, or it could indicate that a negotiation handshake is used instead. Is this how ipfs will introduce nodes? |
Exactly.
Yes, we use a list of bootstrapping addresses, which include the node.ID (public key). e.g. Note that all distributed systems have the bootstrapping problem and solve it effectively the same way. DHTs, bitcoin, even DNS (hard coded root For our purposes, we'll distribute signed, up-to-date bootstrapping list with implementations, and make it available via HTTP, DNS, and other systems.
Yeah, we could do something like: but i'm not yet convinced negotiation of cyphers is a bad idea. nodes should be more stern about the cyphers it uses (i.e. prune out weaker things) (NB: not negotiating cyphers does not get rid of handshake. would have to get rid of ephemeral sec chan key to do so. which we could do, since trust here depends on the source key. sessions strictly live shorter than the key used for node.ID (i.e. does forward secrecy make sense if the master private key which defines the node is compromised??) . AFAICT right now, the only other benefit of the ephemeral key is letting nodes split up implementations and safeguard keys better (i.e. i could have a full implementation that i don't give my private key to, only derived keys). |
|
would be kinda cool to have udp service discovery implemented for ipfs |
yep!! there;s lots of protocols for local discovery, we should use as many as we can. this helps bittorrent clients be so successful at moving data around. |
New:
* golang.org/x/text (c93e7c9fff19fb9139b5ab04ce041833add0134e)
* github.com/jackpal/gateway (192609c58b8985e645cbe82ddcb28a4362ca0fdc)
Changed:
* github.com/Sirupsen/logrus (old rev 26709e2714106fb8ad40b773b711ebce25b78914) (new rev 6ba91e24c498b49d0363c723e9e2ab2b5b8fd012)
Alexander F Rødseth (1):
Terminals on Windows may not have colors
Antoine Grondin (1):
default logs to stderr
Dotan J. Nahum (1):
logrus_syslog / syslog - example should now be valid
Madhav Puri (2):
Fix Fatalf() and Fatalln() to exit irrespective of log level
Fix Fatal*() function of logger to match the behavior of Fatal*() functions of entry
Matthew Baird (1):
proper use of TextFormatter in documentation
Philip Allen (4):
Added Raygun hook.
Moving raygun hook to its own repositiroy at github.com/squirkle/logrus-raygun-hook
Merge branch 'master' of https://github.com/Sirupsen/logrus
removing raygun hook from hooks dir, adding reference in hooks table of main README.md
Simon Eskildsen (12):
Merge pull request #170 from aybabtme/log-to-stderr
Merge pull request #177 from xyproto/master
Merge pull request #178 from mattbaird/patch-1
Merge pull request #168 from squirkle/master
Merge pull request #183 from evalphobia/feature/sentry-http-request
formatter/json: fix possible race
version: bump to 0.8
Merge pull request #187 from mapuri/master
version: bump to 0.8.1
Merge pull request #188 from mapuri/master
version: 0.8.2
Merge pull request #189 from jondot/patch-1
evalphobia (1):
Added special field for *http.Request to Sentry hook
* github.com/cenkalti/backoff (old rev 9831e1e25c874e0a0601b6dc43641071414eec7a) (new rev 6c45d6bc1e78d94431dff8fc28a99f20bafa355a)
Cenk Alti (1):
fix #14
* github.com/cheggaaa/pb (old rev e8c7cc515bfde3e267957a3b110080ceed51354e) (new rev d7729fd7ec1372c15b83db39834bf842bf2d69fb)
Andrew Sutherland (4):
just return ourselves on chainable methods
use channel to trigger isFinished
make units type safe
dont panic on multiple Finish calls
Andrey Smirnov (1):
Fix the data race on pb.isFinish member.
Frederick F. Kautz IV (1):
Running gofmt, no semantic changes.
Fábio Gomes (1):
Adds Set64 func to set the current value as int64
Sergey Cherepanov (8):
netbsd support
Merge pull request #34 from smira/master
Merge pull request #35 from nixxquality/patch-1
Merge pull request #36 from fkautz/pr_out_running_gofmt_no_semantic_changes
Merge pull request #37 from drewis/forupstream
Merge pull request #38 from monde-sistemas/master
correct speed when start value not 0
return object for a chain calling
nixxquality (1):
Fix typo
* github.com/crowdmob/goamz/aws (old rev 82345796204222aa56be89cf930c316b1297f906) (new rev 3a06871fe9fc0281ca90f3a7d97258d042ed64c0)
Adrien Bustany (2):
s3: Retry on url.Error too
s3test: Implement MultiDel support
Ali Moeeny (4):
Merge pull request #324 from abustany/s3-retry-url-error
Merge pull request #329 from richarddbarnett/master
Merge pull request #330 from abustany/s3test-multidel
Merge pull request #331 from AndreyKostov/master
Andrey Kostov (1):
Fix signed urls for s3 with v4 auth and IAM roles
Matthew Moore (1):
Update README.md
Richard Barnett (1):
Add Kinesis endpoint for us-west-1
* github.com/crowdmob/goamz/s3 (old rev 82345796204222aa56be89cf930c316b1297f906) (new rev 3a06871fe9fc0281ca90f3a7d97258d042ed64c0)
Adrien Bustany (2):
s3: Retry on url.Error too
s3test: Implement MultiDel support
Ali Moeeny (4):
Merge pull request #324 from abustany/s3-retry-url-error
Merge pull request #329 from richarddbarnett/master
Merge pull request #330 from abustany/s3test-multidel
Merge pull request #331 from AndreyKostov/master
Andrey Kostov (1):
Fix signed urls for s3 with v4 auth and IAM roles
Matthew Moore (1):
Update README.md
Richard Barnett (1):
Add Kinesis endpoint for us-west-1
* github.com/fd/go-nat (old rev 50e7633d5f27d81490026a13e5b92d2e42d8c6bb) (new rev dcaf50131e4810440bed2cbb6f7f32c4f4cc95dd)
Simon Menke (1):
Using github.com/jackpal/gateway to discover NAT-PMP/PCP gateways
* github.com/fzzy/radix/redis (old rev 27a863cdffdb0998d13e1e11992b18489aeeaa25) (new rev 031cc11e9800a2626ee2ae629655a922b630a07d)
Brian Picciano (19):
make cluster package thread-safe
CHANGELOG
update READMEs to have references to cluster
throttle Reset calls in cluster
change how options are passed around in cluster, and fix throttle
CHANGELOG
add a Pattern field to SubReply
make DialTimeout actually use DialTimeout (requested by #53)
fix bugs in cluster which prevented proper failover handling
make cluster.getConn attempt to make the pool in question to better handle failover cases, also simplify moved logic a bit
fix cluster test to handle the Reset throttle properly
CHANGELOG
refactor resp writing to not create an intermediate buffer and just write directly to the io.Writer
small formatting fixes
optimize flattening in resp to not create as many intermediate data structures
refactor resp writing even further by making conn have a writeBuffer pre-allocated which resp simply appends to
update cluster tests for newest testify code
CHANGELOG
CHANGELOG
Victor (1):
add Reply.Float64() method
* github.com/gogo/protobuf (old rev 0ac967c269268f1af7d9bcc7927ccc9a589b2b36) (new rev b9e369e8ffb6773efc654ea13594566404314ee1)
Anton Povarov (1):
simpler and more computationally efficient solution
Dwayne Schultz (4):
Add checks in marshal/unmarshal for presence of required fields
Improve compatibility
Revert "Improve compatibility"
Use import helper
Georg Apitz (2):
Apply @anton-povarov's patch for bitmasks for missing required fields
Add test for nested NinOptNative
John Tuley (11):
Update artifacts from `make all`
Test using `Marshal` instead of `MarshalTo`
Use `proto.Marshal`/`proto.Unmarshal`
Move NewRequiredNotSetError to encode_gogo.go
Restore permissions on protoc-gen-gogo/main.go
Remove empty lines
Remove empty lines
Check marshal error in requiredexamplepb_test.go
Merge remote-tracking branch 'gogo/master'
Add test for unmarshalling populated optional fields as required
Add tests for required fields
Tamir Duberstein (1):
Generate errcheck-passing code
Walter Schulze (4):
regenerated code
Merge pull request #51 from tamird/errcheck
fixed errcheck for old protoc versions
Merge pull request #48 from jmtuley/master
* github.com/hashicorp/golang-lru (old rev 253b2dc1ca8bae42c3b5b6e53dd2eab1a7551116) (new rev 995efda3e073b6946b175ed93901d729ad47466a)
Alexander Gugel (1):
Add Contains, Peek
Armon Dadgar (6):
Merge pull request #3 from blopker/master
Merge pull request #4 from mreid-moz/add_onevict
Merge pull request #6 from client9/master
Merge pull request #8 from sciolizer/keys-order
Merge pull request #10 from alexanderGugel/has-peek
Merge pull request #12 from dkumor/master
Bo Lopker (1):
Add RWMutex for read-only functions
Daniel Kumor (2):
Fixed onEvict bug for Purge
Added test for onEvicted interface value
Joshua Ball (1):
Keys() preserves order
Kyle Kelley (1):
fmt.Sprintf inside panic call
Mark Reid (6):
Add an 'onEvict' function called when an element is removed.
Export the "OnEvicted" function.
Stop exposing the internals for eviction.
Take a single lock to purge the cache.
Purge in the correct LRU order.
Call the evict function, then reset the cache.
Nick Galbreath (2):
change Add method to return bool on eviction
gofmt cleanup
Ryan Uber (1):
Merge pull request #2 from rgbkrk/patch-1
* github.com/hashicorp/yamux (old rev 9feabe6854fadca1abec9cd3bd2a613fe9a34000) (new rev b2e55852ddaf823a85c67f798080eb7d08acd71d)
Armon Dadgar (5):
Prevent Read on a closed stream
Adding NumStreams to query open stream count
Prevent deadlock with closeStream race
Session close waits for receive loop to terminate
Adding backpressure to Open to avoid RST
* github.com/howeyc/fsnotify (old rev 6b1ef893dc11e0447abda6da20a5203481878dda) (new rev 4894fe7efedeeef21891033e1cce3b23b9af7ad2)
Chris Howey (1):
Merge pull request #109 from missdeer/master
Fan Yang (2):
Update fsnotify_bsd.go
Update fsnotify_open_bsd.go
* github.com/huin/goupnp (old rev 223008361153d7d434c1f0ac990cd3fcae6931f5) (new rev c57ae84388ab59076fd547f1abeab71c2edb0a21)
Felix Lange (1):
soap: quote action names in header
Huin (1):
Fix CharsetReader creation.
Jianfei Wang (1):
support xml encoding other than utf-8
John Beisley (2):
Merge branch 'fjl-soap-quote'
Merge branch 'thinxer-master'
* github.com/jackpal/go-nat-pmp (old rev a45aa3d54aef73b504e15eb71bea0e5565b5e6e1) (new rev 46523a463303c6ede3ddfe45bde1c7ed52ebaacd)
Jack Palevich (1):
Add NewClientForDefaultGateway, test of same.
* github.com/jbenet/go-peerstream (old rev 8d52ed2801410a2af995b4e87660272d11c8a9a4) (new rev 675a5da7e3500d73c2edc84565d6c46b540ad1b4)
Brian Tiger Chow (1):
Update listener.go
Juan Batiz-Benet (1):
Merge pull request #7 from briantigerchow/patch-1
* github.com/kardianos/osext (old rev 8fef92e41e22a70e700a96b29f066cda30ea24ef) (new rev 6e7f843663477789fac7c02def0d0909e969b4e5)
Daniel Theophanes (2):
osext: do not return trailing slash in folder path.
osext: state in readme that args[0] doesn't always work.
* github.com/miekg/dns (old rev 82ffc45b1f84ff71bd1cebed8b210118ce3d181e) (new rev bb1103f648f811d2018d4bedcb2d4b2bce34a0f1)
Alex Sergeyev (6):
Issue with TLSA parsing identified
Fixed SSHFP parsing when multiple lines used for text representation.
Updated NSAP support according to RFC1706
Fixed reversed logic.
Support for almost all possible ways to format HINFO record
Added comment to commented-out testcase
Mart Roosmaa (1):
Use algorithm number to determine private key type.
Michael Haro (3):
Check that the query ID matches the answer ID.
Keep Exchange as it was, but still check ID.
Cleanup Client.exchange
Miek Gieben (10):
Merge pull request #207 from roosmaa/keyparse
Merge pull request #208 from michaelharo/checkid
Merge pull request #209 from michaelharo/client
Merge commit '627287e675fb79f57928f77fbfae24abe15ed58b' into tlsa
Playing with TLSA records
Fix off-by-one on the maxTok and maxCom check
Add TLSA parsing tests
Check the l.err token errors
Merge pull request #211 from miekg/tlsa
Merge pull request #212 from asergeyev/master
* github.com/syndtr/goleveldb/leveldb (old rev 4875955338b0a434238a31165cb87255ab6e9e4a) (new rev 315fcfb05d4d46d4354b313d146ef688dda272a9)
Suryandaru Triandana (6):
Merge pull request #106 from restlessbandit/getprop-errors
leveldb: allows disabling buffer pool
manualtest/dbstress: disable block cache and buffer pool by default
memdb: use named constant instead of integer literal and Reset now holds lock
leveldb: cleanup DB.recoverJournal(), memdb, session record and split session.go
leveldb: allows open or puts DB into read-only mode (closes #107)
Travis J Parker (1):
uses a public API error that can be compared against for invalid property names
* github.com/whyrusleeping/iptb (old rev 3970c95a864f1a40037f796ff596607ce8ae43be) (new rev fa9bbc437fae1c3a9410e7f1bc3dd02f0449279a)
Jeromy (1):
bootstrap addrs cant be 0.0.0.0
* golang.org/x/crypto (old rev c84e1f8e3a7e322d497cd16c0e8a13c7e127baf3) (new rev ce6bda69189e9f4ff278a5e181691cd695f753ae)
Dmitry Savintsev (1):
crypto/ssh: fix encoding of ssh certs with critical options
Han-Wen Nienhuys (1):
x/crypto/ssh: bail early if a server has no auth methods configured.
Joel Sing (1):
poly1305: fix compilation on arm with go tip
Jungho Ahn (1):
x/crypto/poly1305: add ARM assembly
KB Sriram (1):
x/crypto/openpgp: Limit packet recursion depth.
Shenghou Ma (1):
ocsp: fix test on TZ=UTC systems
datianshi (1):
ssh: add hmac-sha2-256.
* golang.org/x/net (old rev ff8eb9a34a5cbb9941ffc6f84a19a8014c2646ad) (new rev 589db58a47224e5786650dac2677b9c302bab6c2)
Dave Cheney (1):
x/net/websocket: always close underlying connection on ws.Close
Ian Lance Taylor (1):
html/charset/testdata: update licensing info in README
Mikio Hara (4):
ipv4: fix build on linux/arm64
ipv6: fix build on linux/arm64
icmp: more coverage to ping test
icmp: add missing attribute length check
Nigel Tao (7):
webdav: skip XML-related tests on Go 1.4.
webdav: make properties belong to the File(System), not a PropSystem.
webdav: special-case the propfind_invalid2 litmus test.
webdav: delete the PropSystem and MemPS types.
webdav: add StripPrefix.
webdav: have copyFiles copy dead properties.
webdav: let DeadPropsHolder.DeadProps return an error.
Robert Stepanek (3):
webdav: Add PROPPATCH support to in-memory property system.
webdav: Return HTTP 404 for PROPFIND/PROPPATCH requests on an inexistent webdav.Dir resource.
webdav: Simplify handling of Etag and Content-Type headers for GET, HEAD, POST and PUT requests.
* gopkg.in/natefinch/lumberjack.v2 (old rev d28785c2f27cd682d872df46ccd8232843629f54) (new rev 588a21fb0fa0ebdfde42670fa214576b6f0f22df)
Matt Silverlock (1):
Fixed import in example test to use gopkg.in.
Nate Finch (2):
Merge pull request #11 from elithrar/v2.0
Fix bug #12
New:
* golang.org/x/text (c93e7c9fff19fb9139b5ab04ce041833add0134e)
* github.com/jackpal/gateway (192609c58b8985e645cbe82ddcb28a4362ca0fdc)
Changed:
* github.com/Sirupsen/logrus (old rev 26709e2714106fb8ad40b773b711ebce25b78914) (new rev 6ba91e24c498b49d0363c723e9e2ab2b5b8fd012)
Alexander F Rødseth (1):
Terminals on Windows may not have colors
Antoine Grondin (1):
default logs to stderr
Dotan J. Nahum (1):
logrus_syslog / syslog - example should now be valid
Madhav Puri (2):
Fix Fatalf() and Fatalln() to exit irrespective of log level
Fix Fatal*() function of logger to match the behavior of Fatal*() functions of entry
Matthew Baird (1):
proper use of TextFormatter in documentation
Philip Allen (4):
Added Raygun hook.
Moving raygun hook to its own repositiroy at github.com/squirkle/logrus-raygun-hook
Merge branch 'master' of https://github.com/Sirupsen/logrus
removing raygun hook from hooks dir, adding reference in hooks table of main README.md
Simon Eskildsen (12):
Merge pull request #170 from aybabtme/log-to-stderr
Merge pull request #177 from xyproto/master
Merge pull request #178 from mattbaird/patch-1
Merge pull request #168 from squirkle/master
Merge pull request #183 from evalphobia/feature/sentry-http-request
formatter/json: fix possible race
version: bump to 0.8
Merge pull request #187 from mapuri/master
version: bump to 0.8.1
Merge pull request #188 from mapuri/master
version: 0.8.2
Merge pull request #189 from jondot/patch-1
evalphobia (1):
Added special field for *http.Request to Sentry hook
* github.com/cenkalti/backoff (old rev 9831e1e25c874e0a0601b6dc43641071414eec7a) (new rev 6c45d6bc1e78d94431dff8fc28a99f20bafa355a)
Cenk Alti (1):
fix #14
* github.com/cheggaaa/pb (old rev e8c7cc515bfde3e267957a3b110080ceed51354e) (new rev d7729fd7ec1372c15b83db39834bf842bf2d69fb)
Andrew Sutherland (4):
just return ourselves on chainable methods
use channel to trigger isFinished
make units type safe
dont panic on multiple Finish calls
Andrey Smirnov (1):
Fix the data race on pb.isFinish member.
Frederick F. Kautz IV (1):
Running gofmt, no semantic changes.
Fábio Gomes (1):
Adds Set64 func to set the current value as int64
Sergey Cherepanov (8):
netbsd support
Merge pull request #34 from smira/master
Merge pull request #35 from nixxquality/patch-1
Merge pull request #36 from fkautz/pr_out_running_gofmt_no_semantic_changes
Merge pull request #37 from drewis/forupstream
Merge pull request #38 from monde-sistemas/master
correct speed when start value not 0
return object for a chain calling
nixxquality (1):
Fix typo
* github.com/crowdmob/goamz/aws (old rev 82345796204222aa56be89cf930c316b1297f906) (new rev 3a06871fe9fc0281ca90f3a7d97258d042ed64c0)
Adrien Bustany (2):
s3: Retry on url.Error too
s3test: Implement MultiDel support
Ali Moeeny (4):
Merge pull request #324 from abustany/s3-retry-url-error
Merge pull request #329 from richarddbarnett/master
Merge pull request #330 from abustany/s3test-multidel
Merge pull request #331 from AndreyKostov/master
Andrey Kostov (1):
Fix signed urls for s3 with v4 auth and IAM roles
Matthew Moore (1):
Update README.md
Richard Barnett (1):
Add Kinesis endpoint for us-west-1
* github.com/crowdmob/goamz/s3 (old rev 82345796204222aa56be89cf930c316b1297f906) (new rev 3a06871fe9fc0281ca90f3a7d97258d042ed64c0)
Adrien Bustany (2):
s3: Retry on url.Error too
s3test: Implement MultiDel support
Ali Moeeny (4):
Merge pull request #324 from abustany/s3-retry-url-error
Merge pull request #329 from richarddbarnett/master
Merge pull request #330 from abustany/s3test-multidel
Merge pull request #331 from AndreyKostov/master
Andrey Kostov (1):
Fix signed urls for s3 with v4 auth and IAM roles
Matthew Moore (1):
Update README.md
Richard Barnett (1):
Add Kinesis endpoint for us-west-1
* github.com/fd/go-nat (old rev 50e7633d5f27d81490026a13e5b92d2e42d8c6bb) (new rev dcaf50131e4810440bed2cbb6f7f32c4f4cc95dd)
Simon Menke (1):
Using github.com/jackpal/gateway to discover NAT-PMP/PCP gateways
* github.com/fzzy/radix/redis (old rev 27a863cdffdb0998d13e1e11992b18489aeeaa25) (new rev 031cc11e9800a2626ee2ae629655a922b630a07d)
Brian Picciano (19):
make cluster package thread-safe
CHANGELOG
update READMEs to have references to cluster
throttle Reset calls in cluster
change how options are passed around in cluster, and fix throttle
CHANGELOG
add a Pattern field to SubReply
make DialTimeout actually use DialTimeout (requested by #53)
fix bugs in cluster which prevented proper failover handling
make cluster.getConn attempt to make the pool in question to better handle failover cases, also simplify moved logic a bit
fix cluster test to handle the Reset throttle properly
CHANGELOG
refactor resp writing to not create an intermediate buffer and just write directly to the io.Writer
small formatting fixes
optimize flattening in resp to not create as many intermediate data structures
refactor resp writing even further by making conn have a writeBuffer pre-allocated which resp simply appends to
update cluster tests for newest testify code
CHANGELOG
CHANGELOG
Victor (1):
add Reply.Float64() method
* github.com/gogo/protobuf (old rev 0ac967c269268f1af7d9bcc7927ccc9a589b2b36) (new rev b9e369e8ffb6773efc654ea13594566404314ee1)
Anton Povarov (1):
simpler and more computationally efficient solution
Dwayne Schultz (4):
Add checks in marshal/unmarshal for presence of required fields
Improve compatibility
Revert "Improve compatibility"
Use import helper
Georg Apitz (2):
Apply @anton-povarov's patch for bitmasks for missing required fields
Add test for nested NinOptNative
John Tuley (11):
Update artifacts from `make all`
Test using `Marshal` instead of `MarshalTo`
Use `proto.Marshal`/`proto.Unmarshal`
Move NewRequiredNotSetError to encode_gogo.go
Restore permissions on protoc-gen-gogo/main.go
Remove empty lines
Remove empty lines
Check marshal error in requiredexamplepb_test.go
Merge remote-tracking branch 'gogo/master'
Add test for unmarshalling populated optional fields as required
Add tests for required fields
Tamir Duberstein (1):
Generate errcheck-passing code
Walter Schulze (4):
regenerated code
Merge pull request #51 from tamird/errcheck
fixed errcheck for old protoc versions
Merge pull request #48 from jmtuley/master
* github.com/hashicorp/golang-lru (old rev 253b2dc1ca8bae42c3b5b6e53dd2eab1a7551116) (new rev 995efda3e073b6946b175ed93901d729ad47466a)
Alexander Gugel (1):
Add Contains, Peek
Armon Dadgar (6):
Merge pull request #3 from blopker/master
Merge pull request #4 from mreid-moz/add_onevict
Merge pull request #6 from client9/master
Merge pull request #8 from sciolizer/keys-order
Merge pull request #10 from alexanderGugel/has-peek
Merge pull request #12 from dkumor/master
Bo Lopker (1):
Add RWMutex for read-only functions
Daniel Kumor (2):
Fixed onEvict bug for Purge
Added test for onEvicted interface value
Joshua Ball (1):
Keys() preserves order
Kyle Kelley (1):
fmt.Sprintf inside panic call
Mark Reid (6):
Add an 'onEvict' function called when an element is removed.
Export the "OnEvicted" function.
Stop exposing the internals for eviction.
Take a single lock to purge the cache.
Purge in the correct LRU order.
Call the evict function, then reset the cache.
Nick Galbreath (2):
change Add method to return bool on eviction
gofmt cleanup
Ryan Uber (1):
Merge pull request #2 from rgbkrk/patch-1
* github.com/hashicorp/yamux (old rev 9feabe6854fadca1abec9cd3bd2a613fe9a34000) (new rev b2e55852ddaf823a85c67f798080eb7d08acd71d)
Armon Dadgar (5):
Prevent Read on a closed stream
Adding NumStreams to query open stream count
Prevent deadlock with closeStream race
Session close waits for receive loop to terminate
Adding backpressure to Open to avoid RST
* github.com/howeyc/fsnotify (old rev 6b1ef893dc11e0447abda6da20a5203481878dda) (new rev 4894fe7efedeeef21891033e1cce3b23b9af7ad2)
Chris Howey (1):
Merge pull request #109 from missdeer/master
Fan Yang (2):
Update fsnotify_bsd.go
Update fsnotify_open_bsd.go
* github.com/huin/goupnp (old rev 223008361153d7d434c1f0ac990cd3fcae6931f5) (new rev c57ae84388ab59076fd547f1abeab71c2edb0a21)
Felix Lange (1):
soap: quote action names in header
Huin (1):
Fix CharsetReader creation.
Jianfei Wang (1):
support xml encoding other than utf-8
John Beisley (2):
Merge branch 'fjl-soap-quote'
Merge branch 'thinxer-master'
* github.com/jackpal/go-nat-pmp (old rev a45aa3d54aef73b504e15eb71bea0e5565b5e6e1) (new rev 46523a463303c6ede3ddfe45bde1c7ed52ebaacd)
Jack Palevich (1):
Add NewClientForDefaultGateway, test of same.
* github.com/jbenet/go-peerstream (old rev 8d52ed2801410a2af995b4e87660272d11c8a9a4) (new rev 675a5da7e3500d73c2edc84565d6c46b540ad1b4)
Brian Tiger Chow (1):
Update listener.go
Juan Batiz-Benet (1):
Merge pull request #7 from briantigerchow/patch-1
* github.com/kardianos/osext (old rev 8fef92e41e22a70e700a96b29f066cda30ea24ef) (new rev 6e7f843663477789fac7c02def0d0909e969b4e5)
Daniel Theophanes (2):
osext: do not return trailing slash in folder path.
osext: state in readme that args[0] doesn't always work.
* github.com/miekg/dns (old rev 82ffc45b1f84ff71bd1cebed8b210118ce3d181e) (new rev bb1103f648f811d2018d4bedcb2d4b2bce34a0f1)
Alex Sergeyev (6):
Issue with TLSA parsing identified
Fixed SSHFP parsing when multiple lines used for text representation.
Updated NSAP support according to RFC1706
Fixed reversed logic.
Support for almost all possible ways to format HINFO record
Added comment to commented-out testcase
Mart Roosmaa (1):
Use algorithm number to determine private key type.
Michael Haro (3):
Check that the query ID matches the answer ID.
Keep Exchange as it was, but still check ID.
Cleanup Client.exchange
Miek Gieben (10):
Merge pull request #207 from roosmaa/keyparse
Merge pull request #208 from michaelharo/checkid
Merge pull request #209 from michaelharo/client
Merge commit '627287e675fb79f57928f77fbfae24abe15ed58b' into tlsa
Playing with TLSA records
Fix off-by-one on the maxTok and maxCom check
Add TLSA parsing tests
Check the l.err token errors
Merge pull request #211 from miekg/tlsa
Merge pull request #212 from asergeyev/master
* github.com/syndtr/goleveldb/leveldb (old rev 4875955338b0a434238a31165cb87255ab6e9e4a) (new rev 315fcfb05d4d46d4354b313d146ef688dda272a9)
Suryandaru Triandana (6):
Merge pull request #106 from restlessbandit/getprop-errors
leveldb: allows disabling buffer pool
manualtest/dbstress: disable block cache and buffer pool by default
memdb: use named constant instead of integer literal and Reset now holds lock
leveldb: cleanup DB.recoverJournal(), memdb, session record and split session.go
leveldb: allows open or puts DB into read-only mode (closes #107)
Travis J Parker (1):
uses a public API error that can be compared against for invalid property names
* github.com/whyrusleeping/iptb (old rev 3970c95a864f1a40037f796ff596607ce8ae43be) (new rev fa9bbc437fae1c3a9410e7f1bc3dd02f0449279a)
Jeromy (1):
bootstrap addrs cant be 0.0.0.0
* golang.org/x/crypto (old rev c84e1f8e3a7e322d497cd16c0e8a13c7e127baf3) (new rev ce6bda69189e9f4ff278a5e181691cd695f753ae)
Dmitry Savintsev (1):
crypto/ssh: fix encoding of ssh certs with critical options
Han-Wen Nienhuys (1):
x/crypto/ssh: bail early if a server has no auth methods configured.
Joel Sing (1):
poly1305: fix compilation on arm with go tip
Jungho Ahn (1):
x/crypto/poly1305: add ARM assembly
KB Sriram (1):
x/crypto/openpgp: Limit packet recursion depth.
Shenghou Ma (1):
ocsp: fix test on TZ=UTC systems
datianshi (1):
ssh: add hmac-sha2-256.
* golang.org/x/net (old rev ff8eb9a34a5cbb9941ffc6f84a19a8014c2646ad) (new rev 589db58a47224e5786650dac2677b9c302bab6c2)
Dave Cheney (1):
x/net/websocket: always close underlying connection on ws.Close
Ian Lance Taylor (1):
html/charset/testdata: update licensing info in README
Mikio Hara (4):
ipv4: fix build on linux/arm64
ipv6: fix build on linux/arm64
icmp: more coverage to ping test
icmp: add missing attribute length check
Nigel Tao (7):
webdav: skip XML-related tests on Go 1.4.
webdav: make properties belong to the File(System), not a PropSystem.
webdav: special-case the propfind_invalid2 litmus test.
webdav: delete the PropSystem and MemPS types.
webdav: add StripPrefix.
webdav: have copyFiles copy dead properties.
webdav: let DeadPropsHolder.DeadProps return an error.
Robert Stepanek (3):
webdav: Add PROPPATCH support to in-memory property system.
webdav: Return HTTP 404 for PROPFIND/PROPPATCH requests on an inexistent webdav.Dir resource.
webdav: Simplify handling of Etag and Content-Type headers for GET, HEAD, POST and PUT requests.
* gopkg.in/natefinch/lumberjack.v2 (old rev d28785c2f27cd682d872df46ccd8232843629f54) (new rev 588a21fb0fa0ebdfde42670fa214576b6f0f22df)
Matt Silverlock (1):
Fixed import in example test to use gopkg.in.
Nate Finch (2):
Merge pull request #11 from elithrar/v2.0
Fix bug #12
New:
* golang.org/x/text (c93e7c9fff19fb9139b5ab04ce041833add0134e)
* github.com/jackpal/gateway (192609c58b8985e645cbe82ddcb28a4362ca0fdc)
Changed:
* github.com/Sirupsen/logrus (old rev 26709e2714106fb8ad40b773b711ebce25b78914) (new rev 6ba91e24c498b49d0363c723e9e2ab2b5b8fd012)
Alexander F Rødseth (1):
Terminals on Windows may not have colors
Antoine Grondin (1):
default logs to stderr
Dotan J. Nahum (1):
logrus_syslog / syslog - example should now be valid
Madhav Puri (2):
Fix Fatalf() and Fatalln() to exit irrespective of log level
Fix Fatal*() function of logger to match the behavior of Fatal*() functions of entry
Matthew Baird (1):
proper use of TextFormatter in documentation
Philip Allen (4):
Added Raygun hook.
Moving raygun hook to its own repositiroy at github.com/squirkle/logrus-raygun-hook
Merge branch 'master' of https://github.com/Sirupsen/logrus
removing raygun hook from hooks dir, adding reference in hooks table of main README.md
Simon Eskildsen (12):
Merge pull request #170 from aybabtme/log-to-stderr
Merge pull request #177 from xyproto/master
Merge pull request #178 from mattbaird/patch-1
Merge pull request #168 from squirkle/master
Merge pull request #183 from evalphobia/feature/sentry-http-request
formatter/json: fix possible race
version: bump to 0.8
Merge pull request #187 from mapuri/master
version: bump to 0.8.1
Merge pull request #188 from mapuri/master
version: 0.8.2
Merge pull request #189 from jondot/patch-1
evalphobia (1):
Added special field for *http.Request to Sentry hook
* github.com/cenkalti/backoff (old rev 9831e1e25c874e0a0601b6dc43641071414eec7a) (new rev 6c45d6bc1e78d94431dff8fc28a99f20bafa355a)
Cenk Alti (1):
fix #14
* github.com/cheggaaa/pb (old rev e8c7cc515bfde3e267957a3b110080ceed51354e) (new rev d7729fd7ec1372c15b83db39834bf842bf2d69fb)
Andrew Sutherland (4):
just return ourselves on chainable methods
use channel to trigger isFinished
make units type safe
dont panic on multiple Finish calls
Andrey Smirnov (1):
Fix the data race on pb.isFinish member.
Frederick F. Kautz IV (1):
Running gofmt, no semantic changes.
Fábio Gomes (1):
Adds Set64 func to set the current value as int64
Sergey Cherepanov (8):
netbsd support
Merge pull request #34 from smira/master
Merge pull request #35 from nixxquality/patch-1
Merge pull request #36 from fkautz/pr_out_running_gofmt_no_semantic_changes
Merge pull request #37 from drewis/forupstream
Merge pull request #38 from monde-sistemas/master
correct speed when start value not 0
return object for a chain calling
nixxquality (1):
Fix typo
* github.com/crowdmob/goamz/aws (old rev 82345796204222aa56be89cf930c316b1297f906) (new rev 3a06871fe9fc0281ca90f3a7d97258d042ed64c0)
Adrien Bustany (2):
s3: Retry on url.Error too
s3test: Implement MultiDel support
Ali Moeeny (4):
Merge pull request #324 from abustany/s3-retry-url-error
Merge pull request #329 from richarddbarnett/master
Merge pull request #330 from abustany/s3test-multidel
Merge pull request #331 from AndreyKostov/master
Andrey Kostov (1):
Fix signed urls for s3 with v4 auth and IAM roles
Matthew Moore (1):
Update README.md
Richard Barnett (1):
Add Kinesis endpoint for us-west-1
* github.com/crowdmob/goamz/s3 (old rev 82345796204222aa56be89cf930c316b1297f906) (new rev 3a06871fe9fc0281ca90f3a7d97258d042ed64c0)
Adrien Bustany (2):
s3: Retry on url.Error too
s3test: Implement MultiDel support
Ali Moeeny (4):
Merge pull request #324 from abustany/s3-retry-url-error
Merge pull request #329 from richarddbarnett/master
Merge pull request #330 from abustany/s3test-multidel
Merge pull request #331 from AndreyKostov/master
Andrey Kostov (1):
Fix signed urls for s3 with v4 auth and IAM roles
Matthew Moore (1):
Update README.md
Richard Barnett (1):
Add Kinesis endpoint for us-west-1
* github.com/fd/go-nat (old rev 50e7633d5f27d81490026a13e5b92d2e42d8c6bb) (new rev dcaf50131e4810440bed2cbb6f7f32c4f4cc95dd)
Simon Menke (1):
Using github.com/jackpal/gateway to discover NAT-PMP/PCP gateways
* github.com/fzzy/radix/redis (old rev 27a863cdffdb0998d13e1e11992b18489aeeaa25) (new rev 031cc11e9800a2626ee2ae629655a922b630a07d)
Brian Picciano (19):
make cluster package thread-safe
CHANGELOG
update READMEs to have references to cluster
throttle Reset calls in cluster
change how options are passed around in cluster, and fix throttle
CHANGELOG
add a Pattern field to SubReply
make DialTimeout actually use DialTimeout (requested by #53)
fix bugs in cluster which prevented proper failover handling
make cluster.getConn attempt to make the pool in question to better handle failover cases, also simplify moved logic a bit
fix cluster test to handle the Reset throttle properly
CHANGELOG
refactor resp writing to not create an intermediate buffer and just write directly to the io.Writer
small formatting fixes
optimize flattening in resp to not create as many intermediate data structures
refactor resp writing even further by making conn have a writeBuffer pre-allocated which resp simply appends to
update cluster tests for newest testify code
CHANGELOG
CHANGELOG
Victor (1):
add Reply.Float64() method
* github.com/gogo/protobuf (old rev 0ac967c269268f1af7d9bcc7927ccc9a589b2b36) (new rev b9e369e8ffb6773efc654ea13594566404314ee1)
Anton Povarov (1):
simpler and more computationally efficient solution
Dwayne Schultz (4):
Add checks in marshal/unmarshal for presence of required fields
Improve compatibility
Revert "Improve compatibility"
Use import helper
Georg Apitz (2):
Apply @anton-povarov's patch for bitmasks for missing required fields
Add test for nested NinOptNative
John Tuley (11):
Update artifacts from `make all`
Test using `Marshal` instead of `MarshalTo`
Use `proto.Marshal`/`proto.Unmarshal`
Move NewRequiredNotSetError to encode_gogo.go
Restore permissions on protoc-gen-gogo/main.go
Remove empty lines
Remove empty lines
Check marshal error in requiredexamplepb_test.go
Merge remote-tracking branch 'gogo/master'
Add test for unmarshalling populated optional fields as required
Add tests for required fields
Tamir Duberstein (1):
Generate errcheck-passing code
Walter Schulze (4):
regenerated code
Merge pull request #51 from tamird/errcheck
fixed errcheck for old protoc versions
Merge pull request #48 from jmtuley/master
* github.com/hashicorp/golang-lru (old rev 253b2dc1ca8bae42c3b5b6e53dd2eab1a7551116) (new rev 995efda3e073b6946b175ed93901d729ad47466a)
Alexander Gugel (1):
Add Contains, Peek
Armon Dadgar (6):
Merge pull request #3 from blopker/master
Merge pull request #4 from mreid-moz/add_onevict
Merge pull request #6 from client9/master
Merge pull request #8 from sciolizer/keys-order
Merge pull request #10 from alexanderGugel/has-peek
Merge pull request #12 from dkumor/master
Bo Lopker (1):
Add RWMutex for read-only functions
Daniel Kumor (2):
Fixed onEvict bug for Purge
Added test for onEvicted interface value
Joshua Ball (1):
Keys() preserves order
Kyle Kelley (1):
fmt.Sprintf inside panic call
Mark Reid (6):
Add an 'onEvict' function called when an element is removed.
Export the "OnEvicted" function.
Stop exposing the internals for eviction.
Take a single lock to purge the cache.
Purge in the correct LRU order.
Call the evict function, then reset the cache.
Nick Galbreath (2):
change Add method to return bool on eviction
gofmt cleanup
Ryan Uber (1):
Merge pull request #2 from rgbkrk/patch-1
* github.com/hashicorp/yamux (old rev 9feabe6854fadca1abec9cd3bd2a613fe9a34000) (new rev b2e55852ddaf823a85c67f798080eb7d08acd71d)
Armon Dadgar (5):
Prevent Read on a closed stream
Adding NumStreams to query open stream count
Prevent deadlock with closeStream race
Session close waits for receive loop to terminate
Adding backpressure to Open to avoid RST
* github.com/howeyc/fsnotify (old rev 6b1ef893dc11e0447abda6da20a5203481878dda) (new rev 4894fe7efedeeef21891033e1cce3b23b9af7ad2)
Chris Howey (1):
Merge pull request #109 from missdeer/master
Fan Yang (2):
Update fsnotify_bsd.go
Update fsnotify_open_bsd.go
* github.com/huin/goupnp (old rev 223008361153d7d434c1f0ac990cd3fcae6931f5) (new rev c57ae84388ab59076fd547f1abeab71c2edb0a21)
Felix Lange (1):
soap: quote action names in header
Huin (1):
Fix CharsetReader creation.
Jianfei Wang (1):
support xml encoding other than utf-8
John Beisley (2):
Merge branch 'fjl-soap-quote'
Merge branch 'thinxer-master'
* github.com/jackpal/go-nat-pmp (old rev a45aa3d54aef73b504e15eb71bea0e5565b5e6e1) (new rev 46523a463303c6ede3ddfe45bde1c7ed52ebaacd)
Jack Palevich (1):
Add NewClientForDefaultGateway, test of same.
* github.com/jbenet/go-peerstream (old rev 8d52ed2801410a2af995b4e87660272d11c8a9a4) (new rev 675a5da7e3500d73c2edc84565d6c46b540ad1b4)
Brian Tiger Chow (1):
Update listener.go
Juan Batiz-Benet (1):
Merge pull request #7 from briantigerchow/patch-1
* github.com/kardianos/osext (old rev 8fef92e41e22a70e700a96b29f066cda30ea24ef) (new rev 6e7f843663477789fac7c02def0d0909e969b4e5)
Daniel Theophanes (2):
osext: do not return trailing slash in folder path.
osext: state in readme that args[0] doesn't always work.
* github.com/miekg/dns (old rev 82ffc45b1f84ff71bd1cebed8b210118ce3d181e) (new rev bb1103f648f811d2018d4bedcb2d4b2bce34a0f1)
Alex Sergeyev (6):
Issue with TLSA parsing identified
Fixed SSHFP parsing when multiple lines used for text representation.
Updated NSAP support according to RFC1706
Fixed reversed logic.
Support for almost all possible ways to format HINFO record
Added comment to commented-out testcase
Mart Roosmaa (1):
Use algorithm number to determine private key type.
Michael Haro (3):
Check that the query ID matches the answer ID.
Keep Exchange as it was, but still check ID.
Cleanup Client.exchange
Miek Gieben (10):
Merge pull request #207 from roosmaa/keyparse
Merge pull request #208 from michaelharo/checkid
Merge pull request #209 from michaelharo/client
Merge commit '627287e675fb79f57928f77fbfae24abe15ed58b' into tlsa
Playing with TLSA records
Fix off-by-one on the maxTok and maxCom check
Add TLSA parsing tests
Check the l.err token errors
Merge pull request #211 from miekg/tlsa
Merge pull request #212 from asergeyev/master
* github.com/syndtr/goleveldb/leveldb (old rev 4875955338b0a434238a31165cb87255ab6e9e4a) (new rev 315fcfb05d4d46d4354b313d146ef688dda272a9)
Suryandaru Triandana (6):
Merge pull request #106 from restlessbandit/getprop-errors
leveldb: allows disabling buffer pool
manualtest/dbstress: disable block cache and buffer pool by default
memdb: use named constant instead of integer literal and Reset now holds lock
leveldb: cleanup DB.recoverJournal(), memdb, session record and split session.go
leveldb: allows open or puts DB into read-only mode (closes #107)
Travis J Parker (1):
uses a public API error that can be compared against for invalid property names
* github.com/whyrusleeping/iptb (old rev 3970c95a864f1a40037f796ff596607ce8ae43be) (new rev fa9bbc437fae1c3a9410e7f1bc3dd02f0449279a)
Jeromy (1):
bootstrap addrs cant be 0.0.0.0
* golang.org/x/crypto (old rev c84e1f8e3a7e322d497cd16c0e8a13c7e127baf3) (new rev ce6bda69189e9f4ff278a5e181691cd695f753ae)
Dmitry Savintsev (1):
crypto/ssh: fix encoding of ssh certs with critical options
Han-Wen Nienhuys (1):
x/crypto/ssh: bail early if a server has no auth methods configured.
Joel Sing (1):
poly1305: fix compilation on arm with go tip
Jungho Ahn (1):
x/crypto/poly1305: add ARM assembly
KB Sriram (1):
x/crypto/openpgp: Limit packet recursion depth.
Shenghou Ma (1):
ocsp: fix test on TZ=UTC systems
datianshi (1):
ssh: add hmac-sha2-256.
* golang.org/x/net (old rev ff8eb9a34a5cbb9941ffc6f84a19a8014c2646ad) (new rev 589db58a47224e5786650dac2677b9c302bab6c2)
Dave Cheney (1):
x/net/websocket: always close underlying connection on ws.Close
Ian Lance Taylor (1):
html/charset/testdata: update licensing info in README
Mikio Hara (4):
ipv4: fix build on linux/arm64
ipv6: fix build on linux/arm64
icmp: more coverage to ping test
icmp: add missing attribute length check
Nigel Tao (7):
webdav: skip XML-related tests on Go 1.4.
webdav: make properties belong to the File(System), not a PropSystem.
webdav: special-case the propfind_invalid2 litmus test.
webdav: delete the PropSystem and MemPS types.
webdav: add StripPrefix.
webdav: have copyFiles copy dead properties.
webdav: let DeadPropsHolder.DeadProps return an error.
Robert Stepanek (3):
webdav: Add PROPPATCH support to in-memory property system.
webdav: Return HTTP 404 for PROPFIND/PROPPATCH requests on an inexistent webdav.Dir resource.
webdav: Simplify handling of Etag and Content-Type headers for GET, HEAD, POST and PUT requests.
* gopkg.in/natefinch/lumberjack.v2 (old rev d28785c2f27cd682d872df46ccd8232843629f54) (new rev 588a21fb0fa0ebdfde42670fa214576b6f0f22df)
Matt Silverlock (1):
Fixed import in example test to use gopkg.in.
Nate Finch (2):
Merge pull request #11 from elithrar/v2.0
Fix bug #12
log spanID info to json output
update cid package through tree
Closes: ipfs#6284 Add appropriate IPv6 ranges to defaultServerFilters
Closes: ipfs#6284 Add appropriate IPv6 ranges to defaultServerFilters
Closes: ipfs#6284 Add appropriate IPv6 ranges to defaultServerFilters
Closes: ipfs#6284 Add appropriate IPv6 ranges to defaultServerFilters
fix some performance regressions when reading protobuf nodes
Proposed solution as a simple, secure, and modular transport layer.
Uses peer keys for signing only (which they probably should be restricted to), and a shared key is derived through ECDH. Provides forward secrecy, data secrecy, data integrity, and mutual authentication. Borrows the idea of cipher suites/negotiation from TLS for modularity.
Protocol:
Step 1: Hello = (Random, MultiPublicKey, Supported Algorithms)
Step 2: Exchange = (EECDH Public Key, Sig(Hello1 || Hello2 || EECDH Public Key))
Step 3: Finish = E("Finish")
Atm, it hasn't been integrated with the rest of the code base yet.
Peer review/suggestions welcome, as always.