mirror of
https://github.com/google/nomulus.git
synced 2025-05-21 03:39:36 +02:00
Respect certificate validity period (#391)
Client SSL handler already performs the necessary validation. Only tests are added. Server SSL handler does not currently check for the validity period of the client certificate as the insecure trust manager is used. This PR added the check but does not actually terminate the connection yet. It will log the expired certificates so that we can contact the registrars to update them. Once we are certain that all certificates are updated, we can turn off dryrun mode. We should also consider checking if the certificate has too long a validity period as it defeats the purpose of using regularly updated certificates to deprecate insecure cipher suites.
This commit is contained in:
Lai Jiang
GitHub
parent
9bb6b598a3
commit
1c1ccee75e
17 changed files with 473 additions and 35 deletions
|
|
@ -1,13 +1,30 @@
|
|||
# This is a Gradle generated file for dependency locking.
|
||||
# Manual edits can break the build and are not advised.
|
||||
# This file is expected to be part of source control.
|
||||
com.fasterxml.jackson.core:jackson-core:2.9.9
|
||||
com.google.api-client:google-api-client:1.29.2
|
||||
com.google.appengine:appengine-api-1.0-sdk:1.9.48
|
||||
com.google.appengine:appengine-testing:1.9.58
|
||||
com.google.auth:google-auth-library-credentials:0.16.1
|
||||
com.google.auth:google-auth-library-oauth2-http:0.16.1
|
||||
com.google.auto.value:auto-value-annotations:1.6.3
|
||||
com.google.auto.value:auto-value:1.6.3
|
||||
com.google.code.findbugs:jsr305:3.0.2
|
||||
com.google.dagger:dagger:2.21
|
||||
com.google.errorprone:error_prone_annotations:2.3.2
|
||||
com.google.flogger:flogger:0.1
|
||||
com.google.guava:failureaccess:1.0.1
|
||||
com.google.guava:guava:28.1-jre
|
||||
com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava
|
||||
com.google.http-client:google-http-client-jackson2:1.30.1
|
||||
com.google.http-client:google-http-client:1.30.1
|
||||
com.google.j2objc:j2objc-annotations:1.3
|
||||
com.google.oauth-client:google-oauth-client:1.29.2
|
||||
com.google.re2j:re2j:1.1
|
||||
com.ibm.icu:icu4j:57.1
|
||||
commons-codec:commons-codec:1.11
|
||||
commons-logging:commons-logging:1.2
|
||||
io.grpc:grpc-context:1.19.0
|
||||
io.netty:netty-buffer:4.1.31.Final
|
||||
io.netty:netty-codec-http:4.1.31.Final
|
||||
io.netty:netty-codec:4.1.31.Final
|
||||
|
|
@ -15,6 +32,15 @@ io.netty:netty-common:4.1.31.Final
|
|||
io.netty:netty-handler:4.1.31.Final
|
||||
io.netty:netty-resolver:4.1.31.Final
|
||||
io.netty:netty-transport:4.1.31.Final
|
||||
io.opencensus:opencensus-api:0.21.0
|
||||
io.opencensus:opencensus-contrib-http-util:0.21.0
|
||||
javax.activation:activation:1.1
|
||||
javax.inject:javax.inject:1
|
||||
javax.mail:mail:1.4
|
||||
javax.xml.bind:jaxb-api:2.3.0
|
||||
joda-time:joda-time:2.9.2
|
||||
org.apache.httpcomponents:httpclient:4.5.8
|
||||
org.apache.httpcomponents:httpcore:4.4.11
|
||||
org.checkerframework:checker-qual:2.8.1
|
||||
org.codehaus.mojo:animal-sniffer-annotations:1.18
|
||||
org.yaml:snakeyaml:1.17
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue