From: Brad Fitzpatrick Date: Tue, 29 Nov 2016 20:39:47 +0000 (+0000) Subject: doc: more additions to go1.8.html X-Git-Tag: go1.8beta1~31 X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=00047248223a68882a120e210014b66577172218;p=gostls13.git doc: more additions to go1.8.html Adds crypto/tls, crypto/x509, math/big, mime. TBR=See https://golang.org/cl/33244 Updates #17929 Change-Id: I3fa3739e56f8c005e2a43c19f525cc5e2d981935 Reviewed-on: https://go-review.googlesource.com/33666 Reviewed-by: Brad Fitzpatrick --- diff --git a/doc/go1.8.html b/doc/go1.8.html index a70cc44284..534b287de8 100644 --- a/doc/go1.8.html +++ b/doc/go1.8.html @@ -541,6 +541,122 @@ in mind. +
crypto/tls
+
+

+ The new method + Conn.CloseWrite + allows TLS connections to be half closed. +

+ +

+ The new method + Config.Clone + clones a TLS configuration. +

+ +

+ + The new Config.GetConfigForClient (TODO: make link work) + callback allows selecting a configuration for a client dynamically, based + on the client's + ClientHelloInfo. + + + The ClientHelloInfo + struct now has new + fields Conn, SignatureSchemes (using + the new + type SignatureScheme), + SupportedProtos, and SupportedVersions. +

+ +

+ The new Config.GetClientCertificate (TODO: make link work) + callback allows selecting a client certificate based on the server's + TLS CertificateRequest message, represented by the new + CertificateRequestInfo. +

+ +

+ The new + Config.KeyLogWriter + (TODO: make link work) allows debugging TLS connections + in WireShark and + similar tools. +

+ +

+ The new + Config.VerifyPeerCertificate + (TODO: make link work) + callback allows additional validation of a peer's presented certificate. +

+ +

+ The crypto/tls package now implements basic + countermeasures against CBC padding oracles. There should be + no explicit secret-dependent timings, but it does not attempt to + normalize memory accesses to prevent cache timing leaks. +

+ +

+ The crypto/tls package now supports + X25519 and + ChaCha20-Poly1305. + ChaCha20-Poly1305 is now prioritized unless + AES-GCM when hardware support is present. +

+ +

+ AES-128-CBC cipher suites with SHA-256 are also + now supported. +

+ +
+
+ +
crypto/x509
+
+

+ SystemCertPool + is now implemented on Windows. +

+ +

+ PSS signatures are now supported. +

+ +

+ UnknownAuthorityError + now has a Cert field, reporting the untrusted + certificate. +

+ +

+ Certificate validation is more permissive in a few cases and + stricter in a few other cases. + +

+ +

+ Root certificates will now also be looked for + at /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem + on Linux, to support RHEL and CentOS. +

+ +
+
+
database/sql

@@ -725,6 +841,29 @@ pkg debug/pe, type StringTable []uint8

+
math/big
+
+

+ The new method + Int.Sqrt + calculates ⌊√x⌋. +

+ +

+ The new method + Float.Scan + is a support routine for + fmt.Scanner. +

+ +

+ Int.ModInverse + now supports negative numbers. +

+ +
+
+
math/rand
@@ -742,6 +881,23 @@ pkg debug/pe, type StringTable []uint8
+
mime
+
+

+ ParseMediaType + now preserves unnecessary backslash escapes as literals, + in order to support MSIE. + When MSIE sends a full file path (in "intranet mode"), it does not + escape backslashes: "C:\dev\go\foo.txt", not + "C:\\dev\\go\\foo.txt". + If we see an unnecessary backslash escape, we now assume it is from MSIE + and intended as a literal backslash. + No known MIME generators emit unnecessary backslash escapes + for simple token characters like numbers and letters. +

+
+
+
mime/quotedprintable
diff --git a/doc/go1.8.txt b/doc/go1.8.txt index 5d2f6b5aa7..93aa31c12d 100644 --- a/doc/go1.8.txt +++ b/doc/go1.8.txt @@ -91,40 +91,6 @@ cmd/vet: skip printf check for non-constant format string during failed import ( crypto/cipher: enforce message size limits for GCM (CL 28410) -crypto/tls: add CloseWrite method to Conn (CL 25159, 31318) -crypto/tls: add Config.Clone (CL 28075) -crypto/tls: add Config.GetConfigForClient (CL 30790) -crypto/tls: add GetClientCertificate callback (CL 32115) -crypto/tls: add KeyLogWriter for debugging (CL 27434) -crypto/tls: add VerifyPeerCertificate to tls.Config (CL 26654) -crypto/tls: add a SignatureScheme type. (CL 32119) -crypto/tls: don't generate random ticket keys if already set (CL 27317) -crypto/tls: enable ChaCha20-Poly1305 cipher suites by default. (CL 30958) -crypto/tls: expand ClientHelloInfo (CL 31391) -crypto/tls: fix deadlock when racing to complete handshake (CL 29164) -crypto/tls: flush the buffer on handshake errors (CL 28818) -crypto/tls: implement countermeasures against CBC padding oracles (CL 18130) -crypto/tls: set Conn.ConnectionState.ServerName unconditionally (CL 22862) -crypto/tls: support AES-128-CBC cipher suites with SHA-256 (CL 27315) -crypto/tls: support ChaCha20-Poly1305. (CL 30957) -crypto/tls: support X25519 (CL 30824, CL 30825) -crypto/{tls,cipher,internal/cryptohw}: prioritise AES-GCM when hardware support is present. (CL 32871) - -crypto/x509: Fix bug in UnknownAuthorityError.Error (CL 27992) -crypto/x509: allow a leaf certificate to be specified directly as root (CL 27393) -crypto/x509: check that the issuer name matches the issuer's subject name (CL 23571) -crypto/x509: don't accept a root that already appears in a chain. (CL 32121) -crypto/x509: expose UnknownAuthorityError.Cert (CL 32644) -crypto/x509: fix name constraints handling (CL 30155) -crypto/x509: implement SystemCertPool on Windows (CL 30578) -crypto/x509: parse all names in an RDN (CL 30810) -crypto/x509: recognise ISO OID for RSA+SHA1 (CL 27394) -crypto/x509: require a NULL parameters for RSA public keys (CL 16166) -crypto/x509: require a NULL parameters for RSA public keys (CL 27312) -crypto/x509: return error for missing SerialNumber (CL 27238) -crypto/x509: support PSS signatures (CL 24743) -crypto/x509: support RHEL 7 cert bundle (CL 30375) - encoding/asn1: return error for unexported fields in Marshal, Unmarshal (CL 31540) encoding/xml: add wildcard support for collecting all attributes (CL 30946) @@ -148,12 +114,6 @@ html/template: check "type" attribute in