Browse Source
CA-208166: DockerMachine(golang clients) cannot connect XenServer host with ssl-legacy=falsegetsshkeypath_pr
zheng
9 years ago
2 changed files with 136 additions and 0 deletions
@ -0,0 +1,76 @@ |
|||
From 9d771b79c7bfa8db4a4a0075c72608f7d987b598 Mon Sep 17 00:00:00 2001 |
|||
From: Phus Lu <phuslu@hotmail.com> |
|||
Date: Tue, 22 Mar 2016 02:56:41 +0800 |
|||
Subject: [PATCH] crypto/tls: add |
|||
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256/TLS_RSA_WITH_AES_128_CBC_SHA256/TLS_RSA_WITH_AES_256_CBC_SHA256 |
|||
|
|||
---
|
|||
src/crypto/tls/cipher_suites.go | 20 ++++++++++++++++++++ |
|||
1 file changed, 20 insertions(+) |
|||
|
|||
diff --git a/src/crypto/tls/cipher_suites.go b/src/crypto/tls/cipher_suites.go
|
|||
index e69f5f9..d544d4e 100644
|
|||
--- a/src/crypto/tls/cipher_suites.go
|
|||
+++ b/src/crypto/tls/cipher_suites.go
|
|||
@@ -11,6 +11,7 @@ import (
|
|||
"crypto/hmac" |
|||
"crypto/rc4" |
|||
"crypto/sha1" |
|||
+ "crypto/sha256"
|
|||
"crypto/x509" |
|||
"hash" |
|||
) |
|||
@@ -82,6 +83,7 @@ var cipherSuites = []*cipherSuite{
|
|||
{TLS_ECDHE_RSA_WITH_RC4_128_SHA, 16, 20, 0, ecdheRSAKA, suiteECDHE | suiteDefaultOff, cipherRC4, macSHA1, nil}, |
|||
{TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 16, 20, 0, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteDefaultOff, cipherRC4, macSHA1, nil}, |
|||
{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, ecdheRSAKA, suiteECDHE, cipherAES, macSHA1, nil}, |
|||
+ {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, ecdheRSAKA, suiteECDHE, cipherAES, macSHA256, nil},
|
|||
{TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 16, 20, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA, cipherAES, macSHA1, nil}, |
|||
{TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, ecdheRSAKA, suiteECDHE, cipherAES, macSHA1, nil}, |
|||
{TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 32, 20, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA, cipherAES, macSHA1, nil}, |
|||
@@ -90,6 +92,8 @@ var cipherSuites = []*cipherSuite{
|
|||
{TLS_RSA_WITH_RC4_128_SHA, 16, 20, 0, rsaKA, suiteDefaultOff, cipherRC4, macSHA1, nil}, |
|||
{TLS_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, rsaKA, 0, cipherAES, macSHA1, nil}, |
|||
{TLS_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, rsaKA, 0, cipherAES, macSHA1, nil}, |
|||
+ {TLS_RSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, rsaKA, 0, cipherAES, macSHA256, nil},
|
|||
+ {TLS_RSA_WITH_AES_256_CBC_SHA256, 32, 32, 16, rsaKA, 0, cipherAES, macSHA256, nil},
|
|||
{TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, ecdheRSAKA, suiteECDHE, cipher3DES, macSHA1, nil}, |
|||
{TLS_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, rsaKA, 0, cipher3DES, macSHA1, nil}, |
|||
} |
|||
@@ -128,6 +132,19 @@ func macSHA1(version uint16, key []byte) macFunction {
|
|||
return tls10MAC{hmac.New(sha1.New, key)} |
|||
} |
|||
|
|||
+// macSHA256 returns a macFunction for the given protocol version.
|
|||
+func macSHA256(version uint16, key []byte) macFunction {
|
|||
+ if version == VersionSSL30 {
|
|||
+ mac := ssl30MAC{
|
|||
+ h: sha256.New(),
|
|||
+ key: make([]byte, len(key)),
|
|||
+ }
|
|||
+ copy(mac.key, key)
|
|||
+ return mac
|
|||
+ }
|
|||
+ return tls10MAC{hmac.New(sha256.New, key)}
|
|||
+}
|
|||
+
|
|||
type macFunction interface { |
|||
Size() int |
|||
MAC(digestBuf, seq, header, data []byte) []byte |
|||
@@ -270,6 +287,8 @@ const (
|
|||
TLS_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x000a |
|||
TLS_RSA_WITH_AES_128_CBC_SHA uint16 = 0x002f |
|||
TLS_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0035 |
|||
+ TLS_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x003c
|
|||
+ TLS_RSA_WITH_AES_256_CBC_SHA256 uint16 = 0x003d
|
|||
TLS_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x009c |
|||
TLS_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x009d |
|||
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA uint16 = 0xc007 |
|||
@@ -279,6 +298,7 @@ const (
|
|||
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xc012 |
|||
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA uint16 = 0xc013 |
|||
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA uint16 = 0xc014 |
|||
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0xc027
|
|||
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0xc02f |
|||
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 uint16 = 0xc02b |
|||
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0xc030 |
@ -0,0 +1,60 @@ |
|||
#!/bin/bash |
|||
|
|||
export GITHUB_USER=${GITHUB_USER:-xenserver} |
|||
export GITHUB_REPO=${GITHUB_REPO:-docker-machine-driver-xenserver} |
|||
export GITHUB_COMMIT_ID=${TRAVIS_COMMIT:-${COMMIT_ID:-master}} |
|||
export WORKING_DIR=/tmp/tmp.$(date "+%Y%m%d%H%M%S").${RANDOM:-$$}.${GITHUB_REPO} |
|||
export GOROOT_BOOTSTRAP=${WORKING_DIR}/go1.6 |
|||
export GOROOT=${WORKING_DIR}/go |
|||
export GOPATH=${WORKING_DIR}/gopath |
|||
export PATH=$GOROOT/bin:$GOPATH/bin:$PATH |
|||
|
|||
mkdir -p ${WORKING_DIR} |
|||
|
|||
function build_go() { |
|||
pushd ${WORKING_DIR} |
|||
|
|||
curl -k https://storage.googleapis.com/golang/go1.6.linux-amd64.tar.gz | tar xz |
|||
mv go go1.6 |
|||
|
|||
git clone --depth 50 --branch release-branch.go1.6 https://github.com/golang/go |
|||
patch -d go -p1 < <(curl -k -L https://github.com/${GITHUB_USER}/${GITHUB_REPO}/raw/master/patches/TLS_RSA_WITH_AES_128_CBC_SHA256.patch) |
|||
(cd go/src && bash ./make.bash) |
|||
|
|||
go env |
|||
go version |
|||
|
|||
popd |
|||
} |
|||
|
|||
function build_repo() { |
|||
pushd ${WORKING_DIR} |
|||
|
|||
go get -v github.com/${GITHUB_USER}/${GITHUB_REPO} |
|||
|
|||
popd |
|||
} |
|||
|
|||
function release_repo() { |
|||
if [ "$TRAVIS_PULL_REQUEST" == "true" ]; then |
|||
return |
|||
fi |
|||
|
|||
pushd ${WORKING_DIR} |
|||
|
|||
if [ -d "${WORKSPACE}" ]; then |
|||
local FILENAME=docker-machine-driver-xenserver_$(go env GOOS)-$(go env GOARCH) |
|||
cp -rf $GOPATH/bin/docker-machine-driver-xenserver ${WORKSPACE}/${FILENAME} |
|||
fi |
|||
|
|||
popd |
|||
} |
|||
|
|||
function clean() { |
|||
rm -rf $HOME/tmp.*.${GITHUB_REPO} |
|||
} |
|||
|
|||
build_go |
|||
build_repo |
|||
release_repo |
|||
clean |
Loading…
Reference in new issue