diff --git a/vendor.conf b/vendor.conf index 62b73cd203..004318a681 100755 --- a/vendor.conf +++ b/vendor.conf @@ -6,21 +6,19 @@ github.com/davecgh/go-spew 346938d642f2ec3594ed81d874461961cd0faa76 github.com/docker/distribution edc3ab29cdff8694dd6feb85cfeb4b5f1b38ed9c github.com/docker/docker 184cea5ff710abde25547749e5608b24a255ba09 github.com/docker/docker-credential-helpers v0.5.1 -github.com/docker/go-connections 3ede32e2033de7505e6500d6c868c2b9ed9f169d # the docker/go package contains a customized version of canonical/json # and is used by Notary. The package is periodically rebased on current Go versions. github.com/docker/go d30aec9fd63c35133f8f79c3412ad91a3b08be06 +github.com/docker/go-connections 3ede32e2033de7505e6500d6c868c2b9ed9f169d github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9 github.com/docker/go-units 9e638d38cf6977a37a8ea0078f3ee75a7cdb2dd1 -github.com/docker/libnetwork 19ac3ea7f52bb46e0eb10669756cdae0c441a5b1 github.com/docker/libtrust 9cbd2a1374f46905c68a4eb3694a130610adc62a github.com/docker/notary v0.4.2-sirupsen https://github.com/simonferquel/notary.git github.com/docker/swarmkit 0554c9bc9a485025e89b8e5c2c1f0d75961906a2 github.com/flynn-archive/go-shlex 3f9db97f856818214da2e1057f8ad84803971cff github.com/gogo/protobuf v0.4 github.com/golang/protobuf 7a211bcf3bce0e3f1d74f9894916e6f116ae83b4 -github.com/google/certificate-transparency 0f6e3d1d1ba4d03fdaab7cd716f36255c2e48341 github.com/gorilla/context v1.1 github.com/gorilla/mux v1.1 github.com/gotestyourself/gotestyourself v1.0.0 diff --git a/vendor/github.com/docker/libnetwork/LICENSE b/vendor/github.com/docker/libnetwork/LICENSE deleted file mode 100644 index e06d208186..0000000000 --- a/vendor/github.com/docker/libnetwork/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ -Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - diff --git a/vendor/github.com/docker/libnetwork/README.md b/vendor/github.com/docker/libnetwork/README.md deleted file mode 100644 index 536f8aa2b3..0000000000 --- a/vendor/github.com/docker/libnetwork/README.md +++ /dev/null @@ -1,89 +0,0 @@ -# libnetwork - networking for containers - -[![Circle CI](https://circleci.com/gh/docker/libnetwork/tree/master.svg?style=svg)](https://circleci.com/gh/docker/libnetwork/tree/master) [![Coverage Status](https://coveralls.io/repos/docker/libnetwork/badge.svg)](https://coveralls.io/r/docker/libnetwork) [![GoDoc](https://godoc.org/github.com/docker/libnetwork?status.svg)](https://godoc.org/github.com/docker/libnetwork) - -Libnetwork provides a native Go implementation for connecting containers - -The goal of libnetwork is to deliver a robust Container Network Model that provides a consistent programming interface and the required network abstractions for applications. - -#### Design -Please refer to the [design](docs/design.md) for more information. - -#### Using libnetwork - -There are many networking solutions available to suit a broad range of use-cases. libnetwork uses a driver / plugin model to support all of these solutions while abstracting the complexity of the driver implementations by exposing a simple and consistent Network Model to users. - - -```go -func main() { - if reexec.Init() { - return - } - - // Select and configure the network driver - networkType := "bridge" - - // Create a new controller instance - driverOptions := options.Generic{} - genericOption := make(map[string]interface{}) - genericOption[netlabel.GenericData] = driverOptions - controller, err := libnetwork.New(config.OptionDriverConfig(networkType, genericOption)) - if err != nil { - log.Fatalf("libnetwork.New: %s", err) - } - - // Create a network for containers to join. - // NewNetwork accepts Variadic optional arguments that libnetwork and Drivers can use. - network, err := controller.NewNetwork(networkType, "network1", "") - if err != nil { - log.Fatalf("controller.NewNetwork: %s", err) - } - - // For each new container: allocate IP and interfaces. The returned network - // settings will be used for container infos (inspect and such), as well as - // iptables rules for port publishing. This info is contained or accessible - // from the returned endpoint. - ep, err := network.CreateEndpoint("Endpoint1") - if err != nil { - log.Fatalf("network.CreateEndpoint: %s", err) - } - - // Create the sandbox for the container. - // NewSandbox accepts Variadic optional arguments which libnetwork can use. - sbx, err := controller.NewSandbox("container1", - libnetwork.OptionHostname("test"), - libnetwork.OptionDomainname("docker.io")) - if err != nil { - log.Fatalf("controller.NewSandbox: %s", err) - } - - // A sandbox can join the endpoint via the join api. - err = ep.Join(sbx) - if err != nil { - log.Fatalf("ep.Join: %s", err) - } - - // libnetwork client can check the endpoint's operational data via the Info() API - epInfo, err := ep.DriverInfo() - if err != nil { - log.Fatalf("ep.DriverInfo: %s", err) - } - - macAddress, ok := epInfo[netlabel.MacAddress] - if !ok { - log.Fatalf("failed to get mac address from endpoint info") - } - - fmt.Printf("Joined endpoint %s (%s) to sandbox %s (%s)\n", ep.Name(), macAddress, sbx.ContainerID(), sbx.Key()) -} -``` - -## Future -Please refer to [roadmap](ROADMAP.md) for more information. - -## Contributing - -Want to hack on libnetwork? [Docker's contributions guidelines](https://github.com/docker/docker/blob/master/CONTRIBUTING.md) apply. - -## Copyright and license -Code and documentation copyright 2015 Docker, inc. Code released under the Apache 2.0 license. Docs released under Creative commons. diff --git a/vendor/github.com/docker/libnetwork/vendor.conf b/vendor/github.com/docker/libnetwork/vendor.conf deleted file mode 100644 index 6751cba47e..0000000000 --- a/vendor/github.com/docker/libnetwork/vendor.conf +++ /dev/null @@ -1,44 +0,0 @@ -github.com/Azure/go-ansiterm 19f72df4d05d31cbe1c56bfc8045c96babff6c7e -github.com/BurntSushi/toml f706d00e3de6abe700c994cdd545a1a4915af060 -github.com/Microsoft/go-winio ce2922f643c8fd76b46cadc7f404a06282678b34 -github.com/Microsoft/hcsshim v0.6.1 -github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec -github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80 -github.com/boltdb/bolt c6ba97b89e0454fec9aa92e1d33a4e2c5fc1f631 -github.com/codegangsta/cli a65b733b303f0055f8d324d805f393cd3e7a7904 -github.com/coreos/etcd 925d1d74cec8c3b169c52fd4b2dc234a35934fce -github.com/coreos/go-systemd b4a58d95188dd092ae20072bac14cece0e67c388 -github.com/deckarep/golang-set ef32fa3046d9f249d399f98ebaf9be944430fd1d - -github.com/docker/docker 2cac43e3573893cf8fd816e0ad5615426acb87f4 https://github.com/dmcgowan/docker.git -github.com/docker/go-connections 3ede32e2033de7505e6500d6c868c2b9ed9f169d -github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9 -github.com/docker/go-units 8e2d4523730c73120e10d4652f36ad6010998f4e -github.com/docker/libkv 1d8431073ae03cdaedb198a89722f3aab6d418ef - -github.com/godbus/dbus 5f6efc7ef2759c81b7ba876593971bfce311eab3 -github.com/gogo/protobuf 8d70fb3182befc465c4a1eac8ad4d38ff49778e2 -github.com/golang/protobuf f7137ae6b19afbfd61a94b746fda3b3fe0491874 -github.com/gorilla/context 215affda49addc4c8ef7e2534915df2c8c35c6cd -github.com/gorilla/mux 8096f47503459bcc74d1f4c487b7e6e42e5746b5 -github.com/hashicorp/consul 954aec66231b79c161a4122b023fbcad13047f79 -github.com/hashicorp/go-msgpack 71c2886f5a673a35f909803f38ece5810165097b -github.com/hashicorp/go-multierror 2167c8ec40776024589f483a6b836489e47e1049 -github.com/hashicorp/memberlist v0.1.0 -github.com/sean-/seed e2103e2c35297fb7e17febb81e49b312087a2372 -github.com/hashicorp/go-sockaddr acd314c5781ea706c710d9ea70069fd2e110d61d -github.com/hashicorp/serf 598c54895cc5a7b1a24a398d635e8c0ea0959870 -github.com/mattn/go-shellwords 525bedee691b5a8df547cb5cf9f86b7fb1883e24 -github.com/miekg/dns d27455715200c7d3e321a1e5cadb27c9ee0b0f02 -github.com/opencontainers/runc 8694d576ea3ce3c9e2c804b7f91b4e1e9a575d1c https://github.com/dmcgowan/runc.git -github.com/samuel/go-zookeeper d0e0d8e11f318e000a8cc434616d69e329edc374 -github.com/seccomp/libseccomp-golang 1b506fc7c24eec5a3693cdcbed40d9c226cfc6a1 -github.com/sirupsen/logrus v1.0.1 -github.com/stretchr/testify dab07ac62d4905d3e48d17dc549c684ac3b7c15a -github.com/syndtr/gocapability 2c00daeb6c3b45114c80ac44119e7b8801fdd852 -github.com/ugorji/go f1f1a805ed361a0e078bb537e4ea78cd37dcf065 -github.com/vishvananda/netlink bd6d5de5ccef2d66b0a26177928d0d8895d7f969 -github.com/vishvananda/netns 604eaf189ee867d8c147fafc28def2394e878d25 -golang.org/x/net c427ad74c6d7a814201695e9ffde0c5d400a7674 -golang.org/x/sys 8f0908ab3b2457e2e15403d3697c9ef5cb4b57a9 -github.com/pkg/errors 839d9e913e063e28dfd0e6c7b7512793e0a48be9 diff --git a/vendor/github.com/google/certificate-transparency/LICENSE b/vendor/github.com/google/certificate-transparency/LICENSE deleted file mode 100644 index d645695673..0000000000 --- a/vendor/github.com/google/certificate-transparency/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/vendor/github.com/google/certificate-transparency/README.Fedora b/vendor/github.com/google/certificate-transparency/README.Fedora deleted file mode 100644 index 14c2a844ac..0000000000 --- a/vendor/github.com/google/certificate-transparency/README.Fedora +++ /dev/null @@ -1,91 +0,0 @@ -## Quickstart on Fedora 22 ## - -Please attempt to use the GClient build as documented in the -[main readme](README.md) as this is an easier process and will be -maintained in future. - -If GClient works and tests pass then the following procedures are not -required. - -## Deprecated Manual Build Process ## - -Note: This assumes a Workstation install for x64. The additional dependency -packages that need to be installed may vary if you are starting with a -different base system. - - -Install Dependencies: - -```bash -sudo dnf update -sudo dnf install cmake gcc-g++ libevent-devel golang autoconf pkgconfig \ - json-c-devel gflags-devel glog-devel protobuf-devel leveldb-devel \ - openssl-devel gperftools-devel protobuf-compiler sqlite-devel ant \ - java-1.8.0-openjdk-devel protobuf-java python-gflags protobuf-python \ - python-ecdsa python-mock python-httplib2 git ldns-devel automake \ - libtool shtool libunwind-devel -``` - -Other Libraries - - -The `gflags` in Fedora is v2.1 and is using the new default namespace option of -‘gflags’ rather than ‘google’ so we need to build our own version. - -```bash -git clone https://github.com/gflags/gflags.git -cd gflags -cmake -DGFLAGS_NAMESPACE:STRING=google \ - -DCMAKE_CXX_FLAGS:STRING=-fPIC . -make -cd .. -``` - -Next, we need `libevhtp` version `1.2.10` which is not packaged in Fedora, so -we build from source: - -```bash -wget https://github.com/ellzey/libevhtp/archive/1.2.10.zip -unzip 1.2.10.zip -cd libevhtp-1.2.10/ -cmake -DEVHTP_DISABLE_REGEX:STRING=ON -DCMAKE_C_FLAGS:STRING=-fPIC . -make -cd .. -``` - -And let's get our own Google Test / Google Mock as these vary in incompatible -ways between packaged releases: - -```bash -wget https://googlemock.googlecode.com/files/gmock-1.7.0.zip -unzip gmock-1.7.0.zip -``` -Now, clone the CT repo: - -```bash -git clone https://github.com/google/certificate-transparency.git -cd certificate-transparency/ -``` - -One-time setup for Go: - -```bash -export GOPATH=$PWD/go -mkdir -p $GOPATH/src/github.com/google -ln -s $PWD $GOPATH/src/github.com/google -go get -v -d ./... -``` - -Build CT server C++ code: - -```bash -./autogen.sh -./configure GTEST_DIR=../gmock-1.7.0/gtest GMOCK_DIR=../gmock-1.7.0 \ - CPPFLAGS="-I../libevhtp-1.2.10 -I../libevhtp-1.2.10/evthr \ - -I../libevhtp-1.2.10/htparse -I../gflags/include" \ - LDFLAGS=”-L../libevhtp-1.2.10 -L../gflags/lib” -make check -``` - -The remainder of the Java, Go and Python steps should be very similar to those -documented for Ubuntu in the [main readme file](README.md). diff --git a/vendor/github.com/google/certificate-transparency/README.MacOS b/vendor/github.com/google/certificate-transparency/README.MacOS deleted file mode 100644 index 3b3da37f4c..0000000000 --- a/vendor/github.com/google/certificate-transparency/README.MacOS +++ /dev/null @@ -1,57 +0,0 @@ -## OSX Builds Now Use GClient ## - -We recommend that you use GClient to build on OSX. Please follow the -instructions in the [main readme](README.md) file. - -## Trusted root certificates ## - -The CT code requires a set of trusted root certificates in order to: - 1. Validate outbound HTTPS connections - 2. (In the case of the log-server) decide whether to accept a certificate - chain for inclusion. - -On OSX, the system version of OpenSSL (0.9.8gz at time of writing) contains -Apple-provided patches which intercept failed chain validations and re-attempts -them using roots obtained from the system keychain. Since we use a much more -recent (and unpatched) version of OpenSSL this behaviour is unsupported and so -a PEM file containing the trusted root certs must be used. - -## Specifying root certificates to be used - -To use a certificate PEM bundle file with the CT C++ code, the following -methods may be used: - -### For verifying outbound HTTPS connections: - -Either set the -`--trusted_roots_certs' flag, or the `SSL_CERT_FILE` environment variable, to -point to the location of the PEM file containing the root certificates to be -used to verify the outbound HTTPS connection. - -### Incoming inclusion requests (ct-server only) - -Set the `--trusted_cert_file` flag to point to the location of the PEM file -containing the set of root certificates whose chains should be accepted for -inclusion into the log. - -## Sources of trusted roots - -Obviously the choice of root certificates to trust for outbound HTTPS -connections and incoming inclusion requests are a matter of operating policy, -but it is often useful to have a set of common roots for testing and -development at the very least. - -While OSX ships with a set of common trusted roots, they are not directly -available to OpenSSL and must be exported from the keychain first. This can be -achieved with the following command: - -```bash -security find-certificates -a -p /Library/Keychains/System.keychain > certs.pem -security find-certificates -a -p /System/Library/Keychains/SystemRootCertificates.keychain >> certs.pem -``` - -## Deprecated Build Process ## - -This may be out of date and is not guaranteed to work. - -gtest: install from source. diff --git a/vendor/github.com/google/certificate-transparency/README.md b/vendor/github.com/google/certificate-transparency/README.md deleted file mode 100644 index 37575dfe6b..0000000000 --- a/vendor/github.com/google/certificate-transparency/README.md +++ /dev/null @@ -1,269 +0,0 @@ -certificate-transparency -======================== - -#Auditing for TLS certificates# - -[![Build Status](https://travis-ci.org/google/certificate-transparency.svg?branch=master)](https://travis-ci.org/google/certificate-transparency) - - -## Build With GClient ## - -This is now the recommended method for all supported platforms. It gives you -a reproducible build and avoids the need to build some dependencies manually. - -Known to work on FreeBSD 10, OS X (10.10) [tested with XCode + brew installation -of deps listed below], and Ubuntu 14.04. Tested on Fedora 22 but may require -manual override of compiler options as documented below. Tested on CentOS 7 -with similar caveats. - -### Install Dependencies ### - -Depending on which platform you have the exact packages required will vary. -The following tools must be available for the GClient build to succeed: - - - autoconf/automake etc. - - clang++ (>=3.4) - - cmake (>=v3.1.2) - - git - - GNU make - - libtool - - shtool - - Tcl - - pkgconf - - python27 - - [depot_tools](https://www.chromium.org/developers/how-tos/install-depot-tools) - -### Building with gclient ### - -```bash -export CXX=clang++ CC=clang -mkdir ct # or whatever directory you prefer -cd ct -gclient config --name="certificate-transparency" https://github.com/google/certificate-transparency.git -gclient sync -# substitute gmake or gnumake below if that's what your platform calls it: -make -C certificate-transparency check -``` - -If you're trying to clone from a branch on the CT repo then you'll need to -substitute the following command for the `gclient config` command above, -replacing `branch` as appropriate - -```bash -gclient config --name="certificate-transparency" https://github.com/google/certificate-transparency.git@branch -``` - -### Platform Specific Notes ### - -#### Fedora / CentOS #### - -When you issue the `gclient sync` command you may need to set compiler options -in order to build successfully. If the build fails to work try using: - -```bash -CXXFLAGS="-O2 -Wno-error=unused-variable" gclient sync -``` - -If this gives an error about an unused typedef in a `glog` header file try this: - -```bash -CXXFLAGS="-O2 -Wno-error=unused-variable -Wno-error=unused-local-typedefs" gclient sync -``` - -When changing `CXXFLAGS` it's safer to remove the existing build directories -in case not all dependencies are properly accounted for and rebuilt. If -problems persist check that the Makefile in `certificate-transparency` -contains the options that were passed in `CXXFLAGS`. - -If there are still problems using GClient then an older style build can be -attempted. The process should be similar to the one documented for Ubuntu -below or in the [Fedora README](README.Fedora) depending on platform. - -## Deprecated: Quickstart on Ubuntu ## - -This should no longer be needed as the instructions above should work. But in -case of difficulties the dependencies can be built manually. The following -steps will checkout the code and build it on a clean Ubuntu 14.04 LTS -installation. It has also been tested on an Ubuntu 15.04 installation. - -First, install packaged dependencies: - - sudo apt-get update -qq - sudo apt-get install -qq unzip cmake g++ libevent-dev golang-go autoconf pkg-config \ - libjson-c-dev libgflags-dev libgoogle-glog-dev libprotobuf-dev libleveldb-dev \ - libssl-dev libgoogle-perftools-dev protobuf-compiler libsqlite3-dev ant openjdk-7-jdk \ - libprotobuf-java python-gflags python-protobuf python-ecdsa python-mock \ - python-httplib2 git libldns-dev - -Next, we need `libevhtp` version `1.2.10` which is not packaged in Ubuntu yet, so we build from source: - - wget https://github.com/ellzey/libevhtp/archive/1.2.10.zip - unzip 1.2.10.zip - cd libevhtp-1.2.10/ - cmake -DEVHTP_DISABLE_REGEX:STRING=ON -DCMAKE_C_FLAGS:STRING=-fPIC . - make - cd .. - -And let's get our own Google Test / Google Mock as these vary in incompatible ways between packaged releases: - - wget https://googlemock.googlecode.com/files/gmock-1.7.0.zip - unzip gmock-1.7.0.zip - -Now, clone the CT repo: - - git clone https://github.com/google/certificate-transparency.git - cd certificate-transparency/ - -One-time setup for Go: - - export GOPATH=$PWD/go - mkdir -p $GOPATH/src/github.com/google - ln -s $PWD $GOPATH/src/github.com/google - go get -v -d ./... - -Build CT server C++ code: - - ./autogen.sh - ./configure GTEST_DIR=../gmock-1.7.0/gtest GMOCK_DIR=../gmock-1.7.0 \ - CPPFLAGS="-I../libevhtp-1.2.10 -I../libevhtp-1.2.10/evthr \ - -I../libevhtp-1.2.10/htparse" LDFLAGS=-L../libevhtp-1.2.10 - make check - -Build and test Java code: - - ant build test - -Build and test Python code: - - make -C python test - -Best and test Go code: - - go test -v ./go/... - - -## Deprecated: Older Build Method ## - - - [OpenSSL](https://www.openssl.org/source/), at least 1.0.0q, - preferably 1.0.1l or 1.0.2 (and up) - -The checking of SCTs included in the -[RFC 6962](http://tools.ietf.org/html/rfc6962) TLS extension is only -included in OpenSSL 1.0.2. As of this writing, this version is not yet -released, so this means hand building the `OpenSSL_1_0_2-stable` -branch from the -[OpenSSL git repository](https://www.openssl.org/source/repos.html). - - - [googlemock](https://github.com/google/googlemock) (tested with 1.7.0) - -Gmock provides a bundled version of gtest, which will also be used. - -Unpack googlemock, but do not build it. Upstream recommends to build a -new copy from source for each package to be tested. We follow this -advice in our `Makefile`, which builds gmock/gtest automatically. - -Some systems make the googlemock source available as a package; on -Debian, this is in the google-mock package, which puts it in -`/usr/src/gmock`. Our `Makefile` looks in that location by default, -but if your googlemock sources are in a different location, set the -`GMOCK_DIR` environment variable to point at them. - -If you are on FreeBSD, you may need to apply the patch in gtest.patch -to the gtest subdirectory of gmock. - - - [protobuf](https://github.com/google/protobuf) (tested with 2.5.0) - - [gflags](https://github.com/gflags/gflags) (tested with 1.6 - and 2.0) - - [glog](https://github.com/google/glog) (tested with 0.3.1) - -Make sure to install glog **after** gflags, to avoid linking errors. - - - [sqlite3](http://www.sqlite.org/) - - [leveldb](https://github.com/google/leveldb) - - [JSON-C](https://github.com/json-c/json-c/), at least 0.11 - -You can specify a JSON-C library in a non-standard location using the -`JSONCLIBDIR` environment variable. Version 0.10 would work as well, -except the `json_object_iterator.h` header is not properly copied when -installing. If you can install the missing header manually, it should -work. - - - [libevent](http://libevent.org/) (tested with 2.0.21-stable) - - [libevhtp](https://github.com/ellzey/libevhtp) (tested with 1.2.10) - If building libevhtp from source, you may need to disable the regex support - with the following cmake flag: `-DEVHTP_DISABLE_REGEX:STRING=ON` - -You can specify a non-installed locally built library using the -`LIBEVENTDIR` environment variable to point to the local build. Note -that the FreeBSD port version 2.0.21_2 does not appear to work -correctly (it only listens on IPv6 for the HTTP server) - for that -platform we had to build from the source, specifically commit -6dba1694c89119c44cef03528945e5a5978ab43a. - - - [ldns](http://www.nlnetlabs.nl/projects/ldns/) - - [ant](http://ant.apache.org/) - - Python libraries: - - pyasn1 and pyasn1-modules (optional, needed for `upload_server_cert.sh`) - - [dnspython](http://www.dnspython.org/) - -### Building ### - -You can build the log server with the following commands: - - $ ./autogen.sh # only necessary if you're building from git - $ ./configure - $ make - -You can give the `configure` script extra parameters, to set -compilation flags, or point to custom versions of some dependencies -(notably, googlemock often needs this). For example, to compile with -Clang, using googlemock in `$HOME/gmock`, and a custom libevent in -`$HOME/libevent`: - - $ ./configure CXX=clang++ GMOCK_DIR=$HOME CPPFLAGS="-I$HOME/libevent/include" LDFLAGS="-L$HOME/libevent/.libs" - -Running `./configure --help` provides more information about various -variables that can be set. - -## Running Unit Tests ## - -Run unit tests with this command - - $ make check - -If the build still fails because of missing libraries, you may need to -set the environment variable `LD_LIBRARY_PATH`. On Linux, if you did -not change the default installation path (such as `/usr/local/lib`), -running - - $ ldconfig - -or, if needed, - - $ sudo ldconfig - -should resolve the problem. - -## End-To-End Tests ## - -For end-to-end server-client tests, you will need to install Apache -and point the tests to it. See `test/README` for how to do so. - -## Testing and Logging Options ## - -Note that several tests write files on disk. The default directory for -storing temporary testdata is `/tmp`. You can change this by setting -`TMPDIR=` for make. - -End-to-end tests also create temporary certificate and server files in -`test/tmp`. All these files are cleaned up after a successful test -run. - -For logging options, see -http://google-glog.googlecode.com/svn/trunk/doc/glog.html - -By default, unit tests log to stderr, and log only messages with a FATAL level -(i.e., those that result in abnormal program termination). -You can override the defaults with command-line flags. - -End-to-end tests log everything at INFO level and above. diff --git a/vendor/github.com/google/certificate-transparency/cpp/third_party/curl/hostcheck.c b/vendor/github.com/google/certificate-transparency/cpp/third_party/curl/hostcheck.c deleted file mode 100644 index b89469253b..0000000000 --- a/vendor/github.com/google/certificate-transparency/cpp/third_party/curl/hostcheck.c +++ /dev/null @@ -1,214 +0,0 @@ -/*************************************************************************** - * _ _ ____ _ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * - * Copyright (C) 1998 - 2012, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at http://curl.haxx.se/docs/copyright.html. - * - * You may opt to use, copy, modify, merge, publish, distribute and/or sell - * copies of the Software, and permit persons to whom the Software is - * furnished to do so, under the terms of the COPYING file. - * - * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY - * KIND, either express or implied. - * - ***************************************************************************/ - -/* This file is an amalgamation of hostcheck.c and most of rawstr.c - from cURL. The contents of the COPYING file mentioned above are: - -COPYRIGHT AND PERMISSION NOTICE - -Copyright (c) 1996 - 2013, Daniel Stenberg, . - -All rights reserved. - -Permission to use, copy, modify, and distribute this software for any purpose -with or without fee is hereby granted, provided that the above copyright -notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN -NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, -DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR -OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE -OR OTHER DEALINGS IN THE SOFTWARE. - -Except as contained in this notice, the name of a copyright holder shall not -be used in advertising or otherwise to promote the sale, use or other dealings -in this Software without prior written authorization of the copyright holder. -*/ - -#include "hostcheck.h" -#include - -/* Portable, consistent toupper (remember EBCDIC). Do not use toupper() because - its behavior is altered by the current locale. */ -static char Curl_raw_toupper(char in) { - switch (in) { - case 'a': - return 'A'; - case 'b': - return 'B'; - case 'c': - return 'C'; - case 'd': - return 'D'; - case 'e': - return 'E'; - case 'f': - return 'F'; - case 'g': - return 'G'; - case 'h': - return 'H'; - case 'i': - return 'I'; - case 'j': - return 'J'; - case 'k': - return 'K'; - case 'l': - return 'L'; - case 'm': - return 'M'; - case 'n': - return 'N'; - case 'o': - return 'O'; - case 'p': - return 'P'; - case 'q': - return 'Q'; - case 'r': - return 'R'; - case 's': - return 'S'; - case 't': - return 'T'; - case 'u': - return 'U'; - case 'v': - return 'V'; - case 'w': - return 'W'; - case 'x': - return 'X'; - case 'y': - return 'Y'; - case 'z': - return 'Z'; - } - return in; -} - -/* - * Curl_raw_equal() is for doing "raw" case insensitive strings. This is meant - * to be locale independent and only compare strings we know are safe for - * this. See http://daniel.haxx.se/blog/2008/10/15/strcasecmp-in-turkish/ for - * some further explanation to why this function is necessary. - * - * The function is capable of comparing a-z case insensitively even for - * non-ascii. - */ - -static int Curl_raw_equal(const char *first, const char *second) { - while (*first && *second) { - if (Curl_raw_toupper(*first) != Curl_raw_toupper(*second)) - /* get out of the loop as soon as they don't match */ - break; - first++; - second++; - } - /* we do the comparison here (possibly again), just to make sure that if the - loop above is skipped because one of the strings reached zero, we must not - return this as a successful match */ - return (Curl_raw_toupper(*first) == Curl_raw_toupper(*second)); -} - -static int Curl_raw_nequal(const char *first, const char *second, size_t max) { - while (*first && *second && max) { - if (Curl_raw_toupper(*first) != Curl_raw_toupper(*second)) { - break; - } - max--; - first++; - second++; - } - if (0 == max) - return 1; /* they are equal this far */ - - return Curl_raw_toupper(*first) == Curl_raw_toupper(*second); -} - -/* - * Match a hostname against a wildcard pattern. - * E.g. - * "foo.host.com" matches "*.host.com". - * - * We use the matching rule described in RFC6125, section 6.4.3. - * http://tools.ietf.org/html/rfc6125#section-6.4.3 - */ - -static int hostmatch(const char *hostname, const char *pattern) { - const char *pattern_label_end, *pattern_wildcard, *hostname_label_end; - int wildcard_enabled; - size_t prefixlen, suffixlen; - pattern_wildcard = strchr(pattern, '*'); - if (pattern_wildcard == NULL) - return Curl_raw_equal(pattern, hostname) ? CURL_HOST_MATCH - : CURL_HOST_NOMATCH; - - /* We require at least 2 dots in pattern to avoid too wide wildcard - match. */ - wildcard_enabled = 1; - pattern_label_end = strchr(pattern, '.'); - if (pattern_label_end == NULL || - strchr(pattern_label_end + 1, '.') == NULL || - pattern_wildcard > pattern_label_end || - Curl_raw_nequal(pattern, "xn--", 4)) { - wildcard_enabled = 0; - } - if (!wildcard_enabled) - return Curl_raw_equal(pattern, hostname) ? CURL_HOST_MATCH - : CURL_HOST_NOMATCH; - - hostname_label_end = strchr(hostname, '.'); - if (hostname_label_end == NULL || - !Curl_raw_equal(pattern_label_end, hostname_label_end)) - return CURL_HOST_NOMATCH; - - /* The wildcard must match at least one character, so the left-most - label of the hostname is at least as large as the left-most label - of the pattern. */ - if (hostname_label_end - hostname < pattern_label_end - pattern) - return CURL_HOST_NOMATCH; - - prefixlen = pattern_wildcard - pattern; - suffixlen = pattern_label_end - (pattern_wildcard + 1); - return Curl_raw_nequal(pattern, hostname, prefixlen) && - Curl_raw_nequal(pattern_wildcard + 1, - hostname_label_end - suffixlen, suffixlen) - ? CURL_HOST_MATCH - : CURL_HOST_NOMATCH; -} - -int Curl_cert_hostcheck(const char *match_pattern, const char *hostname) { - if (!match_pattern || !*match_pattern || !hostname || - !*hostname) /* sanity check */ - return 0; - - if (Curl_raw_equal(hostname, match_pattern)) /* trivial case */ - return 1; - - if (hostmatch(hostname, match_pattern) == CURL_HOST_MATCH) - return 1; - return 0; -} diff --git a/vendor/github.com/google/certificate-transparency/cpp/third_party/curl/hostcheck.h b/vendor/github.com/google/certificate-transparency/cpp/third_party/curl/hostcheck.h deleted file mode 100644 index f709917ae9..0000000000 --- a/vendor/github.com/google/certificate-transparency/cpp/third_party/curl/hostcheck.h +++ /dev/null @@ -1,29 +0,0 @@ -#ifndef HEADER_CURL_HOSTCHECK_H -#define HEADER_CURL_HOSTCHECK_H -/*************************************************************************** - * _ _ ____ _ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * - * Copyright (C) 1998 - 2012, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at http://curl.haxx.se/docs/copyright.html. - * - * You may opt to use, copy, modify, merge, publish, distribute and/or sell - * copies of the Software, and permit persons to whom the Software is - * furnished to do so, under the terms of the COPYING file. - * - * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY - * KIND, either express or implied. - * - ***************************************************************************/ - -#define CURL_HOST_NOMATCH 0 -#define CURL_HOST_MATCH 1 -int Curl_cert_hostcheck(const char* match_pattern, const char* hostname); - -#endif /* HEADER_CURL_HOSTCHECK_H */ diff --git a/vendor/github.com/google/certificate-transparency/cpp/third_party/isec_partners/openssl_hostname_validation.c b/vendor/github.com/google/certificate-transparency/cpp/third_party/isec_partners/openssl_hostname_validation.c deleted file mode 100644 index b16abadb68..0000000000 --- a/vendor/github.com/google/certificate-transparency/cpp/third_party/isec_partners/openssl_hostname_validation.c +++ /dev/null @@ -1,180 +0,0 @@ -/* Obtained from: https://github.com/iSECPartners/ssl-conservatory */ - -/* -Copyright (C) 2012, iSEC Partners. - -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal in -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies -of the Software, and to permit persons to whom the Software is furnished to do -so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. - */ - -/* - * Helper functions to perform basic hostname validation using OpenSSL. - * - * Please read "everything-you-wanted-to-know-about-openssl.pdf" before - * attempting to use this code. This whitepaper describes how the code works, - * how it should be used, and what its limitations are. - * - * Author: Alban Diquet - * License: See LICENSE - * - */ - - -#include -#include - -#include "third_party/curl/hostcheck.h" -#include "third_party/isec_partners/openssl_hostname_validation.h" - -#define HOSTNAME_MAX_SIZE 255 - -/** -* Tries to find a match for hostname in the certificate's Common Name field. -* -* Returns MatchFound if a match was found. -* Returns MatchNotFound if no matches were found. -* Returns MalformedCertificate if the Common Name had a NUL character embedded -* in it. -* Returns Error if the Common Name could not be extracted. -*/ -static HostnameValidationResult matches_common_name(const char *hostname, - const X509 *server_cert) { - int common_name_loc = -1; - X509_NAME_ENTRY *common_name_entry = NULL; - ASN1_STRING *common_name_asn1 = NULL; - char *common_name_str = NULL; - - // Find the position of the CN field in the Subject field of the certificate - common_name_loc = - X509_NAME_get_index_by_NID(X509_get_subject_name((X509 *)server_cert), - NID_commonName, -1); - if (common_name_loc < 0) { - return Error; - } - - // Extract the CN field - common_name_entry = - X509_NAME_get_entry(X509_get_subject_name((X509 *)server_cert), - common_name_loc); - if (common_name_entry == NULL) { - return Error; - } - - // Convert the CN field to a C string - common_name_asn1 = X509_NAME_ENTRY_get_data(common_name_entry); - if (common_name_asn1 == NULL) { - return Error; - } - common_name_str = (char *)ASN1_STRING_data(common_name_asn1); - - // Make sure there isn't an embedded NUL character in the CN - if ((size_t)ASN1_STRING_length(common_name_asn1) != - strlen(common_name_str)) { - return MalformedCertificate; - } - - // Compare expected hostname with the CN - if (Curl_cert_hostcheck(common_name_str, hostname) == CURL_HOST_MATCH) { - return MatchFound; - } else { - return MatchNotFound; - } -} - - -/** -* Tries to find a match for hostname in the certificate's Subject Alternative -* Name extension. -* -* Returns MatchFound if a match was found. -* Returns MatchNotFound if no matches were found. -* Returns MalformedCertificate if any of the hostnames had a NUL character -* embedded in it. -* Returns NoSANPresent if the SAN extension was not present in the certificate. -*/ -static HostnameValidationResult matches_subject_alternative_name( - const char *hostname, const X509 *server_cert) { - HostnameValidationResult result = MatchNotFound; - int i; - int san_names_nb = -1; - STACK_OF(GENERAL_NAME) *san_names = NULL; - - // Try to extract the names within the SAN extension from the certificate - san_names = - X509_get_ext_d2i((X509 *)server_cert, NID_subject_alt_name, NULL, NULL); - if (san_names == NULL) { - return NoSANPresent; - } - san_names_nb = sk_GENERAL_NAME_num(san_names); - - // Check each name within the extension - for (i = 0; i < san_names_nb; i++) { - const GENERAL_NAME *current_name = sk_GENERAL_NAME_value(san_names, i); - - if (current_name->type == GEN_DNS) { - // Current name is a DNS name, let's check it - char *dns_name = (char *)ASN1_STRING_data(current_name->d.dNSName); - - // Make sure there isn't an embedded NUL character in the DNS name - if ((size_t)ASN1_STRING_length(current_name->d.dNSName) != - strlen(dns_name)) { - result = MalformedCertificate; - break; - } else { // Compare expected hostname with the DNS name - if (Curl_cert_hostcheck(dns_name, hostname) == CURL_HOST_MATCH) { - result = MatchFound; - break; - } - } - } - } - sk_GENERAL_NAME_pop_free(san_names, GENERAL_NAME_free); - - return result; -} - - -/** -* Validates the server's identity by looking for the expected hostname in the -* server's certificate. As described in RFC 6125, it first tries to find a -* match -* in the Subject Alternative Name extension. If the extension is not present in -* the certificate, it checks the Common Name instead. -* -* Returns MatchFound if a match was found. -* Returns MatchNotFound if no matches were found. -* Returns MalformedCertificate if any of the hostnames had a NUL character -* embedded in it. -* Returns Error if there was an error. -*/ -HostnameValidationResult validate_hostname(const char *hostname, - const X509 *server_cert) { - HostnameValidationResult result; - - if ((hostname == NULL) || (server_cert == NULL)) - return Error; - - // First try the Subject Alternative Names extension - result = matches_subject_alternative_name(hostname, server_cert); - if (result == NoSANPresent) { - // Extension was not found: try the Common Name - result = matches_common_name(hostname, server_cert); - } - - return result; -} diff --git a/vendor/github.com/google/certificate-transparency/cpp/third_party/isec_partners/openssl_hostname_validation.h b/vendor/github.com/google/certificate-transparency/cpp/third_party/isec_partners/openssl_hostname_validation.h deleted file mode 100644 index b5902a1fb5..0000000000 --- a/vendor/github.com/google/certificate-transparency/cpp/third_party/isec_partners/openssl_hostname_validation.h +++ /dev/null @@ -1,59 +0,0 @@ -/* Obtained from: https://github.com/iSECPartners/ssl-conservatory */ - -/* -Copyright (C) 2012, iSEC Partners. - -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal in -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies -of the Software, and to permit persons to whom the Software is furnished to do -so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. - */ - -/* - * Helper functions to perform basic hostname validation using OpenSSL. - * - * Please read "everything-you-wanted-to-know-about-openssl.pdf" before - * attempting to use this code. This whitepaper describes how the code works, - * how it should be used, and what its limitations are. - * - * Author: Alban Diquet - * License: See LICENSE - * - */ - -typedef enum { - MatchFound, - MatchNotFound, - NoSANPresent, - MalformedCertificate, - Error -} HostnameValidationResult; - -/** -* Validates the server's identity by looking for the expected hostname in the -* server's certificate. As described in RFC 6125, it first tries to find a -* match -* in the Subject Alternative Name extension. If the extension is not present in -* the certificate, it checks the Common Name instead. -* -* Returns MatchFound if a match was found. -* Returns MatchNotFound if no matches were found. -* Returns MalformedCertificate if any of the hostnames had a NUL character -* embedded in it. -* Returns Error if there was an error. -*/ -HostnameValidationResult validate_hostname(const char* hostname, - const X509* server_cert); diff --git a/vendor/github.com/google/certificate-transparency/cpp/version.h b/vendor/github.com/google/certificate-transparency/cpp/version.h deleted file mode 100644 index 53afc73272..0000000000 --- a/vendor/github.com/google/certificate-transparency/cpp/version.h +++ /dev/null @@ -1,12 +0,0 @@ -#ifndef CERT_TRANS_VERSION_H_ -#define CERT_TRANS_VERSION_H_ - -namespace cert_trans { - - -extern const char kBuildVersion[]; - - -} // namespace cert_trans - -#endif // CERT_TRANS_VERSION_H_ diff --git a/vendor/github.com/google/certificate-transparency/proto/ct.proto b/vendor/github.com/google/certificate-transparency/proto/ct.proto deleted file mode 100644 index 84e968fe48..0000000000 --- a/vendor/github.com/google/certificate-transparency/proto/ct.proto +++ /dev/null @@ -1,320 +0,0 @@ -syntax = "proto2"; - -package ct; - - -//////////////////////////////////////////////////////////////////////////////// -// These protocol buffers should be kept aligned with the I-D. // -//////////////////////////////////////////////////////////////////////////////// - -// RFC 5246 -message DigitallySigned { - enum HashAlgorithm { - NONE = 0; - MD5 = 1; - SHA1 = 2; - SHA224 = 3; - SHA256 = 4; - SHA384 = 5; - SHA512 = 6; - } - - enum SignatureAlgorithm { - ANONYMOUS = 0; - RSA = 1; - DSA = 2; - ECDSA = 3; - } - - // 1 byte - optional HashAlgorithm hash_algorithm = 1 [ default = NONE ]; - // 1 byte - optional SignatureAlgorithm sig_algorithm = 2 [ default = ANONYMOUS ]; - // 0..2^16-1 bytes - optional bytes signature = 3; -} - -enum LogEntryType { - X509_ENTRY = 0; - PRECERT_ENTRY = 1; - PRECERT_ENTRY_V2 = 2; - // Not part of the I-D, and outside the valid range. - X_JSON_ENTRY = 32768; // Experimental, don't rely on this! - UNKNOWN_ENTRY_TYPE = 65536; -} - -message X509ChainEntry { - // For V1 this entry just includes the certificate in the leaf_certificate - // field - // <1..2^24-1> - optional bytes leaf_certificate = 1; - // For V2 it includes the cert and key hash using CertInfo. The - // leaf_certificate field is not used - optional CertInfo cert_info = 3; - // <0..2^24-1> - // A chain from the leaf to a trusted root - // (excluding leaf and possibly root). - repeated bytes certificate_chain = 2; -} - -// opaque TBSCertificate<1..2^16-1>; -// struct { -// opaque issuer_key_hash[32]; -// TBSCertificate tbs_certificate; -// } PreCert; -// Retained for V1 API compatibility. May be removed in a future release. -message PreCert { - optional bytes issuer_key_hash = 1; - optional bytes tbs_certificate = 2; -} - -// In V2 this is used for both certificates and precertificates in SCTs. It -// replaces PreCert and has the same structure. The older message remains for -// compatibility with existing code that depends on this proto. -message CertInfo { - optional bytes issuer_key_hash = 1; - optional bytes tbs_certificate = 2; -} - -message PrecertChainEntry { - // <1..2^24-1> - optional bytes pre_certificate = 1; - // <0..2^24-1> - // The chain certifying the precertificate, as submitted by the CA. - repeated bytes precertificate_chain = 2; - - // PreCert input to the SCT. Can be computed from the above. - // Store it alongside the entry data so that the signers don't have to - // parse certificates to recompute it. - optional PreCert pre_cert = 3; - // As above for V2 messages. Only one of these fields will be set in a - // valid message - optional CertInfo cert_info = 4; -} - -message XJSONEntry { - optional string json = 1; -} - -// TODO(alcutter): Consider using extensions here instead. -message LogEntry { - optional LogEntryType type = 1 [ default = UNKNOWN_ENTRY_TYPE ]; - - optional X509ChainEntry x509_entry = 2; - - optional PrecertChainEntry precert_entry = 3; - - optional XJSONEntry x_json_entry = 4; -} - -enum SignatureType { - CERTIFICATE_TIMESTAMP = 0; - // TODO(ekasper): called tree_hash in I-D. - TREE_HEAD = 1; -} - -enum Version { - V1 = 0; - V2 = 1; - // Not part of the I-D, and outside the valid range. - UNKNOWN_VERSION = 256; -} - -message LogID { - // 32 bytes - optional bytes key_id = 1; -} - -message SctExtension { - // Valid range is 0-65534 - optional uint32 sct_extension_type = 1; - // Data is opaque and type specific. <0..2^16-1> bytes - optional bytes sct_extension_data = 2; -} - -// TODO(ekasper): implement support for id. -message SignedCertificateTimestamp { - optional Version version = 1 [ default = UNKNOWN_VERSION ]; - optional LogID id = 2; - // UTC time in milliseconds, since January 1, 1970, 00:00. - optional uint64 timestamp = 3; - optional DigitallySigned signature = 4; - // V1 extensions - optional bytes extensions = 5; - // V2 extensions <0..2^16-1>. Must be ordered by type (lowest first) - repeated SctExtension sct_extension = 6; -} - -message SignedCertificateTimestampList { - // One or more SCTs, <1..2^16-1> bytes each - repeated bytes sct_list = 1; -} - -enum MerkleLeafType { - TIMESTAMPED_ENTRY = 0; - UNKNOWN_LEAF_TYPE = 256; -} - -message SignedEntry { - // For V1 signed entries either the x509 or precert field will be set - optional bytes x509 = 1; - optional PreCert precert = 2; - optional bytes json = 3; - // For V2 all entries use the CertInfo field and the above fields are - // not set - optional CertInfo cert_info = 4; -} - -message TimestampedEntry { - optional uint64 timestamp = 1; - optional LogEntryType entry_type = 2; - optional SignedEntry signed_entry = 3; - // V1 extensions - optional bytes extensions = 4; - // V2 extensions <0..2^16-1>. Must be ordered by type (lowest first) - repeated SctExtension sct_extension = 5; -} - -// Stuff that's hashed into a Merkle leaf. -message MerkleTreeLeaf { - // The version of the corresponding SCT. - optional Version version = 1 [ default = UNKNOWN_VERSION ]; - optional MerkleLeafType type = 2 [ default = UNKNOWN_LEAF_TYPE ]; - optional TimestampedEntry timestamped_entry = 3; -} - -// TODO(benl): No longer needed? -// -// Used by cpp/client/ct: it assembles the one from the I-D JSON -// protocol. -// -// Used by cpp/server/blob-server: it uses one to call a variant of -// LogLookup::AuditProof. -message MerkleAuditProof { - optional Version version = 1 [ default = UNKNOWN_VERSION ]; - optional LogID id = 2; - optional int64 tree_size = 3; - optional uint64 timestamp = 4; - optional int64 leaf_index = 5; - repeated bytes path_node = 6; - optional DigitallySigned tree_head_signature = 7; -} - -message ShortMerkleAuditProof { - required int64 leaf_index = 1; - repeated bytes path_node = 2; -} - -//////////////////////////////////////////////////////////////////////////////// -// Finally, stuff that's not in the I-D but that we use internally // -// for logging entries and tree head state. // -//////////////////////////////////////////////////////////////////////////////// - -// TODO(alcutter): Come up with a better name :/ -message LoggedEntryPB { - optional int64 sequence_number = 1; - optional bytes merkle_leaf_hash = 2; - message Contents { - optional SignedCertificateTimestamp sct = 1; - optional LogEntry entry = 2; - } - required Contents contents = 3; -} - -message SthExtension { - // Valid range is 0-65534 - optional uint32 sth_extension_type = 1; - // Data is opaque and type specific <0..2^16-1> bytes - optional bytes sth_extension_data = 2; -} - -message SignedTreeHead { - // The version of the tree head signature. - // (Note that each leaf has its own version, so a V2 tree - // can contain V1 leaves, too. - optional Version version = 1 [ default = UNKNOWN_VERSION ]; - optional LogID id = 2; - optional uint64 timestamp = 3; - optional int64 tree_size = 4; - optional bytes sha256_root_hash = 5; - optional DigitallySigned signature = 6; - // Only supported in V2. <0..2^16-1> - repeated SthExtension sth_extension = 7; -} - -// Stuff the SSL client spits out from a connection. -message SSLClientCTData { - optional LogEntry reconstructed_entry = 1; - optional bytes certificate_sha256_hash = 2; - - message SCTInfo { - // There is an entry + sct -> leaf hash mapping. - optional SignedCertificateTimestamp sct = 1; - optional bytes merkle_leaf_hash = 2; - } - repeated SCTInfo attached_sct_info = 3; -} - -message ClusterNodeState { - optional string node_id = 1; - optional int64 contiguous_tree_size = 2 [deprecated = true]; - optional SignedTreeHead newest_sth = 3; - optional SignedTreeHead current_serving_sth = 4; - - // The following host_name/log_port pair are used to allow a log node to - // contact other nodes in the cluster, primarily for the purposes of - // replication. - // hostname/ip which can be used to contact [just] this log node - optional string hostname = 5; - // port on which this log node is listening. - optional int32 log_port = 6; -} - -message ClusterControl { - optional bool accept_new_entries = 1 [ default = true ]; -} - -message ClusterConfig { - ///////////////////////////////// - // This section of the config affects the selection of the cluster's current - // serving STH. - // The cluster will always attempt to determine the newest (and - // largest) possible STH which meets the constraints defined below from the - // set of STHs available at the individual cluster nodes. - // (Note that nodes with newer/larger STHs can, of course, serve - // earlier/smaller STHs.) - - - // The minimum number of nodes which must be able to serve a given STH. - // This setting allows you to configure the level of cluster resiliency - // against data (in the form of node/node database) loss. - // i.e.: Once an STH has been created, it must have been replicated to - // at least this many nodes before being considered as a candidate for - // the overall cluster serving STH. - optional int32 minimum_serving_nodes = 1; - - // The minimum fraction of nodes which must be able to serve a given STH. - // This setting allows you to configure the serving capacity redundancy of - // your cluster. - // e.g. you determine you need 3 nodes to serve your expected peak traffic - // levels, but want to be over-provisioned by 25% to ensure the cluster will - // continue to be able to handle the traffic in the case of a single node - // failure, you might set this to 0.75 to ensure that any cluster-wide - // serving STH candidate must be servable from at least 3 of your 4 nodes. - optional double minimum_serving_fraction = 2; - ///////////////////////////////// - - // When the number of entries in the EtcedConsistentStore exceeds this value, - // the log server will reject all calls to add-[pre-]chain to protect itself - // and etcd. - optional double etcd_reject_add_pending_threshold = 3 [default = 30000]; -} - -message SequenceMapping { - message Mapping { - optional bytes entry_hash = 1; - optional int64 sequence_number = 2; - } - - repeated Mapping mapping = 1; -}