)]}'
{
  "commit": "aba057a4e09a80cf8de4f43a8caaee30cdb799be",
  "tree": "25e639355595482e59b8627f0a626182bb5d78f5",
  "parents": [
    "1682126fd81ca12089323b936484e17285c36602"
  ],
  "author": {
    "name": "David Benjamin",
    "email": "davidben@google.com",
    "time": "Mon Sep 11 15:21:43 2017 -0400"
  },
  "committer": {
    "name": "CQ bot account: commit-bot@chromium.org",
    "email": "commit-bot@chromium.org",
    "time": "Tue Sep 12 15:56:59 2017 +0000"
  },
  "message": "Work around a Java client bug when rotating certificates.\n\nThe Java client implementation of the 3SHAKE mitigation incorrectly\nrejects initial handshakes when all of the following are true:\n\n1. The ClientHello offered a session.\n2. The session was successfully resumed previously.\n3. The server declines the session.\n4. The server sends a certificate with a different SAN list than in the\n   previous session.\n\n(Note the 3SHAKE mitigation is to reject certificates changes on\nrenegotiation, while Java\u0027s logic applies to initial handshakes as\nwell.)\n\nThe end result is long-lived Java clients break on some certificate\nrotations. Fingerprint Java clients and decline all offered sessions.\nThis avoids (2) while still introducing new sessions to clear any\nexisting problematic sessions.\n\nSee also b/65323005.\n\nChange-Id: Ib2b84c69b5ecba285ffb8c4d03de5626838d794e\nReviewed-on: https://boringssl-review.googlesource.com/20184\nReviewed-by: David Benjamin \u003cdavidben@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\nCQ-Verified: CQ bot account: commit-bot@chromium.org \u003ccommit-bot@chromium.org\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "2ebb7e9578613700efeabd78eb5caa4a6ee91e09",
      "old_mode": 33188,
      "old_path": "ssl/internal.h",
      "new_id": "ddc91c7330b83785e6fd845aa827a669c09a7dba",
      "new_mode": 33188,
      "new_path": "ssl/internal.h"
    },
    {
      "type": "modify",
      "old_id": "c21c28267dfe164b029946cf8a89085c007e8b5a",
      "old_mode": 33188,
      "old_path": "ssl/ssl_session.cc",
      "new_id": "203555cfc8c1649d2683626cf674dcf9417d0217",
      "new_mode": 33188,
      "new_path": "ssl/ssl_session.cc"
    },
    {
      "type": "modify",
      "old_id": "66f03047132fe20a94b4beb133288aaac4b6f6a8",
      "old_mode": 33188,
      "old_path": "ssl/ssl_test.cc",
      "new_id": "f032b25b6f0153d8c0bac3bbd7c95f153a41c283",
      "new_mode": 33188,
      "new_path": "ssl/ssl_test.cc"
    },
    {
      "type": "modify",
      "old_id": "7eba39777ba18883a31693d0be7acf680ee16a4b",
      "old_mode": 33188,
      "old_path": "ssl/test/runner/common.go",
      "new_id": "61540bbd863e53a62789fca773273863e729b7db",
      "new_mode": 33188,
      "new_path": "ssl/test/runner/common.go"
    },
    {
      "type": "modify",
      "old_id": "595fcaec6257e9099715d5b150d5721a416eb76f",
      "old_mode": 33188,
      "old_path": "ssl/test/runner/handshake_client.go",
      "new_id": "13c3a199ea17fed67a191be2cc36fabadc14cf54",
      "new_mode": 33188,
      "new_path": "ssl/test/runner/handshake_client.go"
    },
    {
      "type": "modify",
      "old_id": "5dbcab9f08518c7c92dad7a29f7cf3f6b812a6dc",
      "old_mode": 33188,
      "old_path": "ssl/test/runner/handshake_messages.go",
      "new_id": "2e6d2865b44bfce5b9473710827d03adc8a1fbdd",
      "new_mode": 33188,
      "new_path": "ssl/test/runner/handshake_messages.go"
    },
    {
      "type": "modify",
      "old_id": "093fa2c8b6d7d7dec9ce9ce50797ce5034464206",
      "old_mode": 33188,
      "old_path": "ssl/test/runner/runner.go",
      "new_id": "0bd24ff582a7355d108a961d7b5944e339acf1a3",
      "new_mode": 33188,
      "new_path": "ssl/test/runner/runner.go"
    }
  ]
}