otp.git/lib/ssl/src, branch maint-17 Mirror of Erlang/OTP repository. ssl: fix hibernate_after with short timeouts 2016-02-09T09:45:44+00:00 Andrey Mayorov avmayorov@platbox.com 2015-12-11T00:23:53+00:00 2c7cee6ae55fbcb8e5f84caa3920420506c3a317 Too wide function clause was used in ssl_connection which led to ssl connection process crashes when `{hibernate_after, N}` with extremely small N was passed among other options to `ssl:connect`. 
Too wide function clause was used in ssl_connection which led to ssl
connection process crashes when `{hibernate_after, N}` with extremely
small N was passed among other options to `ssl:connect`.
ssl: Prepare for release 2015-12-03T10:07:31+00:00 Ingela Anderton Andin ingela@erlang.org 2015-12-03T09:55:37+00:00 97531f2f4dbd4bf7426434792e7e6af6aa8e12ef 






ssl: Do not crash on proprietary hash_sign algorithms
2015-07-30T13:32:45+00:00

Ingela Anderton Andin
ingela@erlang.org

2015-06-08T10:15:23+00:00

d9fd104e64eccbdca2a9d7d3efb801c8d85ecb18

TLS hash_sign algorithms may have proprietary values see
http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml

We should add callbacks to let applications handle them.
But for now we do not want to crash if they are present and
let other algorithms be negotiated.





TLS hash_sign algorithms may have proprietary values see
http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml

We should add callbacks to let applications handle them.
But for now we do not want to crash if they are present and
let other algorithms be negotiated.







ssl: Prepare for release
2015-05-29T13:00:42+00:00

Ingela Anderton Andin
ingela@erlang.org

2015-05-29T12:34:56+00:00

e672dc646520c7d8e4227c401fa3a60f6cbaf67b












ssl: Correct handling of bad input to premaster_secret calculation
2015-05-29T13:00:42+00:00

Ingela Anderton Andin
ingela@erlang.org

2015-05-29T09:13:36+00:00

119db2b86c360d6c24097f82706df6676ac48edf

alert records needs to be thrown from
ssl_handshake:premaster_secret/[2/3] so that operations will end up in
the catch clause of the invokation of certify_client_key_exchange/3 in
ssl_connection.erl, and hence terminate gracefully and not continue to try
and calculate the master secret with invalid inputs and crash.





alert records needs to be thrown from
ssl_handshake:premaster_secret/[2/3] so that operations will end up in
the catch clause of the invokation of certify_client_key_exchange/3 in
ssl_connection.erl, and hence terminate gracefully and not continue to try
and calculate the master secret with invalid inputs and crash.







ssl: Implement support for TLS_FALLBACK_SCSV
2015-03-02T14:00:46+00:00

Ingela Anderton Andin
ingela@erlang.org

2015-02-25T11:11:16+00:00

ed540bd0e457fd43a5b3eaf41f9886cb63a2755a












ssl: remove -> delete
2015-02-18T10:22:52+00:00

Ingela Anderton Andin
ingela@erlang.org

2015-02-18T10:22:52+00:00

8ac0c3490a79dda2f6d9633af2f13e169f2084ea

Correct mistake





Correct mistake







ssl: erlang:timestamp -> os:timestamp
2015-02-09T09:11:42+00:00

Ingela Anderton Andin
ingela@erlang.org

2015-02-09T09:11:42+00:00

450773958165539951cd431a9233ce7666ec20e2

For comparison with file time stamps os:timestamp makes more sense
and is present in 17 as well as 18.





For comparison with file time stamps os:timestamp makes more sense
and is present in 17 as well as 18.







ssl: Improve PEM cache by validating entries
2015-02-06T11:23:13+00:00

Ingela Anderton Andin
ingela@erlang.org

2015-02-02T13:15:15+00:00

fa9fda4a50ad92bb55f2a5707f0ec1dc7cf47d79

The PEM cache is now validated by a background process, instead of
always keeping it if it is small enough and clearing it otherwhiss.
That strategy required that small caches where cleared by API function
if a file changes on disk.

However document the clearing API function as it can still be usefull.





The PEM cache is now validated by a background process, instead of
always keeping it if it is small enough and clearing it otherwhiss.
That strategy required that small caches where cleared by API function
if a file changes on disk.

However document the clearing API function as it can still be usefull.







ssl: Remove selfsigned anchor certificate from the certificate chain
2015-01-30T16:30:26+00:00

Ingela Anderton Andin
ingela@erlang.org

2014-12-09T08:46:36+00:00

158447e03d6de6201b4cbb7244e406ea873fa3a3

A selfsigned trusted anchor should not be in the certifcate chain passed to
the certificate path validation.

Conflicts:
	lib/ssl/src/ssl_certificate.erl





A selfsigned trusted anchor should not be in the certifcate chain passed to
the certificate path validation.

Conflicts:
	lib/ssl/src/ssl_certificate.erl