otp.git/lib/ssl, branch KennethL-patch-1 Mirror of Erlang/OTP repository. Merge pull request #1709 from dumbbell/dumbbell/ssl/fix-active-once-dropped-when-handling-alert/ERL-562 2018-02-12T08:16:44+00:00 Ingela Andin ingela@erlang.org 2018-02-12T08:16:44+00:00 ee477c8d88d2139035c503e97e42e88fe500170f ssl: Fix alert handling so that unexpected messages are logged and alerted correctly 
ssl: Fix alert handling so that unexpected messages are logged and alerted correctly
 ssl: Add the unexpected message to #alert{} 2018-02-09T09:42:47+00:00 Jean-Sébastien Pédron jean-sebastien.pedron@dumbbell.fr 2018-02-06T12:59:22+00:00 a5eb5642b84c6843611f718cfd105557f8a7a406 ... in handle_common_event(), instead of passing it to handle_own_alert() after wrapping it in a tuple with `StateName` (i.e. `{StateName, Msg}`). The `StateName` is passed to handle_normal_shutdown() and to alert_user(). The latter has a clause matching it against `connection`. Unfortunately, when the argument was in fact `{StateName, Msg}`, another clause was executed which dropped the `active` flag value and forced it to `false`, even if the state was actually `connection`. It meant that later in send_or_reply(), the alert was not propagated to the user, even though it should (`active` set to `true` or `once`). Now that handle_common_event() always passes the actual `StateName`, the problem is fixed. ERL-562 
... in handle_common_event(), instead of passing it to
handle_own_alert() after wrapping it in a tuple with `StateName` (i.e.
`{StateName, Msg}`).

The `StateName` is passed to handle_normal_shutdown() and to
alert_user(). The latter has a clause matching it against `connection`.
Unfortunately, when the argument was in fact `{StateName, Msg}`, another
clause was executed which dropped the `active` flag value and forced it
to `false`, even if the state was actually `connection`. It meant that
later in send_or_reply(), the alert was not propagated to the user, even
though it should (`active` set to `true` or `once`).

Now that handle_common_event() always passes the actual `StateName`, the
problem is fixed.

ERL-562
ssl: Make sure anonymous suites are handled separately 2018-02-07T10:55:44+00:00 Ingela Anderton Andin ingela@erlang.org 2018-02-01T13:28:22+00:00 b16d7d7e4cfa15ab00e5ce43f50619d02bc2f986 Preferably customized cipher suites will be based on the default value. But all may be used as base and hence it will be good to handle anonymous suites separately as they are intended for testing purposes. 
Preferably customized cipher suites will be based on the default value.
But all may be used as base and hence it will be good to
handle anonymous suites separately as they are intended for testing purposes.
ssl: Add UG examles 2018-02-05T14:03:54+00:00 Ingela Anderton Andin ingela@erlang.org 2018-01-30T15:53:54+00:00 cece38b7dccf8563b44eb095ba202f55e07e807f 






ssl: Uses aead as mac value in AEAD cipher suites
2018-02-05T14:03:53+00:00

Ingela Anderton Andin
ingela@erlang.org

2018-01-29T13:37:30+00:00

2ce6be54915587d2c14f95b9f65197bd8c86554e

Authenticated encryption (AE) and authenticated encryption with
associated data (AEAD, variant of AE) is a form of encryption which
simultaneously provides confidentiality, integrity, and authenticity
assurances on the data.

This is more logical value then null that was used, this happened to
work as the AEAD property was derived form other data, but it is confusing!





Authenticated encryption (AE) and authenticated encryption with
associated data (AEAD, variant of AE) is a form of encryption which
simultaneously provides confidentiality, integrity, and authenticity
assurances on the data.

This is more logical value then null that was used, this happened to
work as the AEAD property was derived form other data, but it is confusing!







ssl: Add new API functions for cipher suite handling
2018-02-05T14:03:53+00:00

Ingela Anderton Andin
ingela@erlang.org

2018-01-12T15:04:26+00:00

7ba4144d71899fa7eb9e1f35c50e3633772aa283












ssl: Check OpenSSL version for DSS (DSA) support
2018-01-25T15:23:06+00:00

Ingela Anderton Andin
ingela@erlang.org

2018-01-25T09:50:29+00:00

c0dd8fa1446b276d35557ede18199c629b2ed590

LibreSSL-2.6.3 dropped DSS (DSA) support





LibreSSL-2.6.3 dropped DSS (DSA) support







ssl: Add record version sanity check
2018-01-23T09:20:24+00:00

Ingela Anderton Andin
ingela@erlang.org

2018-01-04T16:17:50+00:00

a3d68814e1cd1ef062582901e0102f60a323bae5












Merge branch 'ingela/ssl/test-cuddle' into maint
2018-01-15T09:24:34+00:00

Ingela Anderton Andin
ingela@erlang.org

2018-01-15T09:24:34+00:00

6770fa479205c7eb468cb854ae087859b6603bcd

* ingela/ssl/test-cuddle:
  ssl: Call clean version function





* ingela/ssl/test-cuddle:
  ssl: Call clean version function







ssl: Call clean version function
2018-01-15T09:23:46+00:00

Ingela Anderton Andin
ingela@erlang.org

2018-01-11T16:24:42+00:00

c32bccee999976f2a56e0d34f3f88d6c6febc0e1

Make sure tests are run with intended version settings.





Make sure tests are run with intended version settings.