aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
diff options
context:
space:
mode:
authorMicael Karlberg <[email protected]>2011-05-27 14:38:08 +0200
committerMicael Karlberg <[email protected]>2011-05-27 14:38:08 +0200
commit1c01cf2fb625e105dd2355279635edbb3dbb3063 (patch)
tree5dbd5a391b86d99c00a01c456f817f30209f1962 /lib/ssl
parent77fe4062599e4ffe897c21d22ad493cfec4b475c (diff)
parent4a5a75811e2cd590b5c94f71864a5245fd511ccf (diff)
downloadotp-1c01cf2fb625e105dd2355279635edbb3dbb3063.tar.gz
otp-1c01cf2fb625e105dd2355279635edbb3dbb3063.tar.bz2
otp-1c01cf2fb625e105dd2355279635edbb3dbb3063.zip
Merge branch 'maint-r14' of super:otp into maint-r14
Diffstat (limited to 'lib/ssl')
-rw-r--r--lib/ssl/c_src/Makefile.in10
-rw-r--r--lib/ssl/doc/src/notes.xml84
-rw-r--r--lib/ssl/doc/src/ssl.xml14
-rw-r--r--lib/ssl/examples/certs/Makefile2
-rw-r--r--lib/ssl/examples/src/Makefile4
-rw-r--r--lib/ssl/src/ssl.appup.src6
-rw-r--r--lib/ssl/src/ssl.erl24
-rw-r--r--lib/ssl/src/ssl_connection.erl22
-rw-r--r--lib/ssl/src/ssl_handshake.hrl5
-rw-r--r--lib/ssl/src/ssl_manager.erl30
-rw-r--r--lib/ssl/test/Makefile2
-rw-r--r--lib/ssl/vsn.mk2
12 files changed, 106 insertions, 99 deletions
diff --git a/lib/ssl/c_src/Makefile.in b/lib/ssl/c_src/Makefile.in
index 49a209f2eb..6e413e7e8e 100644
--- a/lib/ssl/c_src/Makefile.in
+++ b/lib/ssl/c_src/Makefile.in
@@ -1,7 +1,7 @@
#
# %CopyrightBegin%
#
-# Copyright Ericsson AB 1999-2010. All Rights Reserved.
+# Copyright Ericsson AB 1999-2011. All Rights Reserved.
#
# The contents of this file are subject to the Erlang Public License,
# Version 1.1, (the "License"); you may not use this file except in
@@ -28,6 +28,8 @@ include $(ERL_TOP)/make/$(TARGET)/otp.mk
# ----------------------------------------------------
SSL_LIBDIR = @SSL_LIBDIR@
SSL_INCLUDE = @SSL_INCLUDE@
+SSL_CRYPTO_LIBNAME = @SSL_CRYPTO_LIBNAME@
+SSL_SSL_LIBNAME = @SSL_SSL_LIBNAME@
# ----------------------------------------------------
# Application version
@@ -134,7 +136,7 @@ ifeq ($(findstring @,$(SSL_CC_RUNTIME_LIBRARY_PATH)),@)
SSL_CC_RUNTIME_LIBRARY_PATH = $(CC_R_OPT)
endif
-SSL_LINK_LIB=-L$(SSL_LIBDIR) -lssl -lcrypto
+SSL_LINK_LIB=-L$(SSL_LIBDIR) -l$(SSL_SSL_LIBNAME) -l$(SSL_CRYPTO_LIBNAME)
else
# not dynamic crypto lib (default from R11B-5)
NEED_KERBEROS=@SSL_LINK_WITH_KERBEROS@
@@ -142,7 +144,7 @@ NEED_ZLIB=@SSL_LINK_WITH_ZLIB@
SSL_MAKEFILE =
CC_R_OPT =
SSL_CC_RUNTIME_LIBRARY_PATH=
-SSL_LINK_LIB = $(SSL_LIBDIR)/libssl.a $(SSL_LIBDIR)/libcrypto.a
+SSL_LINK_LIB = $(SSL_LIBDIR)/lib$(SSL_SSL_LIBNAME).a $(SSL_LIBDIR)/lib$(SSL_CRYPTO_LIBNAME).a
ifeq ($(NEED_KERBEROS),yes)
SSL_LINK_LIB += @STATIC_KERBEROS_LIBS@
endif
@@ -175,7 +177,7 @@ $(BINDIR)/ssl_esock: $(OBJS)
# Win32/Cygwin
$(BINDIR)/ssl_esock.exe: $(OBJS)
- $(LD) $(SSL_CC_RUNTIME_LIBRARY_PATH) -L$(SSL_LIBDIR) -o $@ $^ -lwsock32 -llibeay32 -lssleay32
+ $(LD) $(SSL_CC_RUNTIME_LIBRARY_PATH) -L$(SSL_LIBDIR) -o $@ $^ -lwsock32 -l$(SSL_CRYPTO_LIBNAME) -l$(SSL_SSL_LIBNAME)
# Unix only, and only when linking statically
$(SSL_MAKEFILE):
diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml
index 52ee9c086a..b2d17925fd 100644
--- a/lib/ssl/doc/src/notes.xml
+++ b/lib/ssl/doc/src/notes.xml
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="latin1" ?>
+<?xml version="1.0" encoding="iso-8859-1" ?>
<!DOCTYPE chapter SYSTEM "chapter.dtd">
<chapter>
@@ -28,59 +28,47 @@
<rev>G</rev>
<file>notes.xml</file>
</header>
- <p>This document describes the changes made to the SSL application.
- </p>
-
- <section><title>SSL 4.1.4</title>
-
+ <p>This document describes the changes made to the SSL application.</p>
+
+ <section>
+ <title>SSL 4.1.5</title>
+
<section><title>Improvements and New Features</title>
- <list>
- <item>
- <p>
- Reduced memory footprint of an ssl connection.</p>
- <p>
- Handshake hashes, premaster secret and "public_key_info"
- does not need to be saved when the connection has been
- established. The own certificate is no longer duplicated
- in the state.</p>
- <p>
- Own Id: OTP-9021</p>
- </item>
- <item>
- <p>
- Add the option {hibernate_after, int()} to ssl:connect
- and ssl:listen</p>
- <p>
- Own Id: OTP-9106</p>
- </item>
- </list>
+ <list>
+ <item>
+ <p>Calling gen_tcp:connect with option {ip, {127,0,0,1}} results in
+ an exit with reason badarg. Neither SSL nor INETS This was not
+ catched, resulting in crashes with incomprehensible reasons.</p>
+ <p>Own Id: OTP-9289 Aux Id: seq11845</p>
+ </item>
+ </list>
</section>
-
-</section>
-
-<section><title>SSL 4.1.3</title>
-
+
+ </section>
+
+ <section>
+ <title>SSL 4.1.3</title>
+
<section><title>Fixed Bugs and Malfunctions</title>
- <list>
- <item>
- <p>
- Fixed error in cache-handling fix from ssl-4.1.2</p>
- <p>
- Own Id: OTP-9018 Aux Id: seq11739 </p>
- </item>
- <item>
- <p>
- Verification of a critical extended_key_usage-extension
- corrected</p>
- <p>
- Own Id: OTP-9029 Aux Id: seq11541 </p>
- </item>
- </list>
+ <list>
+ <item>
+ <p>
+ Fixed error in cache-handling fix from ssl-4.1.2</p>
+ <p>
+ Own Id: OTP-9018 Aux Id: seq11739 </p>
+ </item>
+ <item>
+ <p>Verification of a critical extended_key_usage-extension
+ corrected</p>
+ <p>Own Id: OTP-9029 Aux Id: seq11541 </p>
+ </item>
+ </list>
</section>
-</section>
+ </section>
-<section><title>SSL 4.1.2</title>
+ <section>
+ <title>SSL 4.1.2</title>
<section><title>Fixed Bugs and Malfunctions</title>
<list>
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index cd5c9281cd..0da6bbee5b 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -53,13 +53,11 @@
<p>The following data types are used in the functions below:
</p>
- <p><c>boolean() = true | false</c></p>
-
- <p><c>property() = atom()</c></p>
-
+ <p><c>boolean() = true | false</c></p>
+
<p><c>option() = socketoption() | ssloption() | transportoption()</c></p>
- <p><c>socketoption() = [{property(), term()}] - defaults to
+ <p><c>socketoption() = proplists:property() - The default socket options are
[{mode,list},{packet, 0},{header, 0},{active, true}].
</c></p>
@@ -266,7 +264,7 @@ fun(OtpCert :: #'OTPCertificate'{}, Event :: {bad_cert, Reason :: atom()} |
<p>Possible path validation errors: </p>
-<p> {bad_cert, cert_expired}, {bad_cert, invalid_issuer}, {bad_cert, invalid_signature}, {bad_cert, unknown_ca}, {bad_cert, name_not_permitted}, {bad_cert, missing_basic_constraint}, {bad_cert, invalid_key_usage}</p>
+<p> {bad_cert, cert_expired}, {bad_cert, invalid_issuer}, {bad_cert, invalid_signature}, {bad_cert, unknown_ca},{bad_cert, selfsigned_peer}, {bad_cert, name_not_permitted}, {bad_cert, missing_basic_constraint}, {bad_cert, invalid_key_usage}</p>
</item>
<tag>{hibernate_after, integer()|undefined}</tag>
@@ -488,7 +486,7 @@ fun(OtpCert :: #'OTPCertificate'{}, Event :: {bad_cert, Reason :: atom()} |
<fsummary>Get the value of the specified options.</fsummary>
<type>
<v>Socket = sslsocket()</v>
- <v>OptionNames = [property()]</v>
+ <v>OptionNames = [atom()]</v>
</type>
<desc>
<p>Get the value of the specified socket options, if no
@@ -583,7 +581,7 @@ fun(OtpCert :: #'OTPCertificate'{}, Event :: {bad_cert, Reason :: atom()} |
<fsummary>Write data to a socket.</fsummary>
<type>
<v>Socket = sslsocket()</v>
- <v>Data = iolist() | binary()</v>
+ <v>Data = iodata()</v>
</type>
<desc>
<p>Writes <c>Data</c> to <c>Socket</c>. </p>
diff --git a/lib/ssl/examples/certs/Makefile b/lib/ssl/examples/certs/Makefile
index b811b461dc..a4f067ade6 100644
--- a/lib/ssl/examples/certs/Makefile
+++ b/lib/ssl/examples/certs/Makefile
@@ -57,5 +57,5 @@ release_spec: opt
$(INSTALL_DIR) $(RELSYSDIR)/examples/certs
tar cf - etc | \
(cd $(RELSYSDIR)/examples/certs; tar xf -)
- chmod -f -R ug+rw $(RELSYSDIR)/examples
+ chmod -R ug+rw $(RELSYSDIR)/examples
release_docs_spec:
diff --git a/lib/ssl/examples/src/Makefile b/lib/ssl/examples/src/Makefile
index 46c0507b3a..c5f31b689c 100644
--- a/lib/ssl/examples/src/Makefile
+++ b/lib/ssl/examples/src/Makefile
@@ -1,7 +1,7 @@
#
# %CopyrightBegin%
#
-# Copyright Ericsson AB 2003-2009. All Rights Reserved.
+# Copyright Ericsson AB 2003-2011. All Rights Reserved.
#
# The contents of this file are subject to the Erlang Public License,
# Version 1.1, (the "License"); you may not use this file except in
@@ -66,7 +66,7 @@ release_spec: opt
$(INSTALL_DIR) $(RELSYSDIR)/examples/src
$(INSTALL_DIR) $(RELSYSDIR)/examples/ebin
(cd ..; tar cf - src ebin | (cd $(RELSYSDIR)/examples; tar xf -))
- chmod -f -R ug+w $(RELSYSDIR)/examples
+ chmod -R ug+w $(RELSYSDIR)/examples
release_docs_spec:
diff --git a/lib/ssl/src/ssl.appup.src b/lib/ssl/src/ssl.appup.src
index d3e426f254..cf8867245b 100644
--- a/lib/ssl/src/ssl.appup.src
+++ b/lib/ssl/src/ssl.appup.src
@@ -1,17 +1,19 @@
%% -*- erlang -*-
{"%VSN%",
[
+ {"4.1.4", [{restart_application, ssl}]},
{"4.1.3", [{restart_application, ssl}]},
{"4.1.2", [{restart_application, ssl}]},
{"4.1.1", [{restart_application, ssl}]},
- {"4.1", [{restart_application, ssl}]},
+ {"4.1", [{restart_application, ssl}]},
{"4.0.1", [{restart_application, ssl}]}
],
[
+ {"4.1.4", [{restart_application, ssl}]},
{"4.1.3", [{restart_application, ssl}]},
{"4.1.2", [{restart_application, ssl}]},
{"4.1.1", [{restart_application, ssl}]},
- {"4.1", [{restart_application, ssl}]},
+ {"4.1", [{restart_application, ssl}]},
{"4.0.1", [{restart_application, ssl}]}
]}.
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index 3512e194bc..a5e8e7e5c2 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -50,15 +50,13 @@
cb %% Callback info
}).
-type option() :: socketoption() | ssloption() | transportoption().
--type socketoption() :: [{property(), term()}]. %% See gen_tcp and inet
--type property() :: atom().
-
+-type socketoption() :: term(). %% See gen_tcp and inet, import spec later when there is one to import
-type ssloption() :: {verify, verify_type()} |
{verify_fun, {fun(), InitialUserState::term()}} |
{fail_if_no_peer_cert, boolean()} | {depth, integer()} |
- {cert, der_encoded()} | {certfile, path()} | {key, der_encoded()} |
- {keyfile, path()} | {password, string()} | {cacerts, [der_encoded()]} |
- {cacertfile, path()} | {dh, der_encoded()} | {dhfile, path()} |
+ {cert, Der::binary()} | {certfile, path()} | {key, Der::binary()} |
+ {keyfile, path()} | {password, string()} | {cacerts, [Der::binary()]} |
+ {cacertfile, path()} | {dh, Der::binary()} | {dhfile, path()} |
{ciphers, ciphers()} | {ssl_imp, ssl_imp()} | {reuse_sessions, boolean()} |
{reuse_session, fun()} | {hibernate_after, integer()|undefined}.
@@ -265,7 +263,7 @@ close(Socket = #sslsocket{}) ->
ssl_broker:close(Socket).
%%--------------------------------------------------------------------
--spec send(#sslsocket{}, iolist()) -> ok | {error, reason()}.
+-spec send(#sslsocket{}, iodata()) -> ok | {error, reason()}.
%%
%% Description: Sends data over the ssl connection
%%--------------------------------------------------------------------
@@ -404,9 +402,9 @@ cipher_suites(openssl) ->
[ssl_cipher:openssl_suite_name(S) || S <- ssl_cipher:suites(Version)].
%%--------------------------------------------------------------------
--spec getopts(#sslsocket{}, [atom()]) -> {ok, [{atom(), term()}]}| {error, reason()}.
+-spec getopts(#sslsocket{}, [atom()]) -> {ok, [{atom(), term()}]} | {error, reason()}.
%%
-%% Description:
+%% Description: Gets options
%%--------------------------------------------------------------------
getopts(#sslsocket{fd = new_ssl, pid = Pid}, OptTags) when is_pid(Pid) ->
ssl_connection:get_opts(Pid, OptTags);
@@ -417,9 +415,9 @@ getopts(#sslsocket{} = Socket, Options) ->
ssl_broker:getopts(Socket, Options).
%%--------------------------------------------------------------------
--spec setopts(#sslsocket{}, [{atom(), term()}]) -> ok | {error, reason()}.
+-spec setopts(#sslsocket{}, [proplists:property()]) -> ok | {error, reason()}.
%%
-%% Description:
+%% Description: Sets options
%%--------------------------------------------------------------------
setopts(#sslsocket{fd = new_ssl, pid = Pid}, Opts0) when is_pid(Pid) ->
Opts = proplists:expand([{binary, [{mode, binary}]},
@@ -613,8 +611,10 @@ do_new_connect(Address, Port,
catch
exit:{function_clause, _} ->
{error, {eoptions, {cb_info, CbInfo}}};
+ exit:badarg ->
+ {error, {eoptions, {inet_options, UserOpts}}};
exit:{badarg, _} ->
- {error,{eoptions, {inet_options, UserOpts}}}
+ {error, {eoptions, {inet_options, UserOpts}}}
end.
old_connect(Address, Port, Options, Timeout) ->
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index 574e1e9468..2c452837f8 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -107,12 +107,14 @@
%%====================================================================
%%--------------------------------------------------------------------
--spec send(pid(), iolist()) -> ok | {error, reason()}.
+-spec send(pid(), iodata()) -> ok | {error, reason()}.
%%
%% Description: Sends data over the ssl connection
%%--------------------------------------------------------------------
send(Pid, Data) ->
sync_send_all_state_event(Pid, {application_data,
+ %% iolist_to_binary should really
+ %% be called iodata_to_binary()
erlang:iolist_to_binary(Data)}, infinity).
%%--------------------------------------------------------------------
@@ -939,17 +941,23 @@ handle_info({Protocol, _, Data}, StateName,
handle_info({CloseTag, Socket}, _StateName,
#state{socket = Socket, close_tag = CloseTag,
- negotiated_version = Version, host = Host,
- port = Port, socket_options = Opts,
+ negotiated_version = Version,
+ socket_options = Opts,
user_application = {_Mon,Pid}, from = From,
- role = Role, session = Session} = State) ->
- %% Debug option maybe, the user do NOT want to see these in their logs
- %% error_logger:info_report("SSL: Peer did not send close notify alert."),
+ role = Role} = State) ->
+ %% Note that as of TLS 1.1,
+ %% failure to properly close a connection no longer requires that a
+ %% session not be resumed. This is a change from TLS 1.0 to conform
+ %% with widespread implementation practice.
case Version of
{1, N} when N >= 1 ->
ok;
_ ->
- invalidate_session(Role, Host, Port, Session)
+ %% As invalidate_sessions here causes performance issues,
+ %% we will conform to the widespread implementation
+ %% practice and go aginst the spec
+ %%invalidate_session(Role, Host, Port, Session)
+ ok
end,
alert_user(Opts#socket_options.active, Pid, From,
?ALERT_REC(?WARNING, ?CLOSE_NOTIFY), Role),
diff --git a/lib/ssl/src/ssl_handshake.hrl b/lib/ssl/src/ssl_handshake.hrl
index 8ae4d2332e..fb0ebac7d1 100644
--- a/lib/ssl/src/ssl_handshake.hrl
+++ b/lib/ssl/src/ssl_handshake.hrl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -29,9 +29,8 @@
-include_lib("public_key/include/public_key.hrl").
-type algo_oid() :: ?'rsaEncryption' | ?'id-dsa'.
--type public_key() :: #'RSAPublicKey'{} | integer().
-type public_key_params() :: #'Dss-Parms'{} | term().
--type public_key_info() :: {algo_oid(), public_key(), public_key_params()}.
+-type public_key_info() :: {algo_oid(), #'RSAPublicKey'{} | integer() , public_key_params()}.
-record(session, {
session_id,
diff --git a/lib/ssl/src/ssl_manager.erl b/lib/ssl/src/ssl_manager.erl
index f845b1ecc0..1bbb03bdde 100644
--- a/lib/ssl/src/ssl_manager.erl
+++ b/lib/ssl/src/ssl_manager.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -57,6 +57,7 @@
-define('24H_in_sec', 8640).
-define(SESSION_VALIDATION_INTERVAL, 60000).
-define(CERTIFICATE_CACHE_CLEANUP, 30000).
+-define(CLEAN_SESSION_DB, 60000).
%%====================================================================
%% API
@@ -70,7 +71,8 @@ start_link(Opts) ->
gen_server:start_link({local, ?MODULE}, ?MODULE, [Opts], []).
%%--------------------------------------------------------------------
--spec connection_init(string()| {der, list()}, client | server) -> {ok, reference(), cache_ref()}.
+-spec connection_init(string()| {der, list()}, client | server) ->
+ {ok, reference(), cache_ref()}.
%%
%% Description: Do necessary initializations for a new connection.
%%--------------------------------------------------------------------
@@ -101,7 +103,9 @@ lookup_trusted_cert(Ref, SerialNumber, Issuer) ->
ssl_certificate_db:lookup_trusted_cert(Ref, SerialNumber, Issuer).
%%--------------------------------------------------------------------
-spec issuer_candidate(cert_key() | no_candidate) ->
- {cert_key(), {der_cert(), #'OTPCertificate'{}}} | no_more_candidates.
+ {cert_key(),
+ {der_cert(),
+ #'OTPCertificate'{}}} | no_more_candidates.
%%
%% Description: Return next issuer candidate.
%%--------------------------------------------------------------------
@@ -117,7 +121,8 @@ client_session_id(Host, Port, SslOpts, OwnCert) ->
call({client_session_id, Host, Port, SslOpts, OwnCert}).
%%--------------------------------------------------------------------
--spec server_session_id(host(), port_num(), #ssl_options{}, der_cert()) -> session_id().
+-spec server_session_id(host(), port_num(), #ssl_options{},
+ der_cert()) -> session_id().
%%
%% Description: Select a session id for the server.
%%--------------------------------------------------------------------
@@ -139,7 +144,9 @@ register_session(Port, Session) ->
-spec invalidate_session(port_num(), #session{}) -> ok.
-spec invalidate_session(host(), port_num(), #session{}) -> ok.
%%
-%% Description: Make the session unavilable for reuse.
+%% Description: Make the session unavailable for reuse. After
+%% a the session has been marked "is_resumable = false" for some while
+%% it will be safe to remove the data from the session database.
%%--------------------------------------------------------------------
invalidate_session(Host, Port, Session) ->
cast({invalidate_session, Host, Port, Session}).
@@ -259,23 +266,26 @@ handle_cast({register_session, Port, Session},
{noreply, State};
handle_cast({invalidate_session, Host, Port,
- #session{session_id = ID}},
+ #session{session_id = ID} = Session},
#state{session_cache = Cache,
session_cache_cb = CacheCb} = State) ->
- CacheCb:delete(Cache, {{Host, Port}, ID}),
+ CacheCb:update(Cache, {{Host, Port}, ID}, Session#session{is_resumable = false}),
+ timer:apply_after(?CLEAN_SESSION_DB, CacheCb, delete, [{{Host, Port}, ID}]),
{noreply, State};
-handle_cast({invalidate_session, Port, #session{session_id = ID}},
+handle_cast({invalidate_session, Port, #session{session_id = ID} = Session},
#state{session_cache = Cache,
session_cache_cb = CacheCb} = State) ->
- CacheCb:delete(Cache, {Port, ID}),
+ CacheCb:update(Cache, {Port, ID}, Session#session{is_resumable = false}),
+ timer:apply_after(?CLEAN_SESSION_DB, CacheCb, delete, [{Port, ID}]),
{noreply, State};
handle_cast({recache_pem, File, LastWrite, Pid, From},
#state{certificate_db = [_, FileToRefDb, _]} = State0) ->
case ssl_certificate_db:lookup(File, FileToRefDb) of
undefined ->
- {reply, Msg, State} = handle_call({{cache_pem, File, LastWrite}, Pid}, From, State0),
+ {reply, Msg, State} =
+ handle_call({{cache_pem, File, LastWrite}, Pid}, From, State0),
gen_server:reply(From, Msg),
{noreply, State};
_ -> %% Send message to self letting cleanup messages be handled
diff --git a/lib/ssl/test/Makefile b/lib/ssl/test/Makefile
index fd3b6d06ad..53b2223035 100644
--- a/lib/ssl/test/Makefile
+++ b/lib/ssl/test/Makefile
@@ -128,7 +128,7 @@ release_tests_spec: opt
$(INSTALL_DIR) $(RELSYSDIR)
$(INSTALL_DATA) $(ERL_FILES) $(HRL_FILES) $(HRL_FILES_NEEDED_IN_TEST) $(COVER_FILE) $(RELSYSDIR)
$(INSTALL_DATA) ssl.spec ssl.cover $(RELSYSDIR)
- chmod -f -R u+w $(RELSYSDIR)
+ chmod -R u+w $(RELSYSDIR)
@tar cf - *_SUITE_data | (cd $(RELSYSDIR); tar xf -)
release_docs_spec:
diff --git a/lib/ssl/vsn.mk b/lib/ssl/vsn.mk
index 2f1edfa186..0e80e42637 100644
--- a/lib/ssl/vsn.mk
+++ b/lib/ssl/vsn.mk
@@ -1 +1 @@
-SSL_VSN = 4.1.4
+SSL_VSN = 4.1.5