aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ssl')
-rw-r--r--lib/ssl/doc/src/notes.xml17
-rw-r--r--lib/ssl/src/ssl.erl1
-rw-r--r--lib/ssl/src/ssl_internal.hrl3
-rw-r--r--lib/ssl/src/tls.erl8
-rw-r--r--lib/ssl/src/tls_connection.erl39
-rw-r--r--lib/ssl/test/ssl_packet_SUITE.erl24
6 files changed, 54 insertions, 38 deletions
diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml
index 8875d07535..301ff21068 100644
--- a/lib/ssl/doc/src/notes.xml
+++ b/lib/ssl/doc/src/notes.xml
@@ -25,7 +25,6 @@
<file>notes.xml</file>
</header>
<p>This document describes the changes made to the SSL application.</p>
-
<section><title>SSL 5.3</title>
<section><title>Fixed Bugs and Malfunctions</title>
@@ -100,7 +99,6 @@
</section>
<section><title>SSL 5.2.1</title>
-
<section><title>Improvements and New Features</title>
<list>
<item>
@@ -126,9 +124,20 @@
</section>
</section>
-
+<section><title>SSL 5.1.2.1</title>
+<section><title>Improvements and New Features</title>
+<list>
+ <item>
+ <p>
+ Make log_alert configurable as option in ssl, SSLLogLevel
+ added as option to inets conf file</p>
+ <p>
+ Own Id: OTP-11259</p>
+ </item>
+</list>
+</section>
+</section>
<section><title>SSL 5.2</title>
-
<section><title>Fixed Bugs and Malfunctions</title>
<list>
<item>
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index 0c1e47311d..dc6898d001 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -219,4 +219,3 @@ format_error(Error) ->
random_bytes(N) ->
tls:random_bytes(N).
-
diff --git a/lib/ssl/src/ssl_internal.hrl b/lib/ssl/src/ssl_internal.hrl
index 14db4a6067..de8d20d399 100644
--- a/lib/ssl/src/ssl_internal.hrl
+++ b/lib/ssl/src/ssl_internal.hrl
@@ -111,7 +111,8 @@
%% This option should only be set to true by inet_tls_dist
erl_dist = false,
next_protocols_advertised = undefined, %% [binary()],
- next_protocol_selector = undefined %% fun([binary()]) -> binary())
+ next_protocol_selector = undefined, %% fun([binary()]) -> binary())
+ log_alert
}).
-record(socket_options,
diff --git a/lib/ssl/src/tls.erl b/lib/ssl/src/tls.erl
index bb02695c12..b220a48f73 100644
--- a/lib/ssl/src/tls.erl
+++ b/lib/ssl/src/tls.erl
@@ -663,7 +663,8 @@ handle_options(Opts0, _Role) ->
handle_option(next_protocols_advertised, Opts, undefined),
next_protocol_selector =
make_next_protocol_selector(
- handle_option(client_preferred_next_protocols, Opts, undefined))
+ handle_option(client_preferred_next_protocols, Opts, undefined)),
+ log_alert = handle_option(log_alert, Opts, true)
},
CbInfo = proplists:get_value(cb_info, Opts, {gen_tcp, tcp, tcp_closed, tcp_error}),
@@ -675,7 +676,7 @@ handle_options(Opts0, _Role) ->
reuse_session, reuse_sessions, ssl_imp,
cb_info, renegotiate_at, secure_renegotiate, hibernate_after,
erl_dist, next_protocols_advertised,
- client_preferred_next_protocols],
+ client_preferred_next_protocols, log_alert],
SockOpts = lists:foldl(fun(Key, PropList) ->
proplists:delete(Key, PropList)
@@ -840,6 +841,9 @@ validate_option(client_preferred_next_protocols = Opt, {Precedence, PreferredPro
validate_option(client_preferred_next_protocols, undefined) ->
undefined;
+validate_option(log_alert, Value) when Value == true;
+ Value == false ->
+ Value;
validate_option(next_protocols_advertised = Opt, Value) when is_list(Value) ->
case tls_record:highest_protocol_version([]) of
{3,0} ->
diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl
index 246fecf34a..159ba406d3 100644
--- a/lib/ssl/src/tls_connection.erl
+++ b/lib/ssl/src/tls_connection.erl
@@ -89,7 +89,6 @@
cert_db_ref, % ref()
bytes_to_read, % integer(), # bytes to read in passive mode
user_data_buffer, % binary()
- log_alert, % boolean()
renegotiation, % {boolean(), From | internal | peer}
start_or_recv_from, % "gen_fsm From"
timer, % start_or_recv_timer
@@ -978,7 +977,7 @@ handle_sync_event(negotiated_next_protocol, _From, StateName, #state{next_protoc
handle_sync_event(negotiated_next_protocol, _From, StateName, #state{next_protocol = NextProtocol} = State) ->
{reply, {ok, NextProtocol}, StateName, State, get_timeout(State)};
-handle_sync_event({set_opts, Opts0}, _From, StateName,
+handle_sync_event({set_opts, Opts0}, _From, StateName0,
#state{socket_options = Opts1,
socket = Socket,
transport_cb = Transport,
@@ -987,11 +986,12 @@ handle_sync_event({set_opts, Opts0}, _From, StateName,
State1 = State0#state{socket_options = Opts},
if
Opts#socket_options.active =:= false ->
- {reply, Reply, StateName, State1, get_timeout(State1)};
+ {reply, Reply, StateName0, State1, get_timeout(State1)};
Buffer =:= <<>>, Opts1#socket_options.active =:= false ->
%% Need data, set active once
{Record, State2} = next_record_if_active(State1),
- case next_state(StateName, StateName, Record, State2) of
+ %% Note: Renogotiation may cause StateName0 =/= StateName
+ case next_state(StateName0, StateName0, Record, State2) of
{next_state, StateName, State, Timeout} ->
{reply, Reply, StateName, State, Timeout};
{stop, Reason, State} ->
@@ -999,13 +999,14 @@ handle_sync_event({set_opts, Opts0}, _From, StateName,
end;
Buffer =:= <<>> ->
%% Active once already set
- {reply, Reply, StateName, State1, get_timeout(State1)};
+ {reply, Reply, StateName0, State1, get_timeout(State1)};
true ->
case read_application_data(<<>>, State1) of
Stop = {stop,_,_} ->
Stop;
{Record, State2} ->
- case next_state(StateName, StateName, Record, State2) of
+ %% Note: Renogotiation may cause StateName0 =/= StateName
+ case next_state(StateName0, StateName0, Record, State2) of
{next_state, StateName, State, Timeout} ->
{reply, Reply, StateName, State, Timeout};
{stop, Reason, State} ->
@@ -2458,7 +2459,7 @@ do_format_reply(list, _,_, Data) ->
binary_to_list(Data).
header(0, <<>>) ->
- [];
+ <<>>;
header(_, <<>>) ->
[];
header(0, Binary) ->
@@ -2677,7 +2678,6 @@ initial_state(Role, Host, Port, Socket, {SSLOptions, SocketOptions}, User,
tls_cipher_texts = [],
user_application = {Monitor, User},
user_data_buffer = <<>>,
- log_alert = true,
session_cache_cb = SessionCacheCb,
renegotiation = {false, first},
start_or_recv_from = undefined,
@@ -2778,12 +2778,11 @@ handle_alerts([Alert | Alerts], {next_state, StateName, State, _Timeout}) ->
handle_alerts(Alerts, handle_alert(Alert, StateName, State)).
handle_alert(#alert{level = ?FATAL} = Alert, StateName,
- #state{socket = Socket, transport_cb = Transport,
- start_or_recv_from = From, host = Host,
+ #state{socket = Socket, transport_cb = Transport, ssl_options = SslOpts, start_or_recv_from = From, host = Host,
port = Port, session = Session, user_application = {_Mon, Pid},
- log_alert = Log, role = Role, socket_options = Opts} = State) ->
+ role = Role, socket_options = Opts} = State) ->
invalidate_session(Role, Host, Port, Session),
- log_alert(Log, StateName, Alert),
+ log_alert(SslOpts#ssl_options.log_alert, StateName, Alert),
alert_user(Transport, Socket, StateName, Opts, Pid, From, Alert, Role),
{stop, normal, State};
@@ -2793,21 +2792,21 @@ handle_alert(#alert{level = ?WARNING, description = ?CLOSE_NOTIFY} = Alert,
{stop, {shutdown, peer_close}, State};
handle_alert(#alert{level = ?WARNING, description = ?NO_RENEGOTIATION} = Alert, StateName,
- #state{log_alert = Log, renegotiation = {true, internal}} = State) ->
- log_alert(Log, StateName, Alert),
+ #state{ssl_options = SslOpts, renegotiation = {true, internal}} = State) ->
+ log_alert(SslOpts#ssl_options.log_alert, StateName, Alert),
handle_normal_shutdown(Alert, StateName, State),
{stop, {shutdown, peer_close}, State};
handle_alert(#alert{level = ?WARNING, description = ?NO_RENEGOTIATION} = Alert, StateName,
- #state{log_alert = Log, renegotiation = {true, From}} = State0) ->
- log_alert(Log, StateName, Alert),
+ #state{ssl_options = SslOpts, renegotiation = {true, From}} = State0) ->
+ log_alert(SslOpts#ssl_options.log_alert, StateName, Alert),
gen_fsm:reply(From, {error, renegotiation_rejected}),
{Record, State} = next_record(State0),
next_state(StateName, connection, Record, State);
handle_alert(#alert{level = ?WARNING, description = ?USER_CANCELED} = Alert, StateName,
- #state{log_alert = Log} = State0) ->
- log_alert(Log, StateName, Alert),
+ #state{ssl_options = SslOpts} = State0) ->
+ log_alert(SslOpts#ssl_options.log_alert, StateName, Alert),
{Record, State} = next_record(State0),
next_state(StateName, StateName, Record, State).
@@ -2845,7 +2844,7 @@ handle_own_alert(Alert, Version, StateName,
#state{transport_cb = Transport,
socket = Socket,
connection_states = ConnectionStates,
- log_alert = Log} = State) ->
+ ssl_options = SslOpts} = State) ->
try %% Try to tell the other side
{BinMsg, _} =
encode_alert(Alert, Version, ConnectionStates),
@@ -2855,7 +2854,7 @@ handle_own_alert(Alert, Version, StateName,
ignore
end,
try %% Try to tell the local user
- log_alert(Log, StateName, Alert),
+ log_alert(SslOpts#ssl_options.log_alert, StateName, Alert),
handle_normal_shutdown(Alert,StateName, State)
catch _:_ ->
ok
diff --git a/lib/ssl/test/ssl_packet_SUITE.erl b/lib/ssl/test/ssl_packet_SUITE.erl
index 36f7af784d..d50498f547 100644
--- a/lib/ssl/test/ssl_packet_SUITE.erl
+++ b/lib/ssl/test/ssl_packet_SUITE.erl
@@ -1631,8 +1631,8 @@ header_decode_one_byte_active(Config) when is_list(Config) ->
{from, self()},
{mfa, {?MODULE, client_header_decode_active,
[Data, [11 | <<"Hello world">> ]]}},
- {options, [{active, true}, {header, 1},
- binary | ClientOpts]}]),
+ {options, [{active, true}, binary, {header, 1}
+ | ClientOpts]}]),
ssl_test_lib:check_result(Server, ok, Client, ok),
@@ -1688,7 +1688,7 @@ header_decode_two_bytes_two_sent_active(Config) when is_list(Config) ->
Server = ssl_test_lib:start_server([{node, ClientNode}, {port, 0},
{from, self()},
{mfa, {?MODULE, server_header_decode_active,
- [Data, [$H, $e]]}},
+ [Data, [$H, $e | <<>>]]}},
{options, [{active, true}, binary,
{header,2}|ServerOpts]}]),
@@ -1697,7 +1697,7 @@ header_decode_two_bytes_two_sent_active(Config) when is_list(Config) ->
{host, Hostname},
{from, self()},
{mfa, {?MODULE, client_header_decode_active,
- [Data, [$H, $e]]}},
+ [Data, [$H, $e | <<>>]]}},
{options, [{active, true}, {header, 2},
binary | ClientOpts]}]),
@@ -1765,8 +1765,8 @@ header_decode_one_byte_passive(Config) when is_list(Config) ->
{from, self()},
{mfa, {?MODULE, client_header_decode_passive,
[Data, [11 | <<"Hello world">> ]]}},
- {options, [{active, false}, {header, 1},
- binary | ClientOpts]}]),
+ {options, [{active, false}, binary, {header, 1}
+ | ClientOpts]}]),
ssl_test_lib:check_result(Server, ok, Client, ok),
@@ -1822,7 +1822,7 @@ header_decode_two_bytes_two_sent_passive(Config) when is_list(Config) ->
Server = ssl_test_lib:start_server([{node, ClientNode}, {port, 0},
{from, self()},
{mfa, {?MODULE, server_header_decode_passive,
- [Data, [$H, $e]]}},
+ [Data, [$H, $e | <<>>]]}},
{options, [{active, false}, binary,
{header,2}|ServerOpts]}]),
@@ -1831,7 +1831,7 @@ header_decode_two_bytes_two_sent_passive(Config) when is_list(Config) ->
{host, Hostname},
{from, self()},
{mfa, {?MODULE, client_header_decode_passive,
- [Data, [$H, $e]]}},
+ [Data, [$H, $e | <<>>]]}},
{options, [{active, false}, {header, 2},
binary | ClientOpts]}]),
@@ -2124,10 +2124,14 @@ client_header_decode_passive(Socket, Packet, Result) ->
%% option and the bitsynax makes it obsolete!
check_header_result([Byte1 | _], [Byte1]) ->
ok;
+check_header_result([Byte1 | _], [Byte1| <<>>]) ->
+ ok;
check_header_result([Byte1, Byte2 | _], [Byte1, Byte2]) ->
ok;
-check_header_result(_,Got) ->
- exit({?LINE, Got}).
+check_header_result([Byte1, Byte2 | _], [Byte1, Byte2 | <<>>]) ->
+ ok;
+check_header_result(Expected,Got) ->
+ exit({?LINE, {Expected, Got}}).
server_line_packet_decode(Socket, Packet) when is_binary(Packet) ->
[L1, L2] = string:tokens(binary_to_list(Packet), "\n"),
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-30 02:18:14 +0000