aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/doc/src/ssl.xml
AgeCommit message (Collapse)Author
2012-03-26Merge branch 'as/ssl-tls-prf-function' into maintGustav Simonsson
* as/ssl-tls-prf-function: Some protocols (e.g. EAP-PEAP, EAP-TLS, EAP-TTLS) that use TLS as transport layer need to generate additional application specific key material One way to generate such material is to use the TLS PRF and key material from the TLS session itself OTP-10024
2012-03-05Some protocols (e.g. EAP-PEAP, EAP-TLS, EAP-TTLS) that use TLS asAndreas Schultz
transport layer need to generate additional application specific key material. One way to generate such material is to use the TLS PRF and key material from the TLS session itself. This change makes it possible to use a TLS sessions PRF either with the session internal or caller supplied key material to generate additional key material.
2012-02-28Remove/add extra/missing white spacesRicardo Catalinas Jiménez
2011-11-01Added PKCS-8 support in sslIngela Anderton Andin
2011-10-06Merge branch 'ia/ssl/remove-old-ssl/OTP-7048'Ingela Anderton Andin
* ia/ssl/remove-old-ssl/OTP-7048: Remove old ssl implementation and deprecated function ssl:peercert/1 Conflicts: lib/ssl/test/Makefile
2011-09-28Corrected documentation bugIngela Anderton Andin
2011-09-16Remove old ssl implementation and deprecated function ssl:peercert/1Ingela Anderton Andin
2011-08-08replace "a ssl" with "an ssl"Christian von Roques
2011-08-08Trivial documentation fixesChristian von Roques
2011-06-27Handle inet:getopts/2 and inet:setopts/2 crashesIngela Anderton Andin
2011-05-05Spec correctionsIngela Anderton Andin
2011-04-29Changed iolist() to iodata()Ingela Anderton Andin
ssl:send/2 takes iodata() as a second argument. erlang:iolist_to_binary should really be called erlang:iodata_to_binary which caused the mismatch in the first place.
2011-04-21Fixed blunder in year tagIngela Anderton Andin
2011-04-20Added missing path validation error to documentationIngela Anderton Andin
2011-03-07Add the option { hibernate_after, int() } to ssl:connect and ssl:listenJeroen Koops
When making an SSL connection (either as client or as server), the process implementing the connection may use as much as hundreds of kilobytes of memory, even when idle. This is problematic for any application maintaining more than just a few SSL connections. This patch introduces the option { hibernate_after, int() } to the ssl:connect and ssl:listen functions, making the SSL connection process go into hibernation after the specified number of milliseconds of inactivity. This will reduce the memory used by the process to just a few hundred bytes, making applications with thousands or more SSL connections feasible, as long as most of the connections are idle for most of the time (which is typically the case). The approach of making the process go into hibernation only after some time of inactivity was chosen because hibernation incurs some CPU usage, and it is therefore not desirable for a process to hibernate after each call.
2011-01-10Fixed Dialyzer specsIngela Anderton Andin
------------------------------------------------------------------------- ssl's published documentation states: ssl_accept(ListenSocket) -> ssl_accept(ListenSocket, Timeout) -> ok | {error, Reason} (see http://www.erlang.org/doc/man/ssl.html#ssl_accept-1) while its code has the specs: -spec ssl_accept(#sslsocket{}) -> {ok, #sslsocket{}} | {error, reason()}. -spec ssl_accept(#sslsocket{}, list() | timeout()) -> {ok, #sslsocket{}} | {error, reason()}. One of the two cannot be right. This should be fixed. Moreover, I do not see why the spec just mentions list() for the options when the documentation explicitly mentions the options of ssl. Kostis ---------------------------------------------------------------------
2010-11-29Fixed broken links in the documentation and dialyzer warningsIngela Anderton Andin
2010-10-07Anonymous cipher suitesIngela Anderton Andin
For testing purposes ssl now also support some anonymous cipher suites when explicitly configured to do so. Also moved session cache tests to its own suite, so that timeout of end_per_testcase when the mnesia is used as session cache will not affect other test cases.
2010-09-29Merge branch 'ia/ssl-and-public_key/verify_fun_peer_awarness/OTP-8873' into ↵Erlang/OTP
maint-r14 * ia/ssl-and-public_key/verify_fun_peer_awarness/OTP-8873: Peer awarness
2010-09-29Peer awarnessIngela Anderton Andin
Changed the verify fun so that it differentiate between the peer certificate and CA certificates by using valid_peer or valid as the second argument to the verify fun. It may not always be trivial or even possible to know when the peer certificate is reached otherwise.
2010-09-24Backwards compatibilityIngela Anderton Andin
Changed implementation to retain backwards compatibility for old option {verify, 0} that shall be equivalent to {verify, verify_none}, also separate the cases unknown CA and selfsigned peer cert, and restored return value of deprecated function public_key:pem_to_der/1.
2010-09-10Improved certificate extension handlingIngela Anderton Andin
Added the functionality so that the verification fun will be called when a certificate is considered valid by the path validation to allow access to eachs certificate in the path to the user application. Removed clause that only check that a extension is not critical, it does alter the verification rusult only withholds information from the application. Try to verify subject-AltName, if unable to verify it let application try.
2010-09-09Updated documentation for ssl-4.0.1Ingela Anderton Andin
2010-06-22Refreshed documentation to reflect the change of default implementation.Ingela Anderton Andin
Started to improve code documentation by using -spec directive, and some small refactorings to avoid ugly code.
2010-06-11OTP-8695 New ssl defaultIngela Anderton Andin
Ssl has now switched default implementation and removed deprecated certificate handling. All certificate handling is done by the public_key application.
2009-12-10Cleaned up docsDan Gudmundsson
2009-11-20The R13B03 release.OTP_R13B03Erlang/OTP