Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-09-09 | ssl, public_key: Add new option partial_chain | Ingela Anderton Andin | |
Check that the certificate chain ends with a trusted ROOT CA e.i. a self-signed certificate, but provide an option partial_chain to enable the application to define an intermediat CA as trusted. TLS RFC says: "unknown_ca A valid certificate chain or partial chain was received, but the certificate was not accepted because the CA certificate could not be located or couldn't be matched with a known, trusted CA. This message is always fatal." and also states: "certificate_list This is a sequence (chain) of certificates. The sender's certificate MUST come first in the list. Each following certificate MUST directly certify the one preceding it. Because certificate validation requires that root keys be distributed independently, the self-signed certificate that specifies the root certificate authority MAY be omitted from the chain, under the assumption that the remote end must already possess it in order to validate it in any case." X509 RFC says: "The selection of a trust anchor is a matter of policy: it could be the top CA in a hierarchical PKI, the CA that issued the verifier's own certificate(s), or any other CA in a network PKI. The path validation procedure is the same regardless of the choice of trust anchor. In addition, different applications may rely on different trust anchors, or may accept paths that begin with any of a set of trust anchors." | |||
2014-08-25 | Fix misspellings of 'another' | Tuncer Ayaz | |
2014-06-19 | Prepare release | Erlang/OTP | |
2014-04-07 | Update release notes | Erlang/OTP | |
2014-03-31 | ssl: Add possibility to specify ssl options when calling ssl:ssl_accept | Ingela Anderton Andin | |
2014-03-03 | ssl: Improved documentation of the cacertfile option | Ingela Anderton Andin | |
2014-01-28 | Merge branch 'ia/Vagabond/adt-honor-cipher-order/OTP-11621' | Ingela Anderton Andin | |
* ia/Vagabond/adt-honor-cipher-order/OTP-11621: Implement 'honor_cipher_order' SSL server-side option | |||
2014-01-24 | Merge tag 'OTP_R16B03-1' | Magnus Lidén | |
The R16B03-1 release | |||
2014-01-24 | Prepare releaseOTP_R16B03-1 | Erlang/OTP | |
2014-01-21 | Implement 'honor_cipher_order' SSL server-side option | Andrew Thompson | |
HonorCipherOrder as implemented in Apache, nginx, lighttpd, etc. This instructs the server to prefer its own cipher ordering rather than the client's and can help protect against things like BEAST while maintaining compatability with clients which only support older ciphers. This code is mostly written by Andrew Thompson, only the test case was added by Andreas Schultz. | |||
2013-12-10 | Merge tag 'OTP_R16B03' | Magnus Lidén | |
The R16B03 release Conflicts: lib/sasl/vsn.mk | |||
2013-12-09 | Prepare releaseOTP_R16B03 | Erlang/OTP | |
2013-11-20 | Merge branch 'maint' | Hans Nilsson | |
2013-11-19 | ftp,ssl: Fixes broken type link (ssloption). | Hans Nilsson | |
2013-11-11 | Merge branch 'maint' | Fredrik Gustafsson | |
2013-11-06 | Update documentation | Julien Barbot | |
2013-11-06 | Add a new server_name_indication option to ssl:connect | Julien Barbot | |
- Set to disable to explicitly disable SNI support. - Set to a hostname when upgrading from TCP to TLS. | |||
2013-11-06 | Add SSL Server Name Indication (SNI) client support | Julien Barbot | |
See RFC 6066 section 3 | |||
2013-11-04 | Merge branch 'maint' | Fredrik Gustafsson | |
2013-11-01 | Fix client_preferred_next_protocols documentation | Julien Barbot | |
2013-09-17 | Merge tag 'OTP_R16B02' | Magnus Lidén | |
The R16B02 release Conflicts: lib/sasl/vsn.mk | |||
2013-09-16 | Prepare releaseOTP_R16B02 | Erlang/OTP | |
2013-08-28 | Merge branch 'maint' | Fredrik Gustafsson | |
2013-08-27 | ssl: documentation regarding log_alert | Fredrik Gustafsson | |
2013-08-23 | Merge branch 'maint' | Fredrik Gustafsson | |
2013-08-23 | Merge branch 'maint-r15' into maint-r16 | Fredrik Gustafsson | |
Conflicts: lib/inets/doc/src/notes.xml lib/inets/src/http_lib/http_transport.erl lib/inets/src/inets_app/inets.appup.src lib/inets/vsn.mk lib/ssl/doc/src/notes.xml lib/ssl/src/ssl.appup.src lib/ssl/src/ssl.erl lib/ssl/src/ssl_internal.hrl lib/ssl/src/tls_connection.erl lib/ssl/vsn.mk | |||
2013-08-21 | Update release notes | Erlang/OTP | |
2013-06-18 | Merge tag 'OTP_R16B01' | Björn-Egil Dahlberg | |
The R16B01 release Conflicts: lib/sasl/vsn.mk | |||
2013-06-17 | Prepare releaseOTP_R16B01 | Erlang/OTP | |
2013-05-08 | Merge remote-tracking branch 'upstream/maint' | Ingela Anderton Andin | |
Conflicts: lib/crypto/doc/src/crypto_app.xml | |||
2013-05-08 | crypto: Deprecate functions, update doc and specs | Ingela Anderton Andin | |
2013-05-08 | SSL: add Elliptic Curve support for ssl app | Andreas Schultz | |
2013-04-19 | Convert XML files to UTF-8 | Hans Bolinder | |
2013-04-05 | ssl & crypto: Documentation enhancements | Ingela Anderton Andin | |
OTP-10450 | |||
2013-04-03 | ssl: Add option to list all available ciper suites and enhanced documentation | Ingela Anderton Andin | |
2013-03-28 | SSL: add documentation for PSK and SRP ciphers options | Andreas Schultz | |
2013-03-17 | Fix SSL Next Protocol Negotiation documentation | Julien Barbot | |
Fix inconsistencies Fix typos Fix data types definition | |||
2013-02-25 | Prepare releaseOTP_R16B | Erlang/OTP | |
2013-02-22 | ssl: Add missing option and links | Ingela Anderton Andin | |
2013-02-12 | ssl: Generalize cb_info option | Ingela Anderton Andin | |
2013-01-29 | Prepare releaseOTP_R16A_RELEASE_CANDIDATE | Erlang/OTP | |
2013-01-25 | Update copyright years | Björn-Egil Dahlberg | |
2013-01-22 | ssl: Prepare for R16 release | Ingela Anderton Andin | |
Remove very old and obsolete release notes, update version and appup. | |||
2012-12-20 | ssl: Make TLS-1.2 default version | Ingela Anderton Andin | |
2012-12-06 | Merge branch 'maint' | Ingela Anderton Andin | |
Conflicts: erts/emulator/sys/vxworks/sys.c erts/vsn.mk lib/ssl/src/ssl_connection.erl lib/ssl/test/ssl_basic_SUITE.erl | |||
2012-12-06 | Update release notes | Erlang/OTP | |
2012-11-27 | Merge tag 'OTP_R15B03' | Björn-Egil Dahlberg | |
The R15B03 release | |||
2012-11-26 | Prepare releaseOTP_R15B03 | Erlang/OTP | |
2012-09-20 | ssl: Changed default behaviour of next protocol negotiation to make | Ingela Anderton Andin | |
more "sense" (be true to the specification). | |||
2012-09-20 | ssl: Update SSL docs for SSL Next Protocol Support | Ben Murphy | |