Age | Commit message (Collapse) | Author | |
---|---|---|---|
2015-02-06 | ssl: Improve PEM cache by validating entries | Ingela Anderton Andin | |
The PEM cache is now validated by a background process, instead of always keeping it if it is small enough and clearing it otherwhiss. That strategy required that small caches where cleared by API function if a file changes on disk. However document the clearing API function as it can still be usefull. | |||
2015-01-23 | ssl: Reenable padding check for TLS-1.0 and provide backwards compatible | Ingela Anderton Andin | |
disable option Conflicts: lib/ssl/src/ssl_cipher.erl lib/ssl/src/ssl_record.erl lib/ssl/src/tls_record.erl lib/ssl/test/ssl_cipher_SUITE.erl | |||
2014-12-09 | Prepare release | Erlang/OTP | |
2014-10-15 | Merge branch 'maint-17' into maint | Bruce Yinhe | |
Conflicts: OTP_VERSION | |||
2014-10-13 | Update release notes | Erlang/OTP | |
2014-10-03 | ssl: Fix link error in documentation | Ingela Anderton Andin | |
2014-09-15 | Update release notes | Erlang/OTP | |
2014-09-09 | ssl, public_key: Add new option partial_chain | Ingela Anderton Andin | |
Check that the certificate chain ends with a trusted ROOT CA e.i. a self-signed certificate, but provide an option partial_chain to enable the application to define an intermediat CA as trusted. TLS RFC says: "unknown_ca A valid certificate chain or partial chain was received, but the certificate was not accepted because the CA certificate could not be located or couldn't be matched with a known, trusted CA. This message is always fatal." and also states: "certificate_list This is a sequence (chain) of certificates. The sender's certificate MUST come first in the list. Each following certificate MUST directly certify the one preceding it. Because certificate validation requires that root keys be distributed independently, the self-signed certificate that specifies the root certificate authority MAY be omitted from the chain, under the assumption that the remote end must already possess it in order to validate it in any case." X509 RFC says: "The selection of a trust anchor is a matter of policy: it could be the top CA in a hierarchical PKI, the CA that issued the verifier's own certificate(s), or any other CA in a network PKI. The path validation procedure is the same regardless of the choice of trust anchor. In addition, different applications may rely on different trust anchors, or may accept paths that begin with any of a set of trust anchors." | |||
2014-08-25 | Fix misspellings of 'another' | Tuncer Ayaz | |
2014-06-19 | Prepare release | Erlang/OTP | |
2014-04-07 | Update release notes | Erlang/OTP | |
2014-03-31 | ssl: Add possibility to specify ssl options when calling ssl:ssl_accept | Ingela Anderton Andin | |
2014-03-03 | ssl: Improved documentation of the cacertfile option | Ingela Anderton Andin | |
2014-01-28 | Merge branch 'ia/Vagabond/adt-honor-cipher-order/OTP-11621' | Ingela Anderton Andin | |
* ia/Vagabond/adt-honor-cipher-order/OTP-11621: Implement 'honor_cipher_order' SSL server-side option | |||
2014-01-24 | Merge tag 'OTP_R16B03-1' | Magnus Lidén | |
The R16B03-1 release | |||
2014-01-24 | Prepare releaseOTP_R16B03-1 | Erlang/OTP | |
2014-01-21 | Implement 'honor_cipher_order' SSL server-side option | Andrew Thompson | |
HonorCipherOrder as implemented in Apache, nginx, lighttpd, etc. This instructs the server to prefer its own cipher ordering rather than the client's and can help protect against things like BEAST while maintaining compatability with clients which only support older ciphers. This code is mostly written by Andrew Thompson, only the test case was added by Andreas Schultz. | |||
2013-12-10 | Merge tag 'OTP_R16B03' | Magnus Lidén | |
The R16B03 release Conflicts: lib/sasl/vsn.mk | |||
2013-12-09 | Prepare releaseOTP_R16B03 | Erlang/OTP | |
2013-11-20 | Merge branch 'maint' | Hans Nilsson | |
2013-11-19 | ftp,ssl: Fixes broken type link (ssloption). | Hans Nilsson | |
2013-11-11 | Merge branch 'maint' | Fredrik Gustafsson | |
2013-11-06 | Update documentation | Julien Barbot | |
2013-11-06 | Add a new server_name_indication option to ssl:connect | Julien Barbot | |
- Set to disable to explicitly disable SNI support. - Set to a hostname when upgrading from TCP to TLS. | |||
2013-11-06 | Add SSL Server Name Indication (SNI) client support | Julien Barbot | |
See RFC 6066 section 3 | |||
2013-11-04 | Merge branch 'maint' | Fredrik Gustafsson | |
2013-11-01 | Fix client_preferred_next_protocols documentation | Julien Barbot | |
2013-09-17 | Merge tag 'OTP_R16B02' | Magnus Lidén | |
The R16B02 release Conflicts: lib/sasl/vsn.mk | |||
2013-09-16 | Prepare releaseOTP_R16B02 | Erlang/OTP | |
2013-08-28 | Merge branch 'maint' | Fredrik Gustafsson | |
2013-08-27 | ssl: documentation regarding log_alert | Fredrik Gustafsson | |
2013-08-23 | Merge branch 'maint' | Fredrik Gustafsson | |
2013-08-23 | Merge branch 'maint-r15' into maint-r16 | Fredrik Gustafsson | |
Conflicts: lib/inets/doc/src/notes.xml lib/inets/src/http_lib/http_transport.erl lib/inets/src/inets_app/inets.appup.src lib/inets/vsn.mk lib/ssl/doc/src/notes.xml lib/ssl/src/ssl.appup.src lib/ssl/src/ssl.erl lib/ssl/src/ssl_internal.hrl lib/ssl/src/tls_connection.erl lib/ssl/vsn.mk | |||
2013-08-21 | Update release notes | Erlang/OTP | |
2013-06-18 | Merge tag 'OTP_R16B01' | Björn-Egil Dahlberg | |
The R16B01 release Conflicts: lib/sasl/vsn.mk | |||
2013-06-17 | Prepare releaseOTP_R16B01 | Erlang/OTP | |
2013-05-08 | Merge remote-tracking branch 'upstream/maint' | Ingela Anderton Andin | |
Conflicts: lib/crypto/doc/src/crypto_app.xml | |||
2013-05-08 | crypto: Deprecate functions, update doc and specs | Ingela Anderton Andin | |
2013-05-08 | SSL: add Elliptic Curve support for ssl app | Andreas Schultz | |
2013-04-19 | Convert XML files to UTF-8 | Hans Bolinder | |
2013-04-05 | ssl & crypto: Documentation enhancements | Ingela Anderton Andin | |
OTP-10450 | |||
2013-04-03 | ssl: Add option to list all available ciper suites and enhanced documentation | Ingela Anderton Andin | |
2013-03-28 | SSL: add documentation for PSK and SRP ciphers options | Andreas Schultz | |
2013-03-17 | Fix SSL Next Protocol Negotiation documentation | Julien Barbot | |
Fix inconsistencies Fix typos Fix data types definition | |||
2013-02-25 | Prepare releaseOTP_R16B | Erlang/OTP | |
2013-02-22 | ssl: Add missing option and links | Ingela Anderton Andin | |
2013-02-12 | ssl: Generalize cb_info option | Ingela Anderton Andin | |
2013-01-29 | Prepare releaseOTP_R16A_RELEASE_CANDIDATE | Erlang/OTP | |
2013-01-25 | Update copyright years | Björn-Egil Dahlberg | |
2013-01-22 | ssl: Prepare for R16 release | Ingela Anderton Andin | |
Remove very old and obsolete release notes, update version and appup. |