aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/doc
AgeCommit message (Collapse)Author
2012-04-25Improved explanation of depth optionIngela Anderton Andin
2012-04-01Prepare releaseOTP_R15B01Erlang/OTP
2012-03-30Update copyright yearsBjörn-Egil Dahlberg
2012-03-26Merge branch 'as/ssl-tls-prf-function' into maintGustav Simonsson
* as/ssl-tls-prf-function: Some protocols (e.g. EAP-PEAP, EAP-TLS, EAP-TTLS) that use TLS as transport layer need to generate additional application specific key material One way to generate such material is to use the TLS PRF and key material from the TLS session itself OTP-10024
2012-03-05Some protocols (e.g. EAP-PEAP, EAP-TLS, EAP-TTLS) that use TLS asAndreas Schultz
transport layer need to generate additional application specific key material. One way to generate such material is to use the TLS PRF and key material from the TLS session itself. This change makes it possible to use a TLS sessions PRF either with the session internal or caller supplied key material to generate additional key material.
2012-02-28Remove/add extra/missing white spacesRicardo Catalinas Jiménez
2011-12-12Prepare releaseErlang/OTP
2011-11-01Added PKCS-8 support in sslIngela Anderton Andin
2011-10-06Merge branch 'ia/ssl/remove-old-ssl/OTP-7048'Ingela Anderton Andin
* ia/ssl/remove-old-ssl/OTP-7048: Remove old ssl implementation and deprecated function ssl:peercert/1 Conflicts: lib/ssl/test/Makefile
2011-10-06Merge branch 'ia/ssl/dist-more-tests'Ingela Anderton Andin
* ia/ssl/dist-more-tests: Better option handling Improve code structure Remove ssl_prim calls that are remains from the old ssl distribution Add payload test
2011-10-04Merge branch 'dev' into majorBjörn-Egil Dahlberg
2011-10-04Better option handlingIngela Anderton Andin
Also cleaned up old gaurds.
2011-10-04Prepare releaseOTP_R14B04Erlang/OTP
2011-09-29Update copyright yearsBjörn-Egil Dahlberg
2011-09-28Merge branch 'dev' into majorIngela Anderton Andin
2011-09-28Corrected documentation bugIngela Anderton Andin
2011-09-16Remove old ssl implementation and deprecated function ssl:peercert/1Ingela Anderton Andin
2011-09-09First fully working versionIngela Anderton Andin
2011-08-08replace "a ssl" with "an ssl"Christian von Roques
2011-08-08Trivial documentation fixesChristian von Roques
2011-06-27Handle inet:getopts/2 and inet:setopts/2 crashesIngela Anderton Andin
2011-05-16OTP-9094: [httpc] Add support for upload body streaming (PUT and POST).Micael Karlberg
Filipe David Manana OTP-9114: [ftp] Added (type) spec for all exported functions. OTP-9123: mod_esi:deliver/2 made to accept binary data. Bernard Duggan OTP-9124: [httpd] Prevent XSS in error pages. Michael Santos OTP-9131: [httpd] Wrong security property names used in documentation. Garrett Smith OTP-9157: [httpd] Improved error messages. Ricardo Catalinas Jim�nez OTP-9158: [httpd] Fix timeout message generated by mod_esi. Bernard Duggan OTP-9202: [httpd] Extended support for file descriptors. Attila Rajmund Nohl OTP-9230: The default ssl kind has now been changed to essl. OTP-9246: [httpc] httpc manager crash because of a handler retry race condition. Merge branch 'bmk/inets/inet56_integration' into dev
2011-05-12Calling gen_tcp:connect with option {ip, {127,0,0,1}} results in an exit withMicael Karlberg
reason badarg. Neither SSL nor INETS catches this, resulting in crashes with incomprehensible reasons. OTP-9289
2011-05-05Spec correctionsIngela Anderton Andin
2011-04-29Changed iolist() to iodata()Ingela Anderton Andin
ssl:send/2 takes iodata() as a second argument. erlang:iolist_to_binary should really be called erlang:iodata_to_binary which caused the mismatch in the first place.
2011-04-21Fixed blunder in year tagIngela Anderton Andin
2011-04-20Added missing path validation error to documentationIngela Anderton Andin
2011-03-14Prepare releaseOTP_R14B02Erlang/OTP
2011-03-11Update copyright yearsBjörn-Egil Dahlberg
2011-03-07Add the option { hibernate_after, int() } to ssl:connect and ssl:listenJeroen Koops
When making an SSL connection (either as client or as server), the process implementing the connection may use as much as hundreds of kilobytes of memory, even when idle. This is problematic for any application maintaining more than just a few SSL connections. This patch introduces the option { hibernate_after, int() } to the ssl:connect and ssl:listen functions, making the SSL connection process go into hibernation after the specified number of milliseconds of inactivity. This will reduce the memory used by the process to just a few hundred bytes, making applications with thousands or more SSL connections feasible, as long as most of the connections are idle for most of the time (which is typically the case). The approach of making the process go into hibernation only after some time of inactivity was chosen because hibernation incurs some CPU usage, and it is therefore not desirable for a process to hibernate after each call.
2011-01-20Merge branch 'maint-r14' into devIngela Anderton Andin
2011-01-17Update release notesErlang/OTP
2011-01-10Fixed Dialyzer specsIngela Anderton Andin
------------------------------------------------------------------------- ssl's published documentation states: ssl_accept(ListenSocket) -> ssl_accept(ListenSocket, Timeout) -> ok | {error, Reason} (see http://www.erlang.org/doc/man/ssl.html#ssl_accept-1) while its code has the specs: -spec ssl_accept(#sslsocket{}) -> {ok, #sslsocket{}} | {error, reason()}. -spec ssl_accept(#sslsocket{}, list() | timeout()) -> {ok, #sslsocket{}} | {error, reason()}. One of the two cannot be right. This should be fixed. Moreover, I do not see why the spec just mentions list() for the options when the documentation explicitly mentions the options of ssl. Kostis ---------------------------------------------------------------------
2010-12-17Update release notesErlang/OTP
2010-12-06Prepare releaseErlang/OTP
2010-11-29Fixed broken links in the documentation and dialyzer warningsIngela Anderton Andin
2010-10-07Anonymous cipher suitesIngela Anderton Andin
For testing purposes ssl now also support some anonymous cipher suites when explicitly configured to do so. Also moved session cache tests to its own suite, so that timeout of end_per_testcase when the mnesia is used as session cache will not affect other test cases.
2010-09-29Prepare releaseErlang/OTP
2010-09-29Merge branch 'ia/ssl-and-public_key/verify_fun_peer_awarness/OTP-8873' into ↵Erlang/OTP
maint-r14 * ia/ssl-and-public_key/verify_fun_peer_awarness/OTP-8873: Peer awarness
2010-09-29Peer awarnessIngela Anderton Andin
Changed the verify fun so that it differentiate between the peer certificate and CA certificates by using valid_peer or valid as the second argument to the verify fun. It may not always be trivial or even possible to know when the peer certificate is reached otherwise.
2010-09-24Backwards compatibilityIngela Anderton Andin
Changed implementation to retain backwards compatibility for old option {verify, 0} that shall be equivalent to {verify, verify_none}, also separate the cases unknown CA and selfsigned peer cert, and restored return value of deprecated function public_key:pem_to_der/1.
2010-09-13Prepare releaseOTP_R14BErlang/OTP
2010-09-10Improved certificate extension handlingIngela Anderton Andin
Added the functionality so that the verification fun will be called when a certificate is considered valid by the path validation to allow access to eachs certificate in the path to the user application. Removed clause that only check that a extension is not critical, it does alter the verification rusult only withholds information from the application. Try to verify subject-AltName, if unable to verify it let application try.
2010-09-09Updated documentation for ssl-4.0.1Ingela Anderton Andin
2010-07-26Fix minor typos and errors in documentationCristian Greco
2010-06-22Refreshed documentation to reflect the change of default implementation.Ingela Anderton Andin
Started to improve code documentation by using -spec directive, and some small refactorings to avoid ugly code.
2010-06-11OTP-8695 New ssl defaultIngela Anderton Andin
Ssl has now switched default implementation and removed deprecated certificate handling. All certificate handling is done by the public_key application.
2010-06-11OTP-8695 New ssl defaultIngela Anderton Andin
Ssl has now switched default implementation and removed deprecated certificate handling. All certificate handling is done by the public_key application.
2010-06-08Move dsa ticket to r14a releaseIngela Anderton Andin
(This is the merge of r13 version to r14_dev)
2010-06-08Updated for ssl-3.11.1Ingela Anderton Andin