Age | Commit message (Collapse) | Author |
|
We want to prepare the code for more advanced DTLS usage and possibility
to run over SCTP. First assumption was that the demultiplexer process
"dtls listener" was needed for UDP only and SCTP could be made more TLS
like. However the assumption seems not to hold. This commit prepares
for customization possibilities.
|
|
* ingela/ssl/no-sslv2-hello-support/OTP-14824:
ssl: Remove interoperability option v2_hello_compatible
|
|
|
|
Change-Id: I1249b93b1e4a971cf1af2cb96a65563e23117e2b
|
|
|
|
|
|
* raimo/ssl-dist-skip-loopback/OTP-14465:
Update runtime dependencies
Disable debug function
Pass all info's to the ssl_connection state function
Remove ssl_tls_dist_ctrl module
Remove ssl_tls_dist_ctrl process
Remove ssl_tls_dist_proxy
Avoid dialyzer warning
Separate in and out in dist ctrl
Rewrite dist ctrl from port to process
Conflicts:
lib/ssl/src/ssl.app.src
|
|
|
|
|
|
OTP-14236 requires ssl runtime dependencies to update to latest public_key.
OTP-14181 makes ssl test cases dependent on latest version latest public_key.
|
|
|
|
Change retransmissions timers to use gen_statem state timeouts. We do
not need a retransmission timer in the state connection as data traffic in
DTLS over UDP is not retransmitted. If the last flight before
transitioning into connection is lost, it will be resent when the peer
resends its last flight. This will also make hibernation testing more
straight forward.
We need more adjustments later to handle a reliable DTLS transport
such as SCTP.
|
|
The PEM cache handling has proven to be too disruptive of the manager process.
|
|
Beta DTLS, not production ready. Only very basically tested, and
not everything in the SPEC is implemented and some things
are hard coded that should not be, so this implementation can not be consider
secure.
Refactor "TLS connection state" and socket handling, to facilitate
DTLS implementation.
Create dtls "listner" (multiplexor) process that spawns
DTLS connection process handlers.
Handle DTLS fragmentation.
Framework for handling retransmissions.
Replay Detection is not implemented yet.
Alerts currently always handled as in TLS.
|
|
|
|
Due to 5268c7b957c30c31e551f197463cdd55a792ea69
|
|
* legoscia/ssl_crl_hash_dir-bis/PR-982/OTP-13530:
Skip crl_hash_dir_expired test for LibreSSL
Add ssl_crl_hash_dir module
Function for generating OpenSSL-style name hashes
Add public_key:pkix_match_dist_point
Improve formatting for crl_{check,cache} options
Add issuer arg to ssl_crl_cache_api lookup callback
Conflicts:
lib/public_key/test/public_key_SUITE.erl
|
|
|
|
This module is an implementation of the ssl_crl_cache_api behaviour.
It can be used when there is a directory containing CRLs for all
relevant CAs, in the form used by e.g. Apache. The module assumes
that the directory is being updated through an external process.
|
|
Generalise much of inet_tls_dist, so that inet6_tls_dist can reuse it.
|
|
|
|
|
|
4e0a5e36b38e3f15ed8f7d700d26f2424a47111c
|
|
|
|
Implement a listen socket tracker process that holds the emulated socket
options so that it is possible to implement a destructive ssl:setopts
on SSL/TLS listen sockets without changing the options of the internal
socket as we want that socket to have the internal socket option values.
|
|
Most dependencies introduced are exactly the dependencies to other
applications found by xref. That is, there might be real dependencies
missing. There might also be pure debug dependencies listed that
probably should be removed. Each application has to be manually
inspected in order to ensure that all real dependencies are listed.
All dependencies introduced are to application versions used in
OTP 17.0. This since the previously used version scheme wasn't
designed for this, and in order to minimize the work of introducing
the dependencies.
|
|
|
|
|
|
|
|
|
|
Also refactor so that TLS and DTLS can have common functions when possible.
|
|
Common functions will be located in ssl_handshake.erl while
specific functions will be located in tls_handshake.erl and dtls_handshake.erl
|
|
Also phase in tls module as main API instead of ssl. To
make API clearer. As TLS is the new protocol name.
Maybe keep some API functions in ssl
|
|
Conflicts:
lib/ssl/src/ssl.app.src
lib/ssl/src/ssl_manager.erl
|
|
|
|
|
|
|
|
|
|
Ssl has now switched default implementation and removed deprecated
certificate handling. All certificate handling is done by the public_key
application.
|
|
|