Age | Commit message (Collapse) | Author |
|
New ssl now supports secure renegotiation as described by RFC 5746.
|
|
Alert handling has been improved to better handle unexpected but valid
messages and the implementation is also changed to avoid timing related
issues that could cause different error messages depending on network
latency. Packet handling was sort of broken but would mostly work as
expected when socket was in binary mode. This has now been fixed.
|
|
Temporary set the inet options on listen socket before doing accept
so that the correct options will be inherited by the accept socket.
Reset the options afterwards so that repeated use of listen socket
get user set values.
|
|
is not false.
|
|
|
|
|
|
A badmatch exception is thrown from ssl:transport_accept/2 when
ssl:close/1 is called on the socket. This fixes it to return
{error,closed} as expected.
|
|
Using certain valid options in the new ssl implementation results
in badarg exceptions. This happens for one documented option
'fail_if_no_peer_cert' and two undocumented options
'verify_client_once' and 'cb_info'.
|
|
|
|
New ssl now properly handles ssl renegotiation, and initiates a
renegotiation if ssl/ltls-sequence numbers comes close to the max value.
|
|
* yh/packet_option_for_new_ssl_send:
Fixed ssl:setopts(Socket, binary) which was didn't work for 'new' ssl.
Fixed bug file cache bug and improved the error messages.
Allow <c>ssl:listen/2</c> to be called with option {ssl_imp, old}.
prepend packet size bytes in ssl:send() in new_ssl implementation
OTP-8441 ssl:send/2 ignored packet option, fix provided by YAMASHINA Hio.
Fixed a file cache bug which caused problems when the same file
was used for both cert and cacert.
Allow ssl:listen/2 to be called with option {ssl_imp, old}.
Fixed ssl:setopts(Socket, binary) which didn't work for 'new'
ssl..
|
|
|
|
|
|
|