| Age | Commit message (Collapse) | Author |
|---|
|
Data to sign and verify should be inputed as binaries.
Also cleaned up and moved some dialyzer specs.
|
|
Also changed alert to BAD_RECORD_MAC as:
"differentiating between bad_record_mac and decryption_failed alerts
may permit certain attacks against CBC mode as used in TLS
[CBCATT]. It is preferable to uniformly use the bad_record_mac
alert to hide the specific type of the error."
Also cleaned up the code and changed a few other alert reasons in
according to alert descriptions in the TLS RFC 4346. And added function
terminate_alert/3 so that we can differentiate between a crash
in ssl (a bug in our code) and a crash in the application using ssl.
|
|
Also fixed incorrect dialyzer spec.
|
|
For testing purposes ssl now also support some anonymous cipher suites
when explicitly configured to do so.
Also moved session cache tests to its own suite, so that timeout
of end_per_testcase when the mnesia is used as session cache will
not affect other test cases.
|
|
* ia/ssl-interop/OTP-8740:
Do not check the padding for TLS 1.0
|
|
Cleaned up and documented the public_key API to
make it useful for general use.
|
|
For interoperability reasons we do not check the padding in TLS 1.0 as
it is not strictly required and breaks interopability with for
instance Google.
|
|
|
|
New ssl now support client/server-certificates signed by dsa keys.
|
|
|
|
|
|
|
|
future.
|
|
|
