Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-04-23 | ssl: Refactor so that there is only one source for the default hashsign values | Ingela Anderton Andin | |
Also fix DTLS call to supply its corresponding TLS version | |||
2014-04-23 | ssl: always pass negotiated version when selecting hashsign | Danil Zagoskin | |
Negotiated version is now always passed to ssl_handshake:select_hashsign because ssl_handshake:select_cert_hashsign has different rsa defaults on tlsv1.2 and older versions. | |||
2014-04-17 | ssl: recv shall ruturn {error, einval} on active socket | Ingela Anderton Andin | |
2014-03-31 | ssl: Add possibility to specify ssl options when calling ssl:ssl_accept | Ingela Anderton Andin | |
2014-03-25 | ssl: Improve type specs | Ingela Anderton Andin | |
Conflicts: lib/ssl/src/dtls_record.erl | |||
2014-02-20 | ssl: Correct clean up of certificate database when certs are inputed | Ingela Anderton Andin | |
in pure DER format. The incorrect code could cause a memory leek when certs where inputed in DER. | |||
2014-01-14 | ssl: fix elliptic curve selection in server mode | Andreas Schultz | |
The server code erroneously took the list of curves supported by the client from it's own hello extension, effectively breaking curve selection all together. Also the default fallback secp256k1 curve is not supported by all clients. secp256r1 is recommended as part of the NIST Suite B cryptographic suites. The chances are much better that all clients support it, so use that as fallback. | |||
2013-12-02 | ssl: Trap exits | Ingela Anderton Andin | |
2013-12-02 | ssl: Refactor connetion handling | Ingela Anderton Andin | |
2013-12-02 | ssl, public_key: Dialyzer fixes | Ingela Anderton Andin | |
2013-12-02 | ssl: Refactor premaster secret handling | Ingela Anderton Andin | |
2013-12-02 | ssl: Refactor connection and handshake handling | Ingela Anderton Andin | |
2013-06-04 | ssl: Structural perarparation to support DTLS | Ingela Anderton Andin | |
Also phase in tls module as main API instead of ssl. To make API clearer. As TLS is the new protocol name. Maybe keep some API functions in ssl | |||
2013-06-04 | ssl: Rename ssl_certificate_db to ssl_pkix_db for clarity | Ingela Anderton Andin | |
Conflicts: lib/ssl/src/ssl.app.src lib/ssl/src/ssl_manager.erl | |||
2013-05-24 | ssl: Remove unused `srp_parameters` type spec | Klaus Trainer | |
As the file 'lib/ssl/src/ssl_srp_primes.hrl' only contains a specification of a `srp_parameters` type that isn't exported and also isn't referenced anywhere (neither in the code nor in the documentation), the type specification (and hence the file as well) can be removed. | |||
2013-05-20 | ssl: Remove use of deprecated crypto functions | Ingela Anderton Andin | |
2013-05-08 | ssl & crypto: Generalize the remaining crypto API | Ingela Anderton Andin | |
2013-05-08 | ssl: Fix Curve selection | Ingela Anderton Andin | |
2013-05-08 | ssl, public_key, crypto: General generate_key and compute_key functions | Ingela Anderton Andin | |
2013-05-08 | ssl: Improve extention handling | Ingela Anderton Andin | |
2013-05-08 | ssl & public_key: API refinement | Ingela Anderton Andin | |
Change API so public_key:generate_key/compute_key are only called with "public_key arguments" otherwhise crypto functions can be called explicitly. | |||
2013-05-08 | ssl: Remove dependency on internal public_key function | Ingela Anderton Andin | |
Avoid unneccessary conversion as the input format is an oid (according to ASN1 spec) we do not need to handle it as an atom in ssl. | |||
2013-05-08 | ssl & public_key: Improved handling ECDH keys | Ingela Anderton Andin | |
2013-05-08 | ssl & public_key: New public_key API for DH/ECDH/SRP keys | Ingela Anderton Andin | |
2013-05-08 | SSL: add Elliptic Curve support for ssl app | Andreas Schultz | |
2013-04-12 | fix srp_anon ciphers suites requiring certificates to work. | Andreas Schultz | |
This problem was not caught by the test suites since all PSK and SRP suites where always tested with certificates. Split those tests into test with and without certificates. | |||
2013-04-03 | ssl: Use new SRP crypto API | Ingela Anderton Andin | |
2013-03-28 | SSL: add TLS-SRP (RFC 5054) cipher suites | Andreas Schultz | |
2013-03-28 | SSL: add TLS PSK (RFC 4279 and RFC 5487) cipher suites | Andreas Schultz | |
2013-03-25 | Added comment about proxy certificates | Fredrik Gustafsson | |
2013-03-21 | Fix ssl_connection to support reading proxy/chain certificates | Valentin Kuznetsov | |
2013-03-06 | ssl: Handle next protocol negotiation when reusing a session. | Ingela Anderton Andin | |
2013-03-05 | ssl: Clean code thanks to dialyzer | Ingela Anderton Andin | |
2013-03-05 | ssl: Check that negotiated version is a supported version. | Ingela Anderton Andin | |
2013-02-20 | ssl: Fatal close alert makes more sense than handshake failiure at econnaborted | Ingela Anderton Andin | |
2013-02-18 | ssl: Further error handling enhancments | Ingela Anderton Andin | |
follow up enhancments done in commit e56167dd6ca8d37d26ea7f19933691a3bda41113 Make sure format_error return good strings. Replace confusing legacy atoms with more descriptive atoms. | |||
2013-02-12 | ssl: Generalize cb_info option | Ingela Anderton Andin | |
2013-01-23 | ssl: Remove unnecessary construction of a return value | Kostis Sagonas | |
2013-01-22 | Merge branch 'ia/ssl/incompatible-error-msg/OTP-10451' | Ingela Anderton Andin | |
* ia/ssl/incompatible-error-msg/OTP-10451: ssl: Enhance error handling | |||
2013-01-21 | ssl: Enhance error handling | Ingela Anderton Andin | |
Remove filter mechanisms that made error messages backwards compatible with old ssl but hid information about what actually happened. This does not break the documented API however other reason terms may be returned, so code that matches on the reason part of {error, Reason} may fail. | |||
2013-01-17 | SSL: simplify server key encoding, decoding and signature handling | Andreas Schultz | |
server key encoding depends to the negotiated key exchange. Before the encoding was limited to diffie-hellman keys. This changes allows to select the key structure to decode and verify. It also consolidates the transport encoding of the parameters into one place. | |||
2013-01-17 | SSL: unify the different implementations signature check implementations | Andreas Schultz | |
ssl_handshake and ssl_connection where doing essentially the same when checking a public key signature. This unify both into a single function | |||
2012-12-06 | Merge branch 'maint' | Ingela Anderton Andin | |
Conflicts: erts/emulator/sys/vxworks/sys.c erts/vsn.mk lib/ssl/src/ssl_connection.erl lib/ssl/test/ssl_basic_SUITE.erl | |||
2012-12-06 | ssl: Cancel non expired timers | Ingela Anderton Andin | |
2012-12-06 | ssl: Fix recv after timeout expired | Ingela Anderton Andin | |
Reset state so that "recv data" is not sent as "active data" after a recv timed out and no new recv has been called. | |||
2012-12-06 | ssl: Timeout handling changed so that the fsm-process will terminate if the ↵ | Ingela Anderton Andin | |
ssl:ssl_accept/[2,3] or ssl:connect/[3,4] timeout expires. Add missing function clause to handle timeout during handshake. The missing clause had the effect that the timeout was wrongly discarded. Also add an extra test case for the recv timeout in addition to the one in ssl_packet_SUITE. The missing functions clause was introduced in 8a789189. This commit changed the timeout implementation, the previous implememtation could cause other type of problems as the timeout was client side. | |||
2012-11-19 | Merge remote branch 'upstream/maint' | Ingela Anderton Andin | |
2012-11-19 | ssl: Fix bug in match expression found by Dialyzer | Ingela Anderton Andin | |
Code should handle case the there is some undelivered data left on the socket when peer close signal is received. It is unlikely that this happens during normal testing. | |||
2012-11-14 | Merge remote branch 'upstream/maint' | Ingela Anderton Andin | |
Conflicts: lib/ssl/src/ssl_connection.erl | |||
2012-11-13 | ssl: Make sure that the ssl connection process will not hang in terminate ↵ | Ingela Anderton Andin | |
function. Avoid doing gen_tcp/inet socket operations in terminate if socket is already closed. Call gen_tcp:recv/3 in the "data delivery workaround" to avoid hanging. |