aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src/ssl_connection.erl
AgeCommit message (Collapse)Author
2013-05-08ssl, public_key, crypto: General generate_key and compute_key functionsIngela Anderton Andin
2013-05-08ssl: Improve extention handlingIngela Anderton Andin
2013-05-08ssl & public_key: API refinementIngela Anderton Andin
Change API so public_key:generate_key/compute_key are only called with "public_key arguments" otherwhise crypto functions can be called explicitly.
2013-05-08ssl: Remove dependency on internal public_key functionIngela Anderton Andin
Avoid unneccessary conversion as the input format is an oid (according to ASN1 spec) we do not need to handle it as an atom in ssl.
2013-05-08ssl & public_key: Improved handling ECDH keysIngela Anderton Andin
2013-05-08ssl & public_key: New public_key API for DH/ECDH/SRP keysIngela Anderton Andin
2013-05-08SSL: add Elliptic Curve support for ssl appAndreas Schultz
2013-04-12fix srp_anon ciphers suites requiring certificates to work.Andreas Schultz
This problem was not caught by the test suites since all PSK and SRP suites where always tested with certificates. Split those tests into test with and without certificates.
2013-04-03ssl: Use new SRP crypto APIIngela Anderton Andin
2013-03-28SSL: add TLS-SRP (RFC 5054) cipher suitesAndreas Schultz
2013-03-28SSL: add TLS PSK (RFC 4279 and RFC 5487) cipher suitesAndreas Schultz
2013-03-25Added comment about proxy certificatesFredrik Gustafsson
2013-03-21Fix ssl_connection to support reading proxy/chain certificatesValentin Kuznetsov
2013-03-06ssl: Handle next protocol negotiation when reusing a session.Ingela Anderton Andin
2013-03-05ssl: Clean code thanks to dialyzerIngela Anderton Andin
2013-03-05ssl: Check that negotiated version is a supported version.Ingela Anderton Andin
2013-02-20ssl: Fatal close alert makes more sense than handshake failiure at econnabortedIngela Anderton Andin
2013-02-18ssl: Further error handling enhancmentsIngela Anderton Andin
follow up enhancments done in commit e56167dd6ca8d37d26ea7f19933691a3bda41113 Make sure format_error return good strings. Replace confusing legacy atoms with more descriptive atoms.
2013-02-12ssl: Generalize cb_info optionIngela Anderton Andin
2013-01-23ssl: Remove unnecessary construction of a return valueKostis Sagonas
2013-01-22Merge branch 'ia/ssl/incompatible-error-msg/OTP-10451'Ingela Anderton Andin
* ia/ssl/incompatible-error-msg/OTP-10451: ssl: Enhance error handling
2013-01-21ssl: Enhance error handlingIngela Anderton Andin
Remove filter mechanisms that made error messages backwards compatible with old ssl but hid information about what actually happened. This does not break the documented API however other reason terms may be returned, so code that matches on the reason part of {error, Reason} may fail.
2013-01-17SSL: simplify server key encoding, decoding and signature handlingAndreas Schultz
server key encoding depends to the negotiated key exchange. Before the encoding was limited to diffie-hellman keys. This changes allows to select the key structure to decode and verify. It also consolidates the transport encoding of the parameters into one place.
2013-01-17SSL: unify the different implementations signature check implementationsAndreas Schultz
ssl_handshake and ssl_connection where doing essentially the same when checking a public key signature. This unify both into a single function
2012-12-06Merge branch 'maint'Ingela Anderton Andin
Conflicts: erts/emulator/sys/vxworks/sys.c erts/vsn.mk lib/ssl/src/ssl_connection.erl lib/ssl/test/ssl_basic_SUITE.erl
2012-12-06ssl: Cancel non expired timersIngela Anderton Andin
2012-12-06ssl: Fix recv after timeout expiredIngela Anderton Andin
Reset state so that "recv data" is not sent as "active data" after a recv timed out and no new recv has been called.
2012-12-06ssl: Timeout handling changed so that the fsm-process will terminate if the ↵Ingela Anderton Andin
ssl:ssl_accept/[2,3] or ssl:connect/[3,4] timeout expires. Add missing function clause to handle timeout during handshake. The missing clause had the effect that the timeout was wrongly discarded. Also add an extra test case for the recv timeout in addition to the one in ssl_packet_SUITE. The missing functions clause was introduced in 8a789189. This commit changed the timeout implementation, the previous implememtation could cause other type of problems as the timeout was client side.
2012-11-19Merge remote branch 'upstream/maint'Ingela Anderton Andin
2012-11-19ssl: Fix bug in match expression found by DialyzerIngela Anderton Andin
Code should handle case the there is some undelivered data left on the socket when peer close signal is received. It is unlikely that this happens during normal testing.
2012-11-14Merge remote branch 'upstream/maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/ssl_connection.erl
2012-11-13ssl: Make sure that the ssl connection process will not hang in terminate ↵Ingela Anderton Andin
function. Avoid doing gen_tcp/inet socket operations in terminate if socket is already closed. Call gen_tcp:recv/3 in the "data delivery workaround" to avoid hanging.
2012-11-09Merge remote branch 'upstream/maint'Ingela Anderton Andin
* upstream/maint: ssl: Do not use gen_fsm:sync_send_all_state_event/3 timeout
2012-11-09ssl: Do not use gen_fsm:sync_send_all_state_event/3 timeoutIngela Anderton Andin
The gen_fsm:sync_send_all_state_event/3 timout is a client side timeout. If timeouts are needed we want them to be server side timeouts.
2012-10-01ssl: Improve #sslsocket{} APIIngela Anderton Andin
A #sslsocket{} contains the fsm pid and value that was previously set to old_ssl or new_ssl to make the transition period smoother. Now that old ssl is not supported any more we use this field to store the inet socket reference instead. This enables some API functions to return quicker as they do not need to communicate with the fsm-process.
2012-09-20ssl: Dialyzer fixes and code cleaningIngela Anderton Andin
Types in a record where wrongly type specified, did not include undefined. Make them comments for now, maybe we will specify internal records with dialyzer types later, but as the other record fields are not specified at the moment, with dialyzer types, make the code consistent.
2012-09-20ssl: Support for SSL Next Protocol NegotiationBen Murphy
* http://technotes.googlecode.com/git/nextprotoneg.html
2012-08-23ssl: Clean up of code thanks to dialyzerIngela Anderton Andin
2012-08-22ssl: Use crypto:strong_rand_bytes if possibleIngela Anderton Andin
2012-08-22ssl & public_key: Add use of more "sha-rsa oids"Ingela Anderton Andin
2012-08-22ssl: Fix inet header option to behave as in inetIngela Anderton Andin
This options is useless and should be deprecated. But we behave as inet does for now!
2012-08-22ssl: TLS 1.2: fix hash and signature handlingAndreas Schultz
with TLS 1.2 the hash and signature on a certify message can differ from the defaults. So we have to make sure to always use the hash and signature algorithm indicated in the handshake message
2012-08-22ssl: Add Signature Algorithms hello extension from TLS 1.2Andreas Schultz
This is also avoids triggering some bugs in OpenSSL.
2012-08-22ssl: Signture type bugIngela Anderton Andin
2012-08-22ssl: Make signature handling version dependantAndreas Schultz
TLS 1.2 introduces changes on how signatures are calculate and encoded. This makes the signature handling version aware
2012-08-22ssl: Fix PRF logicIngela Anderton Andin
2012-08-22ssl: make PRF function selectableAndreas Schultz
TLS 1.2 allows to negotiate the used PRF, additional the default PRF uses a different hash. This change make the PRF selectable and hardwires the PRF for TLS < 1.2
2012-08-22ssl: Add TLS version paramter to verify_dh_paramsAndreas Schultz
dh parameter verification is done differently with TLS 1.2. Prepare for that by passing the verion to verify_dh_params.
2012-08-22ssl: Add TLS version to dec_hs/2Andreas Schultz
TLS 1.2 changes the layout of several handshake records. This adds the TLS version to dec_hs/2 so it can decode those.
2012-08-22ssl: Add TLS version to ssl_handshake:key_exchange/3Andreas Schultz
TLS 1.2 changed the way digital signatures are done. key_exchange/3 needs to pass the version to it.