aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src/ssl_connection.erl
AgeCommit message (Collapse)Author
2014-04-23ssl: always pass negotiated version when selecting hashsignDanil Zagoskin
Negotiated version is now always passed to ssl_handshake:select_hashsign because ssl_handshake:select_cert_hashsign has different rsa defaults on tlsv1.2 and older versions.
2014-04-17ssl: recv shall ruturn {error, einval} on active socketIngela Anderton Andin
2014-03-31ssl: Add possibility to specify ssl options when calling ssl:ssl_acceptIngela Anderton Andin
2014-03-25ssl: Improve type specsIngela Anderton Andin
Conflicts: lib/ssl/src/dtls_record.erl
2014-02-20ssl: Correct clean up of certificate database when certs are inputedIngela Anderton Andin
in pure DER format. The incorrect code could cause a memory leek when certs where inputed in DER.
2014-01-14ssl: fix elliptic curve selection in server modeAndreas Schultz
The server code erroneously took the list of curves supported by the client from it's own hello extension, effectively breaking curve selection all together. Also the default fallback secp256k1 curve is not supported by all clients. secp256r1 is recommended as part of the NIST Suite B cryptographic suites. The chances are much better that all clients support it, so use that as fallback.
2013-12-02ssl: Trap exitsIngela Anderton Andin
2013-12-02ssl: Refactor connetion handlingIngela Anderton Andin
2013-12-02ssl, public_key: Dialyzer fixesIngela Anderton Andin
2013-12-02ssl: Refactor premaster secret handlingIngela Anderton Andin
2013-12-02ssl: Refactor connection and handshake handlingIngela Anderton Andin
2013-06-04ssl: Structural perarparation to support DTLSIngela Anderton Andin
Also phase in tls module as main API instead of ssl. To make API clearer. As TLS is the new protocol name. Maybe keep some API functions in ssl
2013-06-04ssl: Rename ssl_certificate_db to ssl_pkix_db for clarityIngela Anderton Andin
Conflicts: lib/ssl/src/ssl.app.src lib/ssl/src/ssl_manager.erl
2013-05-24ssl: Remove unused `srp_parameters` type specKlaus Trainer
As the file 'lib/ssl/src/ssl_srp_primes.hrl' only contains a specification of a `srp_parameters` type that isn't exported and also isn't referenced anywhere (neither in the code nor in the documentation), the type specification (and hence the file as well) can be removed.
2013-05-20ssl: Remove use of deprecated crypto functionsIngela Anderton Andin
2013-05-08ssl & crypto: Generalize the remaining crypto APIIngela Anderton Andin
2013-05-08ssl: Fix Curve selectionIngela Anderton Andin
2013-05-08ssl, public_key, crypto: General generate_key and compute_key functionsIngela Anderton Andin
2013-05-08ssl: Improve extention handlingIngela Anderton Andin
2013-05-08ssl & public_key: API refinementIngela Anderton Andin
Change API so public_key:generate_key/compute_key are only called with "public_key arguments" otherwhise crypto functions can be called explicitly.
2013-05-08ssl: Remove dependency on internal public_key functionIngela Anderton Andin
Avoid unneccessary conversion as the input format is an oid (according to ASN1 spec) we do not need to handle it as an atom in ssl.
2013-05-08ssl & public_key: Improved handling ECDH keysIngela Anderton Andin
2013-05-08ssl & public_key: New public_key API for DH/ECDH/SRP keysIngela Anderton Andin
2013-05-08SSL: add Elliptic Curve support for ssl appAndreas Schultz
2013-04-12fix srp_anon ciphers suites requiring certificates to work.Andreas Schultz
This problem was not caught by the test suites since all PSK and SRP suites where always tested with certificates. Split those tests into test with and without certificates.
2013-04-03ssl: Use new SRP crypto APIIngela Anderton Andin
2013-03-28SSL: add TLS-SRP (RFC 5054) cipher suitesAndreas Schultz
2013-03-28SSL: add TLS PSK (RFC 4279 and RFC 5487) cipher suitesAndreas Schultz
2013-03-25Added comment about proxy certificatesFredrik Gustafsson
2013-03-21Fix ssl_connection to support reading proxy/chain certificatesValentin Kuznetsov
2013-03-06ssl: Handle next protocol negotiation when reusing a session.Ingela Anderton Andin
2013-03-05ssl: Clean code thanks to dialyzerIngela Anderton Andin
2013-03-05ssl: Check that negotiated version is a supported version.Ingela Anderton Andin
2013-02-20ssl: Fatal close alert makes more sense than handshake failiure at econnabortedIngela Anderton Andin
2013-02-18ssl: Further error handling enhancmentsIngela Anderton Andin
follow up enhancments done in commit e56167dd6ca8d37d26ea7f19933691a3bda41113 Make sure format_error return good strings. Replace confusing legacy atoms with more descriptive atoms.
2013-02-12ssl: Generalize cb_info optionIngela Anderton Andin
2013-01-23ssl: Remove unnecessary construction of a return valueKostis Sagonas
2013-01-22Merge branch 'ia/ssl/incompatible-error-msg/OTP-10451'Ingela Anderton Andin
* ia/ssl/incompatible-error-msg/OTP-10451: ssl: Enhance error handling
2013-01-21ssl: Enhance error handlingIngela Anderton Andin
Remove filter mechanisms that made error messages backwards compatible with old ssl but hid information about what actually happened. This does not break the documented API however other reason terms may be returned, so code that matches on the reason part of {error, Reason} may fail.
2013-01-17SSL: simplify server key encoding, decoding and signature handlingAndreas Schultz
server key encoding depends to the negotiated key exchange. Before the encoding was limited to diffie-hellman keys. This changes allows to select the key structure to decode and verify. It also consolidates the transport encoding of the parameters into one place.
2013-01-17SSL: unify the different implementations signature check implementationsAndreas Schultz
ssl_handshake and ssl_connection where doing essentially the same when checking a public key signature. This unify both into a single function
2012-12-06Merge branch 'maint'Ingela Anderton Andin
Conflicts: erts/emulator/sys/vxworks/sys.c erts/vsn.mk lib/ssl/src/ssl_connection.erl lib/ssl/test/ssl_basic_SUITE.erl
2012-12-06ssl: Cancel non expired timersIngela Anderton Andin
2012-12-06ssl: Fix recv after timeout expiredIngela Anderton Andin
Reset state so that "recv data" is not sent as "active data" after a recv timed out and no new recv has been called.
2012-12-06ssl: Timeout handling changed so that the fsm-process will terminate if the ↵Ingela Anderton Andin
ssl:ssl_accept/[2,3] or ssl:connect/[3,4] timeout expires. Add missing function clause to handle timeout during handshake. The missing clause had the effect that the timeout was wrongly discarded. Also add an extra test case for the recv timeout in addition to the one in ssl_packet_SUITE. The missing functions clause was introduced in 8a789189. This commit changed the timeout implementation, the previous implememtation could cause other type of problems as the timeout was client side.
2012-11-19Merge remote branch 'upstream/maint'Ingela Anderton Andin
2012-11-19ssl: Fix bug in match expression found by DialyzerIngela Anderton Andin
Code should handle case the there is some undelivered data left on the socket when peer close signal is received. It is unlikely that this happens during normal testing.
2012-11-14Merge remote branch 'upstream/maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/ssl_connection.erl
2012-11-13ssl: Make sure that the ssl connection process will not hang in terminate ↵Ingela Anderton Andin
function. Avoid doing gen_tcp/inet socket operations in terminate if socket is already closed. Call gen_tcp:recv/3 in the "data delivery workaround" to avoid hanging.
2012-11-09Merge remote branch 'upstream/maint'Ingela Anderton Andin
* upstream/maint: ssl: Do not use gen_fsm:sync_send_all_state_event/3 timeout