aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src/ssl_connection.erl
AgeCommit message (Collapse)Author
2010-09-15Corrected and added dialyzer specsIngela Anderton Andin
2010-09-07Add missed DER dh option.Ingela Anderton Andin
2010-09-06Handling of path validation errors by the applicationIngela Anderton Andin
Changed the behavior of the verify_fun option so that the application can be responsible for handling path validation errors even on the server side. Also replaced the not yet documented validate_extensions_fun to be handled by the verify_fun instead. If the verify callback fun returns {fail, Reason}, the verification process is immediately stopped and an alert is sent to the peer and the TLS/SSL handshake is terminated. If the verify callback fun returns {valid, UserState}, the verification process is continued. If the verify callback fun always returns {valid, UserState}, the TLS/SSL handshake will not be terminated with respect to verification failures and the connection will be established. The verify callback fun will also be able to verify application specific extensions.
2010-09-03DER format in APIIngela Anderton Andin
Added support for inputing certificates and keys directly in DER format these options will override the pem-file options if specified.
2010-08-31Merge branch 'dgud/ssl/handskake_client_key/OTP-8793' into devDan Gudmundsson
* dgud/ssl/handskake_client_key/OTP-8793: Fix handshake problem with multiple messages in one packet
2010-08-27Fix receiving empty packets.Dan Gudmundsson
Empty packets where not delivered from ssl, it incorrectly assumed there was no data.
2010-08-26Fix handshake problem with multiple messages in one packetDan Gudmundsson
If hello and client_key_exchange message is sent together in the same packet, ssl can't handle it and closes the connection. Also fixed compiler warning.
2010-08-24Handling of {mode, list}Ingela Anderton Andin
Fixed handling of the option {mode, list} that was broken for some packet types for instance line.
2010-08-24Correct behaviour if {packet, line} and mode list are givenThomas Lachmann
This corrects the returned data to be in list format, not binary if both {packet, line} and list are set as option.
2010-08-23Revise the public_key APIIngela Anderton Andin
Cleaned up and documented the public_key API to make it useful for general use.
2010-06-23Added more specs and changed from using own min/2 funtion to erlang:min/2.Ingela Anderton Andin
2010-06-22Refreshed documentation to reflect the change of default implementation.Ingela Anderton Andin
Started to improve code documentation by using -spec directive, and some small refactorings to avoid ugly code.
2010-06-11OTP-8695 New ssl defaultIngela Anderton Andin
Ssl has now switched default implementation and removed deprecated certificate handling. All certificate handling is done by the public_key application.
2010-06-07OTP-8587 DSA key supportIngela Anderton Andin
New ssl now support client/server-certificates signed by dsa keys.
2010-06-04Fixed handling of several ssl/tls packets arriving at the same time.Ingela Anderton Andin
This was broken during a refactoring of the code.
2010-05-28Cleaned codeIngela Anderton Andin
2010-05-28Added code to handle own alert in case MAC or padding check fails.Ingela Anderton Andin
2010-05-27Moved nodelay workaround for linux, as it seems to only work if you doIngela Anderton Andin
it before sending the fatal alert, even though documentation suggests the socket will be flushed on linux as an effect of setting the nodelay option.
2010-05-26Seems we need "nodelay socket flush" on some linux platforms after all.Ingela Anderton Andin
2010-05-25Enhancements and fixes due to coverage investegation.Ingela Anderton Andin
2010-05-21Clean up of codeIngela Anderton Andin
2010-05-21Decision not to support DH and export cipher suites and clean up.Ingela Anderton Andin
2010-05-17Removed/commented out currently dead code.Ingela Anderton Andin
2010-05-11OTP-8568 RFC -5746Ingela Anderton Andin
New ssl now supports secure renegotiation as described by RFC 5746.
2010-04-29OTP-8588 Alert and packet handling improvmentIngela Anderton Andin
Alert handling has been improved to better handle unexpected but valid messages and the implementation is also changed to avoid timing related issues that could cause different error messages depending on network latency. Packet handling was sort of broken but would mostly work as expected when socket was in binary mode. This has now been fixed.
2010-04-13We currently do not support fixed DH. Removal of dead code.Ingela Anderton Andin
2010-04-13Fixed dialyzer warningIngela Anderton Andin
2010-04-13OTP-8554 Certificate extensionsIngela Anderton Andin
2010-04-12OTP-8517 RenegotiationIngela Anderton Andin
New ssl now properly handles ssl renegotiation, and initiates a renegotiation if ssl/ltls-sequence numbers comes close to the max value.
2010-04-07Fix ssl to decode http packets in the same way as gen_tcpRory Byrne
When gen_tcp is configured with the {packet,http} option, it automatically switches to expect HTTP Headers after a HTTP Request/Response line has been received. This update fixes ssl to behave in the same way.
2010-04-07To preserve coding style of this moduleIngela Anderton Andin
2010-04-05Fix verification of ssl client when fail_if_no_peer_certRory Byrne
The SSL handshake fails when an ssl server is configured with the 'fail_if_no_peer_cert' option and a valid client sends its certificate as instructed. On the server-side ssl:ssl_accept/2 will return {error,esslerrssl}, and it will send an "Unexpected Message" SSL Alert (type 10) to the client.
2010-03-31Fixed arguments to queue:in_r in clause that is very unlikly to happen and ↵Ingela Anderton Andin
hence not covered by test cases.
2010-03-31Corrected merge errorsIngela Anderton Andin
2010-03-25OTP-7046 Support for Diffie-Hellman keyexchangeIngela Anderton Andin
2010-03-25OTP-8517 RenegotiationIngela Anderton Andin
New ssl now properly handles ssl renegotiation, and initiates a renegotiation if ssl/ltls-sequence numbers comes close to the max value.
2010-02-18Avoid crash when trying to alert the user.Dan Gudmundsson
2010-02-17OTP-8459 Do a controlled shutdown if a non ssl packet arrives as the firstDan Gudmundsson
packet.
2010-02-12Fixed ssl:setopts(Socket, binary) which was didn't work for 'new' ssl.Dan Gudmundsson
2010-02-12Fixed bug file cache bug and improved the error messages.Dan Gudmundsson
2010-02-12prepend packet size bytes in ssl:send() in new_ssl implementationYAMASHINA Hio
With the {ssl_imp,new} option enabled, {packet,PacketType} only works when receiving. When sending, {packet,0} is always used.
2010-01-19Merge branch 'dgud/ssl-patches-from-Wil' into ccase/r13b04_devErlang/OTP
* dgud/ssl-patches-from-Wil: Added a public_key:pkix_transform/2 instead and used it from ssl. Minor code cleanup new_ssl fix session reuse Code cleanup Send CA list during Certificate Request in new_ssl OTP-8372 Fixed session reuse (in new_ssl), thanks Wil Tan. Send CA list during Certificate Request (in new_ssl) , thanks Wil Tan.
2010-01-12Minor code cleanupDan Gudmundsson
2010-01-12new_ssl fix session reuseWil Tan
When an SSL client presents a previous session ID, the server should either honour the request to reuse the parameters previously negotiated for the given session ID, or ignore the request and generate a new session ID. In this situation, new_ssl tries to complete the handshake by sending the client a "Finished" handshake message, which violates the SSL/TLS specs. It should instead send a ChangeCipherSpec message before sending the FInished message. This patch fixes it.
2009-11-20The R13B03 release.OTP_R13B03Erlang/OTP