| Age | Commit message (Collapse) | Author |
|---|
|
|
|
it before sending the fatal alert, even though documentation suggests
the socket will be flushed on linux as an effect of setting the nodelay option.
|
|
|
|
|
|
|
|
|
|
|
|
New ssl now supports secure renegotiation as described by RFC 5746.
|
|
Alert handling has been improved to better handle unexpected but valid
messages and the implementation is also changed to avoid timing related
issues that could cause different error messages depending on network
latency. Packet handling was sort of broken but would mostly work as
expected when socket was in binary mode. This has now been fixed.
|
|
|
|
|
|
|
|
New ssl now properly handles ssl renegotiation, and initiates a
renegotiation if ssl/ltls-sequence numbers comes close to the max value.
|
|
When gen_tcp is configured with the {packet,http} option, it
automatically switches to expect HTTP Headers after a HTTP
Request/Response line has been received. This update fixes ssl to
behave in the same way.
|
|
|
|
The SSL handshake fails when an ssl server is configured with the
'fail_if_no_peer_cert' option and a valid client sends its certificate
as instructed. On the server-side ssl:ssl_accept/2 will return
{error,esslerrssl}, and it will send an "Unexpected Message" SSL Alert
(type 10) to the client.
|
|
hence not covered by test cases.
|
|
|
|
|
|
New ssl now properly handles ssl renegotiation, and initiates a
renegotiation if ssl/ltls-sequence numbers comes close to the max value.
|
|
|
|
packet.
|
|
|
|
|
|
With the {ssl_imp,new} option enabled, {packet,PacketType} only
works when receiving. When sending, {packet,0} is always used.
|
|
* dgud/ssl-patches-from-Wil:
Added a public_key:pkix_transform/2 instead and used it from ssl.
Minor code cleanup
new_ssl fix session reuse
Code cleanup
Send CA list during Certificate Request in new_ssl
OTP-8372 Fixed session reuse (in new_ssl), thanks Wil Tan.
Send CA list during Certificate Request (in new_ssl) , thanks Wil
Tan.
|
|
|
|
When an SSL client presents a previous session ID, the server should
either honour the request to reuse the parameters previously negotiated
for the given session ID, or ignore the request and generate a new
session ID.
In this situation, new_ssl tries to complete the handshake by sending
the client a "Finished" handshake message, which violates the SSL/TLS
specs. It should instead send a ChangeCipherSpec message before sending
the FInished message. This patch fixes it.
|
|
|
