| Age | Commit message (Collapse) | Author |
|---|
|
* ia/ssl/incompatible-error-msg/OTP-10451:
ssl: Enhance error handling
|
|
Remove filter mechanisms that made error messages backwards compatible
with old ssl but hid information about what actually happened.
This does not break the documented API however other reason
terms may be returned, so code that matches on the reason part of
{error, Reason} may fail.
|
|
server key encoding depends to the negotiated key exchange. Before
the encoding was limited to diffie-hellman keys. This changes allows
to select the key structure to decode and verify. It also consolidates
the transport encoding of the parameters into one place.
|
|
ssl_handshake and ssl_connection where doing essentially the same when
checking a public key signature. This unify both into a single function
|
|
Conflicts:
erts/emulator/sys/vxworks/sys.c
erts/vsn.mk
lib/ssl/src/ssl_connection.erl
lib/ssl/test/ssl_basic_SUITE.erl
|
|
|
|
Reset state so that "recv data" is not sent as "active data" after a recv
timed out and no new recv has been called.
|
|
ssl:ssl_accept/[2,3] or ssl:connect/[3,4] timeout expires.
Add missing function clause to handle timeout during handshake.
The missing clause had the effect that the timeout was wrongly
discarded. Also add an extra test case for the recv timeout
in addition to the one in ssl_packet_SUITE.
The missing functions clause was introduced in 8a789189.
This commit changed the timeout implementation, the previous implememtation
could cause other type of problems as the timeout was client side.
|
|
|
|
Code should handle case the there is some undelivered data
left on the socket when peer close signal is received. It is
unlikely that this happens during normal testing.
|
|
Conflicts:
lib/ssl/src/ssl_connection.erl
|
|
function.
Avoid doing gen_tcp/inet socket operations in terminate if socket
is already closed. Call gen_tcp:recv/3 in the "data delivery workaround"
to avoid hanging.
|
|
* upstream/maint:
ssl: Do not use gen_fsm:sync_send_all_state_event/3 timeout
|
|
The gen_fsm:sync_send_all_state_event/3 timout is a client side timeout.
If timeouts are needed we want them to be server side timeouts.
|
|
A #sslsocket{} contains the fsm pid and value that was previously set to
old_ssl or new_ssl to make the transition period smoother. Now that old
ssl is not supported any more we use this field to store the inet socket
reference instead. This enables some API functions to return quicker
as they do not need to communicate with the fsm-process.
|
|
Types in a record where wrongly type specified, did not include
undefined. Make them comments for now, maybe we will specify internal
records with dialyzer types later, but as the other record fields are
not specified at the moment, with dialyzer types, make the code
consistent.
|
|
* http://technotes.googlecode.com/git/nextprotoneg.html
|
|
|
|
|
|
|
|
This options is useless and should be deprecated. But we behave
as inet does for now!
|
|
with TLS 1.2 the hash and signature on a certify message can
differ from the defaults. So we have to make sure to always
use the hash and signature algorithm indicated in the
handshake message
|
|
This is also avoids triggering some bugs in OpenSSL.
|
|
|
|
TLS 1.2 introduces changes on how signatures
are calculate and encoded. This makes the
signature handling version aware
|
|
|
|
TLS 1.2 allows to negotiate the used PRF,
additional the default PRF uses a different
hash. This change make the PRF selectable
and hardwires the PRF for TLS < 1.2
|
|
dh parameter verification is done differently with TLS 1.2.
Prepare for that by passing the verion to verify_dh_params.
|
|
TLS 1.2 changes the layout of several handshake
records. This adds the TLS version to dec_hs/2
so it can decode those.
|
|
TLS 1.2 changed the way digital signatures are
done. key_exchange/3 needs to pass the version
to it.
|
|
TLS/SSL version before 1.2 always used a MD5/SHA combination
for the handshake hashes. With TLS 1.2 the default hash is
SHA256 and it is possible to negotiate a different hash.
This change delays the calculation of the handshake
hashes until they are really needed. At that point the hash
to use should be known.
For now MD5/SHA is still hard coded.
|
|
ssl sockets.
|
|
Do proc_lib:spawn_link instead of proc_lib:start_link as synchronized
init is not used/needed anyway.
|
|
Avoid cach validation with file:file_info/2 as this i too expensive and
causes a bottleneck in the file server. Instead we expose a new API function
ssl:clear_pem_cache/0 to deal with the problem. As we think it will be
of occasional use and the normal case is that the cache will be valid we think
it is the right thing to do.
Convert file paths to binary representation in the ssl API module to
avoid uncessarry calls in file later on.
Also add sanity checks for openssl versions in testsuite due to new
openssl bugs.
|
|
|
|
Instance of state variable that are "updated" in a function is called
for example State0 and the last instance, that should be returned, is
called State possible intermidiat versions are suffixed by increasing
numbers. State0 may be rturned in error cases.
Avoid nesting case statments.
|
|
Aviods storing a lot of data
|
|
The session id keept in the connection processes state must be updated to be
the id selected by ssl_handshake:client_hello, failing to do so will
cause a crash if the session is not reused.
|
|
Do not use ssl_manager process for selecting an id. It's unnecessary
to involve the manager process at all on the client side.
|
|
This is done by using proc_lib and gen_fsm:enter_loop
so that supervisor will not have to wait for the relative long initialization
of an ssl connection process before starting another connection process.
|
|
|
|
transport layer need to generate additional application specific
key material. One way to generate such material is to use the TLS
PRF and key material from the TLS session itself.
This change makes it possible to use a TLS sessions PRF either with
the session internal or caller supplied key material to generate
additional key material.
|
|
|
|
evaluating ssl:recv could be left hanging for ever.
|
|
|
|
The code is refactored and improved to make it easier to insert the
1/n-1 splitting countermeasure Rizzo/Duong-Beast that is really done
in one function clause in ssl:record_split_bin/3
|
|
|
|
Added session status "new" to mark sessions that are
in the session database to reserve the session id
but not resumable yet and that we want to separate from
sessions that has been invalidated for further reuse.
|
|
The time_stamp filed is now initated in the connection process
init function, so that invalidations of sessions due to handshake failiures,
will not cause sessions in the session table to have
an uninitiated time_stamp field.
|
|
|
