aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src/ssl_handshake.erl
AgeCommit message (Collapse)Author
2010-09-06Handling of path validation errors by the applicationIngela Anderton Andin
Changed the behavior of the verify_fun option so that the application can be responsible for handling path validation errors even on the server side. Also replaced the not yet documented validate_extensions_fun to be handled by the verify_fun instead. If the verify callback fun returns {fail, Reason}, the verification process is immediately stopped and an alert is sent to the peer and the TLS/SSL handshake is terminated. If the verify callback fun returns {valid, UserState}, the verification process is continued. If the verify callback fun always returns {valid, UserState}, the TLS/SSL handshake will not be terminated with respect to verification failures and the connection will be established. The verify callback fun will also be able to verify application specific extensions.
2010-09-01Empty certificate chainIngela Anderton Andin
Handling of unkown CA certificats was changed in ssl and public_key to work as intended. In the process of doing this some test cases has been corrected as they where wrong but happened to work together with the incorrect unknown CA handling.
2010-08-26Fix handshake problem with multiple messages in one packetDan Gudmundsson
If hello and client_key_exchange message is sent together in the same packet, ssl can't handle it and closes the connection. Also fixed compiler warning.
2010-08-24Merge branch 'ia/public_key_api/OTP-8722' into devIngela Anderton Andin
* ia/public_key_api/OTP-8722: Revise the public_key API Resolved, version is now 0.8. Conflicts: lib/public_key/vsn.mk
2010-08-23Revise the public_key APIIngela Anderton Andin
Cleaned up and documented the public_key API to make it useful for general use.
2010-08-18Fix bug in ssl handshake protocol related to the choice of cipher suitesPaul Guyot
in client hello message when a client certificate is used The client hello message now always include ALL available cipher suites (or those specified by the ciphers option). Previous implementation would filter them based on the client certificate key usage extension (such filtering only makes sense for the server certificate).
2010-06-29The server now verifies the client certificate verify message correctly, ↵Ingela Anderton Andin
instead of causing a case-clause.
2010-06-22Refreshed documentation to reflect the change of default implementation.Ingela Anderton Andin
Started to improve code documentation by using -spec directive, and some small refactorings to avoid ugly code.
2010-06-11OTP-8695 New ssl defaultIngela Anderton Andin
Ssl has now switched default implementation and removed deprecated certificate handling. All certificate handling is done by the public_key application.
2010-06-07OTP-8587 DSA key supportIngela Anderton Andin
New ssl now support client/server-certificates signed by dsa keys.
2010-05-28Hoops too quick to check in previous version, changed . to ;, compiled inIngela Anderton Andin
wrong shell!
2010-05-28Added misssing version check for client.Ingela Anderton Andin
2010-05-21Decision not to support DH and export cipher suites.Ingela Anderton Andin
2010-05-20Honor internal APIIngela Anderton Andin
2010-05-17Removed/commented out currently dead code.Ingela Anderton Andin
2010-05-11OTP-8568 RFC -5746Ingela Anderton Andin
New ssl now supports secure renegotiation as described by RFC 5746.
2010-04-13OTP-8554 Certificate extensionsIngela Anderton Andin
2010-04-13Fixed spelling errorDan Gudmundsson
2010-03-25OTP-7046 Support for Diffie-Hellman keyexchangeIngela Anderton Andin
2010-03-25OTP-8517 RenegotiationIngela Anderton Andin
New ssl now properly handles ssl renegotiation, and initiates a renegotiation if ssl/ltls-sequence numbers comes close to the max value.
2010-01-19Merge branch 'dgud/ssl-patches-from-Wil' into ccase/r13b04_devErlang/OTP
* dgud/ssl-patches-from-Wil: Added a public_key:pkix_transform/2 instead and used it from ssl. Minor code cleanup new_ssl fix session reuse Code cleanup Send CA list during Certificate Request in new_ssl OTP-8372 Fixed session reuse (in new_ssl), thanks Wil Tan. Send CA list during Certificate Request (in new_ssl) , thanks Wil Tan.
2010-01-13Added a public_key:pkix_transform/2 instead and used it from ssl.Dan Gudmundsson
2010-01-12Code cleanupDan Gudmundsson
2010-01-12Send CA list during Certificate Request in new_sslWil Tan
When requesting for client certificate, an SSL/TLS server may send a list of the distinguished names of acceptable certificate authorities. OpenSSL does this by default.
2009-11-20The R13B03 release.OTP_R13B03Erlang/OTP