Age | Commit message (Collapse) | Author |
|
* ia/ssl/ets-next-problem/OTP-9703:
Replaced ets:next traversal with ets:foldl and throw
|
|
ets:next needs an explicit safe_fixtable call to be safe, we
rather use ets:foldl and throw to get out of it when we find the
correct entry.
|
|
Added session status "new" to mark sessions that are
in the session database to reserve the session id
but not resumable yet and that we want to separate from
sessions that has been invalidated for further reuse.
|
|
* ia/ssl/dist/OTP-7053:
First fully working version
Use ssl instead of being a proxy command
Connect from both sides works now
|
|
|
|
|
|
|
|
We want the certificate table to be handled the same way as the
session table and not have a global name, so that we may easier
create a separate ssl-manager to handle erlang distribution over ssl.
|
|
Also save latest delay cleanup timer ref so that we can
use erlang:read_timer to write a more reliable
test case.
|
|
In ssl-4.1.5 temporary clean-up processes would crash resulting in
that the session table would not be cleaned up (e.i. using more and
more memory) and error reports would be printed, but connections would
not be affected.
|
|
|
|
Invalidation of a session for reusing should first flag that the
session may no longer be reused and then later when all possible
pending reuses have been handled delete the session from the
database. This could otherwise cause the client to terminate due to
{badarg,[{erlang,byte_size,[undefined]}, and the server to terminate due to
{{badmatch,{resumed,undefined}}.
|
|
Added cache invalidation control of ssl certificates so that
sessions will not be reused if file content is changed.
There was a glitch in ssl:close that made it possible to
to get eaddrinuse even though reuseadder-option was used.
Also improved tests for better user-close handling.
|
|
|
|
|
|
Added support for inputing certificates and keys directly in DER format
these options will override the pem-file options if specified.
|
|
Cleaned up and documented the public_key API to
make it useful for general use.
|
|
|
|
|
|
|
|
|
|
|
|
* yh/packet_option_for_new_ssl_send:
Fixed ssl:setopts(Socket, binary) which was didn't work for 'new' ssl.
Fixed bug file cache bug and improved the error messages.
Allow <c>ssl:listen/2</c> to be called with option {ssl_imp, old}.
prepend packet size bytes in ssl:send() in new_ssl implementation
OTP-8441 ssl:send/2 ignored packet option, fix provided by YAMASHINA Hio.
Fixed a file cache bug which caused problems when the same file
was used for both cert and cacert.
Allow ssl:listen/2 to be called with option {ssl_imp, old}.
Fixed ssl:setopts(Socket, binary) which didn't work for 'new'
ssl..
|
|
|
|
|