aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src/ssl_session.erl
AgeCommit message (Collapse)Author
2016-03-15update copyright-yearHenrik Nord
2015-12-03ssl: Add upper limit for session cacheIngela Anderton Andin
If upper limit is reached invalidate the current cache entries, e.i the session lifetime is the max time a session will be keept, but it may be invalidated earlier if the max limit for the table is reached. This will keep the ssl manager process well behaved, not exhusting memeory. Invalidating the entries will incrementally empty the cache to make room for fresh sessions entries.
2015-12-03ssl: Measure elapsed time with erlang:monotonic_timeIngela Anderton Andin
2015-10-22fix incorrect number of seconds in 24h macroPawel Pikula
The previous commit - 7b93f5d8a224a0a076a420294c95a666a763ee60 fixed the macro only in one place.
2015-09-15ssl: Correct return value of default session callback moduleIngela Anderton Andin
ssl_session_cache:select_session/2 returned [sesionid(), #session{}] instead of #session{} as the API demands. This was wrongly compensated for in the code in one place making it look like everything was good. But the client check for unique session would always fail, potentially making the client session table grow a lot and causing long setup times.
2015-06-18Change license text to APLv2Bruce Yinhe
2012-11-27ssl: Consider new server options when resuming a sessionIngela Anderton Andin
If an ssl server is restarted with new options and a client tries to reuse a session the server must make sure that it complies to the new options before agreeing to reuse it.
2012-06-08ssl: Move ets:select bottleneck in serverDan Gudmundsson
Only use ssl_manager for selecting new ids to guarantee uniqueness, but reuse check does not need to be performed by the manager.
2012-06-08ssl: Reuse session check optimizationIngela Anderton Andin
2011-11-15Improved session cleanup handlingIngela Anderton Andin
Added session status "new" to mark sessions that are in the session database to reserve the session id but not resumable yet and that we want to separate from sessions that has been invalidated for further reuse.
2011-09-05Corrected spec name errors: ip_adress -> ip_address port_num -> port_numberIngela Anderton Andin
2011-08-31Use inet and gen_* dialyzer specsIngela Anderton Andin
2011-06-29Removed global name from the certificate tabelIngela Anderton Andin
We want the certificate table to be handled the same way as the session table and not have a global name, so that we may easier create a separate ssl-manager to handle erlang distribution over ssl.
2010-12-16Cache invaldation first version does not break old test casesIngela Anderton Andin
2010-09-06Handling of path validation errors by the applicationIngela Anderton Andin
Changed the behavior of the verify_fun option so that the application can be responsible for handling path validation errors even on the server side. Also replaced the not yet documented validate_extensions_fun to be handled by the verify_fun instead. If the verify callback fun returns {fail, Reason}, the verification process is immediately stopped and an alert is sent to the peer and the TLS/SSL handshake is terminated. If the verify callback fun returns {valid, UserState}, the verification process is continued. If the verify callback fun always returns {valid, UserState}, the TLS/SSL handshake will not be terminated with respect to verification failures and the connection will be established. The verify callback fun will also be able to verify application specific extensions.
2010-08-23Revise the public_key APIIngela Anderton Andin
Cleaned up and documented the public_key API to make it useful for general use.
2010-06-22Refreshed documentation to reflect the change of default implementation.Ingela Anderton Andin
Started to improve code documentation by using -spec directive, and some small refactorings to avoid ugly code.
2009-11-20The R13B03 release.OTP_R13B03Erlang/OTP