Age | Commit message (Collapse) | Author |
|
* ingela/ssl/TLS-hibernate-bug/OTP-15910:
ssl: Fix hibernation bug
# Conflicts:
# lib/ssl/src/tls_connection.erl
|
|
|
|
* ingela/ssl/handshake-handling/ERL-968/OTP-15879:
ssl: Correct handshake handling
|
|
Solves ERL-968, a refactoring bug could cause part of a server key exchange message to
be appended, to an incorrectly duplicated, certificate handshake message. In the end
causing an ASN1 decoding error. That in turn did not end up the correct error handling branch.
|
|
TLS connections should not buffer too much application data if they
want to benefit from TCP flow control. Certain applications may want to
customize the value of internal_active_n as there is a tradeoff between
buffering memory and throughput.
|
|
|
|
This reverts commit 6e190b012dd5a304fc42a5f3bb58ff173a23eb66.
|
|
'ingela/ssl/backported-ssl-enhancments/ERL-929/ERL-893/PR-2215/OTP-15785' into maint-21
* ingela/ssl/backported-ssl-enhancments/ERL-929/ERL-893/PR-2215/OTP-15785:
ssl: Fix cherry-pick mistakes
ssl: Refer documentation of HttpPacket from erts
ssl: Update type spec of ssl:suite_to_str/1
ssl: Update function ssl:eccs/1
ssl: Fix type specs of ssl_internal.hrl
ssl: Fix type specs of internal handshake functions
ssl: Fix dialyzer warnings
eldap: Fix dialyzer warnings
ssl: Fix missing anchor warning
public_key: Accept digest types 'sha1' and 'sha'
inet: Document type inet:stat_option()
ssl: Changed function specs and ssl.xml
ssl: Add missing tuple in shutdown reason
|
|
Missing check of size of user_data_buffer made internal socket
behave as an active socket instead of active N.
Also correct indentation.
|
|
|
|
maint-21
* ingela/ssl/recv-timeout-bug/ERL-884/ERL-883/OTP-14701:
ssl: Cancel recv timer in all places
|
|
Would cause connection to crash although all data was delivered to ssl:recv
|
|
|
|
|
|
Improve the abstraction between the ssl_connection module
and dtls_connection, tls_connection and tls_sender, as well
as towards the lower level tls_record and ssl_record modules.
Remove some dead code.
|
|
To avoid degenerate case with quadratic complexity that
shows up when sending large messages since the the fragment
concatenation was done by binary append. An Okasaki queue
is much more efficient.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Remove duplicate handsake history handling form
ssl_config function. Later we might refactor to avoid
duplication in TLS and DTLS code, but handshake history
does not belong in ssl_config function.
|
|
|
|
|
|
|
|
Could cause connection processes not terminate when they should
|
|
* ingela/ssl/continue-optimize/OTP-15445:
ssl: If possible assemble several received application data records
|
|
|
|
We want to decrease the size of the outer state tuple, and gain
ease of understanding by better grouping. This is the first step
of creating a hs_env (handshake environment) part of the state.
This change will be performed gradually to reduce merge conflicts
complexity and risk of introducing errors.
|
|
New internal active N changed timing, and
new check is needed.
|
|
Wtite connection state was not synchronized when peer initiated renegotiation
|
|
|
|
As the stop wrapper functions are no longer needed after tls_sender
that altered the behaviour of the TLS distribution code.
|
|
Both test case and code needed updates to work as intended. Code needed update due to
new tls_sender process and the test case gave false positive reusult erarlier probably
due to beeing to sloopy in order to avoid timeouts.
|
|
|
|
|
|
Rename Connection:handle_common_event Connection:handle_protocol_record
removing use of unnecessary argument and making code easier to understand.
|
|
State values created at init
|
|
* raimo/ssl/tls_dist-optimization:
Handle socket close in state downgrade
Handle dead sender at terminate
Handle tls_sender exit properly
Optimize split_bin
Improve dist send throughput
|
|
Also avoid code duplication
Conflicts:
lib/ssl/src/dtls_connection.erl
lib/ssl/src/tls_connection.erl
|
|
Make next_record an internal help function to next_event and avoid
duplicate calls to tls_socket:setopts for setting the active option.
|
|
|
|
|
|
* ingela/ssl/deliver-all-data-at-close/ERL-731/OTP-15412:
ssl: Extend check for undelivered data at closing
|
|
This is a timing related bug that alas is hard to test
|
|
With the new TLS sender process, solving ERL-622, TLS ALERTs sent in
the connection state must be encrypted and sent by the TLS sender
process. This to make sure that the correct encryption state is used
to encode the ALERTS. Care must also be taken to ensure a graceful
close down behavior both for normal shutdown and downgrading from TLS
to TCP.
The original TR ERL-738 is verified by cowboy tests, and close down
behavior by our tests. However we alas have not been able to yet
create a minimal test case for the originating problem.
Also it seems it has become less likely that we run in to the TCP
delivery problem, that is the guarantee is only on transport level,
not application level. Keep work around function in ssl_test_lib but
we can have better test as long as we do not get to much wobbling
tests.
|