aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src/tls_connection.erl
AgeCommit message (Collapse)Author
2018-12-27ssl: Gurantee active once data deliveryIngela Anderton Andin
New internal active N changed timing, and new check is needed.
2018-12-19ssl: Fix renegotiation with new TLS senderIngela Anderton Andin
Wtite connection state was not synchronized when peer initiated renegotiation
2018-12-13Tighten dist app data receiveRaimo Niskanen
2018-12-13ssl: Remove no longer needed functionsIngela Anderton Andin
As the stop wrapper functions are no longer needed after tls_sender that altered the behaviour of the TLS distribution code.
2018-12-13ssl: Fix downgradeIngela Anderton Andin
Both test case and code needed updates to work as intended. Code needed update due to new tls_sender process and the test case gave false positive reusult erarlier probably due to beeing to sloopy in order to avoid timeouts.
2018-12-12ssl: Remove checks and conversions not neededIngela Anderton Andin
2018-12-12ssl: Remove unnecessary internal eventIngela Anderton Andin
2018-12-12ssl: Clean codeIngela Anderton Andin
Rename Connection:handle_common_event Connection:handle_protocol_record removing use of unnecessary argument and making code easier to understand.
2018-12-12ssl: Add static_env recordIngela Anderton Andin
State values created at init
2018-12-04Merge branch 'raimo/ssl/tls_dist-optimization' into maintRaimo Niskanen
* raimo/ssl/tls_dist-optimization: Handle socket close in state downgrade Handle dead sender at terminate Handle tls_sender exit properly Optimize split_bin Improve dist send throughput
2018-12-03ssl: Fix error handling in function passive_receiveIngela Anderton Andin
Also avoid code duplication Conflicts: lib/ssl/src/dtls_connection.erl lib/ssl/src/tls_connection.erl
2018-12-03ssl: Internaly use {active, N}Ingela Anderton Andin
Make next_record an internal help function to next_event and avoid duplicate calls to tls_socket:setopts for setting the active option.
2018-11-30Handle dead sender at terminateRaimo Niskanen
2018-11-30Handle tls_sender exit properlyRaimo Niskanen
2018-11-02Merge branch 'ingela/ssl/deliver-all-data-at-close/ERL-731/OTP-15412' into maintIngela Anderton Andin
* ingela/ssl/deliver-all-data-at-close/ERL-731/OTP-15412: ssl: Extend check for undelivered data at closing
2018-11-02ssl: Extend check for undelivered data at closingIngela Anderton Andin
This is a timing related bug that alas is hard to test
2018-10-08ssl: ERL-738 - Correct alert handling with new TLS sender processIngela Anderton Andin
With the new TLS sender process, solving ERL-622, TLS ALERTs sent in the connection state must be encrypted and sent by the TLS sender process. This to make sure that the correct encryption state is used to encode the ALERTS. Care must also be taken to ensure a graceful close down behavior both for normal shutdown and downgrading from TLS to TCP. The original TR ERL-738 is verified by cowboy tests, and close down behavior by our tests. However we alas have not been able to yet create a minimal test case for the originating problem. Also it seems it has become less likely that we run in to the TCP delivery problem, that is the guarantee is only on transport level, not application level. Keep work around function in ssl_test_lib but we can have better test as long as we do not get to much wobbling tests.
2018-09-20ssl: Move link to correct processIngela Anderton Andin
The link should be between the connection process and the tls_sender process. But the start of the tls_sender process needs to be done by the process that also starts the connection process in order to correctly create the opaque #ssl_socket{}.
2018-08-27ssl: Improve close handlingIngela Anderton Andin
We want to make sure that the sender process that may get stuck in prim_inet:send will die if the tls_connection process is terminated. And we also like to make sure that it terminates as gracefully as possible. So when the tls_connection process dies it spawns a killer process that will brutaly kill the sender if it is unresponsive and does not terminate due to its monitor of the tls_connetion process triggering. When the sender process also acts as distribution controller it may also have other processess that it is linked with that it should bring down or that could bring the connection down.
2018-08-27ssl: Adopt distribution over TLS to use new sender processIngela Anderton Andin
2018-08-27ssl: Add new sender process for TLS state machineIngela Anderton Andin
Separate sending and receiving when using TCP as transport as prim_inet:send may block which in turn may result in a deadlock between two Erlang processes communicating over TLS, this is especially likely to happen when running Erlang distribution over TLS.
2018-07-09ssl: Improve error handlingIngela Anderton Andin
When doing ssl:controlling_process on a ssl socket that has not performed the TLS/DTLS handshake that call will succeed even though the documentation stated otherwise. However if some other ssl option was incorrect the call would hang. Now {error, closed} will be returned in the latter case, which is logical independent on if it should succeed or not in the former case. The former case will continue to succeed, as it is not dependent of the TLS/DTLS connection being established, and the documentation is altered slightly to not explicitly disallow it. If the TLS/DTLS connection later fails and the socket mode is active, the new controlling process will be notified as expected.
2018-06-18Update copyright yearHenrik Nord
2018-04-24ssl: Add new API functionsIngela Anderton Andin
2018-04-24ssl: Prepare to replace ssl:ssl_accept with ssl:handshakeIngela Anderton Andin
2018-03-09ssl: Remove interoperability option v2_hello_compatibleIngela Anderton Andin
2018-01-24Merge branch 'maint'Ingela Anderton Andin
2018-01-23ssl: Add record version sanity checkIngela Anderton Andin
2018-01-04Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/tls_connection.erl
2018-01-04ssl: Prevent error handling race conditionIngela Anderton Andin
ERL-539
2017-12-04Merge branch 'raimo/ssl-dist-bench/OTP-14657'Raimo Niskanen
* origin/raimo/ssl-dist-bench/OTP-14657: Write SSL distribution benchmarks Polish SSL distribution Handle whitebox test message Correct distribution doc Use SNI when connecting Use -ssl_dist_optfile options Read in -ssl_dist_optfile to ETS Facilitate test certs with common root Stop checking DNS name for SNI
2017-12-04Polish SSL distributionRaimo Niskanen
2017-11-29Merge branch 'maint'Ingela Anderton Andin
2017-11-29Merge branch 'ingela/ssl/ERL-521/OTP-14794' into maintIngela Anderton Andin
* ingela/ssl/ERL-521/OTP-14794: ssl: Make sure all possible data is delivered
2017-11-29Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/ssl_connection.erl
2017-11-28ssl: Make sure all possible data is deliveredIngela Anderton Andin
2017-11-24ssl: Add gracefullness to dtls codeIngela Anderton Andin
Also make tls code a little more direct for easier uderstanding
2017-11-24ssl: Remove old softupgrade codeIngela Anderton Andin
This code is only relevant in version is was written in.
2017-11-24ssl: Use genstamtem properlyIngela Anderton Andin
2017-11-23Merge branch 'maint'Ingela Anderton Andin
Conflicts: OTP_VERSION
2017-11-23Merge branch 'maint-20' into maintIngela Anderton Andin
* maint-20: Updated OTP version Update release notes Update version numbers public_key: verify ip (both v4 and v6) public_key: Added IP4 address checks to hostname_verification tests ssl: Fix test cases to work on all test platforms public_key: Fix dialyzer spec ssl: Sessions must be registered with SNI if exists ssl: Extend hostname check to fallback to checking IP-address public_key, ssl: Handles keys so that APIs are preserved correctly ssl: Use ?FUNCTION_NAME ssl: Prepare for release ssl: Countermeasurements for Bleichenbacher attack Conflicts: lib/public_key/doc/src/public_key.xml lib/public_key/test/public_key_SUITE.erl lib/public_key/test/public_key_SUITE_data/pkix_verify_hostname_subjAltName_IP.pem lib/public_key/test/public_key_SUITE_data/verify_hostname_ip.conf lib/ssl/src/dtls_connection.erl lib/ssl/src/ssl_connection.erl lib/ssl/src/ssl_handshake.erl
2017-11-22Merge branch ↵Erlang/OTP
'ingela/maint-20/ssl/extend-hostname-check/OTP-14632/OTP-14655/OTP-14766' into maint-20 * ingela/maint-20/ssl/extend-hostname-check/OTP-14632/OTP-14655/OTP-14766: ssl: Fix test cases to work on all test platforms public_key: Fix dialyzer spec ssl: Sessions must be registered with SNI if exists ssl: Extend hostname check to fallback to checking IP-address public_key, ssl: Handles keys so that APIs are preserved correctly ssl: Use ?FUNCTION_NAME
2017-11-16Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/dtls_connection.erl lib/ssl/src/ssl_connection.erl lib/ssl/src/ssl_handshake.erl lib/ssl/src/tls_connection.erl
2017-11-16ssl: Align code of main modules implementing the gen_statem behaviourIngela Anderton Andin
2017-11-09 ssl: Use ?FUNCTION_NAMEIngela Anderton Andin
Use ?FUNCTION_NAME macro to enhance code as we will not back-port this version of the ssl application to versions pre OTP 19.
2017-11-09ssl: Countermeasurements for Bleichenbacher attackIngela Anderton Andin
2017-10-16Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/ssl_connection.erl
2017-10-16 ssl: Use ?FUNCTION_NAMEIngela Anderton Andin
Use ?FUNCTION_NAME macro to enhance code as we will not back-port this version of the ssl application to versions pre OTP 19.
2017-10-02Merge branch 'maint'Ingela Anderton Andin
2017-09-30dtls: Compleate DTLS renegotiate implementationIngela Anderton Andin