Age | Commit message (Collapse) | Author |
|
* ingela/ssl/alert-error-enhancment/OTP-15943:
ssl: Enhance error handling
|
|
Handle the ILLEGAL_PARAMETER alert that may be returned from ssl_alert:decode/3
for gracefull shutdown, try of ...catch will/should not handle this case it is
only handles the case that TM should not happen!
|
|
* ingela/ssl/TLS-hibernate-bug/OTP-15910:
ssl: Fix hibernation bug
|
|
|
|
* ingela/ssl/handshake-handling/ERL-968/OTP-15879:
ssl: Correct handshake handling
|
|
* ingela/ssl/handshake-handling/ERL-968/OTP-15879:
ssl: Correct handshake handling
|
|
Solves ERL-968, a refactoring bug could cause part of a server key exchange message to
be appended, to an incorrectly duplicated, certificate handshake message. In the end
causing an ASN1 decoding error. That in turn did not end up the correct error handling branch.
|
|
Handle the NewSessionTicket post-handshake message that is sent
by openssl s_server after a successful handshake.
|
|
Change default behavior to only send key_share entry for the most
preferred group in ClientHello.
|
|
|
|
|
|
TLS connections should not buffer too much application data if they
want to benefit from TCP flow control. Certain applications may want to
customize the value of internal_active_n as there is a tradeoff between
buffering memory and throughput.
Conflicts:
lib/ssl/src/tls_connection.erl
|
|
Conflicts:
lib/ssl/src/dtls_connection.erl
lib/ssl/src/ssl_connection.erl
|
|
This reverts commit 6e190b012dd5a304fc42a5f3bb58ff173a23eb66.
|
|
'ingela/ssl/backported-ssl-enhancments/ERL-929/ERL-893/PR-2215/OTP-15785' into maint-21
* ingela/ssl/backported-ssl-enhancments/ERL-929/ERL-893/PR-2215/OTP-15785:
ssl: Fix cherry-pick mistakes
ssl: Refer documentation of HttpPacket from erts
ssl: Update type spec of ssl:suite_to_str/1
ssl: Update function ssl:eccs/1
ssl: Fix type specs of ssl_internal.hrl
ssl: Fix type specs of internal handshake functions
ssl: Fix dialyzer warnings
eldap: Fix dialyzer warnings
ssl: Fix missing anchor warning
public_key: Accept digest types 'sha1' and 'sha'
inet: Document type inet:stat_option()
ssl: Changed function specs and ssl.xml
ssl: Add missing tuple in shutdown reason
|
|
|
|
* ingela/ssl/flow-ctrl/ERL-934/OTP-15802:
ssl: Add check when to toggle internal active N
|
|
Missing check of size of user_data_buffer made internal socket
behave as an active socket instead of active N.
Also correct indentation.
|
|
|
|
|
|
Conflicts:
lib/ssl/src/ssl.erl
lib/ssl/src/tls_connection.erl
|
|
* ingela/ssl/transport-transparance/ERL-861/OTP-15679:
ssl: Fix transport transparancy
|
|
maint-21
* ingela/ssl/recv-timeout-bug/ERL-884/ERL-883/OTP-14701:
ssl: Cancel recv timer in all places
|
|
Would cause connection to crash although all data was delivered to ssl:recv
|
|
Report the role of the peer when logging incoming Alerts.
Change-Id: I7eec46bc36f9080f5087b6a38e7f14ac628fe286
|
|
|
|
* peterdmv/ssl/dtls_logging:
ssl: Add debug logging for DTLS
Change-Id: I83bf117c6c3428c57010e0e581775dd941fc829a
|
|
|
|
Change-Id: I4858972053436b05b83d72c552974fc9da3843d4
|
|
* maint:
Inline local function
Optimize binary matching
Clean up module boundaries
Remove redundant return of CipherState
Use iovec() internally in send path
Small binary handling optimizations
Optimize read_application_data with Okasaki queue
Try to optimize decode_cipher_text/3
Optimize application data aggregation
Optimize TLS record parsing with Okasaki queue
Cache strong_random_bytes for IV
Optimize padding
Produce less garbage in encrypt loop
Reorganize #data{}
Tidy up state machine
Add server GC info to bench results
Conflicts:
lib/ssl/src/ssl_cipher.erl
lib/ssl/src/ssl_connection.erl
lib/ssl/src/ssl_connection.hrl
lib/ssl/src/ssl_logger.erl
lib/ssl/src/ssl_record.erl
lib/ssl/src/ssl_record.hrl
lib/ssl/src/tls_connection.erl
lib/ssl/src/tls_record.erl
lib/ssl/src/tls_sender.erl
|
|
Also make a weaker spec in ssl_internal.hrl for now as it creates
a conflict between error handling and dialyzer warnings.
|
|
|
|
Conflicts:
lib/ssl/src/dtls_connection.erl
lib/ssl/src/ssl_connection.erl
lib/ssl/src/ssl_connection.hrl
lib/ssl/src/tls_connection.erl
|
|
Improve the abstraction between the ssl_connection module
and dtls_connection, tls_connection and tls_sender, as well
as towards the lower level tls_record and ssl_record modules.
Remove some dead code.
|
|
To avoid degenerate case with quadratic complexity that
shows up when sending large messages since the the fragment
concatenation was done by binary append. An Okasaki queue
is much more efficient.
|
|
|
|
|
|
|
|
|
|
- Store FinishedKey in cipher_state.
- Implement state 'wait_finished'.
- Calculate traffic secrets in 'wait_finished' after Finished
received from client and go to state 'Connection'.
- Drop 'change_cipher_spec' messages (middlebox compatibility mode).
- Extend tests of 1-RTT.
Change-Id: Id69619ec5da053ffaaef75378678a27afeef6916
|
|
|
|
|
|
|
|
|
|
|
|
Remove duplicate handsake history handling form
ssl_config function. Later we might refactor to avoid
duplication in TLS and DTLS code, but handshake history
does not belong in ssl_config function.
|
|
|
|
|
|
Conflicts:
lib/ssl/doc/src/ssl.xml
lib/ssl/src/ssl.erl
lib/ssl/src/ssl_cipher_format.erl
lib/ssl/src/tls_handshake.erl
|
|
|