Age | Commit message (Collapse) | Author | |
---|---|---|---|
2012-11-27 | ssl: Consider new server options when resuming a session | Ingela Anderton Andin | |
If an ssl server is restarted with new options and a client tries to reuse a session the server must make sure that it complies to the new options before agreeing to reuse it. | |||
2012-11-26 | ssl: Add dependencies to Makefile | Ingela Anderton Andin | |
2012-11-21 | Merge branch 'as/ssl-sha224-fixes' | Henrik Nord | |
* as/ssl-sha224-fixes: SSL: TLS 1.2, advertise sha224 support OTP-10586 | |||
2012-11-19 | Merge remote branch 'upstream/maint' | Ingela Anderton Andin | |
2012-11-19 | ssl: Fix bug in match expression found by Dialyzer | Ingela Anderton Andin | |
Code should handle case the there is some undelivered data left on the socket when peer close signal is received. It is unlikely that this happens during normal testing. | |||
2012-11-18 | SSL: TLS 1.2, advertise sha224 support | Andreas Schultz | |
SHA-224 is still better than SHA-1, so let the world know we support it | |||
2012-11-15 | Merge remote branch 'upstream/maint' | Ingela Anderton Andin | |
2012-11-14 | ssl: Update vsn.mk and ssl.appup.src for release | Ingela Anderton Andin | |
2012-11-14 | Merge remote branch 'upstream/maint' | Ingela Anderton Andin | |
Conflicts: lib/ssl/src/ssl_connection.erl | |||
2012-11-13 | ssl: Make sure that the ssl connection process will not hang in terminate ↵ | Ingela Anderton Andin | |
function. Avoid doing gen_tcp/inet socket operations in terminate if socket is already closed. Call gen_tcp:recv/3 in the "data delivery workaround" to avoid hanging. | |||
2012-11-13 | ssl: Add default values to emulated socket options in internal record | Ingela Anderton Andin | |
The absence of the active default values could cause a process leak | |||
2012-11-12 | ssl: Adopt test case to not take so long | Ingela Anderton Andin | |
2012-11-09 | Merge remote branch 'upstream/maint' | Ingela Anderton Andin | |
* upstream/maint: ssl: Do not use gen_fsm:sync_send_all_state_event/3 timeout | |||
2012-11-09 | ssl: Do not use gen_fsm:sync_send_all_state_event/3 timeout | Ingela Anderton Andin | |
The gen_fsm:sync_send_all_state_event/3 timout is a client side timeout. If timeouts are needed we want them to be server side timeouts. | |||
2012-10-01 | ssl: Improve #sslsocket{} API | Ingela Anderton Andin | |
A #sslsocket{} contains the fsm pid and value that was previously set to old_ssl or new_ssl to make the transition period smoother. Now that old ssl is not supported any more we use this field to store the inet socket reference instead. This enables some API functions to return quicker as they do not need to communicate with the fsm-process. | |||
2012-10-01 | ssl: It is now possible to call controlling_process on a listen socket, | Ingela Anderton Andin | |
same as in gen_tcp. Made error handling of listen sockets as arguments to funtions expecting a connected socket more inet/gen_tcp like. | |||
2012-09-27 | Merge branch 'ia/ssl/npn/OTP-10361' | Ingela Anderton Andin | |
* ia/ssl/npn/OTP-10361: ssl: Shorten test case names to workaround ct shortcomings on windows ssl: SSL 3.0 does not support next protocol negotiation ssl: Dialyzer fixes and code cleaning ssl: Changed default behaviour of next protocol negotiation to make more "sense" (be true to the specification). ssl: Update SSL docs for SSL Next Protocol Support ssl: Support for SSL Next Protocol Negotiation * http://technotes.googlecode.com/git/nextprotoneg.html | |||
2012-09-25 | ssl: Adopt test case to not take so long | Ingela Anderton Andin | |
2012-09-21 | ssl: SSL 3.0 does not support next protocol negotiation | Ingela Anderton Andin | |
Also shorten test cases names to workaround test framework problems on windows | |||
2012-09-20 | ssl: Dialyzer fixes and code cleaning | Ingela Anderton Andin | |
Types in a record where wrongly type specified, did not include undefined. Make them comments for now, maybe we will specify internal records with dialyzer types later, but as the other record fields are not specified at the moment, with dialyzer types, make the code consistent. | |||
2012-09-20 | ssl: Changed default behaviour of next protocol negotiation to make | Ingela Anderton Andin | |
more "sense" (be true to the specification). | |||
2012-09-20 | ssl: Support for SSL Next Protocol Negotiation | Ben Murphy | |
* http://technotes.googlecode.com/git/nextprotoneg.html | |||
2012-08-31 | Update copyright years | Björn-Egil Dahlberg | |
2012-08-27 | ssl: Fixed compilation warnings | Ingela Anderton Andin | |
2012-08-24 | ssl & public_key: Workaround that some certificates encode countryname as ↵ | Ingela Anderton Andin | |
utf8 and close down gracefully if other ASN-1 errors occur. The reason certificate_unknown that is used as ALERT for ASN-1 encoding failure is described as: Some other (unspecified) issue arose in processing the certificate, rendering it unacceptable. | |||
2012-08-23 | Merge branch 'ia/sslv3-alert/OTP-10196' into maint | Ingela Anderton Andin | |
* ia/sslv3-alert/OTP-10196: ssl: Add missing sslv3 alert | |||
2012-08-23 | ssl: Clean up of code thanks to dialyzer | Ingela Anderton Andin | |
2012-08-22 | ssl: Add missing sslv3 alert | Ingela Anderton Andin | |
2012-08-22 | ssl & public_key: Prepare for release | Ingela Anderton Andin | |
Tickets solved by this branch: OTP-8871, OTP-8872 and OTP-9908 | |||
2012-08-22 | ssl: Use crypto:strong_rand_bytes if possible | Ingela Anderton Andin | |
2012-08-22 | ssl & public_key: Add use of more "sha-rsa oids" | Ingela Anderton Andin | |
2012-08-22 | ssl: Fix inet header option to behave as in inet | Ingela Anderton Andin | |
This options is useless and should be deprecated. But we behave as inet does for now! | |||
2012-08-22 | ssl: TLS 1.2: fix hash and signature handling | Andreas Schultz | |
with TLS 1.2 the hash and signature on a certify message can differ from the defaults. So we have to make sure to always use the hash and signature algorithm indicated in the handshake message | |||
2012-08-22 | ssl: TLS 1.2: fix Certificate Request list of Accepted Signatur/Hash ↵ | Andreas Schultz | |
combinations | |||
2012-08-22 | ssl: Add Signature Algorithms hello extension from TLS 1.2 | Andreas Schultz | |
This is also avoids triggering some bugs in OpenSSL. | |||
2012-08-22 | ssl: TLS-1.1 and TLS-1.2 support should not be default until R16 | Ingela Anderton Andin | |
2012-08-22 | ssl: Signture type bug | Ingela Anderton Andin | |
2012-08-22 | ssl: Add crypto support check (TLS 1.2 require sha256 support) | Ingela Anderton Andin | |
2012-08-22 | ssl: Dialyzer fixes | Ingela Anderton Andin | |
2012-08-22 | ssl: IDEA cipher is deprecated by TLS 1.2 | Ingela Anderton Andin | |
As we did not yet support IDEA ciphers and they have now become deprecated we skip supporting them altogether. | |||
2012-08-22 | ssl: Enable TLS 1.2 | Andreas Schultz | |
2012-08-22 | ssl: Enable mac_hash for TLS 1.2 | Andreas Schultz | |
2012-08-22 | ssl: Implement TLS 1.2 signature support | Andreas Schultz | |
2012-08-22 | ssl: Make signature handling version dependant | Andreas Schultz | |
TLS 1.2 introduces changes on how signatures are calculate and encoded. This makes the signature handling version aware | |||
2012-08-22 | ssl: Fix PRF logic | Ingela Anderton Andin | |
2012-08-22 | ssl: Add TLS 1.2 cipher suites | Andreas Schultz | |
2012-08-22 | ssl: Implement and activate PRFs for TLS 1.1 and 1.2 | Andreas Schultz | |
2012-08-22 | ssl: make PRF function selectable | Andreas Schultz | |
TLS 1.2 allows to negotiate the used PRF, additional the default PRF uses a different hash. This change make the PRF selectable and hardwires the PRF for TLS < 1.2 | |||
2012-08-22 | ssl: Add TLS version paramter to verify_dh_params | Andreas Schultz | |
dh parameter verification is done differently with TLS 1.2. Prepare for that by passing the verion to verify_dh_params. | |||
2012-08-22 | ssl: Add TLS version to dec_hs/2 | Andreas Schultz | |
TLS 1.2 changes the layout of several handshake records. This adds the TLS version to dec_hs/2 so it can decode those. |