Age | Commit message (Collapse) | Author |
|
ssl_handshake and ssl_connection where doing essentially the same when
checking a public key signature. This unify both into a single function
|
|
* ia/ssl/TLS-1.2-default/OTP-10425:
ssl: Make TLS-1.2 default version
|
|
|
|
|
|
Conflicts:
erts/emulator/sys/vxworks/sys.c
erts/vsn.mk
lib/ssl/src/ssl_connection.erl
lib/ssl/test/ssl_basic_SUITE.erl
|
|
|
|
|
|
|
|
Reset state so that "recv data" is not sent as "active data" after a recv
timed out and no new recv has been called.
|
|
ssl:ssl_accept/[2,3] or ssl:connect/[3,4] timeout expires.
Add missing function clause to handle timeout during handshake.
The missing clause had the effect that the timeout was wrongly
discarded. Also add an extra test case for the recv timeout
in addition to the one in ssl_packet_SUITE.
The missing functions clause was introduced in 8a789189.
This commit changed the timeout implementation, the previous implememtation
could cause other type of problems as the timeout was client side.
|
|
If an ssl server is restarted with new options and a client
tries to reuse a session the server must make sure that it complies
to the new options before agreeing to reuse it.
|
|
|
|
* as/ssl-sha224-fixes:
SSL: TLS 1.2, advertise sha224 support
OTP-10586
|
|
|
|
Code should handle case the there is some undelivered data
left on the socket when peer close signal is received. It is
unlikely that this happens during normal testing.
|
|
SHA-224 is still better than SHA-1, so let the world know we support it
|
|
|
|
|
|
Conflicts:
lib/ssl/src/ssl_connection.erl
|
|
function.
Avoid doing gen_tcp/inet socket operations in terminate if socket
is already closed. Call gen_tcp:recv/3 in the "data delivery workaround"
to avoid hanging.
|
|
The absence of the active default values could cause a process leak
|
|
|
|
* upstream/maint:
ssl: Do not use gen_fsm:sync_send_all_state_event/3 timeout
|
|
The gen_fsm:sync_send_all_state_event/3 timout is a client side timeout.
If timeouts are needed we want them to be server side timeouts.
|
|
A #sslsocket{} contains the fsm pid and value that was previously set to
old_ssl or new_ssl to make the transition period smoother. Now that old
ssl is not supported any more we use this field to store the inet socket
reference instead. This enables some API functions to return quicker
as they do not need to communicate with the fsm-process.
|
|
same as in gen_tcp.
Made error handling of listen sockets as arguments to funtions
expecting a connected socket more inet/gen_tcp like.
|
|
* ia/ssl/npn/OTP-10361:
ssl: Shorten test case names to workaround ct shortcomings on windows
ssl: SSL 3.0 does not support next protocol negotiation
ssl: Dialyzer fixes and code cleaning
ssl: Changed default behaviour of next protocol negotiation to make more "sense" (be true to the specification).
ssl: Update SSL docs for SSL Next Protocol Support
ssl: Support for SSL Next Protocol Negotiation * http://technotes.googlecode.com/git/nextprotoneg.html
|
|
|
|
Also shorten test cases names to workaround test framework problems
on windows
|
|
Types in a record where wrongly type specified, did not include
undefined. Make them comments for now, maybe we will specify internal
records with dialyzer types later, but as the other record fields are
not specified at the moment, with dialyzer types, make the code
consistent.
|
|
more "sense" (be true to the specification).
|
|
* http://technotes.googlecode.com/git/nextprotoneg.html
|
|
|
|
|
|
utf8 and close down gracefully if other ASN-1 errors occur.
The reason certificate_unknown that is used as ALERT for ASN-1 encoding failure is described as:
Some other (unspecified) issue arose in processing the
certificate, rendering it unacceptable.
|
|
* ia/sslv3-alert/OTP-10196:
ssl: Add missing sslv3 alert
|
|
|
|
|
|
Tickets solved by this branch: OTP-8871, OTP-8872 and OTP-9908
|
|
|
|
|
|
This options is useless and should be deprecated. But we behave
as inet does for now!
|
|
with TLS 1.2 the hash and signature on a certify message can
differ from the defaults. So we have to make sure to always
use the hash and signature algorithm indicated in the
handshake message
|
|
combinations
|
|
This is also avoids triggering some bugs in OpenSSL.
|
|
|
|
|
|
|
|
|
|
As we did not yet support IDEA ciphers and they have now become deprecated we
skip supporting them altogether.
|