Age | Commit message (Collapse) | Author |
|
... in handle_common_event(), instead of passing it to
handle_own_alert() after wrapping it in a tuple with `StateName` (i.e.
`{StateName, Msg}`).
The `StateName` is passed to handle_normal_shutdown() and to
alert_user(). The latter has a clause matching it against `connection`.
Unfortunately, when the argument was in fact `{StateName, Msg}`, another
clause was executed which dropped the `active` flag value and forced it
to `false`, even if the state was actually `connection`. It meant that
later in send_or_reply(), the alert was not propagated to the user, even
though it should (`active` set to `true` or `once`).
Now that handle_common_event() always passes the actual `StateName`, the
problem is fixed.
ERL-562
|
|
|
|
|
|
Stream ciphers are not valid fro DTLS
|
|
ERL-539
|
|
|
|
|
|
* ingela/dtls-cuddling:
dtls: Correct UDP listener cleanup
dtls: Correct return value in UDP listener initialization
|
|
* ingela/DTLS/retransmission-timers:
dtls: Use repeat_state to make sure retransmission timer is reset
|
|
completely deprecated operation with no effect.
|
|
|
|
|
|
|
|
|
|
|
|
* ingela/ssl/cipher-suites/OTP-14749:
ssl: Use maps for cipher suites internally
|
|
This is a preparation for improvements to come in option handling and
support for TLS-1.3
|
|
|
|
|
|
|
|
|
|
* ingela/ssl/timing:
ssl: Align timing just in case
|
|
* ingela/ssl/ERL-521/OTP-14794:
ssl: Make sure all possible data is delivered
|
|
|
|
|
|
Also make tls code a little more direct for easier uderstanding
|
|
This code is only relevant in version is was written in.
|
|
|
|
When handling merging of back ported
Counter measurements for Bleichenbacher attack
a line from DTLS was accidentally lost.
|
|
* maint-20:
Updated OTP version
Update release notes
Update version numbers
public_key: verify ip (both v4 and v6)
public_key: Added IP4 address checks to hostname_verification tests
ssl: Fix test cases to work on all test platforms
public_key: Fix dialyzer spec
ssl: Sessions must be registered with SNI if exists
ssl: Extend hostname check to fallback to checking IP-address
public_key, ssl: Handles keys so that APIs are preserved correctly
ssl: Use ?FUNCTION_NAME
ssl: Prepare for release
ssl: Countermeasurements for Bleichenbacher attack
Conflicts:
lib/public_key/doc/src/public_key.xml
lib/public_key/test/public_key_SUITE.erl
lib/public_key/test/public_key_SUITE_data/pkix_verify_hostname_subjAltName_IP.pem
lib/public_key/test/public_key_SUITE_data/verify_hostname_ip.conf
lib/ssl/src/dtls_connection.erl
lib/ssl/src/ssl_connection.erl
lib/ssl/src/ssl_handshake.erl
|
|
'ingela/maint-20/ssl/extend-hostname-check/OTP-14632/OTP-14655/OTP-14766' into maint-20
* ingela/maint-20/ssl/extend-hostname-check/OTP-14632/OTP-14655/OTP-14766:
ssl: Fix test cases to work on all test platforms
public_key: Fix dialyzer spec
ssl: Sessions must be registered with SNI if exists
ssl: Extend hostname check to fallback to checking IP-address
public_key, ssl: Handles keys so that APIs are preserved correctly
ssl: Use ?FUNCTION_NAME
|
|
|
|
|
|
|
|
|
|
|
|
If no SNI is available and the hostname is an IP-address also check
for IP-address match. This check is not as good as a DNS hostname check
and certificates using IP-address are not recommended.
|
|
Use ?FUNCTION_NAME macro to enhance code as we will not back-port this
version of the ssl application to versions pre OTP 19.
|
|
|
|
|
|
As TLS clients will perform a hostname check against certificates
the IP-address does not make much sense.
|
|
* ingela/dtls/no-packet-upd/OTP-14664:
ssl: No support for packet option over unreliable transport
|
|
* ingela/ssl/extend-hostname-check/OTP-14632/OTP-14655:
ssl: Fix test cases to work on all test platforms
public_key: Fix dialyzer spec
ssl: Sessions must be registered with SNI if exists
ssl: Extend hostname check to fallback to checking IP-address
public_key, ssl: Handles keys so that APIs are preserved correctly
|
|
|
|
Use ?FUNCTION_NAME macro to enhance code as we will not back-port this
version of the ssl application to versions pre OTP 19.
|
|
|
|
If no SNI is available and the hostname is an IP-address also check
for IP-address match. This check is not as good as a DNS hostname check
and certificates using IP-address are not recommended.
|
|
The functions are not performance critical. Will be used
when errors occurs, CRL data base is managed or legacy OpenSSL names
are used for ciphers.
|
|
|
|
OTP-14236 requires ssl runtime dependencies to update to latest public_key.
OTP-14181 makes ssl test cases dependent on latest version latest public_key.
|