aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src
AgeCommit message (Collapse)Author
2015-04-20ssl: Ignore signature_algorithm (TLS 1.2 extension) sent to TLS 1.0/1 serverAndreas Schultz
pre TLS 1.2 server should ignore the signature_algorithms extension. The server code would attempt to select the signature/hash algorithm even when using TLS 1.0 or 1.1. Instead it should simply use the default algorithm on those versions.
2015-04-20ssl: Adjust to public_key application removing legacy compact_bit_string switchIngela Anderton Andin
2015-04-16ssl: Add runtime depenency due to commit ↵Ingela Anderton Andin
4e0a5e36b38e3f15ed8f7d700d26f2424a47111c
2015-03-23ssl: Dialyzer fixesIngela Anderton Andin
2015-03-17ssl: Add TLS-ALPN supportLoïc Hoguin
This commit adds support for RFC7301, application-layer protocol negotiation. ALPN is the standard based approach to the NPN extension, and is required for HTTP/2. ALPN lives side by side with NPN and provides an equivalent feature but in this case it is the server that decides what protocol to use, not the client. When both ALPN and NPN are sent by a client, and the server is configured with both ALPN and NPN options, ALPN will always take precedence. This behavior can also be found in the OpenSSL implementation of ALPN. ALPN and NPN share the ssl:negotiated_protocol/1 function for retrieving the negotiated protocol. The previously existing function ssl:negotiated_next_protocol/1 still exists, but has been deprecated and removed from the documentation. The tests against OpenSSL require OpenSSL version 1.0.2+.
2015-03-16ssl: Fix incorrect argument handling, thanks to dialyzerIngela Anderton Andin
2015-03-11ssl: Dialyzer fixesIngela Anderton Andin
2015-03-09ssl: Integrate public_key CRL verification with the ssl applicationIngela Anderton Andin
2015-03-05Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/ssl_cipher.erl lib/ssl/test/ssl_basic_SUITE.erl
2015-03-02ssl: Implement support for TLS_FALLBACK_SCSVIngela Anderton Andin
2015-02-18ssl: remove -> deleteIngela Anderton Andin
Correct mistake
2015-02-13ssl: Prepare for 18Ingela Anderton Andin
2015-02-09Merge branch 'maint'Ingela Anderton Andin
2015-02-09ssl: erlang:timestamp -> os:timestampIngela Anderton Andin
For comparison with file time stamps os:timestamp makes more sense and is present in 17 as well as 18.
2015-02-06Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/doc/src/ssl_app.xml lib/ssl/src/ssl_manager.erl
2015-02-06ssl: Improve PEM cache by validating entriesIngela Anderton Andin
The PEM cache is now validated by a background process, instead of always keeping it if it is small enough and clearing it otherwhiss. That strategy required that small caches where cleared by API function if a file changes on disk. However document the clearing API function as it can still be usefull.
2015-02-02Merge branch 'maint'Ingela Anderton Andin
2015-01-30ssl: Remove selfsigned anchor certificate from the certificate chainIngela Anderton Andin
A selfsigned trusted anchor should not be in the certifcate chain passed to the certificate path validation. Conflicts: lib/ssl/src/ssl_certificate.erl
2015-01-23ssl: Remove default support for RC4 ciphersIngela Anderton Andin
2015-01-23ssl: Reenable padding check for TLS-1.0 and provide backwards compatibleIngela Anderton Andin
disable option
2015-01-23ssl: Remove sslv3 from the default supported protocol versionsIngela Anderton Andin
2015-01-23ssl: Reenable padding check for TLS-1.0 and provide backwards compatibleIngela Anderton Andin
disable option Conflicts: lib/ssl/src/ssl_cipher.erl lib/ssl/src/ssl_record.erl lib/ssl/src/tls_record.erl lib/ssl/test/ssl_cipher_SUITE.erl
2014-12-03Merge branch 'maint'Ingela Anderton Andin
2014-12-03ssl: Correct appupIngela Anderton Andin
2014-12-02Merge branch 'maint'Ingela Anderton Andin
2014-12-01ssl: Prepare for releaseIngela Anderton Andin
2014-12-01ssl: Change code to reflect that state data may be secretIngela Anderton Andin
2014-10-15Merge branch 'maint'Hans Nilsson
2014-10-15Merge branch 'maint-17' into maintBruce Yinhe
Conflicts: OTP_VERSION
2014-10-13Merge branch 'ia/ssl/seperate-clinet-server-session-table/OTP-11365'Ingela Anderton Andin
* ia/ssl/seperate-clinet-server-session-table/OTP-11365: ssl: Separate session cache for client and server
2014-10-13ssl: Separate session cache for client and serverIngela Anderton Andin
Even though in the most common case an erlang node will not be both client and server, it may happen (for instance when running the erlang ditribution over TLS). Also try to mitigate the affect of dumb clients that could cause a very lagre session cache on the client side that can cause long delays in the client. The server will have other means to handle a large session table and will not do any select operations on it anyhow.
2014-10-08ssl: Prepare for releaseIngela Anderton Andin
2014-10-08ssl: Servers may include an empty SNI-extensionIngela Anderton Andin
2014-09-26Merge branch 'maint'Bruce Yinhe
2014-09-26Merge branch 'matwey/makefile' into maintBruce Yinhe
OTP-12200 * matwey/makefile: Cleanup parse_transform modules in eunit Cleanup behaviour modules in ssl Cleanup behaviour modules in ssh Fix a typo in clean section of otp_mibs makefile
2014-09-25Merge branch 'maint'Ingela Anderton Andin
2014-09-24ssl: Servers may include an empty SNI-extensionIngela Anderton Andin
2014-09-10Merge branch 'maint'Ingela Anderton Andin
2014-09-10ssl: Prepare for release - soft upgradeIngela Anderton Andin
2014-09-09ssl, public_key: Add new option partial_chainIngela Anderton Andin
Check that the certificate chain ends with a trusted ROOT CA e.i. a self-signed certificate, but provide an option partial_chain to enable the application to define an intermediat CA as trusted. TLS RFC says: "unknown_ca A valid certificate chain or partial chain was received, but the certificate was not accepted because the CA certificate could not be located or couldn't be matched with a known, trusted CA. This message is always fatal." and also states: "certificate_list This is a sequence (chain) of certificates. The sender's certificate MUST come first in the list. Each following certificate MUST directly certify the one preceding it. Because certificate validation requires that root keys be distributed independently, the self-signed certificate that specifies the root certificate authority MAY be omitted from the chain, under the assumption that the remote end must already possess it in order to validate it in any case." X509 RFC says: "The selection of a trust anchor is a matter of policy: it could be the top CA in a hierarchical PKI, the CA that issued the verifier's own certificate(s), or any other CA in a network PKI. The path validation procedure is the same regardless of the choice of trust anchor. In addition, different applications may rely on different trust anchors, or may accept paths that begin with any of a set of trust anchors."
2014-09-03ssl: add draft-agl-tls-chacha20poly1305-04 Chacha20/Poly1305 SuitesAndreas Schultz
2014-09-03ssl: add PSK-GCM suitesAndreas Schultz
2014-09-03ssl: implement AES128-GCM suitesAndreas Schultz
2014-08-19ssl: Fix boolean expressionIngela Anderton Andin
2014-08-18ssl: Fix broken contractIngela Anderton Andin
2014-08-11ssl: Make sure the correct ROOT-cert is usedIngela Anderton Andin
When dealing with older certificates that does not indicate its signer with a certificate extension, we must search the database for the issure. Finding the issuer is not enough, we need to verify the signature with the key in the found issuer cert.
2014-08-08ssl: Correct handling of certificate_types in Certificate RequestsIngela Anderton Andin
FROM TLS 1.2 RFC: The interaction of the certificate_types and supported_signature_algorithms fields is somewhat complicated. certificate_types has been present in TLS since SSLv3, but was somewhat underspecified. Much of its functionality is superseded by supported_signature_algorithms. The following rules apply: - Any certificates provided by the client MUST be signed using a hash/signature algorithm pair found in supported_signature_algorithms. - The end-entity certificate provided by the client MUST contain a key that is compatible with certificate_types. If the key is a signature key, it MUST be usable with some hash/signature algorithm pair in supported_signature_algorithms. - For historical reasons, the names of some client certificate types include the algorithm used to sign the certificate. For example, in earlier versions of TLS, rsa_fixed_dh meant a certificate signed with RSA and containing a static DH key. In TLS 1.2, this functionality has been obsoleted by the supported_signature_algorithms, and the certificate type no longer restricts the algorithm used to sign the certificate. For example, if the server sends dss_fixed_dh certificate type and {{sha1, dsa}, {sha1, rsa}} signature types, the client MAY reply with a certificate containing a static DH key, signed with RSA- SHA1.
2014-07-07Merge branch 'dnet/parse_sni' into maintBruce Yinhe
* dnet/parse_sni: added SNI decode test to SSL handshake suite ssl: parse SNI in received client hello records OTP-12048
2014-07-02Cleanup behaviour modules in sslMatwey V. Kornilov
Behaviour modules were not cleanuped.
2014-06-16Revert "ssl: Avoid creating a huge session table"Ingela Anderton Andin
This reverts commit fcc6a756277c8f041aae1b2aa431e43f9285c368.