Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-03-04 | ssl: Add exception for inet and inet6 to proplist check | Ingela Anderton Andin | |
2014-03-04 | ssl: Add input sanity check | Ingela Anderton Andin | |
Avoid puzzling behavior due to options being disregarded if they are not key value tuples. | |||
2014-02-25 | ssl: Fix compiler warnings | Ingela Anderton Andin | |
2014-02-25 | ssl: Fix appup regexps and instructions | Ingela Anderton Andin | |
2014-02-25 | Merge branch 'ia/ssl/prepare-for-release' | Ingela Anderton Andin | |
* ia/ssl/prepare-for-release: ssl: Prepare for release | |||
2014-02-25 | ssl: Prepare for release | Ingela Anderton Andin | |
2014-02-24 | Merge branch 'fenollp/otp-edoc-usage-fixes' | Henrik Nord | |
* fenollp/otp-edoc-usage-fixes: Fix edoc usage errors OTP-11702 | |||
2014-02-24 | Merge branch 'hb/dialyzer/deprecate_types/OTP-10342' | Hans Bolinder | |
* hb/dialyzer/deprecate_types/OTP-10342: Deprecate pre-defined built-in types | |||
2014-02-23 | Deprecate pre-defined built-in types | Hans Bolinder | |
The types array(), dict(), digraph(), gb_set(), gb_tree(), queue(), set(), and tid() have been deprecated. They will be removed in OTP 18.0. Instead the types array:array(), dict:dict(), digraph:graph(), gb_set:set(), gb_tree:tree(), queue:queue(), sets:set(), and ets:tid() can be used. (Note: it has always been necessary to use ets:tid().) It is allowed in OTP 17.0 to locally re-define the types array(), dict(), and so on. New types array:array/1, dict:dict/2, gb_sets:set/1, gb_trees:tree/2, queue:queue/1, and sets:set/1 have been added. | |||
2014-02-20 | ssl: Correct clean up of certificate database when certs are inputed | Ingela Anderton Andin | |
in pure DER format. The incorrect code could cause a memory leek when certs where inputed in DER. | |||
2014-02-14 | ssl: Fix possible mismatch between SSL/TLS version and default ciphers | Ingela Anderton Andin | |
2014-02-14 | Fix edoc usage errors | Pierre Fenoll | |
Errors discovered using `erldocs`: Superfluous @hidden tag would exit edoc application; 'Multiple @spec tag': appended a @clear tag after macro condition; '@spec arity does not match': added missing argument. | |||
2014-02-10 | Merge branch 'ia/public_key/specs' | Ingela Anderton Andin | |
* ia/public_key/specs: public_key: Export some dialyzer types | |||
2014-02-06 | public_key: Export some dialyzer types | Ingela Anderton Andin | |
Move dilayzer types from include file to erl file and use -export_type | |||
2014-02-06 | ssl: Unicode adaptions | Ingela Anderton Andin | |
2014-01-28 | ssl: use is_boolean/1 guard in option validation | Andreas Schultz | |
2014-01-28 | Fix incorrect type reference (inet:ipaddress() -> inet:ip_address()) | Tuncer Ayaz | |
2014-01-28 | Fix incorrect use of public_key:private_key/0 type | Tuncer Ayaz | |
public_key:private_key/0 was referenced but undefined, and lib/ssl had a local definition of private_key/0. To fix that, make the following changes: * add public_key:private_key/0 type * document public_key/0 and private_key/0 * fix incorrect definitions and references | |||
2014-01-28 | Merge branch 'ia/Vagabond/adt-honor-cipher-order/OTP-11621' | Ingela Anderton Andin | |
* ia/Vagabond/adt-honor-cipher-order/OTP-11621: Implement 'honor_cipher_order' SSL server-side option | |||
2014-01-24 | Merge branch 'maint' | Ingela Anderton Andin | |
Conflicts: otp_build | |||
2014-01-22 | ssl: Incorrect inputed cipherlist lead server to think that the client | Ingela Anderton Andin | |
did not support secure renegotiation | |||
2014-01-21 | Implement 'honor_cipher_order' SSL server-side option | Andrew Thompson | |
HonorCipherOrder as implemented in Apache, nginx, lighttpd, etc. This instructs the server to prefer its own cipher ordering rather than the client's and can help protect against things like BEAST while maintaining compatability with clients which only support older ciphers. This code is mostly written by Andrew Thompson, only the test case was added by Andreas Schultz. | |||
2014-01-21 | Merge remote-tracking branch 'upstream/maint' | Ingela Anderton Andin | |
2014-01-15 | ssl: Prepare for release | Ingela Anderton Andin | |
2014-01-14 | ssl: fix elliptic curve selection in server mode | Andreas Schultz | |
The server code erroneously took the list of curves supported by the client from it's own hello extension, effectively breaking curve selection all together. Also the default fallback secp256k1 curve is not supported by all clients. secp256r1 is recommended as part of the NIST Suite B cryptographic suites. The chances are much better that all clients support it, so use that as fallback. | |||
2014-01-14 | ssl: Prepare for release | Ingela Anderton Andin | |
2014-01-14 | ssl: Add missing options validation of server_name_indication | Ingela Anderton Andin | |
2014-01-13 | crypto: selective support for GF2m curves | Andreas Schultz | |
Newer OpenSSL versions allow to selectively disable GF2m elliptic curves. Selectively enable GF2m curves is support for them is available. | |||
2014-01-13 | ssl: add brainpool elliptic curves to TLS (RFC-7027) | Andreas Schultz | |
2013-12-02 | Merge branch 'maint' | Ingela Anderton Andin | |
2013-12-02 | ssl: Trap exits | Ingela Anderton Andin | |
2013-12-02 | ssl: Refactor connetion handling | Ingela Anderton Andin | |
2013-12-02 | ssl: API and supervisor | Ingela Anderton Andin | |
2013-12-02 | ssl: Dialyzer fixes | Ingela Anderton Andin | |
2013-12-02 | ssl: Refactor API | Ingela Anderton Andin | |
New design : ssl - Main tls - Reflect tls specific semantics dtls - Reflect dtls specific semantics | |||
2013-12-02 | ssl, public_key: Dialyzer fixes | Ingela Anderton Andin | |
2013-12-02 | ssl: Refactor premaster secret handling | Ingela Anderton Andin | |
2013-12-02 | ssl: Refactor connection and handshake handling | Ingela Anderton Andin | |
2013-12-02 | ssl: Refactor handshake and record handling | Ingela Anderton Andin | |
2013-11-11 | Merge branch 'maint' | Fredrik Gustafsson | |
2013-11-06 | Add a new server_name_indication option to ssl:connect | Julien Barbot | |
- Set to disable to explicitly disable SNI support. - Set to a hostname when upgrading from TCP to TLS. | |||
2013-11-06 | Add SSL Server Name Indication (SNI) client support | Julien Barbot | |
See RFC 6066 section 3 | |||
2013-10-31 | Merge branch 'maint' | Fredrik Gustafsson | |
2013-10-31 | Remove extraneous dev debug code left in the close function. | Ken Key | |
We do not need a traceback on every close in inet_tls_dist and this breaks using nodetool in control scripts on SSL clustered nodes | |||
2013-10-23 | Merge branch 'RoadRunnr/fix_dtls_fragment_decoder/OTP-11376' | Fredrik Gustafsson | |
* RoadRunnr/fix_dtls_fragment_decoder/OTP-11376: ssl: fix initialization of DTLS fragment reassembler | |||
2013-10-14 | ssl: Fix dialyzer spec | Ingela Anderton Andin | |
2013-10-14 | ssl: Honor TLS client ECC extension | Ingela Anderton Andin | |
Also the server should only send ECC point formats extension not ECC curve extension. | |||
2013-09-29 | ssl: fix initialization of DTLS fragment reassembler | Andreas Schultz | |
The DTLS fragment reassembler use a list [{Start, End}] for the fragments. When the first received fragment was not the starting fragment, that list got initialized with [{Start, Length}], causing the merge of following fragment to fail. | |||
2013-09-10 | ssl: Prepare for release | Ingela Anderton Andin | |
2013-09-10 | ssl: Refactor TLS/DTLS record handling | Ingela Anderton Andin | |