aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src
AgeCommit message (Collapse)Author
2017-11-23Merge branch 'maint'Ingela Anderton Andin
Conflicts: OTP_VERSION
2017-11-23Merge branch 'maint-20' into maintIngela Anderton Andin
* maint-20: Updated OTP version Update release notes Update version numbers public_key: verify ip (both v4 and v6) public_key: Added IP4 address checks to hostname_verification tests ssl: Fix test cases to work on all test platforms public_key: Fix dialyzer spec ssl: Sessions must be registered with SNI if exists ssl: Extend hostname check to fallback to checking IP-address public_key, ssl: Handles keys so that APIs are preserved correctly ssl: Use ?FUNCTION_NAME ssl: Prepare for release ssl: Countermeasurements for Bleichenbacher attack Conflicts: lib/public_key/doc/src/public_key.xml lib/public_key/test/public_key_SUITE.erl lib/public_key/test/public_key_SUITE_data/pkix_verify_hostname_subjAltName_IP.pem lib/public_key/test/public_key_SUITE_data/verify_hostname_ip.conf lib/ssl/src/dtls_connection.erl lib/ssl/src/ssl_connection.erl lib/ssl/src/ssl_handshake.erl
2017-11-22Merge branch ↵Erlang/OTP
'ingela/maint-20/ssl/extend-hostname-check/OTP-14632/OTP-14655/OTP-14766' into maint-20 * ingela/maint-20/ssl/extend-hostname-check/OTP-14632/OTP-14655/OTP-14766: ssl: Fix test cases to work on all test platforms public_key: Fix dialyzer spec ssl: Sessions must be registered with SNI if exists ssl: Extend hostname check to fallback to checking IP-address public_key, ssl: Handles keys so that APIs are preserved correctly ssl: Use ?FUNCTION_NAME
2017-11-16ssl: Resolve merge conflict resolution errorIngela Anderton Andin
2017-11-16Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/dtls_connection.erl lib/ssl/src/ssl_connection.erl lib/ssl/src/ssl_handshake.erl lib/ssl/src/tls_connection.erl
2017-11-16ssl: Align code of TLS/DTLS handshake handlingIngela Anderton Andin
2017-11-16ssl: Align code of TLS/DTLS record handlingIngela Anderton Andin
2017-11-16ssl: Align code of main modules implementing the gen_statem behaviourIngela Anderton Andin
2017-11-16dtls: Add state specIngela Anderton Andin
2017-11-10Merge branch 'maint'Ingela Anderton Andin
2017-11-09ssl: Sessions must be registered with SNI if existsIngela Anderton Andin
2017-11-09ssl: Extend hostname check to fallback to checking IP-addressIngela Anderton Andin
If no SNI is available and the hostname is an IP-address also check for IP-address match. This check is not as good as a DNS hostname check and certificates using IP-address are not recommended.
2017-11-09 ssl: Use ?FUNCTION_NAMEIngela Anderton Andin
Use ?FUNCTION_NAME macro to enhance code as we will not back-port this version of the ssl application to versions pre OTP 19.
2017-11-09ssl: Countermeasurements for Bleichenbacher attackIngela Anderton Andin
2017-11-08ssl: Add private key configuration for crypto engineIngela Anderton Andin
2017-10-23Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/inet_tls_dist.erl
2017-10-20ssl: Do not provide IP address to ssl:connect in erlang distribution over TLSIngela Anderton Andin
As TLS clients will perform a hostname check against certificates the IP-address does not make much sense.
2017-10-18Merge branch 'maint'Ingela Anderton Andin
2017-10-18Merge branch 'ingela/dtls/no-packet-upd/OTP-14664' into maintIngela Anderton Andin
* ingela/dtls/no-packet-upd/OTP-14664: ssl: No support for packet option over unreliable transport
2017-10-17Merge branch 'maint'Ingela Anderton Andin
2017-10-17Merge branch 'ingela/ssl/extend-hostname-check/OTP-14632/OTP-14655' into maintIngela Anderton Andin
* ingela/ssl/extend-hostname-check/OTP-14632/OTP-14655: ssl: Fix test cases to work on all test platforms public_key: Fix dialyzer spec ssl: Sessions must be registered with SNI if exists ssl: Extend hostname check to fallback to checking IP-address public_key, ssl: Handles keys so that APIs are preserved correctly
2017-10-17ssl: No support for packet option over unreliable transportIngela Anderton Andin
2017-10-16Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/ssl_connection.erl
2017-10-16 ssl: Use ?FUNCTION_NAMEIngela Anderton Andin
Use ?FUNCTION_NAME macro to enhance code as we will not back-port this version of the ssl application to versions pre OTP 19.
2017-10-13Merge branch 'maint'Ingela Anderton Andin
2017-10-13ssl: Sessions must be registered with SNI if existsIngela Anderton Andin
2017-10-13ssl: Extend hostname check to fallback to checking IP-addressIngela Anderton Andin
If no SNI is available and the hostname is an IP-address also check for IP-address match. This check is not as good as a DNS hostname check and certificates using IP-address are not recommended.
2017-10-05ssl: Use new string functionsIngela Anderton Andin
The functions are not performance critical. Will be used when errors occurs, CRL data base is managed or legacy OpenSSL names are used for ciphers.
2017-10-02Merge branch 'maint'Ingela Anderton Andin
2017-09-30dtls: Compleate DTLS renegotiate implementationIngela Anderton Andin
2017-09-29Merge branch 'raimo/ssl-dist-skip-loopback/OTP-14465'Raimo Niskanen
* raimo/ssl-dist-skip-loopback/OTP-14465: Update runtime dependencies Disable debug function Pass all info's to the ssl_connection state function Remove ssl_tls_dist_ctrl module Remove ssl_tls_dist_ctrl process Remove ssl_tls_dist_proxy Avoid dialyzer warning Separate in and out in dist ctrl Rewrite dist ctrl from port to process Conflicts: lib/ssl/src/ssl.app.src
2017-09-29Update runtime dependenciesRaimo Niskanen
2017-09-28Disable debug functionRaimo Niskanen
2017-09-27Pass all info's to the ssl_connection state functionRaimo Niskanen
2017-09-27Remove ssl_tls_dist_ctrl moduleRaimo Niskanen
2017-09-26Remove ssl_tls_dist_ctrl processRaimo Niskanen
2017-09-20Merge branch 'maint'Ingela Anderton Andin
2017-09-20public_key, ssl: Prepare for releaseIngela Anderton Andin
OTP-14236 requires ssl runtime dependencies to update to latest public_key. OTP-14181 makes ssl test cases dependent on latest version latest public_key.
2017-09-15Remove ssl_tls_dist_proxyRaimo Niskanen
2017-09-15Avoid dialyzer warningRaimo Niskanen
2017-09-15Separate in and out in dist ctrlRaimo Niskanen
2017-09-15Rewrite dist ctrl from port to processRaimo Niskanen
2017-09-13Merge branch 'maint'Ingela Anderton Andin
2017-09-11ssl: Do not break abstractionIngela Anderton Andin
ssl_pkix_db should not hard code names. On the other hand the names are nicer with as <Prefix>_dist than <Prefix>dist.
2017-09-04Merge branch 'maint'Ingela Anderton Andin
2017-09-04Merge branch 'ingela/ssl/session-cache-max/OTP-14556' into maintIngela Anderton Andin
* ingela/ssl/session-cache-max/OTP-14556: ssl: Mend Max session handling
2017-09-04ssl: Mend Max session handlingIngela Anderton Andin
The commit 256e01ce80b3aadd63f303b9bda5722ad313220f was a misunderstanding that actually broke the implementation. It is not so important to keep specific max, rather max is a threshold when the table should be shrinked as to not grow indefinitely. New sessions are created when the id is created and may be short lived it they are not registered for reuse due to handshake failure.
2017-09-04Merge branch 'maint'Ingela Anderton Andin
2017-09-01ssl: Add the role (server or client) to the alert messageIngela Anderton Andin
It is desirable to be as specific as possible in the info message, so there can be no mistake if the alert is form the peer or generated by us. This use to be an error message, but it is better to make it an info message as sending an ALERT ending the connection is an expected behaviour.
2017-08-24Merge branch 'maint'Ingela Anderton Andin
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-13 23:02:26 +0000