Age | Commit message (Collapse) | Author |
|
When gen_tcp is configured with the {packet,http} option, it
automatically switches to expect HTTP Headers after a HTTP
Request/Response line has been received. This update fixes ssl to
behave in the same way.
|
|
|
|
The SSL handshake fails when an ssl server is configured with the
'fail_if_no_peer_cert' option and a valid client sends its certificate
as instructed. On the server-side ssl:ssl_accept/2 will return
{error,esslerrssl}, and it will send an "Unexpected Message" SSL Alert
(type 10) to the client.
|
|
Using certain valid options in the new ssl implementation results
in badarg exceptions. This happens for one documented option
'fail_if_no_peer_cert' and two undocumented options
'verify_client_once' and 'cb_info'.
|
|
hence not covered by test cases.
|
|
|
|
|
|
New ssl now properly handles ssl renegotiation, and initiates a
renegotiation if ssl/ltls-sequence numbers comes close to the max value.
|
|
Fixed a crash in the certificate certification part.
|
|
|
|
|
|
packet.
|
|
* yh/packet_option_for_new_ssl_send:
Fixed ssl:setopts(Socket, binary) which was didn't work for 'new' ssl.
Fixed bug file cache bug and improved the error messages.
Allow <c>ssl:listen/2</c> to be called with option {ssl_imp, old}.
prepend packet size bytes in ssl:send() in new_ssl implementation
OTP-8441 ssl:send/2 ignored packet option, fix provided by YAMASHINA Hio.
Fixed a file cache bug which caused problems when the same file
was used for both cert and cacert.
Allow ssl:listen/2 to be called with option {ssl_imp, old}.
Fixed ssl:setopts(Socket, binary) which didn't work for 'new'
ssl..
|
|
|
|
|
|
|
|
With the {ssl_imp,new} option enabled, {packet,PacketType} only
works when receiving. When sending, {packet,0} is always used.
|
|
* dgud/ssl-patches-from-Wil:
Added a public_key:pkix_transform/2 instead and used it from ssl.
Minor code cleanup
new_ssl fix session reuse
Code cleanup
Send CA list during Certificate Request in new_ssl
OTP-8372 Fixed session reuse (in new_ssl), thanks Wil Tan.
Send CA list during Certificate Request (in new_ssl) , thanks Wil
Tan.
|
|
|
|
|
|
When an SSL client presents a previous session ID, the server should
either honour the request to reuse the parameters previously negotiated
for the given session ID, or ignore the request and generate a new
session ID.
In this situation, new_ssl tries to complete the handshake by sending
the client a "Finished" handshake message, which violates the SSL/TLS
specs. It should instead send a ChangeCipherSpec message before sending
the FInished message. This patch fixes it.
|
|
|
|
When requesting for client certificate, an SSL/TLS server may send a
list of the distinguished names of acceptable certificate authorities.
OpenSSL does this by default.
|
|
|