| Age | Commit message (Collapse) | Author |
|---|
|
This makes it possible to create a custom integration with a
key-value store for example. The key would then point to the
actual address. You would have to write your own epmd module
to make use of that feature.
|
|
* maint:
Updated OTP version
Update release notes
Update version numbers
ssl: Prepare for release
ssl: Proper handling of clients that choose to send an empty answer to a certificate request
heart: Use ntohs instead of manual conversion
|
|
|
|
ECDH suite handling did not use the EC parameters form the certs
as expected.
|
|
* ingela/dtls/abbreviated:
dtls: Trigger resend in abbreviated handshake if change_cipher_spec is received to early.
|
|
is received to early.
|
|
* raimo/better-TLS-distribution/OTP-14969:
Fix distro CRL test cases short vs long names
Allow check for node name
Move check ip to before SSL handshake
Check client IP from server
Parse cert primarily for host names
Open for host and node allow list
Create plug-in for distro cert nodes
Rewrite TLS dist to handle node names in certs
Improve node allowed check
|
|
|
|
answer to a certificate request
Solves ERL-599
|
|
answer to a certificate request
Solves ERL-599
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
When test handling was corrected it was obvious that DTLS ECC handling
was not compleated.
|
|
* maint:
Updated OTP version
Update release notes
ssl: Prepare for release
ssl: Remove duplicate release note
ssl: Fix filter function to not discard AEAD cipher suites
Conflicts:
OTP_VERSION
|
|
|
|
|
|
* ingela/ssl/no-sslv2-hello-support/OTP-14824:
ssl: Remove interoperability option v2_hello_compatible
|
|
* hasse/dialyzer/extra-range/OTP-14970:
ssl: Correct some specs
os_mon: Correct a spec
Fix broken spec in beam_asm
Dialyzer should not throw away spec information because of overspec
|
|
|
|
* peterdmv/use_uri_string/OTP-14902:
common_test: Use uri_string
ssl: Use uri_string
public_key: Use uri_string
observer: Use uri_string
Change-Id: I4beac2289db039cc7d566807727c5aaf7fadf942
|
|
|
|
Change-Id: I1249b93b1e4a971cf1af2cb96a65563e23117e2b
|
|
|
|
The interoperability option to fallback to insecure renegotiation
now has to be explicitly turned on.
|
|
|
|
Anonymous cipher suites were broken altogether, and
there was an earlier issue where the server would send a signature
in the server key exchange if a certificate was configured, even
if an anonymous suite was actually negotiated.
Backport of PR-1729
|
|
|
|
Cipher suite handling improvments missed to make a few changes
for AEAD to be handled correctly see ERL-568
|
|
|
|
dumbbell/dumbbell/ssl/fix-active-once-dropped-when-handling-alert/ERL-562
ssl: Fix alert handling so that unexpected messages are logged and alerted correctly
|
|
... in handle_common_event(), instead of passing it to
handle_own_alert() after wrapping it in a tuple with `StateName` (i.e.
`{StateName, Msg}`).
The `StateName` is passed to handle_normal_shutdown() and to
alert_user(). The latter has a clause matching it against `connection`.
Unfortunately, when the argument was in fact `{StateName, Msg}`, another
clause was executed which dropped the `active` flag value and forced it
to `false`, even if the state was actually `connection`. It meant that
later in send_or_reply(), the alert was not propagated to the user, even
though it should (`active` set to `true` or `once`).
Now that handle_common_event() always passes the actual `StateName`, the
problem is fixed.
ERL-562
|
|
Conflicts:
lib/ssl/doc/src/ssl.xml
lib/ssl/src/ssl.erl
lib/ssl/src/ssl_cipher.erl
lib/ssl/test/ssl_basic_SUITE.erl
lib/ssl/test/ssl_test_lib.erl
|
|
Preferably customized cipher suites will be based on the default value.
But all may be used as base and hence it will be good to
handle anonymous suites separately as they are intended for testing purposes.
|
|
Authenticated encryption (AE) and authenticated encryption with
associated data (AEAD, variant of AE) is a form of encryption which
simultaneously provides confidentiality, integrity, and authenticity
assurances on the data.
This is more logical value then null that was used, this happened to
work as the AEAD property was derived form other data, but it is confusing!
|
|
|
|
* ingela/DTLS-supported:
ssl: Fix typo
dtls: Add DTLS handling to utility functions
ssl: Document enhancment
ssl: Document DTLS
|
|
|
|
|
|
* ingela/ssl/no-chacha-default-for-now/ERL-538/OTP-14882:
ssl: Remove chacha ciphers form default for now
|
|
We have discovered interoperability problems, ERL-538, that we
believe needs to be solved in crypto.
|
|
|
|
|
|
|
