aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src
AgeCommit message (Collapse)Author
2013-01-22ssl: Prepare for R16 releaseIngela Anderton Andin
Remove very old and obsolete release notes, update version and appup.
2013-01-22Merge branch 'ia/ssl/incompatible-error-msg/OTP-10451'Ingela Anderton Andin
* ia/ssl/incompatible-error-msg/OTP-10451: ssl: Enhance error handling
2013-01-21Merge branch 'ia/ssl/certtable-clean/OTP-10710'Ingela Anderton Andin
* ia/ssl/certtable-clean/OTP-10710: ssl: Certificates and PEM-cache cleaning fixed to avoid memory leak
2013-01-21Merge branch 'ia/ssl/simplify-addition-of-keyexchange-algorithms/OTP-10709'Ingela Anderton Andin
* ia/ssl/simplify-addition-of-keyexchange-algorithms/OTP-10709: SSL: simplify server key encoding, decoding and signature handling SSL: unify the different implementations signature check implementations
2013-01-21ssl: Enhance error handlingIngela Anderton Andin
Remove filter mechanisms that made error messages backwards compatible with old ssl but hid information about what actually happened. This does not break the documented API however other reason terms may be returned, so code that matches on the reason part of {error, Reason} may fail.
2013-01-18Merge branch 'nox/enable-silent-rules/OTP-10726'Björn-Egil Dahlberg
* nox/enable-silent-rules/OTP-10726: Implement ./otp_build configure --enable-silent-rules
2013-01-17SSL: simplify server key encoding, decoding and signature handlingAndreas Schultz
server key encoding depends to the negotiated key exchange. Before the encoding was limited to diffie-hellman keys. This changes allows to select the key structure to decode and verify. It also consolidates the transport encoding of the parameters into one place.
2013-01-17SSL: unify the different implementations signature check implementationsAndreas Schultz
ssl_handshake and ssl_connection where doing essentially the same when checking a public key signature. This unify both into a single function
2013-01-17ssl: Certificates and PEM-cache cleaning fixed to avoid memory leakIngela Anderton Andin
Certificate db cleaning messages where sent to the wrong process after restructuring to avoid bottlenecks. It is possible that the ssl manager process gets two cleaning messages for the same entry. E.i. first cleaning message is sent and before it is processed a new reference is allocated and again released for the entry, generating a second cleaning message. Also in ssl_manger:handle_info/2 it is possible that there exists a new reference to an "old" file name with a potential new content.
2013-01-15Implement ./otp_build configure --enable-silent-rulesAnthony Ramine
With silent rules, the output of make is less verbose and compilation warnings are easier to spot. Silent rules are disabled by default and can be disabled or enabled at will by make V=0 and make V=1.
2013-01-08Merge branch 'ia/ssl/TLS-1.2-default/OTP-10425'Ingela Anderton Andin
* ia/ssl/TLS-1.2-default/OTP-10425: ssl: Make TLS-1.2 default version
2012-12-20ssl: Make TLS-1.2 default versionIngela Anderton Andin
2012-12-19ssl & orber: Remove ssl:pid/1 (has been pointless since R14)Ingela Anderton Andin
2012-12-06Merge branch 'maint'Ingela Anderton Andin
Conflicts: erts/emulator/sys/vxworks/sys.c erts/vsn.mk lib/ssl/src/ssl_connection.erl lib/ssl/test/ssl_basic_SUITE.erl
2012-12-06ssl: Prepare for releaseIngela Anderton Andin
2012-12-06ssl: Export sslsocket() dialyzer typeIngela Anderton Andin
2012-12-06ssl: Cancel non expired timersIngela Anderton Andin
2012-12-06ssl: Fix recv after timeout expiredIngela Anderton Andin
Reset state so that "recv data" is not sent as "active data" after a recv timed out and no new recv has been called.
2012-12-06ssl: Timeout handling changed so that the fsm-process will terminate if the ↵Ingela Anderton Andin
ssl:ssl_accept/[2,3] or ssl:connect/[3,4] timeout expires. Add missing function clause to handle timeout during handshake. The missing clause had the effect that the timeout was wrongly discarded. Also add an extra test case for the recv timeout in addition to the one in ssl_packet_SUITE. The missing functions clause was introduced in 8a789189. This commit changed the timeout implementation, the previous implememtation could cause other type of problems as the timeout was client side.
2012-11-27ssl: Consider new server options when resuming a sessionIngela Anderton Andin
If an ssl server is restarted with new options and a client tries to reuse a session the server must make sure that it complies to the new options before agreeing to reuse it.
2012-11-26ssl: Add dependencies to MakefileIngela Anderton Andin
2012-11-21Merge branch 'as/ssl-sha224-fixes'Henrik Nord
* as/ssl-sha224-fixes: SSL: TLS 1.2, advertise sha224 support OTP-10586
2012-11-19Merge remote branch 'upstream/maint'Ingela Anderton Andin
2012-11-19ssl: Fix bug in match expression found by DialyzerIngela Anderton Andin
Code should handle case the there is some undelivered data left on the socket when peer close signal is received. It is unlikely that this happens during normal testing.
2012-11-18SSL: TLS 1.2, advertise sha224 supportAndreas Schultz
SHA-224 is still better than SHA-1, so let the world know we support it
2012-11-15Merge remote branch 'upstream/maint'Ingela Anderton Andin
2012-11-14ssl: Update vsn.mk and ssl.appup.src for releaseIngela Anderton Andin
2012-11-14Merge remote branch 'upstream/maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/ssl_connection.erl
2012-11-13ssl: Make sure that the ssl connection process will not hang in terminate ↵Ingela Anderton Andin
function. Avoid doing gen_tcp/inet socket operations in terminate if socket is already closed. Call gen_tcp:recv/3 in the "data delivery workaround" to avoid hanging.
2012-11-13ssl: Add default values to emulated socket options in internal recordIngela Anderton Andin
The absence of the active default values could cause a process leak
2012-11-12ssl: Adopt test case to not take so longIngela Anderton Andin
2012-11-09Merge remote branch 'upstream/maint'Ingela Anderton Andin
* upstream/maint: ssl: Do not use gen_fsm:sync_send_all_state_event/3 timeout
2012-11-09ssl: Do not use gen_fsm:sync_send_all_state_event/3 timeoutIngela Anderton Andin
The gen_fsm:sync_send_all_state_event/3 timout is a client side timeout. If timeouts are needed we want them to be server side timeouts.
2012-10-01ssl: Improve #sslsocket{} APIIngela Anderton Andin
A #sslsocket{} contains the fsm pid and value that was previously set to old_ssl or new_ssl to make the transition period smoother. Now that old ssl is not supported any more we use this field to store the inet socket reference instead. This enables some API functions to return quicker as they do not need to communicate with the fsm-process.
2012-10-01ssl: It is now possible to call controlling_process on a listen socket,Ingela Anderton Andin
same as in gen_tcp. Made error handling of listen sockets as arguments to funtions expecting a connected socket more inet/gen_tcp like.
2012-09-27Merge branch 'ia/ssl/npn/OTP-10361'Ingela Anderton Andin
* ia/ssl/npn/OTP-10361: ssl: Shorten test case names to workaround ct shortcomings on windows ssl: SSL 3.0 does not support next protocol negotiation ssl: Dialyzer fixes and code cleaning ssl: Changed default behaviour of next protocol negotiation to make more "sense" (be true to the specification). ssl: Update SSL docs for SSL Next Protocol Support ssl: Support for SSL Next Protocol Negotiation * http://technotes.googlecode.com/git/nextprotoneg.html
2012-09-25ssl: Adopt test case to not take so longIngela Anderton Andin
2012-09-21ssl: SSL 3.0 does not support next protocol negotiationIngela Anderton Andin
Also shorten test cases names to workaround test framework problems on windows
2012-09-20ssl: Dialyzer fixes and code cleaningIngela Anderton Andin
Types in a record where wrongly type specified, did not include undefined. Make them comments for now, maybe we will specify internal records with dialyzer types later, but as the other record fields are not specified at the moment, with dialyzer types, make the code consistent.
2012-09-20ssl: Changed default behaviour of next protocol negotiation to makeIngela Anderton Andin
more "sense" (be true to the specification).
2012-09-20ssl: Support for SSL Next Protocol NegotiationBen Murphy
* http://technotes.googlecode.com/git/nextprotoneg.html
2012-08-31Update copyright yearsBjörn-Egil Dahlberg
2012-08-27ssl: Fixed compilation warningsIngela Anderton Andin
2012-08-24ssl & public_key: Workaround that some certificates encode countryname as ↵Ingela Anderton Andin
utf8 and close down gracefully if other ASN-1 errors occur. The reason certificate_unknown that is used as ALERT for ASN-1 encoding failure is described as: Some other (unspecified) issue arose in processing the certificate, rendering it unacceptable.
2012-08-23Merge branch 'ia/sslv3-alert/OTP-10196' into maintIngela Anderton Andin
* ia/sslv3-alert/OTP-10196: ssl: Add missing sslv3 alert
2012-08-23ssl: Clean up of code thanks to dialyzerIngela Anderton Andin
2012-08-22ssl: Add missing sslv3 alertIngela Anderton Andin
2012-08-22ssl & public_key: Prepare for releaseIngela Anderton Andin
Tickets solved by this branch: OTP-8871, OTP-8872 and OTP-9908
2012-08-22ssl: Use crypto:strong_rand_bytes if possibleIngela Anderton Andin
2012-08-22ssl & public_key: Add use of more "sha-rsa oids"Ingela Anderton Andin