| Age | Commit message (Collapse) | Author |
|---|
|
|
|
willing to support
Refactor highest_protocol_version so that code is symmetrical with lowest_protocol_version. For clarity and possible future use cases of highest_protocol_version/2
|
|
As described in the comments in the patch, doing a TLS handshake
requires the crypto module to be loaded. The crypto module needs the
code server to find its NIF library. However, there is a time window
between opening the listening ports for distribution and starting the
code server, and if we get an incoming connection in that time window,
the node would believe that it's alive, but it wouldn't actually
accept any more connections.
|
|
If ssl:ssl_accept/2 returns an error related to options, it's most
likely something we want to log. In particular, if the specified
certificate file doesn't exist, this is where the error ends up, so we
shouldn't just throw the error away.
|
|
Starting an SSL connection with a nonexistent keyfile will obviously
return an error:
> ssl:connect("www.google.com", 443, [{keyfile, "nonexistent"}]).
{error,{options,{keyfile,"nonexistent",{error,enoent}}}}
But it also generates an error report with the following backtrace:
** Reason for termination =
** {badarg,[{ets,select_delete,
[undefined,[{{{undefined,'_','_'},'_'},[],[true]}]],
[]},
{ets,match_delete,2,[{file,"ets.erl"},{line,700}]},
{ssl_pkix_db,remove_certs,2,[{file,"ssl_pkix_db.erl"},{line,243}]},
{ssl_connection,terminate,3,
[{file,"ssl_connection.erl"},{line,941}]},
{tls_connection,terminate,3,
[{file,"tls_connection.erl"},{line,335}]},
{gen_fsm,terminate,7,[{file,"gen_fsm.erl"},{line,610}]},
{gen_fsm,handle_msg,7,[{file,"gen_fsm.erl"},{line,532}]},
{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,240}]}]}
This happens because the ssl_connection process receives its cert_db
while handling the {start, Timeout} message, but if the handshake
fails, the cert_db will never be inserted into the state data, and the
terminate function will use 'undefined' as an ETS table name.
Avoid this by checking for 'undefined' in the handle_trusted_certs_db
function.
|
|
The duplicate_name error returned from erl_epmd:register_node elicits a
particularly precise error message from net_kernel, so let's pass it
along to our caller.
Not doing this for the other things that could go wrong here, since for
those having the line number will likely aid debugging.
|
|
The previous commit - 7b93f5d8a224a0a076a420294c95a666a763ee60 fixed the macro
only in one place.
|
|
Change ssl_dist_sup to be considered as a supervisor with infinite
shutdown time.
Change the ssl_connection_dist instance of tls_connection_sup to have
infinite shutdown time.
This avoids spurious error messages when shutting down a node that
uses distribution over TLS.
|
|
Record field types have been modified due to commit 8ce35b2:
"Take out automatic insertion of 'undefined' from typed record fields".
|
|
In Erlang R16B03-1, I've been passing raw options to ssl:listen as
follows, and it's been working fine:
% The constants are defined elsewhere.
LOpts = [{raw, ?IPPROTO_TCP, ?TCP_MAXSEG, <<MSS:32/native>>} | ...],
{ok, LSocket} = ssl:listen(0, LOpts)
In Erlang 17.3, this fails with
{option_not_a_key_value_tuple,{raw,6,2,<<64,2,0,0>>}}
I originally reported this in
http://erlang.org/pipermail/erlang-questions/2014-October/081226.html
I need to pass this particular raw option to ssl:listen, because it
needs to be applied when the socket is first opened -- between inet:open
and prim_inet:listen -- it cannot be applied later by setopts. This
means that it needs to be done by inet_tcp:listen/2 -- well, actually by
inet:open/8, but...
Otherwise it's racey -- a client could connect between prim_inet:listen
and the setopts call. The MSS option is advertised in the SYN,ACK
packet, and can't be changed later.
|
|
Soft upgrade test did not work as expected due to that the upgrade
frame work keeps the control of the test case process to itself,
so we need a proxy process to receive messages from ssl test framework.
|
|
We do not want ssl_soft_upgrade_SUITE to fail, but for now
we do not know the details of these changes so we use a general
fallback for now.
|
|
* ia/ssl/register-unique-session/OTP-12980:
ssl: Correct return value of default session callback module
|
|
|
|
Add possibility to downgrade an SSL/TLS connection to a tcp connection,
and give back the socket control to a user process.
Add application setting to be able to change fatal alert shutdown
timeout, also shorten the default timeout. The fatal alert timeout is
the number of milliseconds between sending of a fatal alert and
closing the connection. Waiting a little while improves the
peers chances to properly receiving the alert so it may
shutdown gracefully.
|
|
ssl_session_cache:select_session/2 returned [sesionid(), #session{}]
instead of #session{} as the API demands.
This was wrongly compensated for in the code in one place making it
look like everything was good. But the client check for unique session
would always fail, potentially making the client session table grow
a lot and causing long setup times.
|
|
|
|
|
|
* ia/ssl/unknown-hash/OTP-12829:
ssl: Add unassigned values
ssl: Do not crash on proprietary hash_sign algorithms
|
|
* ferd/deny-client-renegotiation:
Add disable client-initiated renegotiation option
Conflicts:
lib/ssl/doc/src/ssl.xml
lib/ssl/src/ssl.erl
OTP-12815
|
|
|
|
TLS hash_sign algorithms may have proprietary values see
http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml
We should add callbacks to let applications handle them.
But for now we do not want to crash if they are present and
let other algorithms be negotiated.
|
|
|
|
Client-initiated renegotiation is more costly for the server than the
client, and this feature can be abused in denial of service attempts.
Although the ssl application already takes counter-measure for these
(via cooldown periods between renegotiations), it can be useful to
disable the feature entirely.
This patch adds the `{client_renegotiation, boolean()}' option to the
server-side of the SSL application (defaulting to `true' to be
compatible with the current behaviour).
The option disables the ability to do any renegotiation at all in the
protocol's state, reusing the existing denial code, but without opening
the code path that sets up a timed message to eventually reopen it up.
|
|
* tombriden/handle_ssl_error:
TLS Dist: Handle ssl_error and close ssl socket
OTP-12799
|
|
Conflicts:
OTP_VERSION
lib/inets/test/httpd_SUITE.erl
lib/inets/vsn.mk
lib/ssh/src/ssh.erl
lib/ssh/vsn.mk
lib/ssl/src/ssl.appup.src
lib/ssl/vsn.mk
|
|
If a plaintext cluster has nodelay=1 then so should the tls cluster;
significant performance issues have been seen when nodelay isn't set
|
|
|
|
alert records needs to be thrown from
ssl_handshake:premaster_secret/[2/3] so that operations will end up in
the catch clause of the invokation of certify_client_key_exchange/3 in
ssl_connection.erl, and hence terminate gracefully and not continue to try
and calculate the master secret with invalid inputs and crash.
|
|
Dialyzer warned about the incorrect match of Packets. Code
was refactored and the problem avoided in the process.
Dialyzer warned that the empty tuple is not a function as the contract
said it should be. Changed the handling of the sni_fun default value to be
undefined and added it to the contract.
|
|
The newly added function sni_fun allows dynamic update of SSL options
like keys and certificates depending on different SNI hostname, rather
than a predefined rules of SSL options.
|
|
This commit adds a new function, ssl:connection_information/[1,2]
to retrive the connection information from a SSLSocket.
And also, this deprecates a function ssl:connection_info/1, and
reimplements connection_info/1 with the new function.
|
|
|
|
|
|
In some instances, restarting a node causes a fatal SSL error on
the other nodes which isn't handled leaving the socket open. Eventually
the nodes will net tick timeout but the node being restarted never
comes back to life
By handling the fatal error and closing the socket, the restarting
node can restart successfully even when the ssl error occurs
|
|
pre TLS 1.2 server should ignore the signature_algorithms extension.
The server code would attempt to select the signature/hash algorithm
even when using TLS 1.0 or 1.1. Instead it should simply use the default
algorithm on those versions.
|
|
|
|
4e0a5e36b38e3f15ed8f7d700d26f2424a47111c
|
|
|
|
This commit adds support for RFC7301, application-layer protocol
negotiation. ALPN is the standard based approach to the NPN
extension, and is required for HTTP/2.
ALPN lives side by side with NPN and provides an equivalent
feature but in this case it is the server that decides what
protocol to use, not the client.
When both ALPN and NPN are sent by a client, and the server is
configured with both ALPN and NPN options, ALPN will always
take precedence. This behavior can also be found in the OpenSSL
implementation of ALPN.
ALPN and NPN share the ssl:negotiated_protocol/1 function for
retrieving the negotiated protocol. The previously existing
function ssl:negotiated_next_protocol/1 still exists, but has
been deprecated and removed from the documentation.
The tests against OpenSSL require OpenSSL version 1.0.2+.
|
|
|
|
|
|
|
|
Conflicts:
lib/ssl/src/ssl_cipher.erl
lib/ssl/test/ssl_basic_SUITE.erl
|
|
|
|
Correct mistake
|
|
|
|
|
|
For comparison with file time stamps os:timestamp makes more sense
and is present in 17 as well as 18.
|
|
Conflicts:
lib/ssl/doc/src/ssl_app.xml
lib/ssl/src/ssl_manager.erl
|
