aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src
AgeCommit message (Collapse)Author
2017-10-18Merge branch 'ingela/dtls/no-packet-upd/OTP-14664' into maintIngela Anderton Andin
* ingela/dtls/no-packet-upd/OTP-14664: ssl: No support for packet option over unreliable transport
2017-10-17Merge branch 'ingela/ssl/extend-hostname-check/OTP-14632/OTP-14655' into maintIngela Anderton Andin
* ingela/ssl/extend-hostname-check/OTP-14632/OTP-14655: ssl: Fix test cases to work on all test platforms public_key: Fix dialyzer spec ssl: Sessions must be registered with SNI if exists ssl: Extend hostname check to fallback to checking IP-address public_key, ssl: Handles keys so that APIs are preserved correctly
2017-10-17ssl: No support for packet option over unreliable transportIngela Anderton Andin
2017-10-16 ssl: Use ?FUNCTION_NAMEIngela Anderton Andin
Use ?FUNCTION_NAME macro to enhance code as we will not back-port this version of the ssl application to versions pre OTP 19.
2017-10-13ssl: Sessions must be registered with SNI if existsIngela Anderton Andin
2017-10-13ssl: Extend hostname check to fallback to checking IP-addressIngela Anderton Andin
If no SNI is available and the hostname is an IP-address also check for IP-address match. This check is not as good as a DNS hostname check and certificates using IP-address are not recommended.
2017-10-05ssl: Use new string functionsIngela Anderton Andin
The functions are not performance critical. Will be used when errors occurs, CRL data base is managed or legacy OpenSSL names are used for ciphers.
2017-09-30dtls: Compleate DTLS renegotiate implementationIngela Anderton Andin
2017-09-20public_key, ssl: Prepare for releaseIngela Anderton Andin
OTP-14236 requires ssl runtime dependencies to update to latest public_key. OTP-14181 makes ssl test cases dependent on latest version latest public_key.
2017-09-11ssl: Do not break abstractionIngela Anderton Andin
ssl_pkix_db should not hard code names. On the other hand the names are nicer with as <Prefix>_dist than <Prefix>dist.
2017-09-04Merge branch 'ingela/ssl/session-cache-max/OTP-14556' into maintIngela Anderton Andin
* ingela/ssl/session-cache-max/OTP-14556: ssl: Mend Max session handling
2017-09-04ssl: Mend Max session handlingIngela Anderton Andin
The commit 256e01ce80b3aadd63f303b9bda5722ad313220f was a misunderstanding that actually broke the implementation. It is not so important to keep specific max, rather max is a threshold when the table should be shrinked as to not grow indefinitely. New sessions are created when the id is created and may be short lived it they are not registered for reuse due to handshake failure.
2017-09-01ssl: Add the role (server or client) to the alert messageIngela Anderton Andin
It is desirable to be as specific as possible in the info message, so there can be no mistake if the alert is form the peer or generated by us. This use to be an error message, but it is better to make it an info message as sending an ALERT ending the connection is an expected behaviour.
2017-08-24Merge branch 'ingela/ssl/dtls-alert-handling/OTP-14078' into maintIngela Anderton Andin
* ingela/ssl/dtls-alert-handling/OTP-14078: dtls: Customize alert handling for DTLS over UDP
2017-08-24ssl: DTLS packet supportIngela Anderton Andin
Test that DTLS handles "high" level packet types as http-packet types. Low level packet type as {packet, 2} we will consider later if they should be relevant to support or not.
2017-08-23ssl: Adjust ALPN and next protocol to work with DTLSIngela Anderton Andin
2017-08-23ssl: negotiated_hashsign/4 expects TLS version to function correctlyIngela Anderton Andin
Only DTLS specific code deals with DTLS version, when common code is used the DTLS version should be converted to the corresponding TLS version.
2017-08-14dtls: Customize alert handling for DTLS over UDPIngela Anderton Andin
From RFC 6347: 4.1.2.7. Handling Invalid Records Unlike TLS, DTLS is resilient in the face of invalid records (e.g., invalid formatting, length, MAC, etc.). In general, invalid records SHOULD be silently discarded, thus preserving the association; however, an error MAY be logged for diagnostic purposes. Implementations which choose to generate an alert instead, MUST generate fatal level alerts to avoid attacks where the attacker repeatedly probes the implementation to see how it responds to various types of error. Note that if DTLS is run over UDP, then any implementation which does this will be extremely susceptible to denial-of-service (DoS) attacks because UDP forgery is so easy. Thus, this practice is NOT RECOMMENDED for such transports.
2017-08-11Merge branch 'ingela/ssl/cert-handling' into maintIngela Anderton Andin
* ingela/ssl/cert-handling: ssl: Correct cipher suite handling ssl: Modernize DSA cert chain generation ssl: Clean ssl: Remove test of OpenSSL ssl: Use new cert generation
2017-08-10Merge pull request #1507 from vances/issue-erl-442Ingela Andin
Correct type specification in ssl:prf/5
2017-08-10ssl: Correct cipher suite handlingIngela Anderton Andin
This is mainly fixing the test suites so that they test the intended cipher suites, issue reported in ERL-460. Also ssl_cipher:anonymous_suites was corrected for DTLS.
2017-07-10Correct type specification in ssl:prf/5Vance Shipley
Current implementation expects Seed to be a list. Correct type specification to match.
2017-07-07ssl: Try to make asn1 decode errors of certificates as specific as possibleIngela Anderton Andin
2017-07-07ssl,public_key: Provide details for CRL check failiures when revokation ↵Ingela Anderton Andin
state can not be determined
2017-07-07ssl: Enhance error loggingIngela Anderton Andin
2017-06-19Update copyright yearHans Nilsson
2017-06-14Merge remote-tracking branch 'ingela/ingela/dtls/client-hello-verify/ERL-434'Hans Nilsson
2017-06-13dtls: Make HelloVerifyRequest version adhere to RFCIngela Anderton Andin
ERL-434 RFC6347 says about hello_verify_request version field as follow https://tools.ietf.org/html/rfc6347#page-16 The server_version field has the same syntax as in TLS. However, in order to avoid the requirement to do version negotiation in the initial handshake, DTLS 1.2 server implementations SHOULD use DTLS version 1.0 regardless of the version of TLS that is expected to be negotiated. But current DTLS server responses DTLS1.2 instead of DTLS1.0.
2017-06-13ssl: Correct epoch handlingIngela Anderton Andin
Consideration of which Epoch a message belongs to is needed in the dtls_connection:next_record function too.
2017-06-10dtls: Handle getopts and setopts for DTLSIngela Anderton Andin
2017-06-07dtls: Fetch next DTLS record when dropping resent handshake dataIngela Anderton Andin
2017-06-07dtls: Use enter actionsIngela Anderton Andin
Using enter actions for retransmission timers makes the code easier to understand. Previously the retransmission timer was incorrectly started in the connection state. Using enter actions feels like a cleaner approach than bloating the state with more flags.
2017-06-02Merge pull request #1479 from weisslj/fix-missing-ssl-closeIngela Andin
Correct close semantics for active once connections. This was a timing dependent bug the resulted in the close message not always reaching the ssl user process. OTP-14443
2017-05-30Better fix for non-delivery of ssl_closed message in active onceIngela Andin
This is taken from https://github.com/erlang/otp/pull/1479#issuecomment-304667528 with permission from Ingela Andin and improves commit 8abe16c22d.
2017-05-25Fix non-delivery of ssl_closed message in active onceJohannes Weißl
The commit 8b10920 (OTP 19.3.1) fixed the non-delivery of final TLS record in {active, once}, but this causes the ssl_closed message to be lost when the TCP connection closes before ssl:close/1. The patch restores the behavior of OTP 18. This is the second part to fix https://bugs.erlang.org/browse/ERL-420
2017-05-23dtls: Check for retransmitted changes_cipher_spec messagesIngela Anderton Andin
Make sure to use current epoch as input to send_handshake_flight.
2017-05-23dtls: Ask for next DTLS record when disregarding future packetIngela Anderton Andin
2017-05-22ssl: Handle econnreset windows obscuritiesIngela Anderton Andin
An UDP socket does note have a connection and should not recive econnreset, however this happens on on some windows versions. Just ignoring it appears to make things work as expected!
2017-05-19ssl: Add missing algorithm ecdh_ecdsaIngela Anderton Andin
2017-05-16Merge branch 'ingela/dtls/opts'Ingela Anderton Andin
* ingela/dtls/opts: ssl: Adopt setopts and getopts for DTLS
2017-05-16ssl: Adopt setopts and getopts for DTLSIngela Anderton Andin
2017-05-16ssl: Remove debug printoutIngela Anderton Andin
2017-05-16Merge branch 'ingela/dtls/replay-protect/OTP-14077'Ingela Anderton Andin
* ingela/dtls/replay-protect/OTP-14077: dtls: Implement replay protection
2017-05-16dtls: Implement replay protectionIngela Anderton Andin
See RFC 6347 section 3.3
2017-05-12Merge branch 'maint'Hans Nilsson
Conflicts: OTP_VERSION lib/inets/vsn.mk lib/ssl/vsn.mk
2017-05-11removed ct:pal call in ssl_connectionJoe DeVivo
2017-05-06ssl: Add hostname check of server certificateIngela Anderton Andin
When the server_name_indication is sent automatize the clients check of that the hostname is present in the servers certificate. Currently server_name_indication shall be on the dns_id format. If server_name_indication is disabled it is up to the user to do its own check in the verify_fun.
2017-05-04Update copyright yearRaimo Niskanen
2017-04-28ssl: Prepare for releaseIngela Anderton Andin
2017-04-28Merge branch 'ingela/ssl/cacha-default/OTP-14382'Ingela Anderton Andin
* ingela/ssl/cacha-default/OTP-14382: ssl: Cacha is currently not tested enough to be most prefered.