| Age | Commit message (Collapse) | Author |
|---|
|
When searching for a certificate's issuer in the `CertDB`, verify the signature
against the original DER certificate from the handshake instead of a re-encoding
of the parsed certificate. This avoids false negatives due to differences
between DER encoding implementations of OTP and other platforms.
|
|
|
|
|
|
|
|
* ia/ssl/validator:
ssl: Only start a new session validator if the old one has finished its work
|
|
|
|
* legoscia/tls-dist-listen-ip:
TLS distribution: bind erts socket to localhost
OTP-13300
|
|
Generalise much of inet_tls_dist, so that inet6_tls_dist can reuse it.
|
|
|
|
* legoscia/tls-dist-connect-options:
ssl_dist_SUITE: don't use deprecated functions
TLS distribution: support inet_dist_connect_options
OTP-13285
|
|
|
|
* legoscia/tls_dist_wait_for_code_server:
TLS distribution: wait for code server
OTP-13268
|
|
If the session table is big the validator may not have finshed before
the validation interval is up, in this case we should not start a new
validator adding to the cpu load.
|
|
|
|
|
|
|
|
Allow adding extra options for outgoing TLS distribution connnections,
as supported for plain TCP connections.
|
|
|
|
* legoscia/tls_dist_error_reporting:
Report bad options for outgoing TLS distribution
Save error reasons for TLS distribution connections
Report bad options for TLS distribution connections
OTP-13219
|
|
There is no reason for the socket on the erts side of the proxy to
accept connections from other hosts, so let's bind it to the loopback
interface.
Also change {ip, {127,0,0,1}} to {ip, loopback} for the erts side of
the socket for outgoing connections, to avoid hardcoding IPv4.
|
|
|
|
|
|
If ssl:connect/3 returns an error related to options, let's log that
so we have a chance to see it and fix it.
|
|
When establishing an outbound connection for TLS distribution, let's
hold on to the failure reasons and use them as exit reasons. These
exit reasons are normally invisible, but they can be seen in the logs
after calling net_kernel:verbose(1).
While there are trace messages in the code already, those require
recompiling the module with a special flag, which is more cumbersome
than changing the net_kernel verbosity level at run time.
|
|
|
|
* ia/ssl-prepare-release:
ssl: Correct spec
ssl: Prepare for release
|
|
|
|
|
|
|
|
* rlipscombe/rl-ssl-options:
Ensure single 'raw' option is handled correctly
Pass 'raw' options through
OTP-13166
|
|
|
|
* ia/ssl/sslv3-completeness:
ssl: SSLv3 completeness
|
|
We are considering removing default support for DES cipher suites.
However this cipher suite is currently allowed in TLS and missing from
SSL.
|
|
|
|
If upper limit is reached invalidate the current cache entries, e.i the session
lifetime is the max time a session will be keept, but it may be invalidated
earlier if the max limit for the table is reached. This will keep the ssl
manager process well behaved, not exhusting memeory. Invalidating the entries
will incrementally empty the cache to make room for fresh sessions entries.
|
|
|
|
|
|
* legoscia/tls_dist_options:
Test interface listen option for TLS distribution
Test socket listen options for TLS distribution
Test port options for TLS distribution
TLS Dist: Use inet_dist_ options
Conflicts:
lib/ssl/src/ssl_tls_dist_proxy.erl
lib/ssl/test/ssl_dist_SUITE.erl
OTP-12838
|
|
|
|
* legoscia/ssl_connection_terminate_crash:
Avoid crash for SSL connections with nonexistent keyfile
OTP-13144
|
|
|
|
* legoscia/tls_dist_nodelay:
Add test for dist_nodelay option
Honour dist_nodelay socket option in tls_dist proxy
OTP-13143
|
|
|
|
* legoscia/ssl-dist-error-handling:
In ssl_tls_dist_proxy, pass along EPMD registration errors
OTP-13142
|
|
|
|
* ppikula/fix-24h-macro:
fix incorrect number of seconds in 24h macro The previous commit - 7b93f5d8a224a0a076a420294c95a666a763ee60 fixed the macro only in one place.
OTP-13141
|
|
Add test that checks that the option inet_dist_listen_options is used
when starting a node with TLS distribution.
This test was adapted from inet_dist_options_options in
erl_distribution_SUITE.
|
|
The inet_dist_ options, such as min/max port numbers aren't used
with TLS distribution. This commits uses those settings in the
same way as they're used in inet_tcp_dist.erl
|
|
|
|
* legoscia/tls-dist-shutdown:
Adjust shutdown strategies for distribution over TLS
OTP-13134
|
