| Age | Commit message (Collapse) | Author |
|---|
|
Verify CertificateVerify message against the handshake context and
the public key provided by the Certificate message.
Remove 'Context' argument from state handler functions and store
data in the state variable.
Refactor get_handshake_context/1 to cover all implemented cases.
Change-Id: If803e05009331d1ec7e0ba2ea2b81d917a0add6d
|
|
Implement validation of client certificates in state
'wait_cert'.
Implement state 'wait_cv'.
Clean up handler functions.
Change-Id: I5c410bf7afe34632f27fabcd61670764fedb105d
|
|
Implement state 'wait_cert' with its handler function
do_wait_cert/2.
Send CertificateRequest if peer verification is enabled.
Send Alert 'certificate required' if client answers with empty
Certificate and option 'fail_if_no_peer_cert' is set to true.
Change-Id: I72c73bcb6bc68ea60e6fe41cdd29ccfe40d18322
|
|
Change-Id: I5fdade8474147d05bc12d28fec91a47d4fd6e73b
|
|
Add missing alert to description_atom/1.
Function clauses ordered by value of the alert.
Change-Id: Ibb68ea261c42070c757b2815abd3f7b179880128
|
|
* peterdmv/ssl/hello-retry-request/OTP-15590:
ssl: Fix type spec for handshake_history()
ssl: Add tests for hello_retry_request and groups
ssl: Implement 'hello_retry_request'
Change-Id: I04ad2860d0ba81462a1e36c7d6fcee6bc5c98c32
|
|
* maint:
fixup! ssl: Add support for {active,N}
ssl: Use common fonction to update {active,N}
ssl: Document {active,N}
ssl: Add support for {active,N}
|
|
* essen/ssl-active-n:
fixup! ssl: Add support for {active,N}
ssl: Use common fonction to update {active,N}
ssl: Document {active,N}
ssl: Add support for {active,N}
Conflicts:
lib/ssl/src/ssl.erl
|
|
handshake_history() was specified as {[binary()], [binary[]]},
although its real type was {iodata(), iodata()}, dialyzer did
not give a warning until a new function matched out an element
of handshake_history and used it as input data for crypto:hash/2.
Change-Id: I60660e7296a52bf69bd7198a4cffee8338907726
|
|
Refactor state 'start' and handler functions.
Send 'hello_retry_request' if ClientHello does not contain
sufficient information.
Change-Id: I9fccb38aff5ba88bff75887261e8b1487bd64e17
|
|
* peterdmv/ssl/dtls_logging:
ssl: Add debug logging for DTLS
Change-Id: I83bf117c6c3428c57010e0e581775dd941fc829a
|
|
* essen:erlang/otp:
fixup! ssl: Add support for {active,N}
ssl: Use common fonction to update {active,N}
ssl: Document {active,N}
ssl: Add support for {active,N}
Conflicts:
lib/ssl/src/ssl_connection.erl
|
|
|
|
Conflicts:
lib/ssl/doc/src/ssl.xml
lib/ssl/src/ssl.erl
|
|
|
|
* ingela/ssl/doc-enhancements:
ssl: Enhance documentation after "use-spec-rewrite"
|
|
|
|
* peterdmv/ssl/validate_client_finished:
ssl: Validate Client Finished
Change-Id: I495c0d998423dc5a760d1ca0109c4107c5919f54
|
|
Change-Id: I4858972053436b05b83d72c552974fc9da3843d4
|
|
* maint:
Inline local function
Optimize binary matching
Clean up module boundaries
Remove redundant return of CipherState
Use iovec() internally in send path
Small binary handling optimizations
Optimize read_application_data with Okasaki queue
Try to optimize decode_cipher_text/3
Optimize application data aggregation
Optimize TLS record parsing with Okasaki queue
Cache strong_random_bytes for IV
Optimize padding
Produce less garbage in encrypt loop
Reorganize #data{}
Tidy up state machine
Add server GC info to bench results
Conflicts:
lib/ssl/src/ssl_cipher.erl
lib/ssl/src/ssl_connection.erl
lib/ssl/src/ssl_connection.hrl
lib/ssl/src/ssl_logger.erl
lib/ssl/src/ssl_record.erl
lib/ssl/src/ssl_record.hrl
lib/ssl/src/tls_connection.erl
lib/ssl/src/tls_record.erl
lib/ssl/src/tls_sender.erl
|
|
* raimo/ssl/tls-optimization/OTP-15529:
Inline local function
Optimize binary matching
Clean up module boundaries
Remove redundant return of CipherState
Use iovec() internally in send path
Small binary handling optimizations
Optimize read_application_data with Okasaki queue
Try to optimize decode_cipher_text/3
Optimize application data aggregation
Optimize TLS record parsing with Okasaki queue
Cache strong_random_bytes for IV
Optimize padding
Produce less garbage in encrypt loop
Reorganize #data{}
Tidy up state machine
Add server GC info to bench results
|
|
|
|
When changing the ssl application to use type specs in documentation
master additions where lost in the merge as we did not want to
rewrite the new documentation in a merge commit.
|
|
This reverts commit 028df3a72f7b813ef9851799a07ded30b7d3ad55.
|
|
Validate Client Finished message. If validation fails, send
decrypt_error alert.
Change-Id: I1da7be3505ca6df2b3d50282f0500b988ef8b488
|
|
|
|
|
|
|
|
|
|
Also make a weaker spec in ssl_internal.hrl for now as it creates
a conflict between error handling and dialyzer warnings.
|
|
|
|
|
|
|
|
Conflicts:
lib/ssl/src/dtls_connection.erl
lib/ssl/src/ssl_connection.erl
lib/ssl/src/ssl_connection.hrl
lib/ssl/src/tls_connection.erl
|
|
Improve the abstraction between the ssl_connection module
and dtls_connection, tls_connection and tls_sender, as well
as towards the lower level tls_record and ssl_record modules.
Remove some dead code.
|
|
|
|
|
|
|
|
|
|
To avoid degenerate case with quadratic complexity that
shows up when sending large messages since the the fragment
concatenation was done by binary append. An Okasaki queue
is much more efficient.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
