aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src
AgeCommit message (Collapse)Author
2015-07-01ssl: Fix appupIngela Anderton Andin
2015-03-13ssl: Special Poodle protection version for OTP-R15 trackIngela Anderton Andin
2015-03-13ssl: Check that negotiated version is a supported version.Ingela Anderton Andin
Conflicts: lib/ssl/src/ssl_handshake.erl lib/ssl/test/ssl_basic_SUITE.erl
2015-03-13ssl: Renable padding checkIngela Anderton Andin
2014-02-05ssl: Fix broken appup from ssl-5.2.1.1 that was released together withIngela Anderton Andin
inets-5.9.2.2
2013-08-21[inets, ssl]: make log_alert configurable as option in ssl, SSLLogLevel ↵Fredrik Gustafsson
added as option to inets conf file
2012-12-06ssl: Prepare for releaseIngela Anderton Andin
2012-12-06ssl: Export sslsocket() dialyzer typeIngela Anderton Andin
2012-12-06ssl: Cancel non expired timersIngela Anderton Andin
2012-12-06ssl: Fix recv after timeout expiredIngela Anderton Andin
Reset state so that "recv data" is not sent as "active data" after a recv timed out and no new recv has been called.
2012-12-06ssl: Timeout handling changed so that the fsm-process will terminate if the ↵Ingela Anderton Andin
ssl:ssl_accept/[2,3] or ssl:connect/[3,4] timeout expires. Add missing function clause to handle timeout during handshake. The missing clause had the effect that the timeout was wrongly discarded. Also add an extra test case for the recv timeout in addition to the one in ssl_packet_SUITE. The missing functions clause was introduced in 8a789189. This commit changed the timeout implementation, the previous implememtation could cause other type of problems as the timeout was client side.
2012-11-19ssl: Fix bug in match expression found by DialyzerIngela Anderton Andin
Code should handle case the there is some undelivered data left on the socket when peer close signal is received. It is unlikely that this happens during normal testing.
2012-11-14ssl: Update vsn.mk and ssl.appup.src for releaseIngela Anderton Andin
2012-11-13ssl: Make sure that the ssl connection process will not hang in terminate ↵Ingela Anderton Andin
function. Avoid doing gen_tcp/inet socket operations in terminate if socket is already closed. Call gen_tcp:recv/3 in the "data delivery workaround" to avoid hanging.
2012-11-13ssl: Add default values to emulated socket options in internal recordIngela Anderton Andin
The absence of the active default values could cause a process leak
2012-11-12ssl: Adopt test case to not take so longIngela Anderton Andin
2012-11-09ssl: Do not use gen_fsm:sync_send_all_state_event/3 timeoutIngela Anderton Andin
The gen_fsm:sync_send_all_state_event/3 timout is a client side timeout. If timeouts are needed we want them to be server side timeouts.
2012-08-31Update copyright yearsBjörn-Egil Dahlberg
2012-08-27ssl: Fixed compilation warningsIngela Anderton Andin
2012-08-24ssl & public_key: Workaround that some certificates encode countryname as ↵Ingela Anderton Andin
utf8 and close down gracefully if other ASN-1 errors occur. The reason certificate_unknown that is used as ALERT for ASN-1 encoding failure is described as: Some other (unspecified) issue arose in processing the certificate, rendering it unacceptable.
2012-08-23Merge branch 'ia/sslv3-alert/OTP-10196' into maintIngela Anderton Andin
* ia/sslv3-alert/OTP-10196: ssl: Add missing sslv3 alert
2012-08-23ssl: Clean up of code thanks to dialyzerIngela Anderton Andin
2012-08-22ssl: Add missing sslv3 alertIngela Anderton Andin
2012-08-22ssl & public_key: Prepare for releaseIngela Anderton Andin
Tickets solved by this branch: OTP-8871, OTP-8872 and OTP-9908
2012-08-22ssl: Use crypto:strong_rand_bytes if possibleIngela Anderton Andin
2012-08-22ssl & public_key: Add use of more "sha-rsa oids"Ingela Anderton Andin
2012-08-22ssl: Fix inet header option to behave as in inetIngela Anderton Andin
This options is useless and should be deprecated. But we behave as inet does for now!
2012-08-22ssl: TLS 1.2: fix hash and signature handlingAndreas Schultz
with TLS 1.2 the hash and signature on a certify message can differ from the defaults. So we have to make sure to always use the hash and signature algorithm indicated in the handshake message
2012-08-22ssl: TLS 1.2: fix Certificate Request list of Accepted Signatur/Hash ↵Andreas Schultz
combinations
2012-08-22ssl: Add Signature Algorithms hello extension from TLS 1.2Andreas Schultz
This is also avoids triggering some bugs in OpenSSL.
2012-08-22ssl: TLS-1.1 and TLS-1.2 support should not be default until R16Ingela Anderton Andin
2012-08-22ssl: Signture type bugIngela Anderton Andin
2012-08-22ssl: Add crypto support check (TLS 1.2 require sha256 support)Ingela Anderton Andin
2012-08-22ssl: Dialyzer fixesIngela Anderton Andin
2012-08-22ssl: IDEA cipher is deprecated by TLS 1.2Ingela Anderton Andin
As we did not yet support IDEA ciphers and they have now become deprecated we skip supporting them altogether.
2012-08-22ssl: Enable TLS 1.2Andreas Schultz
2012-08-22ssl: Enable mac_hash for TLS 1.2Andreas Schultz
2012-08-22ssl: Implement TLS 1.2 signature supportAndreas Schultz
2012-08-22ssl: Make signature handling version dependantAndreas Schultz
TLS 1.2 introduces changes on how signatures are calculate and encoded. This makes the signature handling version aware
2012-08-22ssl: Fix PRF logicIngela Anderton Andin
2012-08-22ssl: Add TLS 1.2 cipher suitesAndreas Schultz
2012-08-22ssl: Implement and activate PRFs for TLS 1.1 and 1.2Andreas Schultz
2012-08-22ssl: make PRF function selectableAndreas Schultz
TLS 1.2 allows to negotiate the used PRF, additional the default PRF uses a different hash. This change make the PRF selectable and hardwires the PRF for TLS < 1.2
2012-08-22ssl: Add TLS version paramter to verify_dh_paramsAndreas Schultz
dh parameter verification is done differently with TLS 1.2. Prepare for that by passing the verion to verify_dh_params.
2012-08-22ssl: Add TLS version to dec_hs/2Andreas Schultz
TLS 1.2 changes the layout of several handshake records. This adds the TLS version to dec_hs/2 so it can decode those.
2012-08-22ssl: Add TLS version to ssl_handshake:key_exchange/3Andreas Schultz
TLS 1.2 changed the way digital signatures are done. key_exchange/3 needs to pass the version to it.
2012-08-22ssl: Add TLS 1.2 block cipher IV handlingAndreas Schultz
2012-08-22ssl: Consider TLS version when building cipher blocksAndreas Schultz
With TLS 1.2 the handling of the IV in cipher blocks changed. This prepares ssl_cipher:cipher/5 for that change by passing the TLS version into it and allowing generic_block_cipher_from_bin/4 to overload the IV.
2012-08-22ssl: Calculate handshake hash only when neededAndreas Schultz
TLS/SSL version before 1.2 always used a MD5/SHA combination for the handshake hashes. With TLS 1.2 the default hash is SHA256 and it is possible to negotiate a different hash. This change delays the calculation of the handshake hashes until they are really needed. At that point the hash to use should be known. For now MD5/SHA is still hard coded.
2012-06-20Merge branch 'ia/ssl/recv-bug/OTP-10118' into maintIngela Anderton Andin
* ia/ssl/recv-bug/OTP-10118: ssl: Fix bug in the handling of remote connection closure of {active,false} ssl sockets.
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-02 00:17:20 +0000