| Age | Commit message (Collapse) | Author |
|---|
|
* ingela/ssl/handshake-handling/ERL-968/OTP-15879:
ssl: Correct handshake handling
|
|
Solves ERL-968, a refactoring bug could cause part of a server key exchange message to
be appended, to an incorrectly duplicated, certificate handshake message. In the end
causing an ASN1 decoding error. That in turn did not end up the correct error handling branch.
|
|
Fix SSL cb_info missing underscore in default
OTP-15887
|
|
Implement ALPN in TLS 1.3
|
|
* ingela/ssl/dtls-multiplxor/ERL-962/OTP-15864:
ssl: Add missing gen_server return value in DTLS packet demux process
|
|
|
|
|
|
Server and client use different secrets when sending certificate related
alerts. This is due to a change to the TLS protocol where clients send
their 'certificate' message after they have received the server's 'finished'
message.
|
|
|
|
* ingela/ssl/PR-2235/OTP-15851:
Export sign_scheme/0 types
|
|
ssl: Change check of DTLS record version
OTP-15807 Merged as it is an confirmed improvement, however more work needs to be done
on DTLS test framework.
|
|
|
|
Retransmissions mechanism for upd makes it possible for handshakes and possible
alerts to have another record version then the negotiated one in the
states certify and abbreviated without beeing invalid messages.
|
|
The types named_curve/0 and sign_scheme/0 consist of many
options and may also change with time. Since they are not
exported, users must either repeat and maintain their specs,
or use a general type like any() if they want to refer
to them.
|
|
|
|
The types named_curve/0 consist of many
options and may also change with time. Since they are not
exported, users must either repeat and maintain their specs,
or use a general type like any() if they want to refer
to them.
|
|
|
|
|
|
Add basic TLS 1.3 client
|
|
Handle the NewSessionTicket post-handshake message that is sent
by openssl s_server after a successful handshake.
|
|
|
|
Change default behavior to only send key_share entry for the most
preferred group in ClientHello.
|
|
|
|
|
|
Implement validation of selected cipher suite and key_share in
state 'wait_sh'.
|
|
|
|
* ingela/ssl-flow-ctrl/ERL-934/OTP-15825:
ssl: Refactor of OTP 22 code due to patch OTP-15823
ssl: Avoid dialyzer warning
ssl: Add test cases for issue reported in ERL-938
ssl: Internal active n must back off when user does not read data
ssl: Remove legacy calls to next_record
Conflicts:
lib/ssl/src/tls_connection.erl
|
|
|
|
Maybe we should only have specs for external APIs?!
This is a how to write spec problem that we have to address later.
|
|
TLS connections should not buffer too much application data if they
want to benefit from TCP flow control. Certain applications may want to
customize the value of internal_active_n as there is a tradeoff between
buffering memory and throughput.
Conflicts:
lib/ssl/src/tls_connection.erl
|
|
Conflicts:
lib/ssl/src/dtls_connection.erl
lib/ssl/src/ssl_connection.erl
|
|
|
|
* ingela/ssl/flow-ctrl/ERL-934/ERL-938/OTP-15823:
ssl: Avoid dialyzer warning
ssl: Add test cases for issue reported in ERL-938
ssl: Internal active n must back off when user does not read data
ssl: Remove legacy calls to next_record
Revert "ssl: Add check when to toggle internal active N"
Conflicts:
lib/ssl/src/dtls_connection.erl
lib/ssl/src/ssl_connection.erl
lib/ssl/src/tls_connection.erl
|
|
Maybe we should only have specs for external APIs?!
This is a how to write spec problem that we have to address later.
|
|
TLS connections should not buffer too much application data if they
want to benefit from TCP flow control. Certain applications may want to
customize the value of internal_active_n as there is a tradeoff between
buffering memory and throughput.
|
|
|
|
This reverts commit 6e190b012dd5a304fc42a5f3bb58ff173a23eb66.
|
|
This reverts commit 6e190b012dd5a304fc42a5f3bb58ff173a23eb66.
|
|
|
|
* ingela/ssl/cipher-suite-conversion/ERL-924/OTP-15483:
ssl: Add cipher suite convertion functions
|
|
|
|
'ingela/ssl/backported-ssl-enhancments/ERL-929/ERL-893/PR-2215/OTP-15785' into maint-21
* ingela/ssl/backported-ssl-enhancments/ERL-929/ERL-893/PR-2215/OTP-15785:
ssl: Fix cherry-pick mistakes
ssl: Refer documentation of HttpPacket from erts
ssl: Update type spec of ssl:suite_to_str/1
ssl: Update function ssl:eccs/1
ssl: Fix type specs of ssl_internal.hrl
ssl: Fix type specs of internal handshake functions
ssl: Fix dialyzer warnings
eldap: Fix dialyzer warnings
ssl: Fix missing anchor warning
public_key: Accept digest types 'sha1' and 'sha'
inet: Document type inet:stat_option()
ssl: Changed function specs and ssl.xml
ssl: Add missing tuple in shutdown reason
|
|
|
|
* ingela/ssl/flow-ctrl/ERL-934/OTP-15802:
ssl: Add check when to toggle internal active N
|
|
Missing check of size of user_data_buffer made internal socket
behave as an active socket instead of active N.
Also correct indentation.
|
|
|
|
Do not document http_packet() in ssl but refer to description of
erlang:decode_packet/3.
Change-Id: Ib2d0e4fc9605e40fe98bb249bc17fc39046d137a
Conflicts:
lib/ssl/src/ssl.erl
|
|
Change-Id: I7987e80cca7af184a9f40cdcd8ea8f07c318ba0d
|
|
Remove support of version tuples (e.g. {3,3}) from API function
ssl:eccs/1.
Update function spec and documentation.
Change-Id: I891e42a2ca31c3e06b4edeeb866c0df874f2035b
Conflicts:
lib/ssl/doc/src/ssl.xml
lib/ssl/src/ssl.erl
|
|
Change 'term()' to 'any()'. Allow 'undefined' for all fields
of #ssl_options{}.
Change-Id: I00632bfd2b172974a99680a82f326f25b92b9974
Conflicts:
lib/ssl/src/ssl_internal.hrl
|
