aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src
AgeCommit message (Collapse)Author
2014-09-10Merge branch 'maint'Ingela Anderton Andin
2014-09-10ssl: Prepare for release - soft upgradeIngela Anderton Andin
2014-09-09ssl, public_key: Add new option partial_chainIngela Anderton Andin
Check that the certificate chain ends with a trusted ROOT CA e.i. a self-signed certificate, but provide an option partial_chain to enable the application to define an intermediat CA as trusted. TLS RFC says: "unknown_ca A valid certificate chain or partial chain was received, but the certificate was not accepted because the CA certificate could not be located or couldn't be matched with a known, trusted CA. This message is always fatal." and also states: "certificate_list This is a sequence (chain) of certificates. The sender's certificate MUST come first in the list. Each following certificate MUST directly certify the one preceding it. Because certificate validation requires that root keys be distributed independently, the self-signed certificate that specifies the root certificate authority MAY be omitted from the chain, under the assumption that the remote end must already possess it in order to validate it in any case." X509 RFC says: "The selection of a trust anchor is a matter of policy: it could be the top CA in a hierarchical PKI, the CA that issued the verifier's own certificate(s), or any other CA in a network PKI. The path validation procedure is the same regardless of the choice of trust anchor. In addition, different applications may rely on different trust anchors, or may accept paths that begin with any of a set of trust anchors."
2014-09-03ssl: add draft-agl-tls-chacha20poly1305-04 Chacha20/Poly1305 SuitesAndreas Schultz
2014-09-03ssl: add PSK-GCM suitesAndreas Schultz
2014-09-03ssl: implement AES128-GCM suitesAndreas Schultz
2014-08-19ssl: Fix boolean expressionIngela Anderton Andin
2014-08-18ssl: Fix broken contractIngela Anderton Andin
2014-08-11ssl: Make sure the correct ROOT-cert is usedIngela Anderton Andin
When dealing with older certificates that does not indicate its signer with a certificate extension, we must search the database for the issure. Finding the issuer is not enough, we need to verify the signature with the key in the found issuer cert.
2014-08-08ssl: Correct handling of certificate_types in Certificate RequestsIngela Anderton Andin
FROM TLS 1.2 RFC: The interaction of the certificate_types and supported_signature_algorithms fields is somewhat complicated. certificate_types has been present in TLS since SSLv3, but was somewhat underspecified. Much of its functionality is superseded by supported_signature_algorithms. The following rules apply: - Any certificates provided by the client MUST be signed using a hash/signature algorithm pair found in supported_signature_algorithms. - The end-entity certificate provided by the client MUST contain a key that is compatible with certificate_types. If the key is a signature key, it MUST be usable with some hash/signature algorithm pair in supported_signature_algorithms. - For historical reasons, the names of some client certificate types include the algorithm used to sign the certificate. For example, in earlier versions of TLS, rsa_fixed_dh meant a certificate signed with RSA and containing a static DH key. In TLS 1.2, this functionality has been obsoleted by the supported_signature_algorithms, and the certificate type no longer restricts the algorithm used to sign the certificate. For example, if the server sends dss_fixed_dh certificate type and {{sha1, dsa}, {sha1, rsa}} signature types, the client MAY reply with a certificate containing a static DH key, signed with RSA- SHA1.
2014-07-07Merge branch 'dnet/parse_sni' into maintBruce Yinhe
* dnet/parse_sni: added SNI decode test to SSL handshake suite ssl: parse SNI in received client hello records OTP-12048
2014-06-16Revert "ssl: Avoid creating a huge session table"Ingela Anderton Andin
This reverts commit fcc6a756277c8f041aae1b2aa431e43f9285c368.
2014-06-12ssl: Fix dialyzer specs to reflect realityIngela Anderton Andin
2014-06-12Merge branch 'ia/ssl/CSS/OTP-11975' into maintIngela Anderton Andin
* ia/ssl/CSS/OTP-11975: ssl: Make sure change cipher spec is correctly handled
2014-06-11Merge branch 'ia/ssl/version-argument' into maintIngela Anderton Andin
* ia/ssl/version-argument: ssl: Version argument to ssl_cipher:anonymous_suites should not be added yet!
2014-06-11ssl: Make sure change cipher spec is correctly handledIngela Anderton Andin
2014-06-11Merge branch 'qrilka/ssl-seconds-in-24h' into maintHenrik Nord
* qrilka/ssl-seconds-in-24h: ssl: Fix incorrect number of seconds in 24 hours
2014-06-05ssl: Version argument to ssl_cipher:anonymous_suites should not be added yet!Ingela Anderton Andin
2014-06-05Merge branch 'ia/ssl/dumb-clients/OTP-11969' into maintIngela Anderton Andin
* ia/ssl/dumb-clients/OTP-11969: ssl: Avoid creating a huge session table
2014-06-04Merge branch 'ia/ssl/default-ciphers/OTP-11966' into maintIngela Anderton Andin
* ia/ssl/default-ciphers/OTP-11966: ssl: Workaround that gen_fsm does not call CB:format_status when CB:terminate crashes. SSL: always filter the full list of supported ciphers against the supported algorithms ssl: Filter default ciphers for supported Crypto algorihms
2014-06-03ssl: Workaround that gen_fsm does not call CB:format_status when CB:terminateIngela Anderton Andin
crashes.
2014-06-03SSL: always filter the full list of supported ciphers against the supported ↵Andreas Schultz
algorithms With the addition of more ciphers that are not supported in all configurations, using a manually prefiltered cipher list (e.g. EC vs. non-EC ciphers) becomes to complex. Replace the manual split with ssl_cipher:filter_suites/1 in all places. Conflicts: lib/ssl/src/ssl.erl lib/ssl/src/tls_v1.erl
2014-06-01ssl: parse SNI in received client hello recordsAndrás Veres-Szentkirályi
2014-05-28ssl: Fix incorrect number of seconds in 24 hoursKirill Zaborsky
24 hours in seconds should be equal to 86400 and 86400000 in milliseconds
2014-05-28ssl: Filter default ciphers for supported Crypto algorihmsIngela Anderton Andin
2014-05-28ssl: Prepare for releaseIngela Anderton Andin
2014-05-27ssl: Add format_status function to ssl connection processIngela Anderton Andin
2014-05-26ssl: Add ssl options to listen options trackerIngela Anderton Andin
2014-05-26ssl: Move initIngela Anderton Andin
2014-05-22Merge branch 'dz/fix_ssl_max_seq_num' into maintMarcus Arendt
* dz/fix_ssl_max_seq_num: ssl: fix max sequence number so it does not overflow
2014-05-14ssl: Fix dialyzer specIngela Anderton Andin
2014-05-13ssl: Only allow one next protocol handsake messageIngela Anderton Andin
2014-05-12Merge branch 'ia/ssl/inherit/OTP-11897' into maintIngela Anderton Andin
* ia/ssl/inherit/OTP-11897: ssl: Handle socket option inheritance when pooling of accept sockets is used
2014-05-10ssl: fix max sequence number so it does not overflowDanil Zagoskin
The old value of 18446744073709552000 was calculated using math:pow which returns float therefore isn't precise. And it would overflow: erlang:integer_to_list(18446744073709552000, 16) = "10000000000000180" This patch changes MAX_SEQENCE_NUMBER to value calculated with bitwise shift: (1 bsl 64) - 1 = 18446744073709551615
2014-05-09Merge branch 'ia/ssl/false-alerts/OTP-11890' into maintIngela Anderton Andin
* ia/ssl/false-alerts/OTP-11890: ssl: Add checks to avoid processing of illegal alerts
2014-05-09ssl: Handle socket option inheritance when pooling of accept sockets is usedIngela Anderton Andin
Implement a listen socket tracker process that holds the emulated socket options so that it is possible to implement a destructive ssl:setopts on SSL/TLS listen sockets without changing the options of the internal socket as we want that socket to have the internal socket option values.
2014-05-07ssl: SSL/TLS version input list shall not be order dependentIngela Anderton Andin
2014-04-30ssl: Add checks to avoid processing of illegal alertsIngela Anderton Andin
2014-04-23ssl: Fix crash on garbage during handshakeDanil Zagoskin
If a client sends some garbage in ssl record instead of valid fragment, server crashes with function_clause while receiving next record from client. This patch makes server raise handshake failure instead of crashing and exposing internal state to user code.
2014-04-23ssl: Refactor so that there is only one source for the default hashsign valuesIngela Anderton Andin
Also fix DTLS call to supply its corresponding TLS version
2014-04-23ssl: always pass negotiated version when selecting hashsignDanil Zagoskin
Negotiated version is now always passed to ssl_handshake:select_hashsign because ssl_handshake:select_cert_hashsign has different rsa defaults on tlsv1.2 and older versions.
2014-04-23ssl: TLSv1.2: proper default sign algo for RSADanil Zagoskin
2014-04-22Merge branch 'ia/ssl/decrypt-alert/OTP-11880' into maintIngela Anderton Andin
* ia/ssl/decrypt-alert/OTP-11880: ssl: Correct decryption error handling
2014-04-22Merge branch 'ia/ssl/recv/OTP-11878' into maintIngela Anderton Andin
* ia/ssl/recv/OTP-11878: ssl: recv shall ruturn {error, einval} on active socket
2014-04-22Merge branch 'ia/ssl/suites-match-negotiated-version/OTP-11875' into maintIngela Anderton Andin
* ia/ssl/suites-match-negotiated-version/OTP-11875: ssl: Select supported cipher suites for the negotiated SSL/TLS-version
2014-04-17ssl: Correct decryption error handlingIngela Anderton Andin
2014-04-17ssl: recv shall ruturn {error, einval} on active socketIngela Anderton Andin
2014-04-17ssl: Graceful handling of warning alertsIngela Anderton Andin
Generalize last warning alert function clause
2014-04-16ssl: Select supported cipher suites for the negotiated SSL/TLS-versionIngela Anderton Andin
When selecting the available cipher suites for the server all cipher suites for the highest supported SSL/TLS-version would be selected, and not all supported for the negotiated SSL/TLS-version. This could lead to that faulty clients could negotiate cipher suites that they can not support. This change will enable the faulty client to negotiate another cipher suite that it can support.
2014-04-11ssl: Avoid creating a huge session tableIngela Anderton Andin