aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src
AgeCommit message (Collapse)Author
2018-07-24Merge branch 'maint-20' into maintJohn Högberg
* maint-20: Updated OTP version Prepare release ssl: Engine key trumps certfile option inets: Prepare for release inets: Improve error handling
2018-07-20Merge branch 'ingela/ssl/engine-vs-certfile/ERLERL-211/OTP-15193' into maint-20Erlang/OTP
* ingela/ssl/engine-vs-certfile/ERLERL-211/OTP-15193: ssl: Engine key trumps certfile option
2018-07-17ssl: Engine key trumps certfile optionIngela Anderton Andin
2018-07-11Merge pull request #1869 from ↵Ingela Andin
IngelaAndin/ingela/ssl/unexpected-call/ERL-664/OTP-15174 ssl: Improve error handling
2018-07-10ssl: Correct connection_information on ECC-curvesIngela Anderton Andin
2018-07-10ssl: No cipher suite sign restriction in TLS-1.2Ingela Anderton Andin
Conflicts: lib/ssl/test/ssl_ECC_SUITE.erl
2018-07-10ssl: Add psk as anonymous key exchange in ssl_handshake:select_hashsign/5Ingela Anderton Andin
Failing to recognize psk as an anonymous key exchange would fail the connection when trying to decode an undefined certificate.
2018-07-10ssl: Correct key_usage checkIngela Anderton Andin
The Key Usage extension is described in section 4.2.1.3 of X.509, with the following possible flags: KeyUsage ::= BIT STRING { digitalSignature (0), nonRepudiation (1), -- recent editions of X.509 have -- renamed this bit to contentCommitment keyEncipherment (2), dataEncipherment (3), keyAgreement (4), keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) } In SSL/TLS, when the server certificate contains a RSA key, then: either a DHE or ECDHE cipher suite is used, in which case the RSA key is used for a signature (see section 7.4.3 of RFC 5246: the "Server Key Exchange" message); this exercises the digitalSignature key usage; or "plain RSA" is used, with a random value (the 48-byte pre-master secret) being encrypted by the client with the server's public key (see section 7.4.7.1 of RFC 5246); this is right in the definition of the keyEncipherment key usage flag. dataEncipherment does not apply, because what is encrypted is not directly meaningful data, but a value which is mostly generated randomly and used to derive symmetric keys. keyAgreement does not apply either, because that one is for key agreement algorithms which are not a case of asymmetric encryption (e.g. Diffie-Hellman). The keyAgreement usage flag would appear in a certificate which contains a DH key, not a RSA key. nonRepudiation is not used, because whatever is signed as part of a SSL/TLS key exchange cannot be used as proof for a third party (there is nothing in a SSL/TLS tunnel that the client could record and then use to convince a judge when tring to sue the server itself; the data which is exchanged within the tunnel is not signed by the server). When a ECDSA key is used then "keyAgreement" flag is needed for beeing ECDH "capable" (as opposed to ephemeral ECDHE)
2018-07-10ssl: Fix ECDSA key decode clauseIngela Anderton Andin
2018-07-10ssl: Avoid hardcoding of cipher suites and fix ECDH suite handlingIngela Anderton Andin
ECDH suite handling did not use the EC parameters form the certs as expected. Conflicts: lib/ssl/src/ssl_cipher.erl
2018-07-10ssl: Correct ECC suite and DTLS ECC handlingIngela Anderton Andin
When test handling was corrected it was obvious that DTLS ECC handling was not compleated. Conflicts: lib/ssl/src/ssl.erl lib/ssl/test/Makefile lib/ssl/test/ssl_ECC.erl lib/ssl/test/ssl_ECC_SUITE.erl lib/ssl/test/ssl_ECC_openssl_SUITE.erl
2018-07-09ssl: Improve error handlingIngela Anderton Andin
When doing ssl:controlling_process on a ssl socket that has not performed the TLS/DTLS handshake that call will succeed even though the documentation stated otherwise. However if some other ssl option was incorrect the call would hang. Now {error, closed} will be returned in the latter case, which is logical independent on if it should succeed or not in the former case. The former case will continue to succeed, as it is not dependent of the TLS/DTLS connection being established, and the documentation is altered slightly to not explicitly disallow it. If the TLS/DTLS connection later fails and the socket mode is active, the new controlling process will be notified as expected.
2018-07-05ssl: Correct connection_information on ECC-curvesIngela Anderton Andin
2018-07-05ssl: No cipher suite sign restriction in TLS-1.2Ingela Anderton Andin
2018-07-04ssl: Do not use legacy formatIngela Anderton Andin
2018-07-04ssl: Add connection information on new cipher_suite formatIngela Anderton Andin
2018-07-04ssl: Add psk as anonymous key exchange in ssl_handshake:select_hashsign/5Ingela Anderton Andin
Failing to recognize psk as an anonymous key exchange would fail the connection when trying to decode an undefined certificate.
2018-06-18Update copyright yearHenrik Nord
2018-06-14Merge branch 'ingela/ssl/21-enhanchment'Ingela Anderton Andin
* ingela/ssl/21-enhanchment: ssl: Add handle_continue/2 and document enhancements
2018-06-14ssl: Add handle_continue/2 and document enhancementsIngela Anderton Andin
* deprecation of ssl:ssl_accept/[1,2,3] * deprecation of ssl:cipher_suites/[0,1] * More consistent naming
2018-06-12Merge branch 'peterdmv/ssl/suite_to_str/ERL-600/OTP-15106'Péter Dimitrov
* peterdmv/ssl/suite_to_str/ERL-600/OTP-15106: ssl: Add new API function suite_to_str/1 Change-Id: Icf214ece4e1d281da12b02dadc63d4a2ca346563
2018-06-11ssl: Add new API function suite_to_str/1Péter Dimitrov
Add new API function for converting cipher suite maps to their textual representation. Change-Id: I43681930b38e0f3bdb4dfccbf9e8895aa2d6a281
2018-06-11Merge branch 'raimo/better-TLS-distribution/OTP-15058'Raimo Niskanen
* raimo/better-TLS-distribution/OTP-15058: Test nodename whitelist Use public_key to verify client hostname
2018-06-08Use public_key to verify client hostnameRaimo Niskanen
2018-06-08ssl: Add option customize_hostname_checkIngela Anderton Andin
2018-05-24Merge pull request #1821 from IngelaAndin/ingela/ssl/DTLS-transparancyIngela Andin
ssl: Generalize DTLS packet multiplexing OTP-14888
2018-05-23ssl: Generalize DTLS packet multiplexingIngela Anderton Andin
We want to prepare the code for more advanced DTLS usage and possibility to run over SCTP. First assumption was that the demultiplexer process "dtls listener" was needed for UDP only and SCTP could be made more TLS like. However the assumption seems not to hold. This commit prepares for customization possibilities.
2018-05-21Merge branch 'lukas/ssl/fix_erl_epmd_usage/OTP-15086'Lukas Larsson
* lukas/ssl/fix_erl_epmd_usage/OTP-15086: ssl: Fix usage of erl_epmd in tls dist
2018-05-21ssl: Fix usage of erl_epmd in tls distLukas Larsson
Fixes: 662f3c7ba50ff8ec13d8
2018-05-18ssl: Deprecate ssl:ssl_accept/[1,2,3]Ingela Anderton Andin
2018-05-17Merge pull request #1820 from IngelaAndin/ingela/ssl/cipher-suite-select-fixIngela Andin
ssl: Correct key_usage check
2018-05-16epmd: allow alternative to dns resolving for nodenameTimmo Verlaan
This makes it possible to create a custom integration with a key-value store for example. The key would then point to the actual address. You would have to write your own epmd module to make use of that feature.
2018-05-15ssl: Correct key_usage checkIngela Anderton Andin
The Key Usage extension is described in section 4.2.1.3 of X.509, with the following possible flags: KeyUsage ::= BIT STRING { digitalSignature (0), nonRepudiation (1), -- recent editions of X.509 have -- renamed this bit to contentCommitment keyEncipherment (2), dataEncipherment (3), keyAgreement (4), keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) } In SSL/TLS, when the server certificate contains a RSA key, then: either a DHE or ECDHE cipher suite is used, in which case the RSA key is used for a signature (see section 7.4.3 of RFC 5246: the "Server Key Exchange" message); this exercises the digitalSignature key usage; or "plain RSA" is used, with a random value (the 48-byte pre-master secret) being encrypted by the client with the server's public key (see section 7.4.7.1 of RFC 5246); this is right in the definition of the keyEncipherment key usage flag. dataEncipherment does not apply, because what is encrypted is not directly meaningful data, but a value which is mostly generated randomly and used to derive symmetric keys. keyAgreement does not apply either, because that one is for key agreement algorithms which are not a case of asymmetric encryption (e.g. Diffie-Hellman). The keyAgreement usage flag would appear in a certificate which contains a DH key, not a RSA key. nonRepudiation is not used, because whatever is signed as part of a SSL/TLS key exchange cannot be used as proof for a third party (there is nothing in a SSL/TLS tunnel that the client could record and then use to convince a judge when tring to sue the server itself; the data which is exchanged within the tunnel is not signed by the server). When a ECDSA key is used then "keyAgreement" flag is needed for beeing ECDH "capable" (as opposed to ephemeral ECDHE)
2018-05-03Merge branch 'maint'John Högberg
* maint: Updated OTP version Update release notes Update version numbers ssl: Prepare for release ssl: Proper handling of clients that choose to send an empty answer to a certificate request heart: Use ntohs instead of manual conversion
2018-04-30ssl: Fix ECDSA key decode clauseIngela Anderton Andin
2018-04-30ssl: Avoid hardcoding of cipher suites and fix ECDH suite handlingIngela Anderton Andin
ECDH suite handling did not use the EC parameters form the certs as expected.
2018-04-27Merge branch 'ingela/dtls/abbreviated'Ingela Anderton Andin
* ingela/dtls/abbreviated: dtls: Trigger resend in abbreviated handshake if change_cipher_spec is received to early.
2018-04-27dtls: Trigger resend in abbreviated handshake if change_cipher_specIngela Anderton Andin
is received to early.
2018-04-27Merge branch 'raimo/better-TLS-distribution/OTP-14969'Raimo Niskanen
* raimo/better-TLS-distribution/OTP-14969: Fix distro CRL test cases short vs long names Allow check for node name Move check ip to before SSL handshake Check client IP from server Parse cert primarily for host names Open for host and node allow list Create plug-in for distro cert nodes Rewrite TLS dist to handle node names in certs Improve node allowed check
2018-04-27ssl: Prepare for releaseIngela Anderton Andin
2018-04-27ssl: Proper handling of clients that choose to send an emptyIngela Anderton Andin
answer to a certificate request Solves ERL-599
2018-04-26ssl: Proper handling of clients that choose to send an emptyIngela Anderton Andin
answer to a certificate request Solves ERL-599
2018-04-26Allow check for node nameRaimo Niskanen
2018-04-26Move check ip to before SSL handshakeRaimo Niskanen
2018-04-26Check client IP from serverRaimo Niskanen
2018-04-24ssl: Add new API functionsIngela Anderton Andin
2018-04-24ssl: Prepare to replace ssl:ssl_accept with ssl:handshakeIngela Anderton Andin
2018-04-24Parse cert primarily for host namesRaimo Niskanen
2018-04-23Open for host and node allow listRaimo Niskanen
2018-04-20Create plug-in for distro cert nodesRaimo Niskanen