Age | Commit message (Collapse) | Author | |
---|---|---|---|
2010-09-01 | Empty certificate chain | Ingela Anderton Andin | |
Handling of unkown CA certificats was changed in ssl and public_key to work as intended. In the process of doing this some test cases has been corrected as they where wrong but happened to work together with the incorrect unknown CA handling. | |||
2010-08-31 | Merge branch 'dgud/ssl/handskake_client_key/OTP-8793' into dev | Dan Gudmundsson | |
* dgud/ssl/handskake_client_key/OTP-8793: Fix handshake problem with multiple messages in one packet | |||
2010-08-27 | Fix receiving empty packets. | Dan Gudmundsson | |
Empty packets where not delivered from ssl, it incorrectly assumed there was no data. | |||
2010-08-26 | Fix handshake problem with multiple messages in one packet | Dan Gudmundsson | |
If hello and client_key_exchange message is sent together in the same packet, ssl can't handle it and closes the connection. Also fixed compiler warning. | |||
2010-08-24 | Handling of {mode, list} | Ingela Anderton Andin | |
Fixed handling of the option {mode, list} that was broken for some packet types for instance line. | |||
2010-08-24 | Correct behaviour if {packet, line} and mode list are given | Thomas Lachmann | |
This corrects the returned data to be in list format, not binary if both {packet, line} and list are set as option. | |||
2010-08-24 | Merge branch 'ia/ssl-interop/OTP-8740' into dev | Ingela Anderton Andin | |
* ia/ssl-interop/OTP-8740: Do not check the padding for TLS 1.0 | |||
2010-08-24 | Merge branch 'ia/public_key_api/OTP-8722' into dev | Ingela Anderton Andin | |
* ia/public_key_api/OTP-8722: Revise the public_key API Resolved, version is now 0.8. Conflicts: lib/public_key/vsn.mk | |||
2010-08-23 | Revise the public_key API | Ingela Anderton Andin | |
Cleaned up and documented the public_key API to make it useful for general use. | |||
2010-08-18 | Fix bug in ssl handshake protocol related to the choice of cipher suites | Paul Guyot | |
in client hello message when a client certificate is used The client hello message now always include ALL available cipher suites (or those specified by the ciphers option). Previous implementation would filter them based on the client certificate key usage extension (such filtering only makes sense for the server certificate). | |||
2010-08-18 | Do not check the padding for TLS 1.0 | Ingela Anderton Andin | |
For interoperability reasons we do not check the padding in TLS 1.0 as it is not strictly required and breaks interopability with for instance Google. | |||
2010-06-29 | The server now verifies the client certificate verify message correctly, ↵ | Ingela Anderton Andin | |
instead of causing a case-clause. | |||
2010-06-23 | Added more specs and changed from using own min/2 funtion to erlang:min/2. | Ingela Anderton Andin | |
2010-06-22 | Added more -spec definitions. | Ingela Anderton Andin | |
2010-06-22 | Refreshed documentation to reflect the change of default implementation. | Ingela Anderton Andin | |
Started to improve code documentation by using -spec directive, and some small refactorings to avoid ugly code. | |||
2010-06-14 | OTP-8695 New ssl default | Ingela Anderton Andin | |
Ssl has now switched default implementation and removed deprecated certificate handling. All certificate handling is done by the public_key application. | |||
2010-06-11 | OTP-8695 New ssl default | Ingela Anderton Andin | |
Ssl has now switched default implementation and removed deprecated certificate handling. All certificate handling is done by the public_key application. | |||
2010-06-08 | Move dsa ticket to r14a release | Ingela Anderton Andin | |
(This is the merge of r13 version to r14_dev) | |||
2010-06-07 | OTP-8587 DSA key support | Ingela Anderton Andin | |
New ssl now support client/server-certificates signed by dsa keys. | |||
2010-06-04 | Fixed handling of several ssl/tls packets arriving at the same time. | Ingela Anderton Andin | |
This was broken during a refactoring of the code. | |||
2010-05-28 | Cleaned code | Ingela Anderton Andin | |
2010-05-28 | Hoops too quick to check in previous version, changed . to ;, compiled in | Ingela Anderton Andin | |
wrong shell! | |||
2010-05-28 | Added misssing version check for client. | Ingela Anderton Andin | |
2010-05-28 | Added missing padding check. | Ingela Anderton Andin | |
2010-05-28 | Added missing Mac check. | Ingela Anderton Andin | |
2010-05-28 | Added code to handle own alert in case MAC or padding check fails. | Ingela Anderton Andin | |
2010-05-27 | Moved nodelay workaround for linux, as it seems to only work if you do | Ingela Anderton Andin | |
it before sending the fatal alert, even though documentation suggests the socket will be flushed on linux as an effect of setting the nodelay option. | |||
2010-05-26 | Seems we need "nodelay socket flush" on some linux platforms after all. | Ingela Anderton Andin | |
2010-05-26 | Added option list argument to the init function in ssl_session_cache_api. | Ingela Anderton Andin | |
2010-05-25 | Enhancements and fixes due to coverage investegation. | Ingela Anderton Andin | |
2010-05-25 | Enhanced protocol version handling. | Ingela Anderton Andin | |
2010-05-24 | Fixed session validation bug thanks to cover. | Ingela Anderton Andin | |
2010-05-21 | Clean up of code | Ingela Anderton Andin | |
2010-05-21 | Decision not to support export cipher suites. | Ingela Anderton Andin | |
2010-05-21 | Decision not to support DH and export cipher suites. | Ingela Anderton Andin | |
2010-05-21 | Decision not to support DH and export cipher suites and clean up. | Ingela Anderton Andin | |
2010-05-20 | Honor internal API | Ingela Anderton Andin | |
2010-05-20 | Fixed internal API | Ingela Anderton Andin | |
2010-05-18 | Commented out currently unsupported code. To be supported or removed in the ↵ | Ingela Anderton Andin | |
future. | |||
2010-05-17 | Removed/commented out currently dead code. | Ingela Anderton Andin | |
2010-05-11 | OTP-8568 RFC -5746 | Ingela Anderton Andin | |
New ssl now supports secure renegotiation as described by RFC 5746. | |||
2010-04-29 | OTP-8588 Alert and packet handling improvment | Ingela Anderton Andin | |
Alert handling has been improved to better handle unexpected but valid messages and the implementation is also changed to avoid timing related issues that could cause different error messages depending on network latency. Packet handling was sort of broken but would mostly work as expected when socket was in binary mode. This has now been fixed. | |||
2010-04-19 | Prepare for release | Dan Gudmundsson | |
2010-04-17 | Reset inet options | Dan Gudmundsson | |
Temporary set the inet options on listen socket before doing accept so that the correct options will be inherited by the accept socket. Reset the options afterwards so that repeated use of listen socket get user set values. | |||
2010-04-16 | Avoid race condition of early handshake messages, when socket is active mode ↵ | Dan Gudmundsson | |
is not false. | |||
2010-04-14 | Enhanced error handling | Ingela Anderton Andin | |
2010-04-13 | We currently do not support fixed DH. Removal of dead code. | Ingela Anderton Andin | |
2010-04-13 | Fixed dialyzer warning | Ingela Anderton Andin | |
2010-04-13 | OTP-8554 Certificate extensions | Ingela Anderton Andin | |
2010-04-13 | Fixed spelling error | Dan Gudmundsson | |