Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
Implement encode/decode of pre_shared_key.
|
|
Implement encode/decode of psk_key_exchange_modes.
|
|
* peterdmv/ssl/fix-tls13-alpn:
ssl: Fix handling of ALPN in TLS 1.3
|
|
Extention handling need some fixes to work
correctly for ALPN and SSL-3.0 only client/servers
do not support extensions
|
|
Regroup testes after functionality making it easier to
test all variants (all protocols, all cert types etc).
Also extend OpenSSL interop
|
|
|
|
'raimo/ssl/fix-zero-fragment-buffer-handling/ERIERL-379/OTP-15328' into maint
* raimo/ssl/fix-zero-fragment-buffer-handling/ERIERL-379/OTP-15328:
Do not call dist_ctrl_put_data with empty binaries
Refine the queue code
Fix extracting 0 bytes from queue
|
|
|
|
|
|
* ingela/ssl/alert-error-enhancment/OTP-15943:
ssl: Enhance error handling
|
|
|
|
Handle the ILLEGAL_PARAMETER alert that may be returned from ssl_alert:decode/3
for gracefull shutdown, try of ...catch will/should not handle this case it is
only handles the case that TM should not happen!
|
|
Implement support for ECDSA certificates in TLS 1.3
|
|
* peterdmv/ssl/fix-cert-error-handling/OTP-15900:
ssl: Fix handling of certificate decoding problems
|
|
|
|
* ingela/ssl/TLS-hibernate-bug/OTP-15910:
ssl: Fix hibernation bug
|
|
|
|
* peterdmv/ssl/fix-handshake-hello/ERL-975/OTP-15888:
ssl: Fix negative tests in ssl_basic_SUITE
ssl: Fix run_client_error/1 in ssl_test_lib
ssl: Fix ssl_handshake:extension_value/1
|
|
* peterdmv/ssl/tls12-java11-interop/ERL-973/OTP-15887:
ssl: Add interop test
ssl: Improve handling of signature algorithms
|
|
* ingela/ssl/handshake-handling/ERL-968/OTP-15879:
ssl: Correct handshake handling
|
|
* peterdmv/ssl/fix-handshake-hello/ERL-975/OTP-15888:
ssl: Fix negative tests in ssl_basic_SUITE
ssl: Fix run_client_error/1 in ssl_test_lib
ssl: Fix ssl_handshake:extension_value/1
|
|
Handle new TLS 1.2/1.3 extensions.
|
|
* peterdmv/ssl/tls12-java11-interop/ERL-973/OTP-15887:
ssl: Add interop test
ssl: Improve handling of signature algorithms
|
|
TLS 1.2 ClientHello caused handshake failure in the TLS 1.2 server
if the signature_algorithms_cert extension contained legacy algorithms.
Update TLS 1.2 server to properly handle legacy signature algorithms
in the signature_algorithms_cert extension.
Update TLS 1.3 client so that it can send legacy algorithms in its
signature_algorithms_cert extension.
|
|
* ingela/ssl/handshake-handling/ERL-968/OTP-15879:
ssl: Correct handshake handling
|
|
Solves ERL-968, a refactoring bug could cause part of a server key exchange message to
be appended, to an incorrectly duplicated, certificate handshake message. In the end
causing an ASN1 decoding error. That in turn did not end up the correct error handling branch.
|
|
|
|
* ingela/ssl/dtls-multiplxor/ERL-962/OTP-15864:
ssl: Add missing gen_server return value in DTLS packet demux process
|
|
* ingela/ssl/ret-ext/ERL-951/OTP-15862:
ssl: Fix broken return value
|
|
Fix SSL cb_info missing underscore in default
OTP-15887
|
|
Implement ALPN in TLS 1.3
|
|
* ingela/ssl/dtls-multiplxor/ERL-962/OTP-15864:
ssl: Add missing gen_server return value in DTLS packet demux process
|
|
|
|
|
|
Server and client use different secrets when sending certificate related
alerts. This is due to a change to the TLS protocol where clients send
their 'certificate' message after they have received the server's 'finished'
message.
|
|
|
|
|
|
|
|
* ingela/ssl/PR-2235/OTP-15851:
Export sign_scheme/0 types
|
|
ssl: Change check of DTLS record version
OTP-15807 Merged as it is an confirmed improvement, however more work needs to be done
on DTLS test framework.
|
|
|
|
Retransmissions mechanism for upd makes it possible for handshakes and possible
alerts to have another record version then the negotiated one in the
states certify and abbreviated without beeing invalid messages.
|
|
The types named_curve/0 and sign_scheme/0 consist of many
options and may also change with time. Since they are not
exported, users must either repeat and maintain their specs,
or use a general type like any() if they want to refer
to them.
|
|
|
|
The types named_curve/0 consist of many
options and may also change with time. Since they are not
exported, users must either repeat and maintain their specs,
or use a general type like any() if they want to refer
to them.
|
|
|