aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
AgeCommit message (Collapse)Author
2010-08-20public_key, ssl: Patch 1112Dan Gudmundsson
OTP-7046 Support for Diffie-Hellman. ssl-3.11 requires public_key-0.6. OTP-8553 Moved extended key usage test for ssl values to ssl. OTP-8557 Fixes handling of the option fail_if_no_peer_cert and some undocumented options. Thanks to Rory Byrne. OTP-7046 Support for Diffie-Hellman. ssl-3.11 requires public_key-0.6. OTP-8517 New ssl now properly handles ssl renegotiation, and initiates a renegotiation if ssl/ltls-sequence numbers comes close to the max value. However RFC-5746 is not yet supported, but will be in an upcoming release. OTP-8545 When gen_tcp is configured with the {packet,http} option, it automatically switches to expect HTTP Headers after a HTTP Request/Response line has been received. This update fixes ssl to behave in the same way. Thanks to Rory Byrne. OTP-8554 Ssl now correctly verifies the extended_key_usage extension and also allows the user to verify application specific extensions by supplying an appropriate fun. OTP-8560 Fixed ssl:transport_accept/2 to return properly when socket is closed. Thanks to Rory Byrne.
2010-08-20ssl: Patch 1110Dan Gudmundsson
OTP-8510 Fixed a crash in the certificate certification part.
2010-02-18Avoid crash when trying to alert the user.Dan Gudmundsson
2010-02-17ssl: Prepare releaseDan Gudmundsson
2010-02-17OTP-8459 Do a controlled shutdown if a non ssl packet arrives as the firstDan Gudmundsson
packet.
2010-02-12Merge branch 'yh/packet_option_for_new_ssl_send' into ccase/r13b04_devErlang/OTP
* yh/packet_option_for_new_ssl_send: Fixed ssl:setopts(Socket, binary) which was didn't work for 'new' ssl. Fixed bug file cache bug and improved the error messages. Allow <c>ssl:listen/2</c> to be called with option {ssl_imp, old}. prepend packet size bytes in ssl:send() in new_ssl implementation OTP-8441 ssl:send/2 ignored packet option, fix provided by YAMASHINA Hio. Fixed a file cache bug which caused problems when the same file was used for both cert and cacert. Allow ssl:listen/2 to be called with option {ssl_imp, old}. Fixed ssl:setopts(Socket, binary) which didn't work for 'new' ssl..
2010-02-12Fixed ssl:setopts(Socket, binary) which was didn't work for 'new' ssl.Dan Gudmundsson
2010-02-12Fixed bug file cache bug and improved the error messages.Dan Gudmundsson
2010-02-12Allow <c>ssl:listen/2</c> to be called with option {ssl_imp, old}.Dan Gudmundsson
2010-02-12prepend packet size bytes in ssl:send() in new_ssl implementationYAMASHINA Hio
With the {ssl_imp,new} option enabled, {packet,PacketType} only works when receiving. When sending, {packet,0} is always used.
2010-02-03OTP-8323 Cross compilation improvements and other build systemRickard Green
improvements. Most notable: Lots of cross compilation improvements. The old cross compilation support was more or less non-existing as well as broken. Please, note that the cross compilation support should still be considered as experimental. Also note that old cross compilation configurations cannot be used without modifications. For more information on cross compiling Erlang/OTP see the $ERL_TOP/xcomp/README file. Support for staged install using <url href="http://www.gnu.org/prep/standards/html_node/DESTDIR.html">D ESTDIR</url>. The old broken INSTALL_PREFIX has also been fixed. For more information see the $ERL_TOP/README file. Documentation of the release target of the top Makefile. For more information see the $ERL_TOP/README file. make install now by default creates relative symbolic links instead of absolute ones. For more information see the $ERL_TOP/README file. $ERL_TOP/configure --help=recursive now works and prints help for all applications with configure scripts. Doing make install, or make release directly after make all no longer triggers miscellaneous rebuilds. Existing bootstrap system is now used when doing make install, or make release without a preceding make all. The crypto and ssl applications use the same runtime library path when dynamically linking against libssl.so and libcrypto.so. The runtime library search path has also been extended. The configure scripts of erl_interface and odbc now search for thread libraries and thread library quirks the same way as erts do. The configure script of the odbc application now also looks for odbc libraries in lib64 and lib/64 directories when building on a 64-bit system. The config.h.in file in the erl_interface application is now automatically generated in instead of statically updated which reduces the risk of configure tests without any effect.
2010-01-21** Empty commit message **Lars G Thorsen
2010-01-20Increased timeout for slow virtual machinesDan Gudmundsson
2010-01-19** Empty commit message **Dan Gudmundsson
2010-01-19Merge branch 'dgud/ssl-patches-from-Wil' into ccase/r13b04_devErlang/OTP
* dgud/ssl-patches-from-Wil: Added a public_key:pkix_transform/2 instead and used it from ssl. Minor code cleanup new_ssl fix session reuse Code cleanup Send CA list during Certificate Request in new_ssl OTP-8372 Fixed session reuse (in new_ssl), thanks Wil Tan. Send CA list during Certificate Request (in new_ssl) , thanks Wil Tan.
2010-01-19Update version numberDan Gudmundsson
2010-01-13Add test suite for the ssl applicationDan Gudmundsson
2010-01-13Added a public_key:pkix_transform/2 instead and used it from ssl.Dan Gudmundsson
2010-01-12Minor code cleanupDan Gudmundsson
2010-01-12new_ssl fix session reuseWil Tan
When an SSL client presents a previous session ID, the server should either honour the request to reuse the parameters previously negotiated for the given session ID, or ignore the request and generate a new session ID. In this situation, new_ssl tries to complete the handshake by sending the client a "Finished" handshake message, which violates the SSL/TLS specs. It should instead send a ChangeCipherSpec message before sending the FInished message. This patch fixes it.
2010-01-12Code cleanupDan Gudmundsson
2010-01-12Send CA list during Certificate Request in new_sslWil Tan
When requesting for client certificate, an SSL/TLS server may send a list of the distinguished names of acceptable certificate authorities. OpenSSL does this by default.
2009-12-10Cleaned up docsDan Gudmundsson
2009-11-20The R13B03 release.OTP_R13B03Erlang/OTP