aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
AgeCommit message (Collapse)Author
2015-09-21Prepare releaseErlang/OTP
2015-09-21ssl: listen socket should be set to active falseIngela Anderton Andin
2015-09-18ssl: Correct soft upgrade testIngela Anderton Andin
Soft upgrade test did not work as expected due to that the upgrade frame work keeps the control of the test case process to itself, so we need a proxy process to receive messages from ssl test framework.
2015-09-17ssl: Timeout tuningIngela Anderton Andin
2015-09-16ssl: Prepare for releaseIngela Anderton Andin
We do not want ssl_soft_upgrade_SUITE to fail, but for now we do not know the details of these changes so we use a general fallback for now.
2015-09-16Merge branch 'ia/ssl/register-unique-session/OTP-12980' into maintIngela Anderton Andin
* ia/ssl/register-unique-session/OTP-12980: ssl: Correct return value of default session callback module
2015-09-16ssl: Better timeout gaurdsIngela Anderton Andin
2015-09-16ssl: Improve shutdown logicIngela Anderton Andin
Add possibility to downgrade an SSL/TLS connection to a tcp connection, and give back the socket control to a user process. Add application setting to be able to change fatal alert shutdown timeout, also shorten the default timeout. The fatal alert timeout is the number of milliseconds between sending of a fatal alert and closing the connection. Waiting a little while improves the peers chances to properly receiving the alert so it may shutdown gracefully.
2015-09-15ssl: Correct return value of default session callback moduleIngela Anderton Andin
ssl_session_cache:select_session/2 returned [sesionid(), #session{}] instead of #session{} as the API demands. This was wrongly compensated for in the code in one place making it look like everything was good. But the client check for unique session would always fail, potentially making the client session table grow a lot and causing long setup times.
2015-09-10Merge branch 'ia/pr/801/OTP-12974' into maintIngela Anderton Andin
* ia/pr/801/OTP-12974: Accept 'ECPrivateKey' as a ssl key option
2015-09-08Accept 'ECPrivateKey' as a ssl key optionYuki Ito
2015-08-19ssl: Remove duplicate documentationIngela Anderton Andin
Correct merge that went wrong.
2015-08-12Merge branch 'ericmj/patch-1' into maintZandra Hird
* ericmj/patch-1: Fix formatting of depth option
2015-07-30ssl: Do not crash on proprietary hash_sign algorithmsIngela Anderton Andin
TLS hash_sign algorithms may have proprietary values see http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml We should add callbacks to let applications handle them. But for now we do not want to crash if they are present and let other algorithms be negotiated.
2015-07-02ssl: Exclude broken OpenSSL version from ECC testIngela Anderton Andin
2015-07-02ssl: Tune timeoutsIngela Anderton Andin
2015-06-25Fix formatting of depth optionEric Meadows-Jönsson
2015-06-23Prepare releaseErlang/OTP
2015-06-23Merge branch 'ia/ssl/modern-timetrap'Ingela Anderton Andin
* ia/ssl/modern-timetrap: ssl: Make init functions fail if make_certs:all fails ssl: Avoid sleep ssl: modernize timetrap handling
2015-06-22ssl: Make init functions fail if make_certs:all failsIngela Anderton Andin
2015-06-22ssl: Avoid sleepIngela Anderton Andin
When possible avoid sleep in test cases.
2015-06-22ssl: modernize timetrap handlingIngela Anderton Andin
Watchdog is legacy test_server use only ct:timetrap/1
2015-06-18Change license text to APLv2Bruce Yinhe
2015-06-15ssl: Remove unnecessary suite callbackIngela Anderton Andin
The test cases does not use any hooks and including the ts_install_cth trips up the test case setup on some platforms cuasing the test cases to fail with {error, enoent}
2015-06-15Merge branch 'ia/ssl/test-fips'Ingela Anderton Andin
* ia/ssl/test-fips: ssl: Filter suites for openssl FIPS if necessary
2015-06-15Merge branch 'ia/ssl/unknown-hash/OTP-12829'Ingela Anderton Andin
* ia/ssl/unknown-hash/OTP-12829: ssl: Add unassigned values ssl: Do not crash on proprietary hash_sign algorithms
2015-06-10ssl: Filter suites for openssl FIPS if necessaryIngela Anderton Andin
2015-06-10Merge branch 'ferd/deny-client-renegotiation'Henrik Nord
* ferd/deny-client-renegotiation: Add disable client-initiated renegotiation option Conflicts: lib/ssl/doc/src/ssl.xml lib/ssl/src/ssl.erl OTP-12815
2015-06-10ssl: Add unassigned valuesIngela Anderton Andin
2015-06-10Merge branch 'essen/fix-alpn-test'Henrik Nord
* essen/fix-alpn-test: ssl: Fix small error in an ALPN test
2015-06-08ssl: Do not crash on proprietary hash_sign algorithmsIngela Anderton Andin
TLS hash_sign algorithms may have proprietary values see http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml We should add callbacks to let applications handle them. But for now we do not want to crash if they are present and let other algorithms be negotiated.
2015-06-08ssl: Update appup for 18Ingela Anderton Andin
2015-06-03Add disable client-initiated renegotiation optionFred Hebert
Client-initiated renegotiation is more costly for the server than the client, and this feature can be abused in denial of service attempts. Although the ssl application already takes counter-measure for these (via cooldown periods between renegotiations), it can be useful to disable the feature entirely. This patch adds the `{client_renegotiation, boolean()}' option to the server-side of the SSL application (defaulting to `true' to be compatible with the current behaviour). The option disables the ability to do any renegotiation at all in the protocol's state, reusing the existing denial code, but without opening the code path that sets up a timed message to eventually reopen it up.
2015-06-02ssl: Fix small error in an ALPN testLoïc Hoguin
2015-06-02Merge branch 'tombriden/handle_ssl_error'Henrik Nord
* tombriden/handle_ssl_error: TLS Dist: Handle ssl_error and close ssl socket OTP-12799
2015-06-02Merge branch 'maint'Henrik Nord
Conflicts: OTP_VERSION lib/inets/test/httpd_SUITE.erl lib/inets/vsn.mk lib/ssh/src/ssh.erl lib/ssh/vsn.mk lib/ssl/src/ssl.appup.src lib/ssl/vsn.mk
2015-06-01Honour dist_nodelay socket option in tls_dist proxyTom Briden
If a plaintext cluster has nodelay=1 then so should the tls cluster; significant performance issues have been seen when nodelay isn't set
2015-06-01Update release notesErlang/OTP
2015-05-29ssl: Prepare for releaseIngela Anderton Andin
2015-05-29ssl: Correct handling of bad input to premaster_secret calculationIngela Anderton Andin
alert records needs to be thrown from ssl_handshake:premaster_secret/[2/3] so that operations will end up in the catch clause of the invokation of certify_client_key_exchange/3 in ssl_connection.erl, and hence terminate gracefully and not continue to try and calculate the master secret with invalid inputs and crash.
2015-05-19ssl: Make test case timing independentIngela Anderton Andin
Refactored the code and moved client_check before call to ssl_test_lib:check_result(Server, ExpectedSNIHostname) as this call may consume client messages ( which is intentional) but was missed by the test case writer.
2015-05-19ssl: Use new API function connection_information in testsIngela Anderton Andin
connection_info -> connection_information
2015-05-19ssl: Increase readabilityIngela Anderton Andin
2015-05-19ssl: Add cleanup to testsIngela Anderton Andin
2015-05-18Merge branch 'ia/ssl/sleep-cuddle'Ingela Anderton Andin
* ia/ssl/sleep-cuddle: ssl: Adjust sleep time in test case
2015-05-18ssl: Adjust sleep time in test caseIngela Anderton Andin
Adjust time to make sure "enough" time has elapsed. Will have to do for now.
2015-05-13ssl: Align "=" sign in type declarations to decided policyIngela Anderton Andin
2015-05-13Revert "Prepare release"Henrik Nord
This reverts commit e09dd66dc4d89c62ddfd8c19791f9678d5d787c6.
2015-05-12Prepare releaseErlang/OTP
2015-05-12ssl: Refactored and corrected sni_fun handlingIngela Anderton Andin
Dialyzer warned about the incorrect match of Packets. Code was refactored and the problem avoided in the process. Dialyzer warned that the empty tuple is not a function as the contract said it should be. Changed the handling of the sni_fun default value to be undefined and added it to the contract.