aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
AgeCommit message (Collapse)Author
2016-02-19Merge branch 'ia/ssl/remove-default-DES/OTP-13195'Ingela Anderton Andin
* ia/ssl/remove-default-DES/OTP-13195: ssl: Remove DES ciphers from default configuration
2016-02-18ssl: Remove DES ciphers from default configurationIngela Anderton Andin
DES is not considered secure. Also correct 'Server Name Indication' support description.
2016-02-18Merge branch 'bjorn/remove-test_server/OTP-12705'Björn Gustavsson
* bjorn/remove-test_server/OTP-12705: Remove test_server as a standalone application Erlang mode for Emacs: Include ct.hrl instead test_server.hrl Remove out-commented references to the test_server applications Makefiles: Remove test_server from include path and code path Eliminate use of test_server.hrl and test_server_line.hrl
2016-02-18Merge branch 'maint'Ingela Anderton Andin
2016-02-18Fix typos in ssl.xmlMagnus Henoch
2016-02-17Makefiles: Remove test_server from include path and code pathBjörn Gustavsson
Since no test suites includede test_server.hrl, there is no need to have test_server in the include path or code path.
2016-02-16Merge branch 'maint'Ingela Anderton Andin
2016-02-16Merge branch 'ia/pr/958/OTP-13334' into maintIngela Anderton Andin
* ia/pr/958/OTP-13334: ssl: verify cert signature against original cert binary
2016-02-08Merge branch 'maint'Sverker Eriksson
2016-02-08Merge branch 'sverk/ecc-fixes' into maintSverker Eriksson
OTP-13311 * sverk/ecc-fixes: Ensure testing ssl with supported ciphers only Only use supported EC curves in crypto tests Check the result of EC_GROUP_new_curve_* calls
2016-02-08ssl: verify cert signature against original cert binaryMatt Campbell
When searching for a certificate's issuer in the `CertDB`, verify the signature against the original DER certificate from the handshake instead of a re-encoding of the parsed certificate. This avoids false negatives due to differences between DER encoding implementations of OTP and other platforms.
2016-02-08Merge branch 'maint'Ingela Anderton Andin
2016-02-05ssl: Big handshake messages needs to be fragmented on TLS record levelIngela Anderton Andin
2016-02-05Merge branch 'maint'Ingela Anderton Andin
2016-02-05Merge branch 'ia/ssl/validator' into maintIngela Anderton Andin
* ia/ssl/validator: ssl: Only start a new session validator if the old one has finished its work
2016-02-04Merge branch 'maint'Zandra
2016-02-04Merge branch 'legoscia/tls-dist-listen-ip' into maintZandra
* legoscia/tls-dist-listen-ip: TLS distribution: bind erts socket to localhost OTP-13300
2016-02-02Merge branch 'maint'Zandra
2016-02-02Merge branch 'legoscia/tls-dist-connect-options' into maintZandra
* legoscia/tls-dist-connect-options: ssl_dist_SUITE: don't use deprecated functions TLS distribution: support inet_dist_connect_options OTP-13285
2016-01-28Ensure testing ssl with supported ciphers onlyDániel Szoboszlay
There are two problematic areas: EC curve selection and interoperability tests with OpenSSL. The tests shouldn't assume any particular EC curve is available, but should always check the list of curves reported by tls_v1:ecc_curves/1. And during interoperability tests the tests shouldn't assume that any cipher suite supported by Erlang is also supported by OpenSSL. There are OpenSSL packages where the command line openssl tool only supports a subset of the ciphers available in libcrypto. The actual list of supported cipher suites thus shall be queried from OpenSSL.
2016-01-27Merge branch 'maint'Zandra
2016-01-27Merge branch 'legoscia/tls_dist_wait_for_code_server' into maintZandra
* legoscia/tls_dist_wait_for_code_server: TLS distribution: wait for code server OTP-13268
2016-01-26ssl: Only start a new session validator if the old one has finished its workIngela Anderton Andin
If the session table is big the validator may not have finshed before the validation interval is up, in this case we should not start a new validator adding to the cpu load.
2016-01-25Merge branch 'maint'Ingela Anderton Andin
2016-01-25Merge branch 'ia/ssl/test-alpn-cuddle' into maintIngela Anderton Andin
* ia/ssl/test-alpn-cuddle: ssl: Fix typos that broke alpn tests
2016-01-21ssl: Fix typos that broke alpn testsIngela Anderton Andin
2016-01-21ssl: Prepare for releaseIngela Anderton Andin
2016-01-21ssl: Fix timing releated bugIngela Anderton Andin
2016-01-21Merge branch 'maint'Ingela Anderton Andin
2016-01-21ssl: In interop tests always check if SSL/TLS version is supported by OpenSSLIngela Anderton Andin
As sslv3 is being faced out we need to test for old version support as well as newer versions.
2016-01-12ssl_dist_SUITE: don't use deprecated functionsMagnus Henoch
Use erlang:unique_integer/1 instead of erlang:now/0 to generate a unique node name. Use rand:uniform/1 instead of random:uniform/1, so we don't need to generate a seed ourselves.
2016-01-12TLS distribution: support inet_dist_connect_optionsMagnus Henoch
Allow adding extra options for outgoing TLS distribution connnections, as supported for plain TCP connections.
2015-12-28Merge branch 'maint'Zandra
2015-12-28Merge branch 'legoscia/tls_dist_error_reporting' into maintZandra
* legoscia/tls_dist_error_reporting: Report bad options for outgoing TLS distribution Save error reasons for TLS distribution connections Report bad options for TLS distribution connections OTP-13219
2015-12-18TLS distribution: bind erts socket to localhostMagnus Henoch
There is no reason for the socket on the erts side of the proxy to accept connections from other hosts, so let's bind it to the loopback interface. Also change {ip, {127,0,0,1}} to {ip, loopback} for the erts side of the socket for outgoing connections, to avoid hardcoding IPv4.
2015-12-16Merge tag 'OTP-18.2'Henrik Nord
=== OTP-18.2 === Changed Applications: - asn1-4.0.1 - common_test-1.11.1 - compiler-6.0.2 - crypto-3.6.2 - dialyzer-2.8.2 - diameter-1.11.1 - erl_docgen-0.4.1 - erl_interface-3.8.1 - erts-7.2 - eunit-2.2.12 - hipe-3.14 - inets-6.1 - jinterface-1.6.1 - kernel-4.1.1 - observer-2.1.1 - parsetools-2.1.1 - public_key-1.1 - runtime_tools-1.9.2 - sasl-2.6.1 - snmp-5.2.1 - ssh-4.2 - ssl-7.2 - stdlib-2.7 - test_server-3.9.1 - tools-2.8.2 - typer-0.9.10 - wx-1.6 - xmerl-1.3.9 Unchanged Applications: - cosEvent-2.2 - cosEventDomain-1.2 - cosFileTransfer-1.2 - cosNotification-1.2 - cosProperty-1.2 - cosTime-1.2 - cosTransactions-1.3 - debugger-4.1.1 - edoc-0.7.17 - eldap-1.2 - et-1.5.1 - gs-1.6 - ic-4.4 - megaco-3.18 - mnesia-4.13.2 - odbc-2.11.1 - orber-3.8 - os_mon-2.4 - ose-1.1 - otp_mibs-1.1 - percept-0.8.11 - reltool-0.7 - syntax_tools-1.7 - webtool-0.9 Conflicts: OTP_VERSION erts/vsn.mk
2015-12-16Merge tag 'OTP-18.2' into maintHenrik Nord
=== OTP-18.2 === Changed Applications: - asn1-4.0.1 - common_test-1.11.1 - compiler-6.0.2 - crypto-3.6.2 - dialyzer-2.8.2 - diameter-1.11.1 - erl_docgen-0.4.1 - erl_interface-3.8.1 - erts-7.2 - eunit-2.2.12 - hipe-3.14 - inets-6.1 - jinterface-1.6.1 - kernel-4.1.1 - observer-2.1.1 - parsetools-2.1.1 - public_key-1.1 - runtime_tools-1.9.2 - sasl-2.6.1 - snmp-5.2.1 - ssh-4.2 - ssl-7.2 - stdlib-2.7 - test_server-3.9.1 - tools-2.8.2 - typer-0.9.10 - wx-1.6 - xmerl-1.3.9 Unchanged Applications: - cosEvent-2.2 - cosEventDomain-1.2 - cosFileTransfer-1.2 - cosNotification-1.2 - cosProperty-1.2 - cosTime-1.2 - cosTransactions-1.3 - debugger-4.1.1 - edoc-0.7.17 - eldap-1.2 - et-1.5.1 - gs-1.6 - ic-4.4 - megaco-3.18 - mnesia-4.13.2 - odbc-2.11.1 - orber-3.8 - os_mon-2.4 - ose-1.1 - otp_mibs-1.1 - percept-0.8.11 - reltool-0.7 - syntax_tools-1.7 - webtool-0.9
2015-12-15Merge branch 'maint'Ingela Anderton Andin
2015-12-15Merge branch 'ia/libressl' into maintIngela Anderton Andin
* ia/libressl: ssl: Print openssl version string ssl: Do not use environment variables in openSSL config file
2015-12-15Merge branch 'maint'Ingela Anderton Andin
2015-12-15ssl: Convert all test to use "ssl_test_lib:portable_open_port"Ingela Anderton Andin
2015-12-15Update release notesErlang/OTP
2015-12-15Merge branch 'ia/libressl' into maintErlang/OTP
* ia/libressl: ssl: Print openssl version string ssl: Do not use environment variables in openSSL config file
2015-12-14ssl: Print openssl version stringIngela Anderton Andin
2015-12-14ssl: Do not use environment variables in openSSL config fileIngela Anderton Andin
LibreSSL does not allow it.
2015-12-14Merge branch 'maint'Ingela Anderton Andin
2015-12-11ssl: fix hibernate_after with instant or near instant timeoutsAndrey Mayorov
2015-12-11Merge branch 'maint'Ingela Anderton Andin
2015-12-11ssl: Fix typosIngela Anderton Andin
2015-12-11Merge branch 'maint'Ingela Anderton Andin