aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
AgeCommit message (Collapse)Author
2017-04-05Merge branch 'ingela/ssl/dtls-cookie/OTP-14076'Ingela Anderton Andin
* ingela/ssl/dtls-cookie/OTP-14076: dtls: Implement DTLS cookie secret generation
2017-04-04Merge branch 'maint'Ingela Anderton Andin
Conflicts: OTP_VERSION erts/vsn.mk lib/crypto/c_src/crypto.c lib/crypto/src/crypto.erl lib/ssh/src/ssh.erl
2017-03-31Update release notesErlang/OTP
2017-03-30dtls: Implement DTLS cookie secret generationIngela Anderton Andin
2017-03-27ssl: Prepare for releaseIngela Anderton Andin
2017-03-27ssl: Avoid data loss in active onceIngela Anderton Andin
Emulate active once in such a way that data recived by the TLS connection process, but not fetch via active once option by the user, can be delivered at next active once before final close.
2017-03-23Merge branch 'ingela/ssl/make-cert-test-data/OTP-14294'Ingela Anderton Andin
* ingela/ssl/make-cert-test-data/OTP-14294: ssl, public_key: Add functionality for generating X509 cert test data
2017-03-23ssl, public_key: Add functionality for generating X509 cert test dataIngela Anderton Andin
For now this functionality is located in ssl. And existing public_key function is extended. However some of the functionality may be moved to public_key in a later stage.
2017-03-23Merge branch 'ingela/ssl/dtls-frag'Ingela Anderton Andin
* ingela/ssl/dtls-frag: dtls: Handle overlapping fragments
2017-03-23dtls: Handle overlapping fragmentsIngela Anderton Andin
Fragment reassembling needs to handle that a smaller fragment then sent originally might overlap an earlier received fragment.
2017-03-21ssl: Add connection information itemsIngela Anderton Andin
Add session_id and remove undocumented ssl:session_info/1 Add client_random, server_random and master_secret, they will not be included in ssl:connection_information/1 as they may affect the connections security if used recklessly.
2017-03-16ssl: Remove deprecated functionsIngela Anderton Andin
2017-03-16Merge branch 'ingela/ssl/dtls-test'Ingela Anderton Andin
* ingela/ssl/dtls-test: dtls: Correct version check dtls: Test case fixes
2017-03-14Merge branch 'maint'Rickard Green
* maint: Updated OTP version Prepare release Conflicts: OTP_VERSION lib/typer/doc/src/notes.xml lib/typer/vsn.mk
2017-03-14Prepare releaseErlang/OTP
2017-03-10Update copyright yearRickard Green
2017-03-10dtls: Correct version checkIngela Anderton Andin
2017-03-10dtls: Test case fixesIngela Anderton Andin
2017-03-08Merge branch 'maint'Ingela Anderton Andin
2017-03-08Merge branch 'ingela/ssl/next-maint-version' into maintIngela Anderton Andin
* ingela/ssl/next-maint-version: ssl: Version update
2017-03-08dtls: Only test this for TLS for nowIngela Anderton Andin
We want to avoid failing test cases but still be able to merge DTLS progress for 19.3
2017-03-07dtls: Avoid mixup of protocol to testIngela Anderton Andin
2017-03-07dtls: 'dtlsv1.2' corresponds to 'tlsv1.2'Ingela Anderton Andin
'dtlsv1.2' should not be included in MIN_DATAGRAM_SUPPORTED_VERSIONS as this is the default when crypto does not have sufficient support for 'tlsv1.2' and 'dtlsv1.2'
2017-03-06dtls: Correct dialyzer spec and postpone inclusion of testIngela Anderton Andin
The new_options_in_accept test is not working yet, however DTLS is still work in progress and we want to make a progress merge to avoid merge conflicts with other progress of the ssl application.
2017-03-06dtls: Erlang distribution over DTLS is not supportedIngela Anderton Andin
Erlang distribution requiers a reliable transport, which udp is not. Maybe could be interesting later when SCTP support is added to DTLS.
2017-03-06dtls: Enable some DTLS tests in ssl_to_openssl_SUITEIngela Anderton Andin
We need to figure out a good way of knowing if the OpenSSL-"DTLS server" is up. Some of the code in this commit is attempting this, but it is not really working yet, and hence only tests where OpenSSL is client are enabled.
2017-03-06dtls: Enable DTLS test in ssl_certificate_verify_SUITEIngela Anderton Andin
2017-03-06dtls: Hibernation and retransmit timersIngela Anderton Andin
Change retransmissions timers to use gen_statem state timeouts. We do not need a retransmission timer in the state connection as data traffic in DTLS over UDP is not retransmitted. If the last flight before transitioning into connection is lost, it will be resent when the peer resends its last flight. This will also make hibernation testing more straight forward. We need more adjustments later to handle a reliable DTLS transport such as SCTP.
2017-03-06dtls: Make sure retransmission timers are runIngela Anderton Andin
2017-03-06dtls: DTLS specific handling of socket and ciphersIngela Anderton Andin
DTLS does not support stream ciphers and needs diffrent handling of the "#ssl_socket{}" handle .
2017-03-06Merge branch 'maint'Siri Hansen
2017-03-06Merge branch 'siri/ct_hooks/callbacks-on-skip/OTP-10599' into maintSiri Hansen
* siri/ct_hooks/callbacks-on-skip/OTP-10599: [ct] Update built-in ct hooks with new Suite parameter [cth_surefire] Handle skips from test spec [ct] Remove excessive skipped/failed tag in hook function [ct] Send tc_start event on force_stop and failed sequence [ct] Correctly handle process died in init and end_per_testcase [ct] Fix faulty hook callbacks for skipped tests Add dummy end_per_suite/1 [ct] Fix hooks and fail when one of init/end_per_* does not exit [ct] Add Suite argument to hook callback functions [ct] Fix function_clause in ct_framework when hook function crashes
2017-02-22Merge branch 'maint'Ingela Anderton Andin
2017-02-22Merge branch 'ingela/ssl/default-ciphers-suites/OTP-14235' into maintIngela Anderton Andin
* ingela/ssl/default-ciphers-suites/OTP-14235: ssl: Always prefer AES over 3DES
2017-02-22Merge branch 'maint'Lukas Larsson
2017-02-21ssl: Always prefer AES over 3DESIngela Anderton Andin
AES256 was preferred over 3DES already, so this only makes sure AES128 is preferred over 3DES also. This changes the default but probably nobody will notice as a better algorithm will be chosen anyhow.
2017-02-21Document ssl_session_cache_api's size/1 callbackSteven Danna
The size/1 callback was added as a non-optional callback in 42b8a29dbae1d626f32bc16dd81a129caf741138 but wasn't added to the documentation for the ssl_session_cache_api behavior. Signed-off-by: Steven Danna <[email protected]>
2017-02-20Add dummy end_per_suite/1Siri Hansen
common_test requires that if init_per_suite/1 exists, then end_per_suite/1 must also exist. If end_per_suite/1 does not exist, then it will be marked in the log as failed with reason 'undef'. Some test suites are corrected to avoid this.
2017-02-15Merge branch 'fix-source-typos'Björn Gustavsson
* fix-source-typos: (25 commits) Fixed typos in system/doc Fixed typos in lib/xmerl Fixed typos in lib/wx Fixed typos in lib/stdlib Fixed typos in lib/snmp Fixed typos in lib/ssl Fixed typos in lib/ssh Fixed typos in PKCS-8.asn1 file Fixed typos in lib/parsetools Fixed typos in lib/orber Fixed typos in lib/mnesia Fixed typos in lib/megaco Fixed typos in lib/kernel Fixed typos in lib/jinterface Fixed typos in lib/inets Fixed typos in lib/hipe Fixed typos in lib/eunit Fixed typos in lib/erl_interface Fixed typos in lib/eldap Fixed typos in lib/edoc ...
2017-02-14Fixed typos in lib/sslAndrew Dryga
2017-02-14Merge branch 'maint'Ingela Anderton Andin
2017-02-13ssl: Test case robustnessIngela Anderton Andin
2017-02-08ssl: Avoid SSL/TLS hello format confusionIngela Anderton Andin
Valid SSL 3.0 or TLS hellos might accidentally match SSL 2.0 format (and sometimes the other way around before inspecting data) so we need to match SSL 3.0 and TLS first and only match SSL 2.0 hellos when flag to support it is set.
2017-02-02Merge branch 'maint'Ingela Anderton Andin
2017-02-01ssl: Simplify configuration codeIngela Anderton Andin
Use map instead of large tuple, which was not an option when the code was written originally. More simplifications along these lines may be done later to the state record.
2017-02-01ssl: Make sure PEM cache works as intendedIngela Anderton Andin
Move of PEM cache to own process was flawed and not all PEM files where cached properly. We must properly handle both the ditributed and the normal mode of the ssl application.
2017-01-27Merge branch 'maint'Ingela Anderton Andin
2017-01-27Merge branch 'ingela/ssl/key-ext-validate/ERL-338/OTP-14141' into maintIngela Anderton Andin
* ingela/ssl/key-ext-validate/ERL-338/OTP-14141: ssl: The certificate path may be used as a source to find intermediate CAs for the CRL ssl: Handle more than one DistributionPoint ssl: Correct ssl_certificate:validate/3
2017-01-26ssl: The certificate path may be used as a source to find intermediate CAs ↵Ingela Anderton Andin
for the CRL
2017-01-25Merge branch 'maint'Ingela Anderton Andin