aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
AgeCommit message (Collapse)Author
2013-05-08ssl: ct:print -> ct:log and assert port_commandIngela Anderton Andin
2013-05-08ssl: Skip ECC cipher tests on versions of openssl pre 0.9.9Ingela Anderton Andin
EEC is not fully supported before 0.9.9. Also skip tests on opensslversions with known bugs in ECC support
2013-05-08SSL: add Elliptic Curve ciphers unit testsAndreas Schultz
2013-05-08SSL: add Elliptic Curve support for ssl appAndreas Schultz
2013-05-08SSL: filter TLS cipher suites for supported algorithmsAndreas Schultz
2013-04-29Merge branch 'as/fix-srp-psk-anon/OTP-11071' into maintFredrik Gustafsson
* as/fix-srp-psk-anon/OTP-11071: fix srp_anon ciphers suites requiring certificates to work.
2013-04-17Encode Erlang source files with non-ascii characters in UTF-8Björn Gustavsson
To ensure that 'master' compiles when we merge 'maint' to it, regardless of which encoding is default in 'master', all source files with non-ascii characters *must* have the encoding specified.
2013-04-12fix srp_anon ciphers suites requiring certificates to work.Andreas Schultz
This problem was not caught by the test suites since all PSK and SRP suites where always tested with certificates. Split those tests into test with and without certificates.
2013-04-05ssl & crypto: Documentation enhancementsIngela Anderton Andin
OTP-10450
2013-04-03ssl: Use new SRP crypto APIIngela Anderton Andin
2013-04-03ssl: Add option to list all available ciper suites and enhanced documentationIngela Anderton Andin
2013-03-28SSL: add documentation for PSK and SRP ciphers optionsAndreas Schultz
2013-03-28SSL: enable hash_size values for sha224, sha384 and sha512Andreas Schultz
Some of the PSK and SRP ciphers default to sha384, this enables hash_size for that cipher. It also adds sha512 and sha224 to be prepared for further cipher enhancements.
2013-03-28SSL: add tests for PSK and SRP ciphersAndreas Schultz
2013-03-28SSL: add TLS-SRP (RFC 5054) cipher suitesAndreas Schultz
2013-03-28SSL: add TLS PSK (RFC 4279 and RFC 5487) cipher suitesAndreas Schultz
2013-03-25Added comment about proxy certificatesFredrik Gustafsson
2013-03-21Fix ssl_connection to support reading proxy/chain certificatesValentin Kuznetsov
2013-03-17Fix SSL Next Protocol Negotiation documentationJulien Barbot
Fix inconsistencies Fix typos Fix data types definition
2013-03-13public_key & ssl: Add support for ISO oids 1.3.14.3.2.29 and 1.3.14.3.2.27Ingela Anderton Andin
Some certificates may use these OIDs instead of the ones defined by PKIX/PKCS standard. Refactor code so that all handling of the "duplicate" oids is done by public_key. Update algorithm information in documentation.
2013-03-13ssl: Add missing configuration in test caseIngela Anderton Andin
2013-03-06ssl: Handle next protocol negotiation when reusing a session.Ingela Anderton Andin
2013-03-05ssl: Clean code thanks to dialyzerIngela Anderton Andin
2013-03-05ssl: Check that negotiated version is a supported version.Ingela Anderton Andin
2013-03-01ssl: correct test caseIngela Anderton Andin
2013-02-25Prepare releaseOTP_R16BErlang/OTP
2013-02-22ssl: Add missing option and linksIngela Anderton Andin
2013-02-22ssl: Add missing group clause and correct parameters to packet/7Ingela Anderton Andin
2013-02-21Merge branch 'ia/ssl/econnaborted'Ingela Anderton Andin
* ia/ssl/econnaborted: ssl: Fatal close alert makes more sense than handshake failiure at econnaborted
2013-02-20ssl: Fatal close alert makes more sense than handshake failiure at econnabortedIngela Anderton Andin
2013-02-19ssl: Prepare for R16BIngela Anderton Andin
2013-02-18ssl: Further error handling enhancmentsIngela Anderton Andin
follow up enhancments done in commit e56167dd6ca8d37d26ea7f19933691a3bda41113 Make sure format_error return good strings. Replace confusing legacy atoms with more descriptive atoms.
2013-02-12ssl: Generalize cb_info optionIngela Anderton Andin
2013-01-29Prepare releaseOTP_R16A_RELEASE_CANDIDATEErlang/OTP
2013-01-25Update copyright yearsBjörn-Egil Dahlberg
2013-01-25Merge branch 'ia/ssl/test-case-timeout'Ingela Anderton Andin
* ia/ssl/test-case-timeout: ssl: Too short timeout in test case
2013-01-23ssl: Enhance dialyzer specsKostis Sagonas
2013-01-23ssl: Do not return random valuesKostis Sagonas
2013-01-23ssl: M-x erlang-indent-bufferIngela Anderton Andin
2013-01-23ssl: Remove unnecessary construction of a return valueKostis Sagonas
2013-01-23ssl: Too short timeout in test caseIngela Anderton Andin
2013-01-22ssl: Prepare for R16 releaseIngela Anderton Andin
Remove very old and obsolete release notes, update version and appup.
2013-01-22Merge branch 'ia/ssl/incompatible-error-msg/OTP-10451'Ingela Anderton Andin
* ia/ssl/incompatible-error-msg/OTP-10451: ssl: Enhance error handling
2013-01-21Merge branch 'ia/ssl/certtable-clean/OTP-10710'Ingela Anderton Andin
* ia/ssl/certtable-clean/OTP-10710: ssl: Certificates and PEM-cache cleaning fixed to avoid memory leak
2013-01-21Merge branch 'ia/ssl/simplify-addition-of-keyexchange-algorithms/OTP-10709'Ingela Anderton Andin
* ia/ssl/simplify-addition-of-keyexchange-algorithms/OTP-10709: SSL: simplify server key encoding, decoding and signature handling SSL: unify the different implementations signature check implementations
2013-01-21ssl: Enhance error handlingIngela Anderton Andin
Remove filter mechanisms that made error messages backwards compatible with old ssl but hid information about what actually happened. This does not break the documented API however other reason terms may be returned, so code that matches on the reason part of {error, Reason} may fail.
2013-01-18Merge branch 'nox/enable-silent-rules/OTP-10726'Björn-Egil Dahlberg
* nox/enable-silent-rules/OTP-10726: Implement ./otp_build configure --enable-silent-rules
2013-01-17SSL: simplify server key encoding, decoding and signature handlingAndreas Schultz
server key encoding depends to the negotiated key exchange. Before the encoding was limited to diffie-hellman keys. This changes allows to select the key structure to decode and verify. It also consolidates the transport encoding of the parameters into one place.
2013-01-17SSL: unify the different implementations signature check implementationsAndreas Schultz
ssl_handshake and ssl_connection where doing essentially the same when checking a public key signature. This unify both into a single function
2013-01-17ssl: Certificates and PEM-cache cleaning fixed to avoid memory leakIngela Anderton Andin
Certificate db cleaning messages where sent to the wrong process after restructuring to avoid bottlenecks. It is possible that the ssl manager process gets two cleaning messages for the same entry. E.i. first cleaning message is sent and before it is processed a new reference is allocated and again released for the entry, generating a second cleaning message. Also in ssl_manger:handle_info/2 it is possible that there exists a new reference to an "old" file name with a potential new content.