Age | Commit message (Collapse) | Author | |
---|---|---|---|
2017-08-10 | Merge pull request #1507 from vances/issue-erl-442 | Ingela Andin | |
Correct type specification in ssl:prf/5 | |||
2017-08-10 | Merge branch 'ingela/dtls/cuddle' into maint | Ingela Anderton Andin | |
* ingela/dtls/cuddle: ssl: Handle OpenSSL output correctly | |||
2017-08-08 | ssl: Handle OpenSSL output correctly | Ingela Anderton Andin | |
Adjust to handle output from OpenSSL in a more general way, so that "unknown option" should be caught for all cases and the test case skipped if that is the case and other data form OpenSSL should be ignored. | |||
2017-07-10 | Correct type specification in ssl:prf/5 | Vance Shipley | |
Current implementation expects Seed to be a list. Correct type specification to match. | |||
2017-07-07 | ssl: Try to make asn1 decode errors of certificates as specific as possible | Ingela Anderton Andin | |
2017-07-07 | ssl,public_key: Provide details for CRL check failiures when revokation ↵ | Ingela Anderton Andin | |
state can not be determined | |||
2017-07-07 | ssl: Enhance error logging | Ingela Anderton Andin | |
2017-06-30 | ssl: Workaround localhost problems | Ingela Anderton Andin | |
If net_adm:localhost() returns a FQDN we want to use it otherwise we want to use localhost. | |||
2017-06-29 | ssl: Move clause so that it will match | Ingela Anderton Andin | |
2017-06-29 | ssl: Skip test if OpenSSL has problems generating CRL | Ingela Anderton Andin | |
2017-06-29 | ssl: Set rizzo* test timeout high enough for our slowest test machine | Ingela Anderton Andin | |
2017-06-27 | ssl: Skip sslv2 hello compatible tests on OpenSSL-0.9.8o | Ingela Anderton Andin | |
The -ssl2 option to s_client appears to be broken on this release. This is a legacy option anyway that is still tested on other old version of OpenSSL so skip this. | |||
2017-06-26 | ssl: Skip sslv3 interop with newer OpenSSL | Ingela Anderton Andin | |
2017-06-26 | ssl: Increase timeout for testcase testing ECDH keyexchange with | Ingela Anderton Andin | |
RSA signed certs | |||
2017-06-21 | Prepare release | Erlang/OTP | |
2017-06-19 | Update copyright year | Hans Nilsson | |
2017-06-15 | Merge branch 'hans/otp/update_copyright' | Hans Nilsson | |
2017-06-14 | Update copyright year | Hans Nilsson | |
2017-06-14 | Merge remote-tracking branch 'ingela/ingela/dtls/client-hello-verify/ERL-434' | Hans Nilsson | |
2017-06-13 | dtls: Make HelloVerifyRequest version adhere to RFC | Ingela Anderton Andin | |
ERL-434 RFC6347 says about hello_verify_request version field as follow https://tools.ietf.org/html/rfc6347#page-16 The server_version field has the same syntax as in TLS. However, in order to avoid the requirement to do version negotiation in the initial handshake, DTLS 1.2 server implementations SHOULD use DTLS version 1.0 regardless of the version of TLS that is expected to be negotiated. But current DTLS server responses DTLS1.2 instead of DTLS1.0. | |||
2017-06-13 | ssl: Correct epoch handling | Ingela Anderton Andin | |
Consideration of which Epoch a message belongs to is needed in the dtls_connection:next_record function too. | |||
2017-06-13 | Merge branch 'ingela/ssl/dtls-doc' | Ingela Anderton Andin | |
* ingela/ssl/dtls-doc: ssl: Document DTLS | |||
2017-06-10 | dtls: Handle getopts and setopts for DTLS | Ingela Anderton Andin | |
2017-06-07 | ssl: Document DTLS | Ingela Anderton Andin | |
2017-06-07 | dtls: Fetch next DTLS record when dropping resent handshake data | Ingela Anderton Andin | |
2017-06-07 | dtls: Use enter actions | Ingela Anderton Andin | |
Using enter actions for retransmission timers makes the code easier to understand. Previously the retransmission timer was incorrectly started in the connection state. Using enter actions feels like a cleaner approach than bloating the state with more flags. | |||
2017-06-02 | Merge pull request #1479 from weisslj/fix-missing-ssl-close | Ingela Andin | |
Correct close semantics for active once connections. This was a timing dependent bug the resulted in the close message not always reaching the ssl user process. OTP-14443 | |||
2017-05-31 | Revert "Prepare release" | Hans Nilsson | |
This reverts commit eaf8ca41dfa4850437ad270d3897399c9358ced0. | |||
2017-05-30 | Better fix for non-delivery of ssl_closed message in active once | Ingela Andin | |
This is taken from https://github.com/erlang/otp/pull/1479#issuecomment-304667528 with permission from Ingela Andin and improves commit 8abe16c22d. | |||
2017-05-30 | Prepare release | Erlang/OTP | |
2017-05-25 | Fix non-delivery of ssl_closed message in active once | Johannes Weißl | |
The commit 8b10920 (OTP 19.3.1) fixed the non-delivery of final TLS record in {active, once}, but this causes the ssl_closed message to be lost when the TCP connection closes before ssl:close/1. The patch restores the behavior of OTP 18. This is the second part to fix https://bugs.erlang.org/browse/ERL-420 | |||
2017-05-23 | dtls: Check for retransmitted changes_cipher_spec messages | Ingela Anderton Andin | |
Make sure to use current epoch as input to send_handshake_flight. | |||
2017-05-23 | dtls: Ask for next DTLS record when disregarding future packet | Ingela Anderton Andin | |
2017-05-22 | ssl: Handle econnreset windows obscurities | Ingela Anderton Andin | |
An UDP socket does note have a connection and should not recive econnreset, however this happens on on some windows versions. Just ignoring it appears to make things work as expected! | |||
2017-05-19 | ssl: Improve tests | Ingela Anderton Andin | |
Test should check that we get the expected key exchange algorithm for the provided server cert. We do not want to test OpenSSL s_server. Do not try to test cipher suites against OpenSSL that it does not support. | |||
2017-05-19 | ssl: Add missing algorithm ecdh_ecdsa | Ingela Anderton Andin | |
2017-05-16 | Merge branch 'ingela/dtls/opts' | Ingela Anderton Andin | |
* ingela/dtls/opts: ssl: Adopt setopts and getopts for DTLS | |||
2017-05-16 | ssl: Adopt setopts and getopts for DTLS | Ingela Anderton Andin | |
2017-05-16 | ssl: Remove debug printout | Ingela Anderton Andin | |
2017-05-16 | Merge branch 'ingela/dtls/replay-protect/OTP-14077' | Ingela Anderton Andin | |
* ingela/dtls/replay-protect/OTP-14077: dtls: Implement replay protection | |||
2017-05-16 | dtls: Implement replay protection | Ingela Anderton Andin | |
See RFC 6347 section 3.3 | |||
2017-05-15 | Merge branch 'ingela/ssl/bench-certs' | Ingela Anderton Andin | |
* ingela/ssl/bench-certs: ssl: Disable Server Name verification in bench tests for now | |||
2017-05-15 | ssl: Disable Server Name verification in bench tests for now | Ingela Anderton Andin | |
2017-05-12 | Merge branch 'maint' | Hans Nilsson | |
Conflicts: OTP_VERSION lib/inets/vsn.mk lib/ssl/vsn.mk | |||
2017-05-11 | Prepare release | Erlang/OTP | |
2017-05-11 | removed ct:pal call in ssl_connection | Joe DeVivo | |
2017-05-11 | Merge branch 'ingela/ssl/windows-cuddle' | Ingela Anderton Andin | |
* ingela/ssl/windows-cuddle: ssl: Only run sslv2 reject tests on old OpenSSL version ssl: Try to workaround OpenSSL windows obscurities | |||
2017-05-09 | ssl: Only run sslv2 reject tests on old OpenSSL version | Ingela Anderton Andin | |
2017-05-08 | ssl: Try to workaround OpenSSL windows obscurities | Ingela Anderton Andin | |
2017-05-06 | ssl: Add hostname check of server certificate | Ingela Anderton Andin | |
When the server_name_indication is sent automatize the clients check of that the hostname is present in the servers certificate. Currently server_name_indication shall be on the dns_id format. If server_name_indication is disabled it is up to the user to do its own check in the verify_fun. |