aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
AgeCommit message (Collapse)Author
2015-12-07Merge branch 'maint'Ingela Anderton Andin
2015-12-07Merge branch 'ia/ssl/max-sessions/OTP-12392' into maintIngela Anderton Andin
* ia/ssl/max-sessions/OTP-12392: ssl: Fix documentation mistakes ssl: Add upper limit for session cache ssl: Measure elapsed time with erlang:monotonic_time
2015-12-07ssl: Fix documentation mistakesIngela Anderton Andin
2015-12-04Merge branch 'maint'Henrik Nord
2015-12-04Merge branch 'maint-17' into maintHenrik Nord
Conflicts: OTP_VERSION erts/doc/src/notes.xml erts/vsn.mk lib/kernel/doc/src/notes.xml lib/kernel/src/kernel.appup.src lib/kernel/vsn.mk lib/ssl/doc/src/notes.xml lib/ssl/src/ssl.appup.src lib/ssl/src/ssl_cipher.erl lib/ssl/vsn.mk otp_versions.table
2015-12-03ssl: Add upper limit for session cacheIngela Anderton Andin
If upper limit is reached invalidate the current cache entries, e.i the session lifetime is the max time a session will be keept, but it may be invalidated earlier if the max limit for the table is reached. This will keep the ssl manager process well behaved, not exhusting memeory. Invalidating the entries will incrementally empty the cache to make room for fresh sessions entries.
2015-12-03ssl: Measure elapsed time with erlang:monotonic_timeIngela Anderton Andin
2015-12-03Prepare releaseErlang/OTP
2015-12-03ssl: Prepare for releaseIngela Anderton Andin
2015-12-01Merge branch 'maint'Zandra
2015-12-01Merge branch 'legoscia/tls_dist_options' into maintZandra
* legoscia/tls_dist_options: Test interface listen option for TLS distribution Test socket listen options for TLS distribution Test port options for TLS distribution TLS Dist: Use inet_dist_ options Conflicts: lib/ssl/src/ssl_tls_dist_proxy.erl lib/ssl/test/ssl_dist_SUITE.erl OTP-12838
2015-11-26Merge branch 'maint'Zandra
2015-11-26Merge branch 'legoscia/ssl_connection_terminate_crash' into maintZandra
* legoscia/ssl_connection_terminate_crash: Avoid crash for SSL connections with nonexistent keyfile OTP-13144
2015-11-26Merge branch 'maint'Zandra
2015-11-26Merge branch 'legoscia/tls_dist_nodelay' into maintZandra
* legoscia/tls_dist_nodelay: Add test for dist_nodelay option Honour dist_nodelay socket option in tls_dist proxy OTP-13143
2015-11-26Merge branch 'maint'Zandra
2015-11-26Merge branch 'legoscia/ssl-dist-error-handling' into maintZandra
* legoscia/ssl-dist-error-handling: In ssl_tls_dist_proxy, pass along EPMD registration errors OTP-13142
2015-11-26Merge branch 'maint'Zandra
2015-11-26Merge branch 'zandra/fix-24h-macro-in-suite' into maintZandra
* zandra/fix-24h-macro-in-suite: fix 24h macro in test suite
2015-11-26Merge branch 'maint'Zandra
2015-11-26Merge branch 'ppikula/fix-24h-macro' into maintZandra
* ppikula/fix-24h-macro: fix incorrect number of seconds in 24h macro The previous commit - 7b93f5d8a224a0a076a420294c95a666a763ee60 fixed the macro only in one place. OTP-13141
2015-11-24Test interface listen option for TLS distributionMagnus Henoch
Add test that checks that the option inet_dist_use_interface is used when starting a node with TLS distribution.
2015-11-24Test socket listen options for TLS distributionMagnus Henoch
Add test that checks that the option inet_dist_listen_options is used when starting a node with TLS distribution. This test was adapted from inet_dist_options_options in erl_distribution_SUITE.
2015-11-24Test port options for TLS distributionMagnus Henoch
Add test that checks that the options inet_dist_listen_min and inet_dist_listen_max are used when starting a node with TLS distribution.
2015-11-24TLS Dist: Use inet_dist_ optionsTom Briden
The inet_dist_ options, such as min/max port numbers aren't used with TLS distribution. This commits uses those settings in the same way as they're used in inet_tcp_dist.erl
2015-11-24Merge branch 'maint'Zandra
2015-11-24Merge branch 'legoscia/tls-dist-shutdown' into maintZandra
* legoscia/tls-dist-shutdown: Adjust shutdown strategies for distribution over TLS OTP-13134
2015-11-20Merge branch 'maint'Ingela Anderton Andin
2015-11-18ssl: Client should send the hello message in the lowest version it is ↵Ingela Anderton Andin
willing to support Refactor highest_protocol_version so that code is symmetrical with lowest_protocol_version. For clarity and possible future use cases of highest_protocol_version/2
2015-11-16fix 24h macro in test suiteZandra
Needed after the fix in 120975c4fcb57ecd14031ac046f483e56a3daa4d.
2015-11-13Add test for dist_nodelay optionMagnus Henoch
Run the 'basic' test with dist_nodelay set to false.
2015-10-28Avoid crash for SSL connections with nonexistent keyfileMagnus Henoch
Starting an SSL connection with a nonexistent keyfile will obviously return an error: > ssl:connect("www.google.com", 443, [{keyfile, "nonexistent"}]). {error,{options,{keyfile,"nonexistent",{error,enoent}}}} But it also generates an error report with the following backtrace: ** Reason for termination = ** {badarg,[{ets,select_delete, [undefined,[{{{undefined,'_','_'},'_'},[],[true]}]], []}, {ets,match_delete,2,[{file,"ets.erl"},{line,700}]}, {ssl_pkix_db,remove_certs,2,[{file,"ssl_pkix_db.erl"},{line,243}]}, {ssl_connection,terminate,3, [{file,"ssl_connection.erl"},{line,941}]}, {tls_connection,terminate,3, [{file,"tls_connection.erl"},{line,335}]}, {gen_fsm,terminate,7,[{file,"gen_fsm.erl"},{line,610}]}, {gen_fsm,handle_msg,7,[{file,"gen_fsm.erl"},{line,532}]}, {proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,240}]}]} This happens because the ssl_connection process receives its cert_db while handling the {start, Timeout} message, but if the handshake fails, the cert_db will never be inserted into the state data, and the terminate function will use 'undefined' as an ETS table name. Avoid this by checking for 'undefined' in the handle_trusted_certs_db function.
2015-10-23In ssl_tls_dist_proxy, pass along EPMD registration errorsMagnus Henoch
The duplicate_name error returned from erl_epmd:register_node elicits a particularly precise error message from net_kernel, so let's pass it along to our caller. Not doing this for the other things that could go wrong here, since for those having the line number will likely aid debugging.
2015-10-22fix incorrect number of seconds in 24h macroPawel Pikula
The previous commit - 7b93f5d8a224a0a076a420294c95a666a763ee60 fixed the macro only in one place.
2015-10-20Adjust shutdown strategies for distribution over TLSMagnus Henoch
Change ssl_dist_sup to be considered as a supervisor with infinite shutdown time. Change the ssl_connection_dist instance of tls_connection_sup to have infinite shutdown time. This avoids spurious error messages when shutting down a node that uses distribution over TLS.
2015-10-09Update SSLHans Bolinder
Record field types have been modified due to commit 8ce35b2: "Take out automatic insertion of 'undefined' from typed record fields".
2015-09-23Merge branch 'maint'Ingela Anderton Andin
2015-09-23ssl: Retry ssl connections on econnreset errorsIngela Anderton Andin
To avoid test case failure due to test case setup timing issues. Suspected problem is that the listen queue builds up to quickly in client_unique_session test when running on slow computers.
2015-09-23Merge tag 'OTP-18.1'Henrik Nord
=== OTP-18.1 === Changed Applications: - compiler-6.0.1 - crypto-3.6.1 - debugger-4.1.1 - dialyzer-2.8.1 - diameter-1.11 - erts-7.1 - eunit-2.2.11 - hipe-3.13 - inets-6.0.1 - kernel-4.1 - mnesia-4.13.1 - odbc-2.11.1 - public_key-1.0.1 - sasl-2.6 - ssh-4.1 - ssl-7.1 - stdlib-2.6 - tools-2.8.1 - wx-1.5 Unchanged Applications: - asn1-4.0 - common_test-1.11 - cosEvent-2.2 - cosEventDomain-1.2 - cosFileTransfer-1.2 - cosNotification-1.2 - cosProperty-1.2 - cosTime-1.2 - cosTransactions-1.3 - edoc-0.7.17 - eldap-1.2 - erl_docgen-0.4 - erl_interface-3.8 - et-1.5.1 - gs-1.6 - ic-4.4 - jinterface-1.6 - megaco-3.18 - observer-2.1 - orber-3.8 - os_mon-2.4 - ose-1.1 - otp_mibs-1.1 - parsetools-2.1 - percept-0.8.11 - reltool-0.7 - runtime_tools-1.9.1 - snmp-5.2 - syntax_tools-1.7 - test_server-3.9 - typer-0.9.9 - webtool-0.9 - xmerl-1.3.8 Conflicts: OTP_VERSION erts/vsn.mk
2015-09-21Prepare releaseErlang/OTP
2015-09-21Merge branch 'maint'Anders Svensson
2015-09-21ssl: listen socket should be set to active falseIngela Anderton Andin
2015-09-20Merge branch 'maint'Ingela Anderton Andin
2015-09-18ssl: Correct soft upgrade testIngela Anderton Andin
Soft upgrade test did not work as expected due to that the upgrade frame work keeps the control of the test case process to itself, so we need a proxy process to receive messages from ssl test framework.
2015-09-18Merge branch 'maint'Ingela Anderton Andin
2015-09-17ssl: Timeout tuningIngela Anderton Andin
2015-09-16Merge branch 'maint'Ingela Anderton Andin
2015-09-16ssl: Prepare for releaseIngela Anderton Andin
We do not want ssl_soft_upgrade_SUITE to fail, but for now we do not know the details of these changes so we use a general fallback for now.
2015-09-16Merge branch 'maint'Ingela Anderton Andin
2015-09-16Merge branch 'ia/ssl/register-unique-session/OTP-12980' into maintIngela Anderton Andin
* ia/ssl/register-unique-session/OTP-12980: ssl: Correct return value of default session callback module