aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
AgeCommit message (Collapse)Author
2011-06-13Time out in test case needs to be longer to make sure clean up isIngela Anderton Andin
properly executed
2011-06-07Prevention of denial of service attackIngela Anderton Andin
2011-06-01The clean up of the session table now works as intended.Ingela Anderton Andin
In ssl-4.1.5 temporary clean-up processes would crash resulting in that the session table would not be cleaned up (e.i. using more and more memory) and error reports would be printed, but connections would not be affected.
2011-05-24Merge branch 'ia/ssl/ets-table-cleanup' into devBjörn-Egil Dahlberg
* ia/ssl/ets-table-cleanup: Corrected last argument to timer:apply_after also corrected a dilyzer spec
2011-05-24Corrected last argument to timer:apply_after also corrected a dilyzer specIngela Anderton Andin
2011-05-20Update copyright yearsBjörn-Egil Dahlberg
2011-05-18Merge branch 'pan/win_static_openssl/OTP-9280' into devPatrik Nyblom
* pan/win_static_openssl/OTP-9280: Mend --with-ssl= in erts/configure Update OpenSSL license text in crypto Link OpenSSL libraries static on Windows
2011-05-17In TLS 1.1, failure to properly close a connection no longer requiresIngela Anderton Andin
that a session not be resumed. This is a change from TLS 1.0 to conform with widespread implementation practice. Erlang ssl will now in TLS 1.0 conform to the widespread implementation practice instead of the specification to avoid performance issues.
2011-05-16OTP-9094: [httpc] Add support for upload body streaming (PUT and POST).Micael Karlberg
Filipe David Manana OTP-9114: [ftp] Added (type) spec for all exported functions. OTP-9123: mod_esi:deliver/2 made to accept binary data. Bernard Duggan OTP-9124: [httpd] Prevent XSS in error pages. Michael Santos OTP-9131: [httpd] Wrong security property names used in documentation. Garrett Smith OTP-9157: [httpd] Improved error messages. Ricardo Catalinas Jim�nez OTP-9158: [httpd] Fix timeout message generated by mod_esi. Bernard Duggan OTP-9202: [httpd] Extended support for file descriptors. Attila Rajmund Nohl OTP-9230: The default ssl kind has now been changed to essl. OTP-9246: [httpc] httpc manager crash because of a handler retry race condition. Merge branch 'bmk/inets/inet56_integration' into dev
2011-05-13Ssl sometimes fails when reusing a sessionIngela Anderton Andin
Invalidation of a session for reusing should first flag that the session may no longer be reused and then later when all possible pending reuses have been handled delete the session from the database. This could otherwise cause the client to terminate due to {badarg,[{erlang,byte_size,[undefined]}, and the server to terminate due to {{badmatch,{resumed,undefined}}.
2011-05-12Calling gen_tcp:connect with option {ip, {127,0,0,1}} results in an exit withMicael Karlberg
reason badarg. Neither SSL nor INETS catches this, resulting in crashes with incomprehensible reasons. OTP-9289
2011-05-12Calling gen_tcp:connect with option {ip, {127,0,0,1}} results in an exit withMicael Karlberg
reason badarg. Neither SSL nor INETS catches this, resulting in crashes with incomprehensible reasons. OTP-9289
2011-05-10Link OpenSSL libraries static on WindowsPatrik Nyblom
2011-05-05Spec correctionsIngela Anderton Andin
2011-05-04Dialyzer spec fixIngela Anderton Andin
2011-04-29Changed iolist() to iodata()Ingela Anderton Andin
ssl:send/2 takes iodata() as a second argument. erlang:iolist_to_binary should really be called erlang:iodata_to_binary which caused the mismatch in the first place.
2011-04-21Fixed blunder in year tagIngela Anderton Andin
2011-04-20Added missing path validation error to documentationIngela Anderton Andin
2011-04-15Prepare for releaseIngela Anderton Andin
2011-03-30Merge branch 'hw/call-chmod-without-f' into devHenrik Nord
* hw/call-chmod-without-f: Call chmod without the "-f" flag Conflicts: erts/emulator/test/Makefile lib/asn1/test/Makefile lib/crypto/test/Makefile lib/debugger/test/Makefile lib/docbuilder/test/Makefile lib/edoc/test/Makefile lib/erl_interface/test/Makefile lib/inviso/test/Makefile lib/parsetools/test/Makefile lib/percept/test/Makefile lib/ssl/test/Makefile lib/syntax_tools/test/Makefile lib/test_server/test/Makefile lib/tools/test/Makefile OTP-9170
2011-03-24Merge branch 'ia/public_key/encode-decode-ssh/OTP-9144' into devIngela Anderton Andin
* ia/public_key/encode-decode-ssh/OTP-9144: Implemented encode/decode support for ssh public key files
2011-03-24Implemented encode/decode support for ssh public key filesIngela Anderton Andin
2011-03-14Prepare releaseOTP_R14B02Erlang/OTP
2011-03-11Update copyright yearsBjörn-Egil Dahlberg
2011-03-08Merge branch 'ia/ssl/prepare-release' into devIngela Anderton Andin
* ia/ssl/prepare-release: Prepare for release
2011-03-07Prepare for releaseIngela Anderton Andin
2011-03-07Add the option { hibernate_after, int() } to ssl:connect and ssl:listenJeroen Koops
When making an SSL connection (either as client or as server), the process implementing the connection may use as much as hundreds of kilobytes of memory, even when idle. This is problematic for any application maintaining more than just a few SSL connections. This patch introduces the option { hibernate_after, int() } to the ssl:connect and ssl:listen functions, making the SSL connection process go into hibernation after the specified number of milliseconds of inactivity. This will reduce the memory used by the process to just a few hundred bytes, making applications with thousands or more SSL connections feasible, as long as most of the connections are idle for most of the time (which is typically the case). The approach of making the process go into hibernation only after some time of inactivity was chosen because hibernation incurs some CPU usage, and it is therefore not desirable for a process to hibernate after each call.
2011-03-07Workaround for application:start(crypto) inconsistencyIngela Anderton Andin
2011-02-22Dialyzer does not like old fun syntaxIngela Anderton Andin
2011-02-22Corrected dialyzer specsIngela Anderton Andin
2011-02-22Modernized some dialyzer specsIngela Anderton Andin
2011-02-17Rename Suite Callback to Common Test HookLukas Larsson
2011-02-17Update init_per_suite to skip all tests if crypto does not existLukas Larsson
2011-02-17Update and add cover spec files to work with common_testLukas Larsson
2011-02-17Update all test specsLukas Larsson
2011-02-17Fix formatting for sslLukas Larsson
2011-02-17Add init_per_suite and end_per_suiteLukas Larsson
2011-02-17Add ts_install_scb to suite/0Lukas Larsson
2011-02-17Update ssl tests to conform with common_test standardLukas Larsson
2011-02-17Update all fin_per_testcase to end_per_testcase.Lukas Larsson
2011-02-11Added missing return value in dialyzer specs (ssl.erl)Ingela Anderton Andin
Suppressed dialyzer warnings with spec if possible to minimize clutter from this file belonging to old ssl.
2011-01-24Changed crypto start test so that it works as intendedIngela Anderton Andin
2011-01-20Skip ssl and public key tests if crypto fails to startIngela Anderton Andin
2011-01-20Merge branch 'maint-r14' into devIngela Anderton Andin
2011-01-17Update release notesErlang/OTP
2011-01-17Merge branch 'ia/ssl/unknown-extension-handling-verify-none/OTP-9029' into ↵Erlang/OTP
maint-r14 * ia/ssl/unknown-extension-handling-verify-none/OTP-9029: Prepare for release Verification of a critical extended_key_usage-extension corrected
2011-01-17Prepare for releaseIngela Anderton Andin
2011-01-17Verification of a critical extended_key_usage-extension correctedIngela Anderton Andin
When a verify fun is supplied, it should not be called to verify the extended_key_usage-extension when it is already verified by the ssl_certificate:validate_extension/2
2011-01-13Reduce memory footprintIngela Anderton Andin
Handshake hashes, premaster secret and "public_key_info" does not need to be saved when the connection has been established. The own certificate is no longer duplicated in the state.
2011-01-10Fixed Dialyzer specsIngela Anderton Andin
------------------------------------------------------------------------- ssl's published documentation states: ssl_accept(ListenSocket) -> ssl_accept(ListenSocket, Timeout) -> ok | {error, Reason} (see http://www.erlang.org/doc/man/ssl.html#ssl_accept-1) while its code has the specs: -spec ssl_accept(#sslsocket{}) -> {ok, #sslsocket{}} | {error, reason()}. -spec ssl_accept(#sslsocket{}, list() | timeout()) -> {ok, #sslsocket{}} | {error, reason()}. One of the two cannot be right. This should be fixed. Moreover, I do not see why the spec just mentions list() for the options when the documentation explicitly mentions the options of ssl. Kostis ---------------------------------------------------------------------