aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
AgeCommit message (Collapse)Author
2018-12-10Prepare releaseErlang/OTP
2018-12-05Rewrite to work for stream connectionRaimo Niskanen
2018-12-04Merge branch 'raimo/ssl/tls_dist-optimization' into maintRaimo Niskanen
* raimo/ssl/tls_dist-optimization: Handle socket close in state downgrade Handle dead sender at terminate Handle tls_sender exit properly Optimize split_bin Improve dist send throughput
2018-12-04Merge branch 'raimo/ssl/tls_dist-profiling' into maintRaimo Niskanen
* raimo/ssl/tls_dist-profiling: Improve benchmark Implement print on other node Fix compiler warnings
2018-12-04Merge branch 'ingela/ssl/test-cuddle-ssl_basic_SUITE' into maintIngela Anderton Andin
* ingela/ssl/test-cuddle-ssl_basic_SUITE: ssl: Correct test case
2018-12-04Handle socket close in state downgradeRaimo Niskanen
2018-12-03ssl: Fix error handling in function passive_receiveIngela Anderton Andin
Also avoid code duplication Conflicts: lib/ssl/src/dtls_connection.erl lib/ssl/src/tls_connection.erl
2018-12-03ssl: Correct ssl:shutdownIngela Anderton Andin
When internaly using active N, bugs in shutdown implementation where reveled.
2018-12-03ssl: Internaly use {active, N}Ingela Anderton Andin
Make next_record an internal help function to next_event and avoid duplicate calls to tls_socket:setopts for setting the active option.
2018-12-03ssl: Correct test caseIngela Anderton Andin
2018-11-30Handle dead sender at terminateRaimo Niskanen
2018-11-30Handle tls_sender exit properlyRaimo Niskanen
2018-11-30Improve benchmarkRaimo Niskanen
2018-11-30Fix compiler warningsRaimo Niskanen
2018-11-30crypto: Update test engine with fake rsa supportHans Nilsson
We need to test the Engine interface not only for loading, key retrieval and hashing, so it is complemented with a fake rsa method to check sign/verify also.
2018-11-23Optimize split_binRaimo Niskanen
2018-11-23Improve dist send throughputRaimo Niskanen
2018-11-12ssl: Handle unicode ~s -> ~tsIngela Anderton Andin
2018-11-12Merge branch 'maint-20' into maintIngela Anderton Andin
* maint-20: Updated OTP version Prepare release
2018-11-12Merge branch 'ingela/ssl/rsa-kex-engine/ERIERL-268/OTP-15420' into maintIngela Anderton Andin
* ingela/ssl/rsa-kex-engine/ERIERL-268/OTP-15420: ssl: Add engine handling clause to RSA key exchange
2018-11-09Prepare releaseErlang/OTP
2018-11-09ssl: Add engine handling clause to RSA key exchangeIngela Anderton Andin
2018-11-09ssl: Add engine handling clause to RSA key exchangeIngela Anderton Andin
2018-11-09Merge branch 'maint-20' into maintLukas Larsson
* maint-20: Updated OTP version Prepare release Optimize operator '--' and yield on large inputs Conflicts: OTP_VERSION erts/doc/src/notes.xml erts/emulator/beam/erl_alloc.types erts/emulator/beam/erl_bif_lists.c erts/vsn.mk lib/ssl/doc/src/notes.xml lib/ssl/vsn.mk lib/stdlib/doc/src/notes.xml lib/stdlib/vsn.mk make/otp_version_tickets otp_versions.table
2018-11-07ssl: Correct gen_statem return valueIngela Anderton Andin
Could cause renegotiation to fail
2018-11-05ssl: controlling_process should be allowed on transpor_accept sockets alongIngela Anderton Andin
with handshake Fix of commit 68d9244ae33e5eea36250c3bb9ffe046a4db5647
2018-11-05Prepare releaseErlang/OTP
2018-11-02ssl: Correct filter functionIngela Anderton Andin
2018-11-02Merge branch 'ingela/ssl/deliver-all-data-at-close/ERL-731/OTP-15412' into maintIngela Anderton Andin
* ingela/ssl/deliver-all-data-at-close/ERL-731/OTP-15412: ssl: Extend check for undelivered data at closing
2018-11-02ssl: Extend check for undelivered data at closingIngela Anderton Andin
This is a timing related bug that alas is hard to test
2018-11-02ssl: Make sure benchmark SUITE has a clean startIngela Anderton Andin
2018-11-01ssl: Return error to user that tries to use a "transport accepted" socket forIngela Anderton Andin
other purposes than handshaking
2018-11-01Merge pull request #1990 from max-au/ssl_pem_cache_timezone_fixIngela Andin
ssl: fix timezone-related bug in ssl_pem_cache OTP-15402
2018-10-29Merge pull request #1983 from binaryseed/bug-default-address_please/OTP-15388Lukas Larsson
Fix the default implementation of address_please
2018-10-26ssl: fix timezone-related bug in ssl_pem_cacheMaxim Fedorov
Caught with unit test in ssl_pem_cache_SUITE. When local timezone is PST (Pacific Standard Time), PEM cache was not evicting expired entries due to file time converstion was done using calendar:now_to_datetime, while file modification time is actually in local time. Use os:system_time() to align with file_info modified time.
2018-10-23ssl: Correct length to be used in additional data in CHACHA20_POLY1305 cipherIngela Anderton Andin
2018-10-19ssl: Refactor AEAD ciphersIngela Anderton Andin
TLS-1.3 needs to handle AEAD inputs diffrently than previous versions. Refactor code to facilitate TLS-1.3 additions. Change CHACHA20_POLY1305 NONCE to match RFC 7905. This will be important later when we fix interop with TLS compatible crypto invocation.
2018-10-13Fix fallback address_pleaseVince Foley
2018-10-12Merge branch 'maint-21' into maintRickard Green
* maint-21: Updated OTP version Prepare release erts: Fix UNC path handling on Windows erts: Fix a compiler warning eldap: Fix race at socket close Fix bug for sockopt pktoptions on BSD erts: Fix memory leak on file read errors
2018-10-12Prepare releaseErlang/OTP
2018-10-11ssl: Fix up incorrect automatic mergeIngela Anderton Andin
2018-10-11Merge branch 'ingela/maint/ssl/packet-options-to-tls-sender/OTP-15348' into ↵Ingela Anderton Andin
maint Conflicts: lib/ssl/src/tls_sender.erl
2018-10-11ssl: TLS sender process needs to get updates of the socket option packetIngela Anderton Andin
If the socket option is set to {packet, 1|2|3|4} sender process needs to add a packet length header. If packet is changed with ssl:setopts/2 this needs to be communicated to tls_sender.
2018-10-10ssl: ERL-738 - Correct alert handling with new TLS sender processIngela Anderton Andin
With the new TLS sender process, solving ERL-622, TLS ALERTs sent in the connection state must be encrypted and sent by the TLS sender process. This to make sure that the correct encryption state is used to encode the ALERTS. Care must also be taken to ensure a graceful close down behavior both for normal shutdown and downgrading from TLS to TCP. The original TR ERL-738 is verified by cowboy tests, and close down behavior by our tests. However we alas have not been able to yet create a minimal test case for the originating problem. Also it seems it has become less likely that we run in to the TCP delivery problem, that is the guarantee is only on transport level, not application level. Keep work around function in ssl_test_lib but we can have better test as long as we do not get to much wobbling tests.
2018-10-10ssl: TLS sender process needs to get updates of the socket option packetIngela Anderton Andin
If the socket option is set to {packet, 1|2|3|4} sender process needs to add a packet length header. If packet is changed with ssl:setopts/2 this needs to be communicated to tls_sender.
2018-10-08ssl: ERL-738 - Correct alert handling with new TLS sender processIngela Anderton Andin
With the new TLS sender process, solving ERL-622, TLS ALERTs sent in the connection state must be encrypted and sent by the TLS sender process. This to make sure that the correct encryption state is used to encode the ALERTS. Care must also be taken to ensure a graceful close down behavior both for normal shutdown and downgrading from TLS to TCP. The original TR ERL-738 is verified by cowboy tests, and close down behavior by our tests. However we alas have not been able to yet create a minimal test case for the originating problem. Also it seems it has become less likely that we run in to the TCP delivery problem, that is the guarantee is only on transport level, not application level. Keep work around function in ssl_test_lib but we can have better test as long as we do not get to much wobbling tests.
2018-09-24Prepare releaseErlang/OTP
2018-09-21Update copyright yearHenrik Nord
2018-09-20ssl: Improve interop checksIngela Anderton Andin
2018-09-20ssl: Move link to correct processIngela Anderton Andin
The link should be between the connection process and the tls_sender process. But the start of the tls_sender process needs to be done by the process that also starts the connection process in order to correctly create the opaque #ssl_socket{}.