Age | Commit message (Collapse) | Author |
|
Remove very old and obsolete release notes, update version and appup.
|
|
* ia/ssl/incompatible-error-msg/OTP-10451:
ssl: Enhance error handling
|
|
* ia/ssl/certtable-clean/OTP-10710:
ssl: Certificates and PEM-cache cleaning fixed to avoid memory leak
|
|
* ia/ssl/simplify-addition-of-keyexchange-algorithms/OTP-10709:
SSL: simplify server key encoding, decoding and signature handling
SSL: unify the different implementations signature check implementations
|
|
Remove filter mechanisms that made error messages backwards compatible
with old ssl but hid information about what actually happened.
This does not break the documented API however other reason
terms may be returned, so code that matches on the reason part of
{error, Reason} may fail.
|
|
* nox/enable-silent-rules/OTP-10726:
Implement ./otp_build configure --enable-silent-rules
|
|
server key encoding depends to the negotiated key exchange. Before
the encoding was limited to diffie-hellman keys. This changes allows
to select the key structure to decode and verify. It also consolidates
the transport encoding of the parameters into one place.
|
|
ssl_handshake and ssl_connection where doing essentially the same when
checking a public key signature. This unify both into a single function
|
|
Certificate db cleaning messages where sent to the wrong process after
restructuring to avoid bottlenecks.
It is possible that the ssl manager process gets two cleaning messages
for the same entry. E.i. first cleaning message is sent and before it
is processed a new reference is allocated and again released for the
entry, generating a second cleaning message.
Also in ssl_manger:handle_info/2 it is possible that there exists a
new reference to an "old" file name with a potential new content.
|
|
With silent rules, the output of make is less verbose and compilation
warnings are easier to spot. Silent rules are disabled by default and
can be disabled or enabled at will by make V=0 and make V=1.
|
|
|
|
|
|
* ia/ssl/gen-tcp-reusesaddr:
ssl: Add test for gen_tcp with reuseaddr as reference
|
|
* ia/ssl/TLS-1.2-default/OTP-10425:
ssl: Make TLS-1.2 default version
|
|
|
|
|
|
|
|
|
|
Conflicts:
erts/emulator/sys/vxworks/sys.c
erts/vsn.mk
lib/ssl/src/ssl_connection.erl
lib/ssl/test/ssl_basic_SUITE.erl
|
|
|
|
|
|
|
|
|
|
Reset state so that "recv data" is not sent as "active data" after a recv
timed out and no new recv has been called.
|
|
ssl:ssl_accept/[2,3] or ssl:connect/[3,4] timeout expires.
Add missing function clause to handle timeout during handshake.
The missing clause had the effect that the timeout was wrongly
discarded. Also add an extra test case for the recv timeout
in addition to the one in ssl_packet_SUITE.
The missing functions clause was introduced in 8a789189.
This commit changed the timeout implementation, the previous implememtation
could cause other type of problems as the timeout was client side.
|
|
* ia/ssl/sslv2-tests:
ssl: Receive port EXIT-message so that it does not get mixed up with the protocol-error message we are expecting
|
|
The R15B03 release
|
|
protocol-error message we are expecting
|
|
* ia/ssl/peer-cert-server:
ssl: Add test case for ssl:peercert with client certification
|
|
|
|
If an ssl server is restarted with new options and a client
tries to reuse a session the server must make sure that it complies
to the new options before agreeing to reuse it.
|
|
* ia/ssl/make-depend/OTP-10594:
ssl: Add dependencies to Makefile
|
|
|
|
|
|
|
|
|
|
* as/ssl-sha224-fixes:
SSL: TLS 1.2, advertise sha224 support
OTP-10586
|
|
|
|
Code should handle case the there is some undelivered data
left on the socket when peer close signal is received. It is
unlikely that this happens during normal testing.
|
|
SHA-224 is still better than SHA-1, so let the world know we support it
|
|
|
|
|
|
Conflicts:
lib/ssl/src/ssl_connection.erl
|
|
function.
Avoid doing gen_tcp/inet socket operations in terminate if socket
is already closed. Call gen_tcp:recv/3 in the "data delivery workaround"
to avoid hanging.
|
|
The absence of the active default values could cause a process leak
|
|
|
|
* upstream/maint:
ssl: Do not use gen_fsm:sync_send_all_state_event/3 timeout
|
|
The gen_fsm:sync_send_all_state_event/3 timout is a client side timeout.
If timeouts are needed we want them to be server side timeouts.
|
|
* ia/ssl/controlling-process-on-listen-socket/OTP-10447:
ssl: Improve #sslsocket{} API
ssl: It is now possible to call controlling_process on a listen socket, same as in gen_tcp.
|
|
|