aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
AgeCommit message (Collapse)Author
2014-03-26Various improvements to CRL handlingAndrew Thompson
* Handle v1 CRLs, with no extensions. * Compare the IDP on a CRL correctly, if present * Don't try to double-decode altnames Tests are also included, and the make_certs testing tool in the SSL application has been greatly extended.
2014-03-26Merge branch 'ia/ssl/continue-dtls-and-specs'Ingela Anderton Andin
* ia/ssl/continue-dtls-and-specs: ssl: Avoid dialyzer warnings in dtls code ssl: Improve type specs ssl: Refactor and start implementing dtls_connection.erl
2014-03-25ssl: Avoid dialyzer warnings in dtls codeIngela Anderton Andin
Even if DTLS is not finished, e.i. not runnable yet we want to phase in the code together with refactoring of TLS code, but without introducing warnings in the release.
2014-03-25ssl: Improve type specsIngela Anderton Andin
Conflicts: lib/ssl/src/dtls_record.erl
2014-03-25ssl: Refactor and start implementing dtls_connection.erlIngela Anderton Andin
2014-03-25ssl: Handle SNI alert unrecognized_name and gracefully deal withIngela Anderton Andin
unexpected alerts. Add recognitions of RFC 4366 alerts and handle possible unimplementd alerts in a gracefully way.
2014-03-20Introduce runtime_dependencies in .app filesRickard Green
Most dependencies introduced are exactly the dependencies to other applications found by xref. That is, there might be real dependencies missing. There might also be pure debug dependencies listed that probably should be removed. Each application has to be manually inspected in order to ensure that all real dependencies are listed. All dependencies introduced are to application versions used in OTP 17.0. This since the previously used version scheme wasn't designed for this, and in order to minimize the work of introducing the dependencies.
2014-03-14ssl: Server now ignores client ECC curves that it does not support instead ofIngela Anderton Andin
crashing. When TLS client sends Supported Elliptic Curves Client Hello Extension the server shall select a curve supported by both sides or refuse to negotiate the use of an ECC cipher suite.
2014-03-14Add test for unknown elliptic curve supported by clientDanil Zagoskin
When TLS client sends a Supported Elliptic Curves Client Hello Extension containing an unknown curve enum value, a server crashes with a function_clause instead of just ignoring specified unknown curve.
2014-03-04ssl: Add exception for inet and inet6 to proplist checkIngela Anderton Andin
2014-03-04Merge branch 'ia/ssl/proplist-input-check/OTP-11760'Ingela Anderton Andin
* ia/ssl/proplist-input-check/OTP-11760: ssl: Add input sanity check
2014-03-04ssl: Add input sanity checkIngela Anderton Andin
Avoid puzzling behavior due to options being disregarded if they are not key value tuples.
2014-03-03ssl: Improved documentation of the cacertfile optionIngela Anderton Andin
2014-02-25ssl: Fix compiler warningsIngela Anderton Andin
2014-02-25ssl: Fix appup regexps and instructionsIngela Anderton Andin
2014-02-25Merge branch 'ia/ssl/prepare-for-release'Ingela Anderton Andin
* ia/ssl/prepare-for-release: ssl: Prepare for release
2014-02-25ssl: Prepare for releaseIngela Anderton Andin
2014-02-24Merge branch 'fenollp/otp-edoc-usage-fixes'Henrik Nord
* fenollp/otp-edoc-usage-fixes: Fix edoc usage errors OTP-11702
2014-02-24Merge branch 'hb/dialyzer/deprecate_types/OTP-10342'Hans Bolinder
* hb/dialyzer/deprecate_types/OTP-10342: Deprecate pre-defined built-in types
2014-02-24Merge branch 'schlagert/fix_basic_appups'Siri Hansen
* schlagert/fix_basic_appups: Dynamically configure typer_SUITE according to environment Disable hipe_SUITE when environment doesn't support it Make hipe non-upgradable by setting appup file empty Fix missing module on hipe app file template Add test suites performing app and appup file checks Introduce appup test utility Fix library application appup files Fix non-library appup files according to issue #240 OTP-11744
2014-02-24Add test suites performing app and appup file checksTobias Schlager
Add the mentioned test suites for *all* library and touched non-library applications.
2014-02-23Deprecate pre-defined built-in typesHans Bolinder
The types array(), dict(), digraph(), gb_set(), gb_tree(), queue(), set(), and tid() have been deprecated. They will be removed in OTP 18.0. Instead the types array:array(), dict:dict(), digraph:graph(), gb_set:set(), gb_tree:tree(), queue:queue(), sets:set(), and ets:tid() can be used. (Note: it has always been necessary to use ets:tid().) It is allowed in OTP 17.0 to locally re-define the types array(), dict(), and so on. New types array:array/1, dict:dict/2, gb_sets:set/1, gb_trees:tree/2, queue:queue/1, and sets:set/1 have been added.
2014-02-21ssl: Add test that memory is not leekedIngela Anderton Andin
2014-02-20ssl: Correct clean up of certificate database when certs are inputedIngela Anderton Andin
in pure DER format. The incorrect code could cause a memory leek when certs where inputed in DER.
2014-02-14ssl: Fix possible mismatch between SSL/TLS version and default ciphersIngela Anderton Andin
2014-02-14ssl: Add test for avoiding a version and chipher suite missmatchIngela Anderton Andin
2014-02-14Fix edoc usage errorsPierre Fenoll
Errors discovered using `erldocs`: Superfluous @hidden tag would exit edoc application; 'Multiple @spec tag': appended a @clear tag after macro condition; '@spec arity does not match': added missing argument.
2014-02-10Merge branch 'ia/public_key/specs'Ingela Anderton Andin
* ia/public_key/specs: public_key: Export some dialyzer types
2014-02-06public_key: Export some dialyzer typesIngela Anderton Andin
Move dilayzer types from include file to erl file and use -export_type
2014-02-06ssl: Unicode adaptionsIngela Anderton Andin
2014-01-29ssl: Add workaround in test code for openssl s_client bugIngela Anderton Andin
2014-01-28ssl: use is_boolean/1 guard in option validationAndreas Schultz
2014-01-28Fix incorrect type reference (inet:ipaddress() -> inet:ip_address())Tuncer Ayaz
2014-01-28Fix incorrect use of public_key:private_key/0 typeTuncer Ayaz
public_key:private_key/0 was referenced but undefined, and lib/ssl had a local definition of private_key/0. To fix that, make the following changes: * add public_key:private_key/0 type * document public_key/0 and private_key/0 * fix incorrect definitions and references
2014-01-28Merge branch 'ia/ssl/tests'Ingela Anderton Andin
* ia/ssl/tests: ssl: Avoid test case timing issues
2014-01-28Merge branch 'ia/Vagabond/adt-honor-cipher-order/OTP-11621'Ingela Anderton Andin
* ia/Vagabond/adt-honor-cipher-order/OTP-11621: Implement 'honor_cipher_order' SSL server-side option
2014-01-27ssl: Avoid test case timing issuesIngela Anderton Andin
2014-01-24Merge tag 'OTP_R16B03-1'Magnus Lidén
The R16B03-1 release
2014-01-24Prepare releaseOTP_R16B03-1Erlang/OTP
2014-01-24Merge branch 'maint'Ingela Anderton Andin
Conflicts: otp_build
2014-01-22ssl: Incorrect inputed cipherlist lead server to think that the clientIngela Anderton Andin
did not support secure renegotiation
2014-01-22Merge branch 'dgud/test_unicode/OTP-10877'Dan Gudmundsson
* dgud/test_unicode/OTP-10877: sasl test: Quote executable paths (can contain spaces) rt_tools: Handle unicode chars in printouts kernel: code_SUITE fix unicode option Fix (unicode) debug info in test cases stdlib: Fix format if module resides in a unicode directory Fix testing with unicode paths test_server: Fix ts write unicode in config files
2014-01-21Implement 'honor_cipher_order' SSL server-side optionAndrew Thompson
HonorCipherOrder as implemented in Apache, nginx, lighttpd, etc. This instructs the server to prefer its own cipher ordering rather than the client's and can help protect against things like BEAST while maintaining compatability with clients which only support older ciphers. This code is mostly written by Andrew Thompson, only the test case was added by Andreas Schultz.
2014-01-21Merge branch 'ia/ssl/openssl-reneogtiation-bug'Ingela Anderton Andin
* ia/ssl/openssl-reneogtiation-bug: ssl: Add versions to check for sane OpenSSL version for renegotiation
2014-01-21Merge remote-tracking branch 'upstream/maint'Ingela Anderton Andin
2014-01-21Fix (unicode) debug info in test casesDan Gudmundsson
2014-01-15ssl: Prepare for releaseIngela Anderton Andin
2014-01-14ssl: fix elliptic curve selection in server modeAndreas Schultz
The server code erroneously took the list of curves supported by the client from it's own hello extension, effectively breaking curve selection all together. Also the default fallback secp256k1 curve is not supported by all clients. secp256r1 is recommended as part of the NIST Suite B cryptographic suites. The chances are much better that all clients support it, so use that as fallback.
2014-01-14ssl: Prepare for releaseIngela Anderton Andin
2014-01-14ssl: Add missing options validation of server_name_indicationIngela Anderton Andin