Age | Commit message (Collapse) | Author | |
---|---|---|---|
2012-12-06 | ssl: Export sslsocket() dialyzer type | Ingela Anderton Andin | |
2012-12-06 | ssl: Cancel non expired timers | Ingela Anderton Andin | |
2012-12-06 | ssl: Fix recv after timeout expired | Ingela Anderton Andin | |
Reset state so that "recv data" is not sent as "active data" after a recv timed out and no new recv has been called. | |||
2012-12-06 | ssl: Timeout handling changed so that the fsm-process will terminate if the ↵ | Ingela Anderton Andin | |
ssl:ssl_accept/[2,3] or ssl:connect/[3,4] timeout expires. Add missing function clause to handle timeout during handshake. The missing clause had the effect that the timeout was wrongly discarded. Also add an extra test case for the recv timeout in addition to the one in ssl_packet_SUITE. The missing functions clause was introduced in 8a789189. This commit changed the timeout implementation, the previous implememtation could cause other type of problems as the timeout was client side. | |||
2012-11-26 | Prepare releaseOTP_R15B03 | Erlang/OTP | |
2012-11-19 | ssl: Fix bug in match expression found by Dialyzer | Ingela Anderton Andin | |
Code should handle case the there is some undelivered data left on the socket when peer close signal is received. It is unlikely that this happens during normal testing. | |||
2012-11-14 | ssl: Update vsn.mk and ssl.appup.src for release | Ingela Anderton Andin | |
2012-11-13 | ssl: Make sure that the ssl connection process will not hang in terminate ↵ | Ingela Anderton Andin | |
function. Avoid doing gen_tcp/inet socket operations in terminate if socket is already closed. Call gen_tcp:recv/3 in the "data delivery workaround" to avoid hanging. | |||
2012-11-13 | ssl: Add default values to emulated socket options in internal record | Ingela Anderton Andin | |
The absence of the active default values could cause a process leak | |||
2012-11-12 | ssl: Adopt test case to not take so long | Ingela Anderton Andin | |
2012-11-09 | ssl: Do not use gen_fsm:sync_send_all_state_event/3 timeout | Ingela Anderton Andin | |
The gen_fsm:sync_send_all_state_event/3 timout is a client side timeout. If timeouts are needed we want them to be server side timeouts. | |||
2012-09-03 | Prepare releaseOTP_R15B02 | Erlang/OTP | |
2012-08-31 | Update copyright years | Björn-Egil Dahlberg | |
2012-08-29 | Merge branch 'ta/docsmaint' into maint | Henrik Nord | |
* ta/docsmaint: Fix various doc typos for R15B02 Fix various code typos for R15B02 OTP-10245 | |||
2012-08-27 | ssl: Fixed compilation warnings | Ingela Anderton Andin | |
2012-08-24 | ssl & public_key: Workaround that some certificates encode countryname as ↵ | Ingela Anderton Andin | |
utf8 and close down gracefully if other ASN-1 errors occur. The reason certificate_unknown that is used as ALERT for ASN-1 encoding failure is described as: Some other (unspecified) issue arose in processing the certificate, rendering it unacceptable. | |||
2012-08-23 | Merge branch 'ia/sslv3-alert/OTP-10196' into maint | Ingela Anderton Andin | |
* ia/sslv3-alert/OTP-10196: ssl: Add missing sslv3 alert | |||
2012-08-23 | ssl: Clean up of code thanks to dialyzer | Ingela Anderton Andin | |
2012-08-22 | ssl: Add missing sslv3 alert | Ingela Anderton Andin | |
2012-08-22 | ssl: Test suite adjustments | Ingela Anderton Andin | |
2012-08-22 | ssl & public_key: Prepare for release | Ingela Anderton Andin | |
Tickets solved by this branch: OTP-8871, OTP-8872 and OTP-9908 | |||
2012-08-22 | ssl: Use crypto:strong_rand_bytes if possible | Ingela Anderton Andin | |
2012-08-22 | ssl & public_key: Add use of more "sha-rsa oids" | Ingela Anderton Andin | |
2012-08-22 | ssl: Fix inet header option to behave as in inet | Ingela Anderton Andin | |
This options is useless and should be deprecated. But we behave as inet does for now! | |||
2012-08-22 | ssl: TLS 1.2: fix hash and signature handling | Andreas Schultz | |
with TLS 1.2 the hash and signature on a certify message can differ from the defaults. So we have to make sure to always use the hash and signature algorithm indicated in the handshake message | |||
2012-08-22 | ssl: TLS 1.2: fix Certificate Request list of Accepted Signatur/Hash ↵ | Andreas Schultz | |
combinations | |||
2012-08-22 | ssl: Add Signature Algorithms hello extension from TLS 1.2 | Andreas Schultz | |
This is also avoids triggering some bugs in OpenSSL. | |||
2012-08-22 | ssl: Fix rizzo tests to run as intended | Ingela Anderton Andin | |
The Rizzo tests ran both SSL 3.0 and TLS 1.0 tests in the same test case but the new group structure that run all relevant test for all relevant SSL/TLS versions we need to change that to run the protocol version of the group the we are currently running. | |||
2012-08-22 | ssl: TLS-1.1 and TLS-1.2 support should not be default until R16 | Ingela Anderton Andin | |
2012-08-22 | ssl: Signture type bug | Ingela Anderton Andin | |
2012-08-22 | ssl: Add crypto support check (TLS 1.2 require sha256 support) | Ingela Anderton Andin | |
2012-08-22 | ssl: Dialyzer fixes | Ingela Anderton Andin | |
2012-08-22 | ssl: IDEA cipher is deprecated by TLS 1.2 | Ingela Anderton Andin | |
As we did not yet support IDEA ciphers and they have now become deprecated we skip supporting them altogether. | |||
2012-08-22 | ssl: Run relevant tests for all SSL/TLS versions | Ingela Anderton Andin | |
2012-08-22 | ssl: Add TLS version switches to openssl tests | Andreas Schultz | |
2012-08-22 | ssl: Enable TLS 1.2 | Andreas Schultz | |
2012-08-22 | ssl: Enable mac_hash for TLS 1.2 | Andreas Schultz | |
2012-08-22 | ssl: Implement TLS 1.2 signature support | Andreas Schultz | |
2012-08-22 | ssl: Make signature handling version dependant | Andreas Schultz | |
TLS 1.2 introduces changes on how signatures are calculate and encoded. This makes the signature handling version aware | |||
2012-08-22 | ssl: Fix PRF logic | Ingela Anderton Andin | |
2012-08-22 | ssl: Add TLS 1.2 cipher suites | Andreas Schultz | |
2012-08-22 | ssl: Implement and activate PRFs for TLS 1.1 and 1.2 | Andreas Schultz | |
2012-08-22 | ssl: make PRF function selectable | Andreas Schultz | |
TLS 1.2 allows to negotiate the used PRF, additional the default PRF uses a different hash. This change make the PRF selectable and hardwires the PRF for TLS < 1.2 | |||
2012-08-22 | ssl: Add TLS version paramter to verify_dh_params | Andreas Schultz | |
dh parameter verification is done differently with TLS 1.2. Prepare for that by passing the verion to verify_dh_params. | |||
2012-08-22 | ssl: Add TLS version to dec_hs/2 | Andreas Schultz | |
TLS 1.2 changes the layout of several handshake records. This adds the TLS version to dec_hs/2 so it can decode those. | |||
2012-08-22 | ssl: Add TLS version to ssl_handshake:key_exchange/3 | Andreas Schultz | |
TLS 1.2 changed the way digital signatures are done. key_exchange/3 needs to pass the version to it. | |||
2012-08-22 | ssl: Update ssl_cipher_SUITE for TLS 1.1 and TLS 1.2 | Andreas Schultz | |
now that we handle TLS 1.1+ records correctly, the test suite have to take that into account. | |||
2012-08-22 | ssl: Add TLS 1.2 block cipher IV handling | Andreas Schultz | |
2012-08-22 | ssl: Consider TLS version when building cipher blocks | Andreas Schultz | |
With TLS 1.2 the handling of the IV in cipher blocks changed. This prepares ssl_cipher:cipher/5 for that change by passing the TLS version into it and allowing generic_block_cipher_from_bin/4 to overload the IV. | |||
2012-08-22 | ssl: Calculate handshake hash only when needed | Andreas Schultz | |
TLS/SSL version before 1.2 always used a MD5/SHA combination for the handshake hashes. With TLS 1.2 the default hash is SHA256 and it is possible to negotiate a different hash. This change delays the calculation of the handshake hashes until they are really needed. At that point the hash to use should be known. For now MD5/SHA is still hard coded. |