Age | Commit message (Collapse) | Author |
|
|
|
|
|
* ia/ssl/econnaborted:
ssl: Fatal close alert makes more sense than handshake failiure at econnaborted
|
|
|
|
|
|
follow up enhancments done in commit
e56167dd6ca8d37d26ea7f19933691a3bda41113
Make sure format_error return good strings. Replace confusing legacy atoms
with more descriptive atoms.
|
|
|
|
|
|
|
|
* ia/ssl/test-case-timeout:
ssl: Too short timeout in test case
|
|
|
|
|
|
|
|
|
|
|
|
Remove very old and obsolete release notes, update version and appup.
|
|
* ia/ssl/incompatible-error-msg/OTP-10451:
ssl: Enhance error handling
|
|
* ia/ssl/certtable-clean/OTP-10710:
ssl: Certificates and PEM-cache cleaning fixed to avoid memory leak
|
|
* ia/ssl/simplify-addition-of-keyexchange-algorithms/OTP-10709:
SSL: simplify server key encoding, decoding and signature handling
SSL: unify the different implementations signature check implementations
|
|
Remove filter mechanisms that made error messages backwards compatible
with old ssl but hid information about what actually happened.
This does not break the documented API however other reason
terms may be returned, so code that matches on the reason part of
{error, Reason} may fail.
|
|
* nox/enable-silent-rules/OTP-10726:
Implement ./otp_build configure --enable-silent-rules
|
|
server key encoding depends to the negotiated key exchange. Before
the encoding was limited to diffie-hellman keys. This changes allows
to select the key structure to decode and verify. It also consolidates
the transport encoding of the parameters into one place.
|
|
ssl_handshake and ssl_connection where doing essentially the same when
checking a public key signature. This unify both into a single function
|
|
Certificate db cleaning messages where sent to the wrong process after
restructuring to avoid bottlenecks.
It is possible that the ssl manager process gets two cleaning messages
for the same entry. E.i. first cleaning message is sent and before it
is processed a new reference is allocated and again released for the
entry, generating a second cleaning message.
Also in ssl_manger:handle_info/2 it is possible that there exists a
new reference to an "old" file name with a potential new content.
|
|
With silent rules, the output of make is less verbose and compilation
warnings are easier to spot. Silent rules are disabled by default and
can be disabled or enabled at will by make V=0 and make V=1.
|
|
|
|
|
|
* ia/ssl/gen-tcp-reusesaddr:
ssl: Add test for gen_tcp with reuseaddr as reference
|
|
* ia/ssl/TLS-1.2-default/OTP-10425:
ssl: Make TLS-1.2 default version
|
|
|
|
|
|
|
|
|
|
Conflicts:
erts/emulator/sys/vxworks/sys.c
erts/vsn.mk
lib/ssl/src/ssl_connection.erl
lib/ssl/test/ssl_basic_SUITE.erl
|
|
|
|
|
|
|
|
|
|
Reset state so that "recv data" is not sent as "active data" after a recv
timed out and no new recv has been called.
|
|
ssl:ssl_accept/[2,3] or ssl:connect/[3,4] timeout expires.
Add missing function clause to handle timeout during handshake.
The missing clause had the effect that the timeout was wrongly
discarded. Also add an extra test case for the recv timeout
in addition to the one in ssl_packet_SUITE.
The missing functions clause was introduced in 8a789189.
This commit changed the timeout implementation, the previous implememtation
could cause other type of problems as the timeout was client side.
|
|
* ia/ssl/sslv2-tests:
ssl: Receive port EXIT-message so that it does not get mixed up with the protocol-error message we are expecting
|
|
The R15B03 release
|
|
protocol-error message we are expecting
|
|
* ia/ssl/peer-cert-server:
ssl: Add test case for ssl:peercert with client certification
|
|
|
|
If an ssl server is restarted with new options and a client
tries to reuse a session the server must make sure that it complies
to the new options before agreeing to reuse it.
|
|
* ia/ssl/make-depend/OTP-10594:
ssl: Add dependencies to Makefile
|
|
|
|
|
|
|