| Age | Commit message (Collapse) | Author |
|---|
|
There are two problematic areas: EC curve selection and
interoperability tests with OpenSSL.
The tests shouldn't assume any particular EC curve is available, but
should always check the list of curves reported by
tls_v1:ecc_curves/1.
And during interoperability tests the tests shouldn't assume that any
cipher suite supported by Erlang is also supported by OpenSSL. There
are OpenSSL packages where the command line openssl tool only supports
a subset of the ciphers available in libcrypto. The actual list of
supported cipher suites thus shall be queried from OpenSSL.
|
|
* ia/ssl/test-alpn-cuddle:
ssl: Fix typos that broke alpn tests
|
|
|
|
|
|
|
|
As sslv3 is being faced out we need to test for old version support as well as
newer versions.
|
|
* legoscia/tls_dist_error_reporting:
Report bad options for outgoing TLS distribution
Save error reasons for TLS distribution connections
Report bad options for TLS distribution connections
OTP-13219
|
|
=== OTP-18.2 ===
Changed Applications:
- asn1-4.0.1
- common_test-1.11.1
- compiler-6.0.2
- crypto-3.6.2
- dialyzer-2.8.2
- diameter-1.11.1
- erl_docgen-0.4.1
- erl_interface-3.8.1
- erts-7.2
- eunit-2.2.12
- hipe-3.14
- inets-6.1
- jinterface-1.6.1
- kernel-4.1.1
- observer-2.1.1
- parsetools-2.1.1
- public_key-1.1
- runtime_tools-1.9.2
- sasl-2.6.1
- snmp-5.2.1
- ssh-4.2
- ssl-7.2
- stdlib-2.7
- test_server-3.9.1
- tools-2.8.2
- typer-0.9.10
- wx-1.6
- xmerl-1.3.9
Unchanged Applications:
- cosEvent-2.2
- cosEventDomain-1.2
- cosFileTransfer-1.2
- cosNotification-1.2
- cosProperty-1.2
- cosTime-1.2
- cosTransactions-1.3
- debugger-4.1.1
- edoc-0.7.17
- eldap-1.2
- et-1.5.1
- gs-1.6
- ic-4.4
- megaco-3.18
- mnesia-4.13.2
- odbc-2.11.1
- orber-3.8
- os_mon-2.4
- ose-1.1
- otp_mibs-1.1
- percept-0.8.11
- reltool-0.7
- syntax_tools-1.7
- webtool-0.9
|
|
* ia/libressl:
ssl: Print openssl version string
ssl: Do not use environment variables in openSSL config file
|
|
|
|
|
|
* ia/libressl:
ssl: Print openssl version string
ssl: Do not use environment variables in openSSL config file
|
|
|
|
LibreSSL does not allow it.
|
|
|
|
|
|
* ia/ssl/windows-tests:
ssl: Use test case time out instead
ssl: Use spawn_executable
|
|
* ia/ssl/renegotiate-tests:
ssl: Add renegotiation exception
|
|
|
|
|
|
If ssl:connect/3 returns an error related to options, let's log that
so we have a chance to see it and fix it.
|
|
When establishing an outbound connection for TLS distribution, let's
hold on to the failure reasons and use them as exit reasons. These
exit reasons are normally invisible, but they can be seen in the logs
after calling net_kernel:verbose(1).
While there are trace messages in the code already, those require
recompiling the module with a special flag, which is more cumbersome
than changing the net_kernel verbosity level at run time.
|
|
|
|
|
|
|
|
* ia/ssl-prepare-release:
ssl: Correct spec
ssl: Prepare for release
|
|
|
|
|
|
* rlipscombe/rl-ssl-options:
Ensure single 'raw' option is handled correctly
Pass 'raw' options through
OTP-13166
|
|
* ia/ssl/sslv3-completeness:
ssl: SSLv3 completeness
|
|
We are considering removing default support for DES cipher suites.
However this cipher suite is currently allowed in TLS and missing from
SSL.
|
|
* ia/ssl/max-sessions/OTP-12392:
ssl: Fix documentation mistakes
ssl: Add upper limit for session cache
ssl: Measure elapsed time with erlang:monotonic_time
|
|
|
|
Conflicts:
OTP_VERSION
erts/doc/src/notes.xml
erts/vsn.mk
lib/kernel/doc/src/notes.xml
lib/kernel/src/kernel.appup.src
lib/kernel/vsn.mk
lib/ssl/doc/src/notes.xml
lib/ssl/src/ssl.appup.src
lib/ssl/src/ssl_cipher.erl
lib/ssl/vsn.mk
otp_versions.table
|
|
If upper limit is reached invalidate the current cache entries, e.i the session
lifetime is the max time a session will be keept, but it may be invalidated
earlier if the max limit for the table is reached. This will keep the ssl
manager process well behaved, not exhusting memeory. Invalidating the entries
will incrementally empty the cache to make room for fresh sessions entries.
|
|
|
|
|
|
|
|
* legoscia/tls_dist_options:
Test interface listen option for TLS distribution
Test socket listen options for TLS distribution
Test port options for TLS distribution
TLS Dist: Use inet_dist_ options
Conflicts:
lib/ssl/src/ssl_tls_dist_proxy.erl
lib/ssl/test/ssl_dist_SUITE.erl
OTP-12838
|
|
* legoscia/ssl_connection_terminate_crash:
Avoid crash for SSL connections with nonexistent keyfile
OTP-13144
|
|
* legoscia/tls_dist_nodelay:
Add test for dist_nodelay option
Honour dist_nodelay socket option in tls_dist proxy
OTP-13143
|
|
* legoscia/ssl-dist-error-handling:
In ssl_tls_dist_proxy, pass along EPMD registration errors
OTP-13142
|
|
* zandra/fix-24h-macro-in-suite:
fix 24h macro in test suite
|
|
* ppikula/fix-24h-macro:
fix incorrect number of seconds in 24h macro The previous commit - 7b93f5d8a224a0a076a420294c95a666a763ee60 fixed the macro only in one place.
OTP-13141
|
|
Add a test to ensure that a single 'raw' option can be passed to
ssl:listen correctly.
Note: multiple raw options are (incorrectly) handled by
inet:listen_options. See
http://erlang.org/pipermail/erlang-questions/2014-March/078371.html
|
|
Add test that checks that the option inet_dist_use_interface is used
when starting a node with TLS distribution.
|
|
Add test that checks that the option inet_dist_listen_options is used
when starting a node with TLS distribution.
This test was adapted from inet_dist_options_options in
erl_distribution_SUITE.
|
|
Add test that checks that the options inet_dist_listen_min and
inet_dist_listen_max are used when starting a node with TLS
distribution.
|
|
The inet_dist_ options, such as min/max port numbers aren't used
with TLS distribution. This commits uses those settings in the
same way as they're used in inet_tcp_dist.erl
|
|
* legoscia/tls-dist-shutdown:
Adjust shutdown strategies for distribution over TLS
OTP-13134
|
