Age | Commit message (Collapse) | Author |
|
|
|
|
|
Rename Connection:handle_common_event Connection:handle_protocol_record
removing use of unnecessary argument and making code easier to understand.
|
|
State values created at init
|
|
|
|
|
|
* raimo/ssl/tls_dist-optimization:
Handle socket close in state downgrade
Handle dead sender at terminate
Handle tls_sender exit properly
Optimize split_bin
Improve dist send throughput
|
|
* raimo/ssl/tls_dist-profiling:
Improve benchmark
Implement print on other node
Fix compiler warnings
|
|
* ingela/ssl/test-cuddle-ssl_basic_SUITE:
ssl: Correct test case
|
|
|
|
Also avoid code duplication
Conflicts:
lib/ssl/src/dtls_connection.erl
lib/ssl/src/tls_connection.erl
|
|
When internaly using active N, bugs in shutdown implementation where reveled.
|
|
Make next_record an internal help function to next_event and avoid
duplicate calls to tls_socket:setopts for setting the active option.
|
|
|
|
|
|
|
|
|
|
|
|
We need to test the Engine interface not only for loading, key retrieval and hashing,
so it is complemented with a fake rsa method to check sign/verify also.
|
|
|
|
|
|
|
|
* maint-20:
Updated OTP version
Prepare release
|
|
* ingela/ssl/rsa-kex-engine/ERIERL-268/OTP-15420:
ssl: Add engine handling clause to RSA key exchange
|
|
|
|
|
|
|
|
* maint-20:
Updated OTP version
Prepare release
Optimize operator '--' and yield on large inputs
Conflicts:
OTP_VERSION
erts/doc/src/notes.xml
erts/emulator/beam/erl_alloc.types
erts/emulator/beam/erl_bif_lists.c
erts/vsn.mk
lib/ssl/doc/src/notes.xml
lib/ssl/vsn.mk
lib/stdlib/doc/src/notes.xml
lib/stdlib/vsn.mk
make/otp_version_tickets
otp_versions.table
|
|
Could cause renegotiation to fail
|
|
with handshake
Fix of commit 68d9244ae33e5eea36250c3bb9ffe046a4db5647
|
|
|
|
|
|
* ingela/ssl/deliver-all-data-at-close/ERL-731/OTP-15412:
ssl: Extend check for undelivered data at closing
|
|
This is a timing related bug that alas is hard to test
|
|
|
|
other purposes than handshaking
|
|
ssl: fix timezone-related bug in ssl_pem_cache
OTP-15402
|
|
Fix the default implementation of address_please
|
|
Caught with unit test in ssl_pem_cache_SUITE.
When local timezone is PST (Pacific Standard Time), PEM cache was not evicting
expired entries due to file time converstion was done using
calendar:now_to_datetime, while file modification time is actually in local time.
Use os:system_time() to align with file_info modified time.
|
|
|
|
TLS-1.3 needs to handle AEAD inputs diffrently than previous versions.
Refactor code to facilitate TLS-1.3 additions.
Change CHACHA20_POLY1305 NONCE to match RFC 7905. This will be
important later when we fix interop with TLS compatible crypto
invocation.
|
|
|
|
* maint-21:
Updated OTP version
Prepare release
erts: Fix UNC path handling on Windows
erts: Fix a compiler warning
eldap: Fix race at socket close
Fix bug for sockopt pktoptions on BSD
erts: Fix memory leak on file read errors
|
|
|
|
|
|
maint
Conflicts:
lib/ssl/src/tls_sender.erl
|
|
If the socket option is set to {packet, 1|2|3|4} sender process needs to
add a packet length header. If packet is changed with ssl:setopts/2 this needs
to be communicated to tls_sender.
|
|
With the new TLS sender process, solving ERL-622, TLS ALERTs sent in
the connection state must be encrypted and sent by the TLS sender
process. This to make sure that the correct encryption state is used
to encode the ALERTS. Care must also be taken to ensure a graceful
close down behavior both for normal shutdown and downgrading from TLS
to TCP.
The original TR ERL-738 is verified by cowboy tests, and close down
behavior by our tests. However we alas have not been able to yet
create a minimal test case for the originating problem.
Also it seems it has become less likely that we run in to the TCP
delivery problem, that is the guarantee is only on transport level,
not application level. Keep work around function in ssl_test_lib but
we can have better test as long as we do not get to much wobbling
tests.
|
|
If the socket option is set to {packet, 1|2|3|4} sender process needs to
add a packet length header. If packet is changed with ssl:setopts/2 this needs
to be communicated to tls_sender.
|
|
With the new TLS sender process, solving ERL-622, TLS ALERTs sent in
the connection state must be encrypted and sent by the TLS sender
process. This to make sure that the correct encryption state is used
to encode the ALERTS. Care must also be taken to ensure a graceful
close down behavior both for normal shutdown and downgrading from TLS
to TCP.
The original TR ERL-738 is verified by cowboy tests, and close down
behavior by our tests. However we alas have not been able to yet
create a minimal test case for the originating problem.
Also it seems it has become less likely that we run in to the TCP
delivery problem, that is the guarantee is only on transport level,
not application level. Keep work around function in ssl_test_lib but
we can have better test as long as we do not get to much wobbling
tests.
|