| Age | Commit message (Collapse) | Author |
|---|
|
* ingela/dtls/abbreviated:
dtls: Trigger resend in abbreviated handshake if change_cipher_spec is received to early.
|
|
is received to early.
|
|
* raimo/better-TLS-distribution/OTP-14969:
Fix distro CRL test cases short vs long names
Allow check for node name
Move check ip to before SSL handshake
Check client IP from server
Parse cert primarily for host names
Open for host and node allow list
Create plug-in for distro cert nodes
Rewrite TLS dist to handle node names in certs
Improve node allowed check
|
|
* ingela/ssl/test-cuddle:
ssl: Handle EXIT messages from test code correctly
|
|
|
|
answer to a certificate request
Solves ERL-599
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
When test handling was corrected it was obvious that DTLS ECC handling
was not compleated.
|
|
|
|
* maint:
Updated OTP version
Update release notes
ssl: Prepare for release
ssl: Remove duplicate release note
ssl: Fix filter function to not discard AEAD cipher suites
Conflicts:
OTP_VERSION
|
|
|
|
|
|
|
|
|
|
Conflicts:
OTP_VERSION
|
|
* ingela/ssl/no-sslv2-hello-support/OTP-14824:
ssl: Remove interoperability option v2_hello_compatible
|
|
* hasse/dialyzer/extra-range/OTP-14970:
ssl: Correct some specs
os_mon: Correct a spec
Fix broken spec in beam_asm
Dialyzer should not throw away spec information because of overspec
|
|
|
|
* peterdmv/use_uri_string/OTP-14902:
common_test: Use uri_string
ssl: Use uri_string
public_key: Use uri_string
observer: Use uri_string
Change-Id: I4beac2289db039cc7d566807727c5aaf7fadf942
|
|
|
|
|
|
|
|
Change-Id: I1249b93b1e4a971cf1af2cb96a65563e23117e2b
|
|
|
|
The interoperability option to fallback to insecure renegotiation
now has to be explicitly turned on.
|
|
|
|
Anonymous cipher suites were broken altogether, and
there was an earlier issue where the server would send a signature
in the server key exchange if a certificate was configured, even
if an anonymous suite was actually negotiated.
Backport of PR-1729
|
|
|
|
|
|
|
|
Cipher suite handling improvments missed to make a few changes
for AEAD to be handled correctly see ERL-568
|
|
* maint:
Updated OTP version
Prepare release
ssl: Prepare for release
ssl: Backport PR-1709
ssh: Fix cli
ssh: Test for disabled shell
|
|
* maint-19:
Updated OTP version
Prepare release
ssl: Prepare for release
ssl: Backport PR-1709
ssh: Fix cli
ssh: Test for disabled shell
Conflicts:
OTP_VERSION
lib/ssh/doc/src/notes.xml
lib/ssh/src/ssh.erl
lib/ssh/vsn.mk
lib/ssl/doc/src/notes.xml
lib/ssl/vsn.mk
otp_versions.table
|
|
|
|
|
|
|
|
|
|
dumbbell/dumbbell/ssl/fix-active-once-dropped-when-handling-alert/ERL-562
ssl: Fix alert handling so that unexpected messages are logged and alerted correctly
|
|
... in handle_common_event(), instead of passing it to
handle_own_alert() after wrapping it in a tuple with `StateName` (i.e.
`{StateName, Msg}`).
The `StateName` is passed to handle_normal_shutdown() and to
alert_user(). The latter has a clause matching it against `connection`.
Unfortunately, when the argument was in fact `{StateName, Msg}`, another
clause was executed which dropped the `active` flag value and forced it
to `false`, even if the state was actually `connection`. It meant that
later in send_or_reply(), the alert was not propagated to the user, even
though it should (`active` set to `true` or `once`).
Now that handle_common_event() always passes the actual `StateName`, the
problem is fixed.
ERL-562
|
|
Conflicts:
lib/ssl/doc/src/ssl.xml
lib/ssl/src/ssl.erl
lib/ssl/src/ssl_cipher.erl
lib/ssl/test/ssl_basic_SUITE.erl
lib/ssl/test/ssl_test_lib.erl
|
|
Preferably customized cipher suites will be based on the default value.
But all may be used as base and hence it will be good to
handle anonymous suites separately as they are intended for testing purposes.
|
