| Age | Commit message (Collapse) | Author |
|---|
|
|
|
* ingela/ssl/alert-error-enhancment/OTP-15943:
ssl: Enhance error handling
|
|
|
|
* peterdmv/ssl/fix-cert-error-handling/OTP-15900:
ssl: Fix handling of certificate decoding problems
|
|
* peterdmv/ssl/fix-sign-algs-cert/OTP-15913:
ssl: Backport fix for signature_algorithms_cert
|
|
* ingela/ssl/TLS-hibernate-bug/OTP-15910:
ssl: Fix hibernation bug
# Conflicts:
# lib/ssl/src/tls_connection.erl
|
|
Handle the ILLEGAL_PARAMETER alert that may be returned from ssl_alert:decode/3
for gracefull shutdown, try of ...catch will/should not handle this case it is
only handles the case that TM should not happen!
|
|
|
|
This commit fixes interoperability problems with openssl when
the TLS 1.3 server is using the option signature_algs_cert.
In such cases the signature_algorithms_cert extension was encoded
as a signature_algorithms extension and openssl s_client returned
an Illegal Parameter Alert due to its filtering of extension
duplicates.
|
|
|
|
|
|
* peterdmv/ssl/fix-handshake-hello/ERL-975/OTP-15888:
ssl: Fix negative tests in ssl_basic_SUITE
ssl: Fix run_client_error/1 in ssl_test_lib
ssl: Fix ssl_handshake:extension_value/1
|
|
* peterdmv/ssl/tls12-java11-interop/ERL-973/OTP-15887:
ssl: Add interop test
ssl: Improve handling of signature algorithms
|
|
* ingela/ssl/handshake-handling/ERL-968/OTP-15879:
ssl: Correct handshake handling
|
|
|
|
Fix run_client_error/1 to properly propagate errors from the
test client.
|
|
Handle new TLS 1.2/1.3 extensions.
|
|
Add interoperability test for TLS 1.2 server and TLS 1.3 client.
|
|
TLS 1.2 ClientHello caused handshake failure in the TLS 1.2 server
if the signature_algorithms_cert extension contained legacy algorithms.
Update TLS 1.2 server to properly handle legacy signature algorithms
in the signature_algorithms_cert extension.
Update TLS 1.3 client so that it can send legacy algorithms in its
signature_algorithms_cert extension.
|
|
Solves ERL-968, a refactoring bug could cause part of a server key exchange message to
be appended, to an incorrectly duplicated, certificate handshake message. In the end
causing an ASN1 decoding error. That in turn did not end up the correct error handling branch.
|
|
|
|
* peterdmv/ssl/dtls-test-fix:
ssl: Fix ssl_packet_SUITE
|
|
* ingela/ssl/dtls-multiplxor/ERL-962/OTP-15864:
ssl: Add missing gen_server return value in DTLS packet demux process
|
|
* ingela/ssl/ret-ext/ERL-951/OTP-15862:
ssl: Fix broken return value
|
|
Unset internal_active_n when cleaning FT environment.
|
|
|
|
|
|
|
|
|
|
|
|
Maybe we should only have specs for external APIs?!
This is a how to write spec problem that we have to address later.
|
|
|
|
TLS connections should not buffer too much application data if they
want to benefit from TCP flow control. Certain applications may want to
customize the value of internal_active_n as there is a tradeoff between
buffering memory and throughput.
Conflicts:
lib/ssl/src/tls_connection.erl
|
|
Conflicts:
lib/ssl/src/dtls_connection.erl
lib/ssl/src/ssl_connection.erl
|
|
|
|
* ingela/ssl/revert-ctrl-flow:
Revert "ssl: Add check when to toggle internal active N"
|
|
* raimo/inet_crypto_dist:
Rekey also the shared secret
Use shared secret to rekey
Cycle the keypair by time and count
Set socket buffer sizes to avoid handshake deadlock
Keep the keypair for the node's lifetime
Implement some kind of PEKE to get forward secrecy
Use incrementing IV
Use Erlang cookie as shared secret
|
|
|
|
* maint:
Fix bad merge from maint-21
Fix bad merge from maint-21
Updated OTP version
Prepare release
# Conflicts:
# OTP_VERSION
# make/otp_version_tickets_in_merge
|
|
This reverts commit 6e190b012dd5a304fc42a5f3bb58ff173a23eb66.
|
|
* ingela/ssl/openssl-test-cuddle:
ssl: Add necessary compliance check
|
|
|
|
* ingela/ssl/cipher-suite-conversion/ERL-924/OTP-15483:
ssl: Add cipher suite convertion functions
|
|
|
|
|
|
'ingela/ssl/backported-ssl-enhancments/ERL-929/ERL-893/PR-2215/OTP-15785' into maint-21
* ingela/ssl/backported-ssl-enhancments/ERL-929/ERL-893/PR-2215/OTP-15785:
ssl: Fix cherry-pick mistakes
ssl: Refer documentation of HttpPacket from erts
ssl: Update type spec of ssl:suite_to_str/1
ssl: Update function ssl:eccs/1
ssl: Fix type specs of ssl_internal.hrl
ssl: Fix type specs of internal handshake functions
ssl: Fix dialyzer warnings
eldap: Fix dialyzer warnings
ssl: Fix missing anchor warning
public_key: Accept digest types 'sha1' and 'sha'
inet: Document type inet:stat_option()
ssl: Changed function specs and ssl.xml
ssl: Add missing tuple in shutdown reason
|
|
|
|
* ingela/ssl/flow-ctrl/ERL-934/OTP-15802:
ssl: Add check when to toggle internal active N
|
|
Missing check of size of user_data_buffer made internal socket
behave as an active socket instead of active N.
Also correct indentation.
|
|
|
