aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
AgeCommit message (Collapse)Author
2016-09-12Merge branch 'ferd/bypass-pem-cache/PR-1143/OTP-13883' into maintIngela Anderton Andin
* ferd/bypass-pem-cache/PR-1143/OTP-13883: ssl: Add documentation of bypass_pem_cache application environment configuration ssl: Add new benchmarks to skip file for normal testing Adding PEM cache bypass benchmark entries Fixing CRL searching in cache bypass Add option to bypass SSL PEM cache
2016-09-12ssl: Add documentation of bypass_pem_cache application environment configurationIngela Anderton Andin
2016-09-07ssl: Make sure tests get a clean startIngela Anderton Andin
2016-09-07ssl: Tune timeoutIngela Anderton Andin
2016-09-07ssl: Consistent timeout handlingIngela Anderton Andin
init_per_testcase timeout for renegotiation tests would be overridden by local timeout in test case help function.
2016-09-06Merge branch 'ingela/ssl/dtls-progress/connection-states-as-maps' into maintIngela Anderton Andin
* ingela/ssl/dtls-progress/connection-states-as-maps: dtls: fix encoding of client hello cookie dtls: Prepare start of DTLS connection manager with SSL app ssl: Refactor to use maps for the connection states ssl, dtls: Refactor sni handling dtls: Add close/5 dtls: Add renegotiate/2 dtls: Add protocol event handling ssl: Refactor code so that tls and dtls can share more code ssl, dtls: Disable V2 compatibility clause from ssl_handshake:update_handshake_history ssl: Make sure common code for TLS and DTLS uses the TLS Version ssl: remove unused RecordCB argument from master_secret dtls: Add reinit_handshake_data/1 to dtls dtls: replace tls_record with RecordCB in connection_info Fix version numbers and dependencies
2016-09-05dtls: fix encoding of client hello cookieAndreas Schultz
2016-09-05dtls: Prepare start of DTLS connection manager with SSL appAndreas Schultz
2016-09-05ssl: Refactor to use maps for the connection statesIngela Anderton Andin
2016-09-05ssl, dtls: Refactor sni handlingIngela Anderton Andin
2016-09-05dtls: Add close/5Ingela Anderton Andin
2016-09-05dtls: Add renegotiate/2Ingela Anderton Andin
2016-09-05dtls: Add protocol event handlingIngela Anderton Andin
2016-09-05ssl: Refactor code so that tls and dtls can share more codeIngela Anderton Andin
We want to share more alert and application data handling code. Some of the application data handling code, packet handling, will not be relevant for dtls, but this code can be excluded from dtls by options checking.
2016-09-05ssl, dtls: Disable V2 compatibility clause from ↵Ingela Anderton Andin
ssl_handshake:update_handshake_history This proably a much bigger problem for DTLS than TLS, but should be disabled for both unless explicitly configured for TLS.
2016-09-05ssl: Make sure common code for TLS and DTLS uses the TLS VersionIngela Anderton Andin
When protocol version is proagated from the DTLS connection processes state into general ssl functions it must be converted to the corresponding TLS version.
2016-09-05ssl: remove unused RecordCB argument from master_secretAndreas Schultz
Conflicts: lib/ssl/src/ssl_handshake.erl
2016-09-05dtls: Add reinit_handshake_data/1 to dtlsIngela Anderton Andin
The callback is invoke before entering state 'connection'. It allows a connection module to remove data from the connection state that is no longer needed (e.g. handshake history).
2016-09-05dtls: replace tls_record with RecordCB in connection_infoAndreas Schultz
Conflicts: lib/ssl/src/ssl_connection.erl
2016-09-05Fix version numbers and dependenciesRaimo Niskanen
2016-09-05ssl: Make sure to have correct defaultIngela Anderton Andin
2016-09-02ssl: Test ssl v2 clients rejection depending on configurationIngela Anderton Andin
Even though v2 is never supported v2 hellos can be. No support for v2 client hellos gives "handshake failiure" alert. Support for v2 hello but no higher SSL/TLS version offered gives "protocol version" alert.
2016-09-02ssl: Add new benchmarks to skip file for normal testingIngela Anderton Andin
2016-09-02ssl: Add check in test framework for crypto supportIngela Anderton Andin
Avoid to run tests of algorithms not supported by crypto.
2016-09-01doc: Correct errors introduced by Editorial changesHans Bolinder
Fix some older errors as well.
2016-08-31Adding PEM cache bypass benchmark entriesFred Hebert
The benchmarks run through the local node only, as an attempt to show more potential contention on certificate usage.
2016-08-31Merge branch 'raimo/gen_statem-callback_mode/OTP-13752' into maintRaimo Niskanen
* raimo/gen_statem-callback_mode/OTP-13752: ssl: Upgrade suite testing skipped if stdlib upgrade is required Fix version numbers and dependencies Conflicts: lib/ssl/src/ssl.appup.src lib/ssl/vsn.mk
2016-08-31Merge branch 'ingela/ssl/cuddle' into maintIngela Anderton Andin
* ingela/ssl/cuddle: ssl: Test and test suites shall be independent of each other
2016-08-31ssl: Gracefulness behaviour when receiving partially malformed messagesIngela Anderton Andin
2016-08-30Merge branch 'ingela/ssl/ERL-232/OTP-13853' into maintIngela Anderton Andin
* ingela/ssl/ERL-232/OTP-13853: ssl: Remove clause that postponed unexpected messages
2016-08-30ssl: Timeout tuningIngela Anderton Andin
Skip some test on really slow solaris machines
2016-08-29ssl: Remove clause that postponed unexpected messagesIngela Anderton Andin
2016-08-25ssl: Upgrade suite testing skipped if stdlib upgrade is requiredIngela Anderton Andin
2016-08-25Fix version numbers and dependenciesRaimo Niskanen
2016-08-24Merge branch 'raimo/gen_statem-callback_mode/OTP-13752' into maintRaimo Niskanen
* raimo/gen_statem-callback_mode/OTP-13752: Include trap_exit in server skeletons Improve sys debug Handle exceptions in init/1 and callback_mode/0 Clarify error values Doc fixes Rewrite SSH for gen_statem M:callback_mode/0 Rewrite SSL for gen_statem M:callback_mode/0 Rewrite Tools for gen_statem M:callback_mode/0 Rewrite gen_statem docs for M:callback_mode/0 Rewrite gen_statem TCs for M:callback_mode/0 Rewrite gen_statem for M:callback_mode/0
2016-08-22Fixing CRL searching in cache bypassFred Hebert
2016-08-19Add option to bypass SSL PEM cacheFred Hebert
The current SSL implementation has a PEM cache running through the ssl manager process, whose primary role is caching CA chains from files on disk. This is intended as a way to save on disk operation when the requested certificates are often the same, and those cache values are both time-bound and reference-counted. The code path also includes caching the Erlang-formatted certificate as decoded by the public_key application The same code path is used for DER-encoded certificates, which are passed in memory and do not require file access. These certificates are cached, but not reference-counted and also not shared across connections. For heavy usage of DER-encoded certificates, the PEM cache becomes a central bottleneck for a server, forcing the decoding of every one of them individually through a single critical process. It is also not clear if the cache remains useful for disk certificates in all cases. This commit adds a configuration variable for the ssl application (bypass_pem_cache = true | false) which allows to open files and decode certificates in the calling connection process rather than the manager. When this action takes place, the operations to cache and return data are replaced to strictly return data. To provide a transparent behaviour, the 'CacheDbRef' used to keep track of the certificates in the cache is replaced by the certificates itself, and all further lookup functions or folds can be done locally. This has proven under benchmark to more than triple the performance of the SSL application under load (once the session cache had also been disabled).
2016-08-18ssl: Check precondition for ssl_npn_hello_SUITEIngela Anderton Andin
2016-08-09ssl: Conform to dialyzer specIngela Anderton Andin
2016-08-09Merge branch 'maint-19' into maintLukas Larsson
Conflicts: lib/ssl/src/ssl.appup.src
2016-08-08Prepare releaseErlang/OTP
2016-08-02Rewrite SSL for gen_statem M:callback_mode/0Raimo Niskanen
2016-07-26Merge branch 'lemenkov/kernel/fix-register_ipv6_epmd/PR-1129/OTP-13770' into ↵Björn-Egil Dahlberg
maint * lemenkov/kernel/fix-register_ipv6_epmd/PR-1129/OTP-13770: Respect -proto_dist switch while connection to EPMD
2016-07-25Merge branch 'maint-18' into maintRaimo Niskanen
Conflicts: OTP_VERSION erts/doc/src/notes.xml erts/vsn.mk lib/common_test/doc/src/notes.xml lib/common_test/vsn.mk lib/ssl/doc/src/notes.xml lib/ssl/src/ssl.appup.src lib/ssl/vsn.mk lib/stdlib/test/ets_SUITE.erl otp_versions.table
2016-07-23Prepare releaseErlang/OTP
2016-07-21Merge branch 'raimo/ssl/version-selection/maint-18/OTP-13753' into ↵Raimo Niskanen
raimo/ssl/version-selection/maint-19/OTP-13753 Conflicts: lib/ssl/vsn.mk lib/ssl/src/ssl.appup.src
2016-07-21Improve version selectionRaimo Niskanen
Use the list of versions that the server allows and among those choose the highest version that is not higher than the client's version. Note that this chosen version might be lower than the client's version, but is used to improve interoperability. Patch suggested by Dimitry Borisov refering to RFC 5246 appendix E.1.
2016-07-17Respect -proto_dist switch while connection to EPMDPeter Lemenkov
Signed-off-by: Peter Lemenkov <[email protected]>
2016-07-08ssl: Test and test suites shall be independent of each otherIngela Anderton Andin
Make sure ssl application has a fresh start, so that test do not fail due to that other tests did not clean up properly.
2016-07-08ssl: Correct handling of signature algorithm selectionIngela Anderton Andin
In TLS-1.2 the selection of the servers algorithms and the the possible selection of algorithms for the client certificate verify message have different requirements.
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-04 20:16:41 +0000