aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
AgeCommit message (Collapse)Author
2010-09-06Handling of path validation errors by the applicationIngela Anderton Andin
Changed the behavior of the verify_fun option so that the application can be responsible for handling path validation errors even on the server side. Also replaced the not yet documented validate_extensions_fun to be handled by the verify_fun instead. If the verify callback fun returns {fail, Reason}, the verification process is immediately stopped and an alert is sent to the peer and the TLS/SSL handshake is terminated. If the verify callback fun returns {valid, UserState}, the verification process is continued. If the verify callback fun always returns {valid, UserState}, the TLS/SSL handshake will not be terminated with respect to verification failures and the connection will be established. The verify callback fun will also be able to verify application specific extensions.
2010-09-03DER format in APIIngela Anderton Andin
Added support for inputing certificates and keys directly in DER format these options will override the pem-file options if specified.
2010-09-02Merge branch 'dgud/ssl-commit-example-certs' into devDan Gudmundsson
* dgud/ssl-commit-example-certs: Cleanup ssl configure parts Remove cert building from Makefiles Checkin example certs instead of generating them.
2010-09-01Merge branch 'maint-r13' into devBjörn Gustavsson
* maint-r13: Remove copyright headers in vsn.mk files Conflicts: lib/appmon/vsn.mk lib/erl_docgen/vsn.mk lib/inets/vsn.mk lib/kernel/vsn.mk lib/reltool/vsn.mk lib/ssl/vsn.mk lib/stdlib/vsn.mk lib/tools/vsn.mk lib/tv/vsn.mk lib/xmerl/vsn.mk
2010-09-01Remove cert building from MakefilesDan Gudmundsson
2010-09-01Remove copyright headers in vsn.mk filesBjörn Gustavsson
Copyright notices serve no useful purpose in vsn.mk files, and only complicate scripts that automatically update version numbers.
2010-09-01Checkin example certs instead of generating them.Dan Gudmundsson
Avoiding cross-compilation and other problems by keeping them in git instead of generating them each time. I think the reason to generate them was that a valid date limitation, now that we can specify the date, I have set them to be valid for 15 years.
2010-09-01Correction due to failure of inets tests.Ingela Anderton Andin
2010-09-01Empty certificate chainIngela Anderton Andin
Handling of unkown CA certificats was changed in ssl and public_key to work as intended. In the process of doing this some test cases has been corrected as they where wrong but happened to work together with the incorrect unknown CA handling.
2010-08-31Add tests for crypto RC4 bugIngela Anderton Andin
Changed test so that the test cases testing all different ciphers also sends data so that that the calls to crypto cipher functions are also tested.
2010-08-31Merge branch 'dgud/ssl/handskake_client_key/OTP-8793' into devDan Gudmundsson
* dgud/ssl/handskake_client_key/OTP-8793: Fix handshake problem with multiple messages in one packet
2010-08-31Merge branch 'dgud/ssl/empty_msg_problem/OTP-8790' into devDan Gudmundsson
* dgud/ssl/empty_msg_problem/OTP-8790: Fix receiving empty packets.
2010-08-27Fix SSL build failure when building in minimal source treeRickard Green
Building in a source tree without prebuilt platform independent build results failed on the SSL examples when building on Windows.
2010-08-27Fix receiving empty packets.Dan Gudmundsson
Empty packets where not delivered from ssl, it incorrectly assumed there was no data.
2010-08-27Fix SSL build failure when building in minimal source treeRickard Green
Building in a source tree without prebuilt platform independent build results failed on the SSL examples when cross building. This has been solved by not building the SSL examples during a cross build.
2010-08-26Fix handshake problem with multiple messages in one packetDan Gudmundsson
If hello and client_key_exchange message is sent together in the same packet, ssl can't handle it and closes the connection. Also fixed compiler warning.
2010-08-24Handling of {mode, list}Ingela Anderton Andin
Fixed handling of the option {mode, list} that was broken for some packet types for instance line.
2010-08-24Correct behaviour if {packet, line} and mode list are givenThomas Lachmann
This corrects the returned data to be in list format, not binary if both {packet, line} and list are set as option.
2010-08-24Change packet_line_decode/1 to not only check binary modeThomas Lachmann
2010-08-24Merge branch 'ia/ssl-interop/OTP-8740' into devIngela Anderton Andin
* ia/ssl-interop/OTP-8740: Do not check the padding for TLS 1.0
2010-08-24Merge branch 'ia/public_key_api/OTP-8722' into devIngela Anderton Andin
* ia/public_key_api/OTP-8722: Revise the public_key API Resolved, version is now 0.8. Conflicts: lib/public_key/vsn.mk
2010-08-23Revise the public_key APIIngela Anderton Andin
Cleaned up and documented the public_key API to make it useful for general use.
2010-08-20Merge branch 'pg/fix-ssl-handshake-client-certificate' into devIngela Anderton Andin
* pg/fix-ssl-handshake-client-certificate: Fix bug in ssl handshake protocol related to the choice of cipher suites OTP-8772
2010-08-20public_key, ssl: Patch 1112Dan Gudmundsson
OTP-7046 Support for Diffie-Hellman. ssl-3.11 requires public_key-0.6. OTP-8553 Moved extended key usage test for ssl values to ssl. OTP-8557 Fixes handling of the option fail_if_no_peer_cert and some undocumented options. Thanks to Rory Byrne. OTP-7046 Support for Diffie-Hellman. ssl-3.11 requires public_key-0.6. OTP-8517 New ssl now properly handles ssl renegotiation, and initiates a renegotiation if ssl/ltls-sequence numbers comes close to the max value. However RFC-5746 is not yet supported, but will be in an upcoming release. OTP-8545 When gen_tcp is configured with the {packet,http} option, it automatically switches to expect HTTP Headers after a HTTP Request/Response line has been received. This update fixes ssl to behave in the same way. Thanks to Rory Byrne. OTP-8554 Ssl now correctly verifies the extended_key_usage extension and also allows the user to verify application specific extensions by supplying an appropriate fun. OTP-8560 Fixed ssl:transport_accept/2 to return properly when socket is closed. Thanks to Rory Byrne.
2010-08-20ssl: Patch 1110Dan Gudmundsson
OTP-8510 Fixed a crash in the certificate certification part.
2010-08-18Remove ticket numbers from all vsn.mk filesBjörn Gustavsson
Some application's vsn.mk files contained a list of the ticket numbers fixed in each version. Since that information can be obtained from the notes.xml file or from the merge commits in the git repository (provided that the branch name includes the ticket number), there is no reason to manually maintain that information in the vsn.mk files.
2010-08-18Fix bug in ssl handshake protocol related to the choice of cipher suitesPaul Guyot
in client hello message when a client certificate is used The client hello message now always include ALL available cipher suites (or those specified by the ciphers option). Previous implementation would filter them based on the client certificate key usage extension (such filtering only makes sense for the server certificate).
2010-08-18Do not check the padding for TLS 1.0Ingela Anderton Andin
For interoperability reasons we do not check the padding in TLS 1.0 as it is not strictly required and breaks interopability with for instance Google.
2010-07-26Fix minor typos and errors in documentationCristian Greco
2010-06-29Updated version.Ingela Anderton Andin
2010-06-29The server now verifies the client certificate verify message correctly, ↵Ingela Anderton Andin
instead of causing a case-clause.
2010-06-23Added more specs and changed from using own min/2 funtion to erlang:min/2.Ingela Anderton Andin
2010-06-22Added more -spec definitions.Ingela Anderton Andin
2010-06-22Refreshed documentation to reflect the change of default implementation.Ingela Anderton Andin
Started to improve code documentation by using -spec directive, and some small refactorings to avoid ugly code.
2010-06-14OTP-8695 New ssl defaultIngela Anderton Andin
Ssl has now switched default implementation and removed deprecated certificate handling. All certificate handling is done by the public_key application.
2010-06-11OTP-8695 New ssl defaultIngela Anderton Andin
Ssl has now switched default implementation and removed deprecated certificate handling. All certificate handling is done by the public_key application.
2010-06-11OTP-8695 New ssl defaultIngela Anderton Andin
Ssl has now switched default implementation and removed deprecated certificate handling. All certificate handling is done by the public_key application.
2010-06-08Move dsa ticket to r14a releaseIngela Anderton Andin
(This is the merge of r13 version to r14_dev)
2010-06-08Updated for ssl-3.11.1Ingela Anderton Andin
2010-06-07OTP-8587 DSA key supportIngela Anderton Andin
New ssl now support client/server-certificates signed by dsa keys.
2010-06-04Fixed handling of several ssl/tls packets arriving at the same time.Ingela Anderton Andin
This was broken during a refactoring of the code.
2010-06-01Added workaround for tcp delivery problemIngela Anderton Andin
2010-05-28Cleaned codeIngela Anderton Andin
2010-05-28Hoops too quick to check in previous version, changed . to ;, compiled inIngela Anderton Andin
wrong shell!
2010-05-28Added misssing version check for client.Ingela Anderton Andin
2010-05-28Added missing padding check.Ingela Anderton Andin
2010-05-28Added missing Mac check.Ingela Anderton Andin
2010-05-28Added code to handle own alert in case MAC or padding check fails.Ingela Anderton Andin
2010-05-27Moved nodelay workaround for linux, as it seems to only work if you doIngela Anderton Andin
it before sending the fatal alert, even though documentation suggests the socket will be flushed on linux as an effect of setting the nodelay option.
2010-05-26OTP-8649 change in public_key apiIngela Anderton Andin