| Age | Commit message (Collapse) | Author |
|---|
|
init_per_testcase timeout for renegotiation tests would be overridden
by local timeout in test case help function.
|
|
* ingela/ssl/dtls-progress/connection-states-as-maps:
dtls: fix encoding of client hello cookie
dtls: Prepare start of DTLS connection manager with SSL app
ssl: Refactor to use maps for the connection states
ssl, dtls: Refactor sni handling
dtls: Add close/5
dtls: Add renegotiate/2
dtls: Add protocol event handling
ssl: Refactor code so that tls and dtls can share more code
ssl, dtls: Disable V2 compatibility clause from ssl_handshake:update_handshake_history
ssl: Make sure common code for TLS and DTLS uses the TLS Version
ssl: remove unused RecordCB argument from master_secret
dtls: Add reinit_handshake_data/1 to dtls
dtls: replace tls_record with RecordCB in connection_info
Fix version numbers and dependencies
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
We want to share more alert and application data handling code.
Some of the application data handling code, packet handling,
will not be relevant for dtls, but this code can be excluded from dtls
by options checking.
|
|
ssl_handshake:update_handshake_history
This proably a much bigger problem for DTLS than TLS, but should be
disabled for both unless explicitly configured for TLS.
|
|
When protocol version is proagated from the DTLS connection processes
state into general ssl functions it must be converted to the corresponding
TLS version.
|
|
Conflicts:
lib/ssl/src/ssl_handshake.erl
|
|
The callback is invoke before entering state 'connection'.
It allows a connection module to remove data from the
connection state that is no longer needed (e.g.
handshake history).
|
|
Conflicts:
lib/ssl/src/ssl_connection.erl
|
|
|
|
|
|
Even though v2 is never supported v2 hellos can be.
No support for v2 client hellos gives "handshake failiure" alert.
Support for v2 hello but no higher SSL/TLS version offered
gives "protocol version" alert.
|
|
Avoid to run tests of algorithms not supported by crypto.
|
|
Fix some older errors as well.
|
|
* raimo/gen_statem-callback_mode/OTP-13752:
ssl: Upgrade suite testing skipped if stdlib upgrade is required
Fix version numbers and dependencies
Conflicts:
lib/ssl/src/ssl.appup.src
lib/ssl/vsn.mk
|
|
* ingela/ssl/cuddle:
ssl: Test and test suites shall be independent of each other
|
|
|
|
* ingela/ssl/ERL-232/OTP-13853:
ssl: Remove clause that postponed unexpected messages
|
|
Skip some test on really slow solaris machines
|
|
|
|
|
|
|
|
* raimo/gen_statem-callback_mode/OTP-13752:
Include trap_exit in server skeletons
Improve sys debug
Handle exceptions in init/1 and callback_mode/0
Clarify error values
Doc fixes
Rewrite SSH for gen_statem M:callback_mode/0
Rewrite SSL for gen_statem M:callback_mode/0
Rewrite Tools for gen_statem M:callback_mode/0
Rewrite gen_statem docs for M:callback_mode/0
Rewrite gen_statem TCs for M:callback_mode/0
Rewrite gen_statem for M:callback_mode/0
|
|
|
|
|
|
Conflicts:
lib/ssl/src/ssl.appup.src
|
|
|
|
|
|
maint
* lemenkov/kernel/fix-register_ipv6_epmd/PR-1129/OTP-13770:
Respect -proto_dist switch while connection to EPMD
|
|
Conflicts:
OTP_VERSION
erts/doc/src/notes.xml
erts/vsn.mk
lib/common_test/doc/src/notes.xml
lib/common_test/vsn.mk
lib/ssl/doc/src/notes.xml
lib/ssl/src/ssl.appup.src
lib/ssl/vsn.mk
lib/stdlib/test/ets_SUITE.erl
otp_versions.table
|
|
|
|
raimo/ssl/version-selection/maint-19/OTP-13753
Conflicts:
lib/ssl/vsn.mk
lib/ssl/src/ssl.appup.src
|
|
Use the list of versions that the server allows and among those choose
the highest version that is not higher than the client's version.
Note that this chosen version might be lower than the client's version,
but is used to improve interoperability.
Patch suggested by Dimitry Borisov refering to RFC 5246 appendix E.1.
|
|
Signed-off-by: Peter Lemenkov <[email protected]>
|
|
Make sure ssl application has a fresh start, so that test do
not fail due to that other tests did not clean up properly.
|
|
In TLS-1.2 the selection of the servers algorithms and the the
possible selection of algorithms for the client certificate verify
message have different requirements.
|
|
Tests in ECC_SUITE did not always use the certs implied by the
name. Variable naming also confused the intent.
ssl_certificate_verify_SUITE did not clean up properly and tests could
fail due to cache problems.
|
|
Function to stop SSL/TLS node may not exit as a test case will start more than
one node and all nodes must be stopped.
|
|
|
|
|
|
Note these where supported before ssl-8.0
|
|
* ingela/ssl/runtime-dep:
ssl: Add new public_key to runtime dependencies
|
|
* shlonny/add-asn1-app-to-ssl-distribution-doc/PR-1101:
added asn1 to applications needed for start_ssl
|
|
Due to 5268c7b957c30c31e551f197463cdd55a792ea69
|
