aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
AgeCommit message (Collapse)Author
2015-04-22Revert "Add workaround for problems with s_client defaults"Ingela Anderton Andin
This reverts commit a3cf4eb4cdd2ce178d81b62faa9f47485fd82331. This workaround is no longer needed as the, TLS-1.2 extension, signature_algorithm is now correctly ignored by previous TLS versions.
2015-04-21ssl: Add unit test caseIngela Anderton Andin
2015-04-20ssl: Ignore signature_algorithm (TLS 1.2 extension) sent to TLS 1.0/1 serverAndreas Schultz
pre TLS 1.2 server should ignore the signature_algorithms extension. The server code would attempt to select the signature/hash algorithm even when using TLS 1.0 or 1.1. Instead it should simply use the default algorithm on those versions.
2015-04-20ssl: Adjust to public_key application removing legacy compact_bit_string switchIngela Anderton Andin
2015-04-16ssl: Add runtime depenency due to commit ↵Ingela Anderton Andin
4e0a5e36b38e3f15ed8f7d700d26f2424a47111c
2015-04-09ssl: Document enhancementsIngela Anderton Andin
2015-04-09ssl: Align with alphabetical orderIngela Anderton Andin
2015-04-09ssl: Align with editorial changesIngela Anderton Andin
2015-04-09ssl: Correct merge errorIngela Anderton Andin
2015-04-09ssl: Add linksIngela Anderton Andin
2015-04-09ssl: Correct typosIngela Anderton Andin
2015-04-09ssl: Correct XML-tagIngela Anderton Andin
2015-04-09ssl: Technically clarify descriptionIngela Anderton Andin
Change description proposed by technical writer to make better use of technical terms. Also add some new language improvments discussed with the technical writer.
2015-04-09ssl: Editorial updatesxsipewe
2015-04-01Merge tag 'OTP-17.5'Henrik Nord
=== OTP-17.5 === Changed Applications: - asn1-3.0.4 - common_test-1.10 - compiler-5.0.4 - crypto-3.5 - debugger-4.0.3 - dialyzer-2.7.4 - diameter-1.9 - eldap-1.1.1 - erts-6.4 - hipe-3.11.3 - inets-5.10.6 - kernel-3.2 - mnesia-4.12.5 - observer-2.0.4 - os_mon-2.3.1 - public_key-0.23 - runtime_tools-1.8.16 - ssh-3.2 - ssl-6.0 - stdlib-2.4 - syntax_tools-1.6.18 - test_server-3.8 - tools-2.7.2 - wx-1.3.3 Unchanged Applications: - cosEvent-2.1.15 - cosEventDomain-1.1.14 - cosFileTransfer-1.1.16 - cosNotification-1.1.21 - cosProperty-1.1.17 - cosTime-1.1.14 - cosTransactions-1.2.14 - edoc-0.7.16 - erl_docgen-0.3.7 - erl_interface-3.7.20 - et-1.5 - eunit-2.2.9 - gs-1.5.16 - ic-4.3.6 - jinterface-1.5.12 - megaco-3.17.3 - odbc-2.10.22 - orber-3.7.1 - ose-1.0.2 - otp_mibs-1.0.10 - parsetools-2.0.12 - percept-0.8.10 - reltool-0.6.6 - sasl-2.4.1 - snmp-5.1.1 - typer-0.9.8 - webtool-0.8.10 - xmerl-1.3.7 Conflicts: OTP_VERSION erts/vsn.mk lib/ssl/vsn.mk
2015-03-31Prepare releaseErlang/OTP
2015-03-23ssl: Dialyzer fixesIngela Anderton Andin
2015-03-20Merge branch 'ia/ssl/cuddle-openssl'Ingela Anderton Andin
* ia/ssl/cuddle-openssl: Add workaround for problems with s_client defaults
2015-03-19Merge branch 'essen/ssl-alpn'Zandra Hird
* essen/ssl-alpn: ssl: Add TLS-ALPN support OTP-12580
2015-03-19Add workaround for problems with s_client defaultsIngela Anderton Andin
2015-03-17ssl: Add TLS-ALPN supportLoïc Hoguin
This commit adds support for RFC7301, application-layer protocol negotiation. ALPN is the standard based approach to the NPN extension, and is required for HTTP/2. ALPN lives side by side with NPN and provides an equivalent feature but in this case it is the server that decides what protocol to use, not the client. When both ALPN and NPN are sent by a client, and the server is configured with both ALPN and NPN options, ALPN will always take precedence. This behavior can also be found in the OpenSSL implementation of ALPN. ALPN and NPN share the ssl:negotiated_protocol/1 function for retrieving the negotiated protocol. The previously existing function ssl:negotiated_next_protocol/1 still exists, but has been deprecated and removed from the documentation. The tests against OpenSSL require OpenSSL version 1.0.2+.
2015-03-17ssl: Improve documentationIngela Anderton Andin
2015-03-16ssl: Fix incorrect argument handling, thanks to dialyzerIngela Anderton Andin
2015-03-11ssl: Dialyzer fixesIngela Anderton Andin
2015-03-09ssl: fix white box testsIngela Anderton Andin
2015-03-09ssl: Integrate public_key CRL verification with the ssl applicationIngela Anderton Andin
2015-03-09Merge branch 'ia/ssl/soft-upgrade-test-server-bug-workaround'Ingela Anderton Andin
* ia/ssl/soft-upgrade-test-server-bug-workaround: ssl: Workaround test server halfwordemulator bug
2015-03-06ssl: Workaround test server halfwordemulator bugIngela Anderton Andin
As the halfwordemulator is deprecated just skip the test case during the circumstances that provokes the bug.
2015-03-05Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/ssl_cipher.erl lib/ssl/test/ssl_basic_SUITE.erl
2015-03-02ssl: Implement support for TLS_FALLBACK_SCSVIngela Anderton Andin
2015-02-18ssl: remove -> deleteIngela Anderton Andin
Correct mistake
2015-02-17Merge branch 'ia/ssl/soft-upgrade-test'Ingela Anderton Andin
* ia/ssl/soft-upgrade-test: ssl: Prepare for 18 ssl: Add soft upgrade test suite
2015-02-17Merge branch 'maint'Ingela Anderton Andin
2015-02-17ssl: erlang:timestamp -> os:timestampIngela Anderton Andin
Complements commit 450773958165539951cd431a9233ce7666ec20e2
2015-02-13ssl: Prepare for 18Ingela Anderton Andin
2015-02-13ssl: Add soft upgrade test suiteIngela Anderton Andin
2015-02-09Merge branch 'maint'Ingela Anderton Andin
2015-02-09ssl: erlang:timestamp -> os:timestampIngela Anderton Andin
For comparison with file time stamps os:timestamp makes more sense and is present in 17 as well as 18.
2015-02-06Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/doc/src/ssl_app.xml lib/ssl/src/ssl_manager.erl
2015-02-06ssl: Improve PEM cache by validating entriesIngela Anderton Andin
The PEM cache is now validated by a background process, instead of always keeping it if it is small enough and clearing it otherwhiss. That strategy required that small caches where cleared by API function if a file changes on disk. However document the clearing API function as it can still be usefull.
2015-02-02Merge branch 'maint'Ingela Anderton Andin
2015-01-30ssl: Remove selfsigned anchor certificate from the certificate chainIngela Anderton Andin
A selfsigned trusted anchor should not be in the certifcate chain passed to the certificate path validation. Conflicts: lib/ssl/src/ssl_certificate.erl
2015-01-23ssl: Remove default support for RC4 ciphersIngela Anderton Andin
2015-01-23ssl: Reenable padding check for TLS-1.0 and provide backwards compatibleIngela Anderton Andin
disable option
2015-01-23ssl: Remove sslv3 from the default supported protocol versionsIngela Anderton Andin
2015-01-23ssl: Reenable padding check for TLS-1.0 and provide backwards compatibleIngela Anderton Andin
disable option Conflicts: lib/ssl/src/ssl_cipher.erl lib/ssl/src/ssl_record.erl lib/ssl/src/tls_record.erl lib/ssl/test/ssl_cipher_SUITE.erl
2014-12-29Merge branch 'lemenkov/use_os_getenv_2'Marcus Arendt
* lemenkov/use_os_getenv_2: fix missing include Start using os:getenv/2 fun Introduce os:getenv/2
2014-12-15Start using os:getenv/2 funPeter Lemenkov
See #535 Signed-off-by: Peter Lemenkov <[email protected]>
2014-12-10Merge tag 'OTP-17.4'Marcus Arendt
=== OTP-17.4 === Changed Applications: - asn1-3.0.3 - common_test-1.9 - compiler-5.0.3 - crypto-3.4.2 - debugger-4.0.2 - dialyzer-2.7.3 - diameter-1.8 - edoc-0.7.16 - eldap-1.1 - erl_docgen-0.3.7 - erl_interface-3.7.20 - erts-6.3 - eunit-2.2.9 - hipe-3.11.2 - inets-5.10.4 - jinterface-1.5.12 - kernel-3.1 - megaco-3.17.3 - mnesia-4.12.4 - observer-2.0.3 - odbc-2.10.22 - otp_mibs-1.0.10 - parsetools-2.0.12 - percept-0.8.10 - runtime_tools-1.8.15 - snmp-5.1.1 - ssh-3.1 - ssl-5.3.8 - stdlib-2.3 - syntax_tools-1.6.17 - test_server-3.7.2 - tools-2.7.1 - wx-1.3.2 Unchanged Applications: - cosEvent-2.1.15 - cosEventDomain-1.1.14 - cosFileTransfer-1.1.16 - cosNotification-1.1.21 - cosProperty-1.1.17 - cosTime-1.1.14 - cosTransactions-1.2.14 - et-1.5 - gs-1.5.16 - ic-4.3.6 - orber-3.7.1 - os_mon-2.3 - ose-1.0.2 - public_key-0.22.1 - reltool-0.6.6 - sasl-2.4.1 - typer-0.9.8 - webtool-0.8.10 - xmerl-1.3.7 Conflicts: OTP_VERSION erts/vsn.mk
2014-12-09Prepare releaseErlang/OTP