aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
AgeCommit message (Collapse)Author
2012-08-24ssl & public_key: Workaround that some certificates encode countryname as ↵Ingela Anderton Andin
utf8 and close down gracefully if other ASN-1 errors occur. The reason certificate_unknown that is used as ALERT for ASN-1 encoding failure is described as: Some other (unspecified) issue arose in processing the certificate, rendering it unacceptable.
2012-08-23Merge branch 'ia/sslv3-alert/OTP-10196' into maintIngela Anderton Andin
* ia/sslv3-alert/OTP-10196: ssl: Add missing sslv3 alert
2012-08-23ssl: Clean up of code thanks to dialyzerIngela Anderton Andin
2012-08-22ssl: Add missing sslv3 alertIngela Anderton Andin
2012-08-22ssl: Test suite adjustmentsIngela Anderton Andin
2012-08-22ssl & public_key: Prepare for releaseIngela Anderton Andin
Tickets solved by this branch: OTP-8871, OTP-8872 and OTP-9908
2012-08-22ssl: Use crypto:strong_rand_bytes if possibleIngela Anderton Andin
2012-08-22ssl & public_key: Add use of more "sha-rsa oids"Ingela Anderton Andin
2012-08-22ssl: Fix inet header option to behave as in inetIngela Anderton Andin
This options is useless and should be deprecated. But we behave as inet does for now!
2012-08-22ssl: TLS 1.2: fix hash and signature handlingAndreas Schultz
with TLS 1.2 the hash and signature on a certify message can differ from the defaults. So we have to make sure to always use the hash and signature algorithm indicated in the handshake message
2012-08-22ssl: TLS 1.2: fix Certificate Request list of Accepted Signatur/Hash ↵Andreas Schultz
combinations
2012-08-22ssl: Add Signature Algorithms hello extension from TLS 1.2Andreas Schultz
This is also avoids triggering some bugs in OpenSSL.
2012-08-22ssl: Fix rizzo tests to run as intendedIngela Anderton Andin
The Rizzo tests ran both SSL 3.0 and TLS 1.0 tests in the same test case but the new group structure that run all relevant test for all relevant SSL/TLS versions we need to change that to run the protocol version of the group the we are currently running.
2012-08-22ssl: TLS-1.1 and TLS-1.2 support should not be default until R16Ingela Anderton Andin
2012-08-22ssl: Signture type bugIngela Anderton Andin
2012-08-22ssl: Add crypto support check (TLS 1.2 require sha256 support)Ingela Anderton Andin
2012-08-22ssl: Dialyzer fixesIngela Anderton Andin
2012-08-22ssl: IDEA cipher is deprecated by TLS 1.2Ingela Anderton Andin
As we did not yet support IDEA ciphers and they have now become deprecated we skip supporting them altogether.
2012-08-22ssl: Run relevant tests for all SSL/TLS versionsIngela Anderton Andin
2012-08-22ssl: Add TLS version switches to openssl testsAndreas Schultz
2012-08-22ssl: Enable TLS 1.2Andreas Schultz
2012-08-22ssl: Enable mac_hash for TLS 1.2Andreas Schultz
2012-08-22ssl: Implement TLS 1.2 signature supportAndreas Schultz
2012-08-22ssl: Make signature handling version dependantAndreas Schultz
TLS 1.2 introduces changes on how signatures are calculate and encoded. This makes the signature handling version aware
2012-08-22ssl: Fix PRF logicIngela Anderton Andin
2012-08-22ssl: Add TLS 1.2 cipher suitesAndreas Schultz
2012-08-22ssl: Implement and activate PRFs for TLS 1.1 and 1.2Andreas Schultz
2012-08-22ssl: make PRF function selectableAndreas Schultz
TLS 1.2 allows to negotiate the used PRF, additional the default PRF uses a different hash. This change make the PRF selectable and hardwires the PRF for TLS < 1.2
2012-08-22ssl: Add TLS version paramter to verify_dh_paramsAndreas Schultz
dh parameter verification is done differently with TLS 1.2. Prepare for that by passing the verion to verify_dh_params.
2012-08-22ssl: Add TLS version to dec_hs/2Andreas Schultz
TLS 1.2 changes the layout of several handshake records. This adds the TLS version to dec_hs/2 so it can decode those.
2012-08-22ssl: Add TLS version to ssl_handshake:key_exchange/3Andreas Schultz
TLS 1.2 changed the way digital signatures are done. key_exchange/3 needs to pass the version to it.
2012-08-22ssl: Update ssl_cipher_SUITE for TLS 1.1 and TLS 1.2Andreas Schultz
now that we handle TLS 1.1+ records correctly, the test suite have to take that into account.
2012-08-22ssl: Add TLS 1.2 block cipher IV handlingAndreas Schultz
2012-08-22ssl: Consider TLS version when building cipher blocksAndreas Schultz
With TLS 1.2 the handling of the IV in cipher blocks changed. This prepares ssl_cipher:cipher/5 for that change by passing the TLS version into it and allowing generic_block_cipher_from_bin/4 to overload the IV.
2012-08-22ssl: Calculate handshake hash only when neededAndreas Schultz
TLS/SSL version before 1.2 always used a MD5/SHA combination for the handshake hashes. With TLS 1.2 the default hash is SHA256 and it is possible to negotiate a different hash. This change delays the calculation of the handshake hashes until they are really needed. At that point the hash to use should be known. For now MD5/SHA is still hard coded.
2012-06-20Merge branch 'ia/ssl/recv-bug/OTP-10118' into maintIngela Anderton Andin
* ia/ssl/recv-bug/OTP-10118: ssl: Fix bug in the handling of remote connection closure of {active,false} ssl sockets.
2012-06-19ssl: Fix pem cache bugIngela Anderton Andin
A general case clause was put before a less general so that the less general case would never match.
2012-06-15ssl: Fix bug in the handling of remote connection closure of {active,false} ↵Ingela Anderton Andin
ssl sockets.
2012-06-13Merge branch 'ia/ssl/bottlenecks/OTP-10113' into maintIngela Anderton Andin
* ia/ssl/bottlenecks/OTP-10113: ssl: Test case fixes ssl: Avoid second bottleneck in supervisor ssl: File handling optimization ssl: Simpler PEM cache ssl: Refactored for readability ssl: Use md5 as file ref id instead of filenames ssl: Move ets:select bottleneck in server ssl: Renegotiate updates session id in gen_fsm state ssl: Use ordered_set in cache ssl: Move and avoid ets:select bottleneck in client ssl: Reuse session check optimization ssl: Avoid supervior bottleneck
2012-06-12ssl: Test case fixesIngela Anderton Andin
2012-06-08ssl: Avoid second bottleneck in supervisorIngela Anderton Andin
Do proc_lib:spawn_link instead of proc_lib:start_link as synchronized init is not used/needed anyway.
2012-06-08ssl: File handling optimizationIngela Anderton Andin
Avoid cach validation with file:file_info/2 as this i too expensive and causes a bottleneck in the file server. Instead we expose a new API function ssl:clear_pem_cache/0 to deal with the problem. As we think it will be of occasional use and the normal case is that the cache will be valid we think it is the right thing to do. Convert file paths to binary representation in the ssl API module to avoid uncessarry calls in file later on. Also add sanity checks for openssl versions in testsuite due to new openssl bugs.
2012-06-08ssl: Simpler PEM cacheIngela Anderton Andin
2012-06-08ssl: Refactored for readabilityIngela Anderton Andin
Instance of state variable that are "updated" in a function is called for example State0 and the last instance, that should be returned, is called State possible intermidiat versions are suffixed by increasing numbers. State0 may be rturned in error cases. Avoid nesting case statments.
2012-06-08ssl: Use md5 as file ref id instead of filenamesDan Gudmundsson
Aviods storing a lot of data
2012-06-08ssl: Move ets:select bottleneck in serverDan Gudmundsson
Only use ssl_manager for selecting new ids to guarantee uniqueness, but reuse check does not need to be performed by the manager.
2012-06-08ssl: Renegotiate updates session id in gen_fsm stateIngela Anderton Andin
The session id keept in the connection processes state must be updated to be the id selected by ssl_handshake:client_hello, failing to do so will cause a crash if the session is not reused.
2012-06-08ssl: Use ordered_set in cacheDan Gudmundsson
So we can use partial bound keys for matching
2012-06-08ssl: Move and avoid ets:select bottleneck in clientIngela Anderton Andin
Do not use ssl_manager process for selecting an id. It's unnecessary to involve the manager process at all on the client side.
2012-06-08ssl: Reuse session check optimizationIngela Anderton Andin