Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
When dealing with older certificates that does not indicate its signer
with a certificate extension, we must search the database for the issure.
Finding the issuer is not enough, we need to verify the signature
with the key in the found issuer cert.
|
|
Use generated certs instead of hard coded
|
|
FROM TLS 1.2 RFC:
The interaction of the certificate_types and
supported_signature_algorithms fields is somewhat complicated.
certificate_types has been present in TLS since SSLv3, but was
somewhat underspecified. Much of its functionality is superseded by
supported_signature_algorithms. The following rules apply:
- Any certificates provided by the client MUST be signed using a
hash/signature algorithm pair found in
supported_signature_algorithms.
- The end-entity certificate provided by the client MUST contain a
key that is compatible with certificate_types. If the key is a
signature key, it MUST be usable with some hash/signature
algorithm pair in supported_signature_algorithms.
- For historical reasons, the names of some client certificate types
include the algorithm used to sign the certificate. For example,
in earlier versions of TLS, rsa_fixed_dh meant a certificate
signed with RSA and containing a static DH key. In TLS 1.2, this
functionality has been obsoleted by the
supported_signature_algorithms, and the certificate type no longer
restricts the algorithm used to sign the certificate. For
example, if the server sends dss_fixed_dh certificate type and
{{sha1, dsa}, {sha1, rsa}} signature types, the client MAY reply
with a certificate containing a static DH key, signed with RSA-
SHA1.
|
|
* dnet/parse_sni:
added SNI decode test to SSL handshake suite
ssl: parse SNI in received client hello records
OTP-12048
|
|
|
|
This reverts commit fcc6a756277c8f041aae1b2aa431e43f9285c368.
|
|
* ia/ssl/test-cuddle:
ssl: Test case stability
|
|
|
|
|
|
* ia/ssl/CSS/OTP-11975:
ssl: Make sure change cipher spec is correctly handled
|
|
* ia/ssl/version-argument:
ssl: Version argument to ssl_cipher:anonymous_suites should not be added yet!
|
|
|
|
* qrilka/ssl-seconds-in-24h:
ssl: Fix incorrect number of seconds in 24 hours
|
|
|
|
|
|
* ia/ssl/dumb-clients/OTP-11969:
ssl: Avoid creating a huge session table
|
|
* RoadRunnr/ssl/fix-tests:
SSL: fix OpenSSL known renegotiation bug detection
SSL: in tests, filter ssl client ciphers for version compatibility
|
|
* ia/ssl/default-ciphers/OTP-11966:
ssl: Workaround that gen_fsm does not call CB:format_status when CB:terminate crashes.
SSL: always filter the full list of supported ciphers against the supported algorithms
ssl: Filter default ciphers for supported Crypto algorihms
|
|
crashes.
|
|
algorithms
With the addition of more ciphers that are not supported in all
configurations, using a manually prefiltered cipher list (e.g. EC vs.
non-EC ciphers) becomes to complex. Replace the manual split with
ssl_cipher:filter_suites/1 in all places.
Conflicts:
lib/ssl/src/ssl.erl
lib/ssl/src/tls_v1.erl
|
|
|
|
24 hours in seconds should be equal to 86400 and 86400000 in milliseconds
|
|
The OpenSSL detection match would actually consider all 1.0.1 versions
as affected when really only 1.0.1 - 1.0.1c are.
|
|
Some psk and some not yet supported anonymous suites are only supported
with TLS version >= 1.2. This adds them to the tests and makes sure
that they are not tested on TLS versions that do not support them.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* dz/fix_ssl_max_seq_num:
ssl: fix max sequence number so it does not overflow
|
|
|
|
|
|
* ia/ssl/inherit/OTP-11897:
ssl: Handle socket option inheritance when pooling of accept sockets is used
|
|
The old value of 18446744073709552000 was calculated using math:pow
which returns float therefore isn't precise. And it would overflow:
erlang:integer_to_list(18446744073709552000, 16) = "10000000000000180"
This patch changes MAX_SEQENCE_NUMBER to value calculated with bitwise
shift:
(1 bsl 64) - 1 = 18446744073709551615
|
|
* ia/ssl/false-alerts/OTP-11890:
ssl: Add checks to avoid processing of illegal alerts
|
|
Implement a listen socket tracker process that holds the emulated socket
options so that it is possible to implement a destructive ssl:setopts
on SSL/TLS listen sockets without changing the options of the internal
socket as we want that socket to have the internal socket option values.
|
|
|
|
|
|
|
|
|
|
If a client sends some garbage in ssl record instead of
valid fragment, server crashes with function_clause while
receiving next record from client.
This patch makes server raise handshake failure instead of
crashing and exposing internal state to user code.
|
|
Also fix DTLS call to supply its corresponding TLS version
|
|
Negotiated version is now always passed to ssl_handshake:select_hashsign
because ssl_handshake:select_cert_hashsign has different rsa defaults on
tlsv1.2 and older versions.
|
|
|
|
* ia/ssl/decrypt-alert/OTP-11880:
ssl: Correct decryption error handling
|
|
* ia/ssl/recv/OTP-11878:
ssl: recv shall ruturn {error, einval} on active socket
|