Age | Commit message (Collapse) | Author |
|
Change-Id: I6504d99a96ed6fc75dbdff78a6148ed39d3776c9
|
|
Verify if the signature algorithm used in the signature of
CertificateVerify is one of those present in the
supported_signature_algorithms field of the "signature_algorithms"
extension in the CertificateRequest message.
Change-Id: I7d3b5f10e3205447fb9a9a7e59b93568d1696432
|
|
Verify CertificateVerify message against the handshake context and
the public key provided by the Certificate message.
Remove 'Context' argument from state handler functions and store
data in the state variable.
Refactor get_handshake_context/1 to cover all implemented cases.
Change-Id: If803e05009331d1ec7e0ba2ea2b81d917a0add6d
|
|
Change-Id: I09c0501ea790941001b11a3f6d12a96f18da2bea
|
|
Implement validation of client certificates in state
'wait_cert'.
Implement state 'wait_cv'.
Clean up handler functions.
Change-Id: I5c410bf7afe34632f27fabcd61670764fedb105d
|
|
Test client authentication when client responds with empty
Certificate.
Change-Id: I725ae60c6d097ca13c5f4354e35377ecacf98dea
|
|
Implement state 'wait_cert' with its handler function
do_wait_cert/2.
Send CertificateRequest if peer verification is enabled.
Send Alert 'certificate required' if client answers with empty
Certificate and option 'fail_if_no_peer_cert' is set to true.
Change-Id: I72c73bcb6bc68ea60e6fe41cdd29ccfe40d18322
|
|
Change-Id: I5fdade8474147d05bc12d28fec91a47d4fd6e73b
|
|
Add missing alert to description_atom/1.
Function clauses ordered by value of the alert.
Change-Id: Ibb68ea261c42070c757b2815abd3f7b179880128
|
|
* peterdmv/ssl/hello-retry-request/OTP-15590:
ssl: Fix type spec for handshake_history()
ssl: Add tests for hello_retry_request and groups
ssl: Implement 'hello_retry_request'
Change-Id: I04ad2860d0ba81462a1e36c7d6fcee6bc5c98c32
|
|
* maint:
fixup! ssl: Add support for {active,N}
ssl: Use common fonction to update {active,N}
ssl: Document {active,N}
ssl: Add support for {active,N}
|
|
* essen/ssl-active-n:
fixup! ssl: Add support for {active,N}
ssl: Use common fonction to update {active,N}
ssl: Document {active,N}
ssl: Add support for {active,N}
Conflicts:
lib/ssl/src/ssl.erl
|
|
handshake_history() was specified as {[binary()], [binary[]]},
although its real type was {iodata(), iodata()}, dialyzer did
not give a warning until a new function matched out an element
of handshake_history and used it as input data for crypto:hash/2.
Change-Id: I60660e7296a52bf69bd7198a4cffee8338907726
|
|
This reverts commit df130102cdeca8d35fec95a0c926fd1cfec54eab.
|
|
|
|
Change-Id: I0e4a9337d5d52a0e39ccc16d2d2e2b123ea2f9b5
|
|
Refactor state 'start' and handler functions.
Send 'hello_retry_request' if ClientHello does not contain
sufficient information.
Change-Id: I9fccb38aff5ba88bff75887261e8b1487bd64e17
|
|
* peterdmv/ssl/dtls_logging:
ssl: Add debug logging for DTLS
Change-Id: I83bf117c6c3428c57010e0e581775dd941fc829a
|
|
* essen:erlang/otp:
fixup! ssl: Add support for {active,N}
ssl: Use common fonction to update {active,N}
ssl: Document {active,N}
ssl: Add support for {active,N}
Conflicts:
lib/ssl/src/ssl_connection.erl
|
|
|
|
Conflicts:
lib/ssl/doc/src/ssl.xml
lib/ssl/src/ssl.erl
|
|
|
|
* ingela/ssl/doc-enhancements:
ssl: Enhance documentation after "use-spec-rewrite"
|
|
|
|
* peterdmv/ssl/validate_client_finished:
ssl: Validate Client Finished
Change-Id: I495c0d998423dc5a760d1ca0109c4107c5919f54
|
|
Change-Id: I4858972053436b05b83d72c552974fc9da3843d4
|
|
* maint:
Inline local function
Optimize binary matching
Clean up module boundaries
Remove redundant return of CipherState
Use iovec() internally in send path
Small binary handling optimizations
Optimize read_application_data with Okasaki queue
Try to optimize decode_cipher_text/3
Optimize application data aggregation
Optimize TLS record parsing with Okasaki queue
Cache strong_random_bytes for IV
Optimize padding
Produce less garbage in encrypt loop
Reorganize #data{}
Tidy up state machine
Add server GC info to bench results
Conflicts:
lib/ssl/src/ssl_cipher.erl
lib/ssl/src/ssl_connection.erl
lib/ssl/src/ssl_connection.hrl
lib/ssl/src/ssl_logger.erl
lib/ssl/src/ssl_record.erl
lib/ssl/src/ssl_record.hrl
lib/ssl/src/tls_connection.erl
lib/ssl/src/tls_record.erl
lib/ssl/src/tls_sender.erl
|
|
* raimo/ssl/tls-optimization/OTP-15529:
Inline local function
Optimize binary matching
Clean up module boundaries
Remove redundant return of CipherState
Use iovec() internally in send path
Small binary handling optimizations
Optimize read_application_data with Okasaki queue
Try to optimize decode_cipher_text/3
Optimize application data aggregation
Optimize TLS record parsing with Okasaki queue
Cache strong_random_bytes for IV
Optimize padding
Produce less garbage in encrypt loop
Reorganize #data{}
Tidy up state machine
Add server GC info to bench results
|
|
* ingela/ssl/bench:
ssl: Improve bench SUITE
|
|
Add shorter time trap, modernize code and make sure help process
terminates.
|
|
|
|
When changing the ssl application to use type specs in documentation
master additions where lost in the merge as we did not want to
rewrite the new documentation in a merge commit.
|
|
This reverts commit 028df3a72f7b813ef9851799a07ded30b7d3ad55.
|
|
Validate Client Finished message. If validation fails, send
decrypt_error alert.
Change-Id: I1da7be3505ca6df2b3d50282f0500b988ef8b488
|
|
|
|
|
|
|
|
|
|
Also make a weaker spec in ssl_internal.hrl for now as it creates
a conflict between error handling and dialyzer warnings.
|
|
|
|
|
|
* ingela/ssl/shrink-state:
ssl: Remove duplicate record_cb handling
ssl: Add test case for continued handshake with a timeout
ssl: Use gen_statem named timers to handle connection and recv timeouts
ssl: Move and rename diffie_hellman_keys and srp_keys to kex_keys
ssl: Move key_algorithm to handshake_env
ssl: srp
ssl: Rename
ssl: Move diffie_hellman_params to handshake_env
ssl: Move and rename psk_identity state record field
ssl: Move premaster_secret to handshake_env
ssl: Make flight_state DTLS specific
ssl: Add private_key to connection_env
ssl: Remove unused record field
ssl: Add erl_dist_handle to connection_env
ssl: Add negotiated_version to connection_env
ssl: Add key exchange items to handshake_env
ssl: Add hashsign_algorithm and cert_hashsign_algorithm to handshake_env
ssl: Add downgrade handling to connection_env
ssl: Create connection_env
ssl: Handle renegotiation and extensions in handshake_env
|
|
|
|
Conflicts:
lib/ssl/src/dtls_connection.erl
lib/ssl/src/ssl_connection.erl
lib/ssl/src/ssl_connection.hrl
lib/ssl/src/tls_connection.erl
|
|
* ingela/ssl/shrink-state:
ssl: Remove duplicate record_cb handling
ssl: Add test case for continued handshake with a timeout
ssl: Use gen_statem named timers to handle connection and recv timeouts
ssl: Move and rename diffie_hellman_keys and srp_keys to kex_keys
ssl: Move key_algorithm to handshake_env
ssl: srp
ssl: Rename
ssl: Move diffie_hellman_params to handshake_env
ssl: Move and rename psk_identity state record field
ssl: Move premaster_secret to handshake_env
ssl: Make flight_state DTLS specific
ssl: Add private_key to connection_env
ssl: Remove unused record field
ssl: Add erl_dist_handle to connection_env
ssl: Add negotiated_version to connection_env
ssl: Add key exchange items to handshake_env
ssl: Add hashsign_algorithm and cert_hashsign_algorithm to handshake_env
ssl: Add downgrade handling to connection_env
ssl: Create connection_env
ssl: Handle renegotiation and extensions in handshake_env
|
|
Improve the abstraction between the ssl_connection module
and dtls_connection, tls_connection and tls_sender, as well
as towards the lower level tls_record and ssl_record modules.
Remove some dead code.
|
|
* peterdmv/ssl/server-process-client-finished:
ssl: Test TLS 1.3 connectivity
ssl: Fix crash when sending Alerts
ssl: Fix dialyzer warning
ssl: Improve TLS 1.3 statem
Change-Id: I258e0309ba3a132d5ab2056151935a3df8646344
|
|
|
|
|
|
* maint:
ssl: Fix renegotiation testcases
ssl: Fix failing rizzo testcases
ssl: Use IPv4 addresses with openssl s_client
ssl: Use sha256 in test certificates if supported
Change-Id: I8a604d607333d029b170e3d3ad31ea01890202ea
|