aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
AgeCommit message (Collapse)Author
2017-12-04Use SNI when connectingRaimo Niskanen
2017-12-04Use -ssl_dist_optfile optionsRaimo Niskanen
2017-12-04Read in -ssl_dist_optfile to ETSRaimo Niskanen
2017-12-04Stop checking DNS name for SNIRaimo Niskanen
2017-12-01Merge branch 'ingela/ssl/timing' into maintIngela Anderton Andin
* ingela/ssl/timing: ssl: Align timing just in case
2017-11-29Merge branch 'ingela/ssl/ERL-521/OTP-14794' into maintIngela Anderton Andin
* ingela/ssl/ERL-521/OTP-14794: ssl: Make sure all possible data is delivered
2017-11-28ssl: Align timing just in caseIngela Anderton Andin
2017-11-28ssl: Make sure all possible data is deliveredIngela Anderton Andin
2017-11-24ssl: Add gracefullness to dtls codeIngela Anderton Andin
Also make tls code a little more direct for easier uderstanding
2017-11-24ssl: Remove old softupgrade codeIngela Anderton Andin
This code is only relevant in version is was written in.
2017-11-24ssl: Use genstamtem properlyIngela Anderton Andin
2017-11-24ssl: Fix incorrect merge conflict resolutionIngela Anderton Andin
When handling merging of back ported Counter measurements for Bleichenbacher attack a line from DTLS was accidentally lost.
2017-11-23fix missing document tag lost during mergeIngela Anderton Andin
2017-11-23Merge branch 'maint-18' into maintIngela Anderton Andin
2017-11-23Merge branch 'maint-19' into maintIngela Anderton Andin
2017-11-23Merge branch 'maint-20' into maintIngela Anderton Andin
* maint-20: Updated OTP version Update release notes Update version numbers public_key: verify ip (both v4 and v6) public_key: Added IP4 address checks to hostname_verification tests ssl: Fix test cases to work on all test platforms public_key: Fix dialyzer spec ssl: Sessions must be registered with SNI if exists ssl: Extend hostname check to fallback to checking IP-address public_key, ssl: Handles keys so that APIs are preserved correctly ssl: Use ?FUNCTION_NAME ssl: Prepare for release ssl: Countermeasurements for Bleichenbacher attack Conflicts: lib/public_key/doc/src/public_key.xml lib/public_key/test/public_key_SUITE.erl lib/public_key/test/public_key_SUITE_data/pkix_verify_hostname_subjAltName_IP.pem lib/public_key/test/public_key_SUITE_data/verify_hostname_ip.conf lib/ssl/src/dtls_connection.erl lib/ssl/src/ssl_connection.erl lib/ssl/src/ssl_handshake.erl
2017-11-23Merge tag 'OTP-18.3.4.1.1' into maint-18Ingela Anderton Andin
=== OTP-18.3.4.1.1 === Changed Applications: - ssl-7.3.3.0.1 Unchanged Applications: - asn1-4.0.2 - common_test-1.12.1 - compiler-6.0.3 - cosEvent-2.2 - cosEventDomain-1.2 - cosFileTransfer-1.2 - cosNotification-1.2.1 - cosProperty-1.2 - cosTime-1.2.1 - cosTransactions-1.3.1 - crypto-3.6.3 - debugger-4.1.2 - dialyzer-2.9 - diameter-1.11.2 - edoc-0.7.18 - eldap-1.2.1 - erl_docgen-0.4.2 - erl_interface-3.8.2 - erts-7.3.1 - et-1.5.1 - eunit-2.2.13 - gs-1.6 - hipe-3.15 - ic-4.4 - inets-6.2.4 - jinterface-1.6.1 - kernel-4.2 - megaco-3.18 - mnesia-4.13.4 - observer-2.1.2 - odbc-2.11.1 - orber-3.8.1 - os_mon-2.4 - ose-1.1 - otp_mibs-1.1 - parsetools-2.1.1 - percept-0.8.11 - public_key-1.1.1 - reltool-0.7 - runtime_tools-1.9.3 - sasl-2.7 - snmp-5.2.2 - ssh-4.2.2.1 - stdlib-2.8 - syntax_tools-1.7 - test_server-3.10 - tools-2.8.3 - typer-0.9.10 - webtool-0.9.1 - wx-1.6.1 - xmerl-1.3.10 Conflicts: OTP_VERSION lib/ssl/vsn.mk otp_versions.table
2017-11-22Prepare releaseIngela Anderton Andin
2017-11-22ssl: Countermeasurements for Bleichenbacher attackIngela Anderton Andin
Back ported for security reasons. Remove DTLS changes as DTLS is not at all working in OTP 18.
2017-11-22Update release notesErlang/OTP
2017-11-22Update release notesErlang/OTP
2017-11-22Update release notesErlang/OTP
2017-11-22Merge branch ↵Erlang/OTP
'ingela/maint-20/ssl/extend-hostname-check/OTP-14632/OTP-14655/OTP-14766' into maint-20 * ingela/maint-20/ssl/extend-hostname-check/OTP-14632/OTP-14655/OTP-14766: ssl: Fix test cases to work on all test platforms public_key: Fix dialyzer spec ssl: Sessions must be registered with SNI if exists ssl: Extend hostname check to fallback to checking IP-address public_key, ssl: Handles keys so that APIs are preserved correctly ssl: Use ?FUNCTION_NAME
2017-11-21ssl: Marker inserted to enable a reference from cryptoHans Nilsson
2017-11-20Merge branch 'lukas/docs/xmllint_fixes/OTP-14721' into maintLukas Larsson
* lukas/docs/xmllint_fixes/OTP-14721: ssl/ssh: Remove/ignore unused XML_FILES doc files Refactor xmllint check and make it fail on failure Add toplevel xmllint make target Conflicts: lib/crypto/doc/src/Makefile
2017-11-20ssl/ssh: Remove/ignore unused XML_FILES doc filesLukas Larsson
2017-11-16ssl: Align code of TLS/DTLS handshake handlingIngela Anderton Andin
2017-11-16ssl: Align code of TLS/DTLS record handlingIngela Anderton Andin
2017-11-16ssl: Align code of main modules implementing the gen_statem behaviourIngela Anderton Andin
2017-11-16dtls: Add state specIngela Anderton Andin
2017-11-13ssl: Fix broken link in docIngela Anderton Andin
2017-11-09ssl: Fix test cases to work on all test platformsIngela Anderton Andin
Use hradcoded rsa keys as this will work on all legacy platforms. In test case dns_name_reuse only do the relevant client check in the final test.
2017-11-09ssl: Sessions must be registered with SNI if existsIngela Anderton Andin
2017-11-09ssl: Extend hostname check to fallback to checking IP-addressIngela Anderton Andin
If no SNI is available and the hostname is an IP-address also check for IP-address match. This check is not as good as a DNS hostname check and certificates using IP-address are not recommended.
2017-11-09public_key, ssl: Handles keys so that APIs are preserved correctlyIngela Anderton Andin
2017-11-09 ssl: Use ?FUNCTION_NAMEIngela Anderton Andin
Use ?FUNCTION_NAME macro to enhance code as we will not back-port this version of the ssl application to versions pre OTP 19.
2017-11-09ssl: Prepare for releaseIngela Anderton Andin
2017-11-09ssl: Prepare for releaseIngela Anderton Andin
2017-11-09ssl: Prepare for releaseIngela Anderton Andin
2017-11-09ssl: Countermeasurements for Bleichenbacher attackIngela Anderton Andin
Back ported for security reasons. Remove DTLS changes as DTLS is not at all working in OTP 18.
2017-11-09ssl: Countermeasurements for Bleichenbacher attackIngela Anderton Andin
2017-11-09ssl: Countermeasurements for Bleichenbacher attackIngela Anderton Andin
2017-11-08ssl: Add private key configuration for crypto engineIngela Anderton Andin
2017-10-31Refactor xmllint check and make it fail on failureLukas Larsson
This commit also adds a check to see that all files that are part of an xi:include also have part of XML_FILES and vice versa. It also fixes any applications where this was not true.
2017-10-20ssl: Do not provide IP address to ssl:connect in erlang distribution over TLSIngela Anderton Andin
As TLS clients will perform a hostname check against certificates the IP-address does not make much sense.
2017-10-18Merge branch 'ingela/dtls/no-packet-upd/OTP-14664' into maintIngela Anderton Andin
* ingela/dtls/no-packet-upd/OTP-14664: ssl: No support for packet option over unreliable transport
2017-10-17Merge branch 'ingela/ssl/extend-hostname-check/OTP-14632/OTP-14655' into maintIngela Anderton Andin
* ingela/ssl/extend-hostname-check/OTP-14632/OTP-14655: ssl: Fix test cases to work on all test platforms public_key: Fix dialyzer spec ssl: Sessions must be registered with SNI if exists ssl: Extend hostname check to fallback to checking IP-address public_key, ssl: Handles keys so that APIs are preserved correctly
2017-10-17ssl: No support for packet option over unreliable transportIngela Anderton Andin
2017-10-16 ssl: Use ?FUNCTION_NAMEIngela Anderton Andin
Use ?FUNCTION_NAME macro to enhance code as we will not back-port this version of the ssl application to versions pre OTP 19.
2017-10-16ssl: Fix test cases to work on all test platformsIngela Anderton Andin
Use hradcoded rsa keys as this will work on all legacy platforms. In test case dns_name_reuse only do the relevant client check in the final test.