aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
AgeCommit message (Collapse)Author
2014-05-22Merge branch 'dz/fix_ssl_max_seq_num' into maintMarcus Arendt
* dz/fix_ssl_max_seq_num: ssl: fix max sequence number so it does not overflow
2014-05-14ssl: Fix dialyzer specIngela Anderton Andin
2014-05-13ssl: Only allow one next protocol handsake messageIngela Anderton Andin
2014-05-12Merge branch 'ia/ssl/inherit/OTP-11897' into maintIngela Anderton Andin
* ia/ssl/inherit/OTP-11897: ssl: Handle socket option inheritance when pooling of accept sockets is used
2014-05-10ssl: fix max sequence number so it does not overflowDanil Zagoskin
The old value of 18446744073709552000 was calculated using math:pow which returns float therefore isn't precise. And it would overflow: erlang:integer_to_list(18446744073709552000, 16) = "10000000000000180" This patch changes MAX_SEQENCE_NUMBER to value calculated with bitwise shift: (1 bsl 64) - 1 = 18446744073709551615
2014-05-09Merge branch 'ia/ssl/false-alerts/OTP-11890' into maintIngela Anderton Andin
* ia/ssl/false-alerts/OTP-11890: ssl: Add checks to avoid processing of illegal alerts
2014-05-09ssl: Handle socket option inheritance when pooling of accept sockets is usedIngela Anderton Andin
Implement a listen socket tracker process that holds the emulated socket options so that it is possible to implement a destructive ssl:setopts on SSL/TLS listen sockets without changing the options of the internal socket as we want that socket to have the internal socket option values.
2014-05-07ssl: SSL/TLS version input list shall not be order dependentIngela Anderton Andin
2014-04-30ssl: Add checks to avoid processing of illegal alertsIngela Anderton Andin
2014-04-24ssl: Fixes ssl_crl_SUITE errors on mixed ipv6-v4 interfacesHans Nilsson
2014-04-24ssl: Remove outdated documentationIngela Anderton Andin
2014-04-23ssl: Fix crash on garbage during handshakeDanil Zagoskin
If a client sends some garbage in ssl record instead of valid fragment, server crashes with function_clause while receiving next record from client. This patch makes server raise handshake failure instead of crashing and exposing internal state to user code.
2014-04-23ssl: Refactor so that there is only one source for the default hashsign valuesIngela Anderton Andin
Also fix DTLS call to supply its corresponding TLS version
2014-04-23ssl: always pass negotiated version when selecting hashsignDanil Zagoskin
Negotiated version is now always passed to ssl_handshake:select_hashsign because ssl_handshake:select_cert_hashsign has different rsa defaults on tlsv1.2 and older versions.
2014-04-23ssl: TLSv1.2: proper default sign algo for RSADanil Zagoskin
2014-04-22Merge branch 'ia/ssl/decrypt-alert/OTP-11880' into maintIngela Anderton Andin
* ia/ssl/decrypt-alert/OTP-11880: ssl: Correct decryption error handling
2014-04-22Merge branch 'ia/ssl/recv/OTP-11878' into maintIngela Anderton Andin
* ia/ssl/recv/OTP-11878: ssl: recv shall ruturn {error, einval} on active socket
2014-04-22Merge branch 'ia/ssl/suites-match-negotiated-version/OTP-11875' into maintIngela Anderton Andin
* ia/ssl/suites-match-negotiated-version/OTP-11875: ssl: Select supported cipher suites for the negotiated SSL/TLS-version
2014-04-17ssl: Correct decryption error handlingIngela Anderton Andin
2014-04-17ssl: recv shall ruturn {error, einval} on active socketIngela Anderton Andin
2014-04-17ssl: Graceful handling of warning alertsIngela Anderton Andin
Generalize last warning alert function clause
2014-04-16ssl: Select supported cipher suites for the negotiated SSL/TLS-versionIngela Anderton Andin
When selecting the available cipher suites for the server all cipher suites for the highest supported SSL/TLS-version would be selected, and not all supported for the negotiated SSL/TLS-version. This could lead to that faulty clients could negotiate cipher suites that they can not support. This change will enable the faulty client to negotiate another cipher suite that it can support.
2014-04-07Update release notesErlang/OTP
2014-03-31Merge branch 'ia/ssl/accept-with-options'Ingela Anderton Andin
* ia/ssl/accept-with-options: ssl: Add possibility to specify ssl options when calling ssl:ssl_accept
2014-03-31ssl: Add possibility to specify ssl options when calling ssl:ssl_acceptIngela Anderton Andin
2014-03-28ssl: Testing - sha256 digest not supported on all platformsBjörn-Egil Dahlberg
Certificates uses: default_md = sha256 This is not supported on all test platforms, use md5 instead for testing.
2014-03-28ssl: fix crl test suite error with unexpected web server responseHans Nilsson
2014-03-26ssl, pubkey: Code and test adjustmentsHans Nilsson
2014-03-26Rework IDP validation according to the RFC, fix public_key testsAndrew Thompson
2014-03-26Various improvements to CRL handlingAndrew Thompson
* Handle v1 CRLs, with no extensions. * Compare the IDP on a CRL correctly, if present * Don't try to double-decode altnames Tests are also included, and the make_certs testing tool in the SSL application has been greatly extended.
2014-03-26Merge branch 'ia/ssl/continue-dtls-and-specs'Ingela Anderton Andin
* ia/ssl/continue-dtls-and-specs: ssl: Avoid dialyzer warnings in dtls code ssl: Improve type specs ssl: Refactor and start implementing dtls_connection.erl
2014-03-25ssl: Avoid dialyzer warnings in dtls codeIngela Anderton Andin
Even if DTLS is not finished, e.i. not runnable yet we want to phase in the code together with refactoring of TLS code, but without introducing warnings in the release.
2014-03-25ssl: Improve type specsIngela Anderton Andin
Conflicts: lib/ssl/src/dtls_record.erl
2014-03-25ssl: Refactor and start implementing dtls_connection.erlIngela Anderton Andin
2014-03-25ssl: Handle SNI alert unrecognized_name and gracefully deal withIngela Anderton Andin
unexpected alerts. Add recognitions of RFC 4366 alerts and handle possible unimplementd alerts in a gracefully way.
2014-03-20Introduce runtime_dependencies in .app filesRickard Green
Most dependencies introduced are exactly the dependencies to other applications found by xref. That is, there might be real dependencies missing. There might also be pure debug dependencies listed that probably should be removed. Each application has to be manually inspected in order to ensure that all real dependencies are listed. All dependencies introduced are to application versions used in OTP 17.0. This since the previously used version scheme wasn't designed for this, and in order to minimize the work of introducing the dependencies.
2014-03-14ssl: Server now ignores client ECC curves that it does not support instead ofIngela Anderton Andin
crashing. When TLS client sends Supported Elliptic Curves Client Hello Extension the server shall select a curve supported by both sides or refuse to negotiate the use of an ECC cipher suite.
2014-03-14Add test for unknown elliptic curve supported by clientDanil Zagoskin
When TLS client sends a Supported Elliptic Curves Client Hello Extension containing an unknown curve enum value, a server crashes with a function_clause instead of just ignoring specified unknown curve.
2014-03-04ssl: Add exception for inet and inet6 to proplist checkIngela Anderton Andin
2014-03-04Merge branch 'ia/ssl/proplist-input-check/OTP-11760'Ingela Anderton Andin
* ia/ssl/proplist-input-check/OTP-11760: ssl: Add input sanity check
2014-03-04ssl: Add input sanity checkIngela Anderton Andin
Avoid puzzling behavior due to options being disregarded if they are not key value tuples.
2014-03-03ssl: Improved documentation of the cacertfile optionIngela Anderton Andin
2014-02-25ssl: Fix compiler warningsIngela Anderton Andin
2014-02-25ssl: Fix appup regexps and instructionsIngela Anderton Andin
2014-02-25Merge branch 'ia/ssl/prepare-for-release'Ingela Anderton Andin
* ia/ssl/prepare-for-release: ssl: Prepare for release
2014-02-25ssl: Prepare for releaseIngela Anderton Andin
2014-02-24Merge branch 'fenollp/otp-edoc-usage-fixes'Henrik Nord
* fenollp/otp-edoc-usage-fixes: Fix edoc usage errors OTP-11702
2014-02-24Merge branch 'hb/dialyzer/deprecate_types/OTP-10342'Hans Bolinder
* hb/dialyzer/deprecate_types/OTP-10342: Deprecate pre-defined built-in types
2014-02-24Merge branch 'schlagert/fix_basic_appups'Siri Hansen
* schlagert/fix_basic_appups: Dynamically configure typer_SUITE according to environment Disable hipe_SUITE when environment doesn't support it Make hipe non-upgradable by setting appup file empty Fix missing module on hipe app file template Add test suites performing app and appup file checks Introduce appup test utility Fix library application appup files Fix non-library appup files according to issue #240 OTP-11744
2014-02-24Add test suites performing app and appup file checksTobias Schlager
Add the mentioned test suites for *all* library and touched non-library applications.