Age | Commit message (Collapse) | Author |
|
|
|
* lars/doc-cleanup/OTP-14475:
[edoc] Remove unused module otpsgml_layout.erl
Remove unused files from the documentation build
|
|
|
|
|
|
* raimo/ssl-dist-skip-loopback/OTP-14465:
Update runtime dependencies
Disable debug function
Pass all info's to the ssl_connection state function
Remove ssl_tls_dist_ctrl module
Remove ssl_tls_dist_ctrl process
Remove ssl_tls_dist_proxy
Avoid dialyzer warning
Separate in and out in dist ctrl
Rewrite dist ctrl from port to process
Conflicts:
lib/ssl/src/ssl.app.src
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
OTP-14236 requires ssl runtime dependencies to update to latest public_key.
OTP-14181 makes ssl test cases dependent on latest version latest public_key.
|
|
The ssl application uses the new function in many of its test cases.
|
|
|
|
|
|
|
|
|
|
|
|
ssl_pkix_db should not hard code names. On the other hand the names
are nicer with as <Prefix>_dist than <Prefix>dist.
|
|
|
|
Add exception for DTLS (not only TLS) against this broken version.
Make sure configuration is clean for default test group.
|
|
|
|
Otherwhise test can be wrongly initialized and will fail as they try to run
with a broken setup.
This is an addition to b3ca5727169deaa38917edca8288dcaff9a36800 that accidently
was the wrong version of that branch.
|
|
|
|
* ingela/ssl/clean-tests:
ssl: Make sure test initilization is clean
|
|
|
|
* ingela/ssl/session-cache-max/OTP-14556:
ssl: Mend Max session handling
|
|
The commit 256e01ce80b3aadd63f303b9bda5722ad313220f was a misunderstanding
that actually broke the implementation.
It is not so important to keep specific max, rather max is a threshold
when the table should be shrinked as to not grow indefinitely.
New sessions are created when the id is created and may be short lived
it they are not registered for reuse due to handshake failure.
|
|
|
|
Otherwhise test can be wrongly initialized and will fail as they try to run
with a broken setup.
|
|
It is desirable to be as specific as possible in the info message, so
there can be no mistake if the alert is form the peer or generated by
us. This use to be an error message, but it is better to make it an
info message as sending an ALERT ending the connection is an expected
behaviour.
|
|
|
|
* ingela/ssl/dtls-alert-handling/OTP-14078:
dtls: Customize alert handling for DTLS over UDP
|
|
|
|
Test that DTLS handles "high" level packet types as http-packet types.
Low level packet type as {packet, 2} we will consider later if they
should be relevant to support or not.
|
|
Also run this suit on all TLS versions
|
|
|
|
Problems with failure of ssl_certificate_verify_SUITE when enabling DTLS-1
tests in ssl_basic_SUITE was a combination of the bug fixed by the
previous commit and missing clean up code for dtls_protocol_versions
application environment variable
|
|
Only DTLS specific code deals with DTLS version, when common code
is used the DTLS version should be converted to the corresponding TLS version.
|
|
RFC: ecdhe_psk cipher suites
OTP-14547
|
|
|
|
angelhof/public_key/generate_key-rsa-inconsistency-fix
public_key:generate_key/1 RSA key generation inconsistency
OTP-14534
|
|
|
|
* ingela/ssl/timeout-cuddle:
ssl: Longer timeouts for test cases that do many handshakes
|
|
From RFC 6347:
4.1.2.7. Handling Invalid Records
Unlike TLS, DTLS is resilient in the face of invalid records (e.g.,
invalid formatting, length, MAC, etc.). In general, invalid
records SHOULD be silently discarded, thus preserving the
association; however, an error MAY be logged for diagnostic
purposes. Implementations which choose to generate an alert
instead, MUST generate fatal level alerts to avoid attacks where
the attacker repeatedly probes the implementation to see how it
responds to various types of error. Note that if DTLS is run over
UDP, then any implementation which does this will be extremely
susceptible to denial-of-service (DoS) attacks because UDP forgery
is so easy. Thus, this practice is NOT RECOMMENDED for such
transports.
|
|
|
|
* ingela/ssl/cert-handling:
ssl: Correct cipher suite handling
ssl: Modernize DSA cert chain generation
ssl: Clean
ssl: Remove test of OpenSSL
ssl: Use new cert generation
|