| Age | Commit message (Collapse) | Author |
|---|
|
Refactored the code and moved client_check before call to
ssl_test_lib:check_result(Server, ExpectedSNIHostname) as this
call may consume client messages ( which is intentional) but was
missed by the test case writer.
|
|
connection_info -> connection_information
|
|
|
|
|
|
* ia/ssl/sleep-cuddle:
ssl: Adjust sleep time in test case
|
|
Adjust time to make sure "enough" time has elapsed. Will have to do
for now.
|
|
|
|
This reverts commit e09dd66dc4d89c62ddfd8c19791f9678d5d787c6.
|
|
|
|
Dialyzer warned about the incorrect match of Packets. Code
was refactored and the problem avoided in the process.
Dialyzer warned that the empty tuple is not a function as the contract
said it should be. Changed the handling of the sni_fun default value to be
undefined and added it to the contract.
|
|
The newly added function sni_fun allows dynamic update of SSL options
like keys and certificates depending on different SNI hostname, rather
than a predefined rules of SSL options.
|
|
This commit adds tests for SNI server support in:
* ssl_sni_SUITE.erl
* ssl_to_openssl_SUITE.erl
And some more modifications:
* make_certs also makes two certs for SNI, and adds
extra options for SNI.
|
|
|
|
This commit adds a new function, ssl:connection_information/[1,2]
to retrive the connection information from a SSLSocket.
And also, this deprecates a function ssl:connection_info/1, and
reimplements connection_info/1 with the new function.
|
|
|
|
|
|
|
|
Make sure that links from ssl to public_key work.
OTP-12670 - Ignoring 1.2 extension in 1.0 or TLS-1.1
solved by 5edda23ee854038c9d4bcddd0d676ee0ffd20da5
is mentioned here to make the release scripts happy,
as the branch solving this accidently had a name ending 1267
instead of 12670
|
|
|
|
|
|
|
|
ssl SSL
crypto Crypto
stdlib STDLIB
kernel Kernel
public_key Public Key
|
|
|
|
|
|
This reverts commit a3cf4eb4cdd2ce178d81b62faa9f47485fd82331.
This workaround is no longer needed as the, TLS-1.2 extension,
signature_algorithm is now correctly ignored by previous TLS versions.
|
|
|
|
pre TLS 1.2 server should ignore the signature_algorithms extension.
The server code would attempt to select the signature/hash algorithm
even when using TLS 1.0 or 1.1. Instead it should simply use the default
algorithm on those versions.
|
|
|
|
4e0a5e36b38e3f15ed8f7d700d26f2424a47111c
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Change description proposed by technical writer to make better use
of technical terms. Also add some new language improvments discussed
with the technical writer.
|
|
|
|
=== OTP-17.5 ===
Changed Applications:
- asn1-3.0.4
- common_test-1.10
- compiler-5.0.4
- crypto-3.5
- debugger-4.0.3
- dialyzer-2.7.4
- diameter-1.9
- eldap-1.1.1
- erts-6.4
- hipe-3.11.3
- inets-5.10.6
- kernel-3.2
- mnesia-4.12.5
- observer-2.0.4
- os_mon-2.3.1
- public_key-0.23
- runtime_tools-1.8.16
- ssh-3.2
- ssl-6.0
- stdlib-2.4
- syntax_tools-1.6.18
- test_server-3.8
- tools-2.7.2
- wx-1.3.3
Unchanged Applications:
- cosEvent-2.1.15
- cosEventDomain-1.1.14
- cosFileTransfer-1.1.16
- cosNotification-1.1.21
- cosProperty-1.1.17
- cosTime-1.1.14
- cosTransactions-1.2.14
- edoc-0.7.16
- erl_docgen-0.3.7
- erl_interface-3.7.20
- et-1.5
- eunit-2.2.9
- gs-1.5.16
- ic-4.3.6
- jinterface-1.5.12
- megaco-3.17.3
- odbc-2.10.22
- orber-3.7.1
- ose-1.0.2
- otp_mibs-1.0.10
- parsetools-2.0.12
- percept-0.8.10
- reltool-0.6.6
- sasl-2.4.1
- snmp-5.1.1
- typer-0.9.8
- webtool-0.8.10
- xmerl-1.3.7
Conflicts:
OTP_VERSION
erts/vsn.mk
lib/ssl/vsn.mk
|
|
|
|
|
|
* ia/ssl/cuddle-openssl:
Add workaround for problems with s_client defaults
|
|
* essen/ssl-alpn:
ssl: Add TLS-ALPN support
OTP-12580
|
|
|
|
This commit adds support for RFC7301, application-layer protocol
negotiation. ALPN is the standard based approach to the NPN
extension, and is required for HTTP/2.
ALPN lives side by side with NPN and provides an equivalent
feature but in this case it is the server that decides what
protocol to use, not the client.
When both ALPN and NPN are sent by a client, and the server is
configured with both ALPN and NPN options, ALPN will always
take precedence. This behavior can also be found in the OpenSSL
implementation of ALPN.
ALPN and NPN share the ssl:negotiated_protocol/1 function for
retrieving the negotiated protocol. The previously existing
function ssl:negotiated_next_protocol/1 still exists, but has
been deprecated and removed from the documentation.
The tests against OpenSSL require OpenSSL version 1.0.2+.
|
|
|
|
|
|
|
|
|
|
|
