aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
AgeCommit message (Collapse)Author
2016-02-05Merge branch 'maint'Ingela Anderton Andin
2016-02-05Merge branch 'ia/ssl/validator' into maintIngela Anderton Andin
* ia/ssl/validator: ssl: Only start a new session validator if the old one has finished its work
2016-02-04Merge branch 'maint'Zandra
2016-02-04Merge branch 'legoscia/tls-dist-listen-ip' into maintZandra
* legoscia/tls-dist-listen-ip: TLS distribution: bind erts socket to localhost OTP-13300
2016-02-02Add inet6_tls_dist, for TLS distribution over IPv6Magnus Henoch
Generalise much of inet_tls_dist, so that inet6_tls_dist can reuse it.
2016-02-02Merge branch 'maint'Zandra
2016-02-02Merge branch 'legoscia/tls-dist-connect-options' into maintZandra
* legoscia/tls-dist-connect-options: ssl_dist_SUITE: don't use deprecated functions TLS distribution: support inet_dist_connect_options OTP-13285
2016-01-28Ensure testing ssl with supported ciphers onlyDániel Szoboszlay
There are two problematic areas: EC curve selection and interoperability tests with OpenSSL. The tests shouldn't assume any particular EC curve is available, but should always check the list of curves reported by tls_v1:ecc_curves/1. And during interoperability tests the tests shouldn't assume that any cipher suite supported by Erlang is also supported by OpenSSL. There are OpenSSL packages where the command line openssl tool only supports a subset of the ciphers available in libcrypto. The actual list of supported cipher suites thus shall be queried from OpenSSL.
2016-01-27Refactor ssl_crl_SUITE: extract crl_verify_error/6Magnus Henoch
Just like crl_verify_valid/5 checks for a positive result given certain options, crl_verify_error/6 checks for a negative result.
2016-01-27Merge branch 'maint'Zandra
2016-01-27Merge branch 'legoscia/tls_dist_wait_for_code_server' into maintZandra
* legoscia/tls_dist_wait_for_code_server: TLS distribution: wait for code server OTP-13268
2016-01-26ssl: Only start a new session validator if the old one has finished its workIngela Anderton Andin
If the session table is big the validator may not have finshed before the validation interval is up, in this case we should not start a new validator adding to the cpu load.
2016-01-25Merge branch 'maint'Ingela Anderton Andin
2016-01-25Merge branch 'ia/ssl/test-alpn-cuddle' into maintIngela Anderton Andin
* ia/ssl/test-alpn-cuddle: ssl: Fix typos that broke alpn tests
2016-01-21ssl: Fix typos that broke alpn testsIngela Anderton Andin
2016-01-21ssl: Prepare for releaseIngela Anderton Andin
2016-01-21ssl: Fix timing releated bugIngela Anderton Andin
2016-01-21Merge branch 'maint'Ingela Anderton Andin
2016-01-21ssl: In interop tests always check if SSL/TLS version is supported by OpenSSLIngela Anderton Andin
As sslv3 is being faced out we need to test for old version support as well as newer versions.
2016-01-12ssl_dist_SUITE: don't use deprecated functionsMagnus Henoch
Use erlang:unique_integer/1 instead of erlang:now/0 to generate a unique node name. Use rand:uniform/1 instead of random:uniform/1, so we don't need to generate a seed ourselves.
2016-01-12TLS distribution: support inet_dist_connect_optionsMagnus Henoch
Allow adding extra options for outgoing TLS distribution connnections, as supported for plain TCP connections.
2015-12-28Merge branch 'maint'Zandra
2015-12-28Merge branch 'legoscia/tls_dist_error_reporting' into maintZandra
* legoscia/tls_dist_error_reporting: Report bad options for outgoing TLS distribution Save error reasons for TLS distribution connections Report bad options for TLS distribution connections OTP-13219
2015-12-18TLS distribution: bind erts socket to localhostMagnus Henoch
There is no reason for the socket on the erts side of the proxy to accept connections from other hosts, so let's bind it to the loopback interface. Also change {ip, {127,0,0,1}} to {ip, loopback} for the erts side of the socket for outgoing connections, to avoid hardcoding IPv4.
2015-12-16Merge tag 'OTP-18.2'Henrik Nord
=== OTP-18.2 === Changed Applications: - asn1-4.0.1 - common_test-1.11.1 - compiler-6.0.2 - crypto-3.6.2 - dialyzer-2.8.2 - diameter-1.11.1 - erl_docgen-0.4.1 - erl_interface-3.8.1 - erts-7.2 - eunit-2.2.12 - hipe-3.14 - inets-6.1 - jinterface-1.6.1 - kernel-4.1.1 - observer-2.1.1 - parsetools-2.1.1 - public_key-1.1 - runtime_tools-1.9.2 - sasl-2.6.1 - snmp-5.2.1 - ssh-4.2 - ssl-7.2 - stdlib-2.7 - test_server-3.9.1 - tools-2.8.2 - typer-0.9.10 - wx-1.6 - xmerl-1.3.9 Unchanged Applications: - cosEvent-2.2 - cosEventDomain-1.2 - cosFileTransfer-1.2 - cosNotification-1.2 - cosProperty-1.2 - cosTime-1.2 - cosTransactions-1.3 - debugger-4.1.1 - edoc-0.7.17 - eldap-1.2 - et-1.5.1 - gs-1.6 - ic-4.4 - megaco-3.18 - mnesia-4.13.2 - odbc-2.11.1 - orber-3.8 - os_mon-2.4 - ose-1.1 - otp_mibs-1.1 - percept-0.8.11 - reltool-0.7 - syntax_tools-1.7 - webtool-0.9 Conflicts: OTP_VERSION erts/vsn.mk
2015-12-16Merge tag 'OTP-18.2' into maintHenrik Nord
=== OTP-18.2 === Changed Applications: - asn1-4.0.1 - common_test-1.11.1 - compiler-6.0.2 - crypto-3.6.2 - dialyzer-2.8.2 - diameter-1.11.1 - erl_docgen-0.4.1 - erl_interface-3.8.1 - erts-7.2 - eunit-2.2.12 - hipe-3.14 - inets-6.1 - jinterface-1.6.1 - kernel-4.1.1 - observer-2.1.1 - parsetools-2.1.1 - public_key-1.1 - runtime_tools-1.9.2 - sasl-2.6.1 - snmp-5.2.1 - ssh-4.2 - ssl-7.2 - stdlib-2.7 - test_server-3.9.1 - tools-2.8.2 - typer-0.9.10 - wx-1.6 - xmerl-1.3.9 Unchanged Applications: - cosEvent-2.2 - cosEventDomain-1.2 - cosFileTransfer-1.2 - cosNotification-1.2 - cosProperty-1.2 - cosTime-1.2 - cosTransactions-1.3 - debugger-4.1.1 - edoc-0.7.17 - eldap-1.2 - et-1.5.1 - gs-1.6 - ic-4.4 - megaco-3.18 - mnesia-4.13.2 - odbc-2.11.1 - orber-3.8 - os_mon-2.4 - ose-1.1 - otp_mibs-1.1 - percept-0.8.11 - reltool-0.7 - syntax_tools-1.7 - webtool-0.9
2015-12-15Merge branch 'maint'Ingela Anderton Andin
2015-12-15Merge branch 'ia/libressl' into maintIngela Anderton Andin
* ia/libressl: ssl: Print openssl version string ssl: Do not use environment variables in openSSL config file
2015-12-15Merge branch 'maint'Ingela Anderton Andin
2015-12-15ssl: Convert all test to use "ssl_test_lib:portable_open_port"Ingela Anderton Andin
2015-12-15Update release notesErlang/OTP
2015-12-15Merge branch 'ia/libressl' into maintErlang/OTP
* ia/libressl: ssl: Print openssl version string ssl: Do not use environment variables in openSSL config file
2015-12-14ssl: Print openssl version stringIngela Anderton Andin
2015-12-14ssl: Do not use environment variables in openSSL config fileIngela Anderton Andin
LibreSSL does not allow it.
2015-12-14Merge branch 'maint'Ingela Anderton Andin
2015-12-11ssl: fix hibernate_after with instant or near instant timeoutsAndrey Mayorov
2015-12-11Merge branch 'maint'Ingela Anderton Andin
2015-12-11ssl: Fix typosIngela Anderton Andin
2015-12-11Merge branch 'maint'Ingela Anderton Andin
2015-12-11Merge branch 'ia/ssl/windows-tests' into maintIngela Anderton Andin
* ia/ssl/windows-tests: ssl: Use test case time out instead ssl: Use spawn_executable
2015-12-11Merge branch 'ia/ssl/renegotiate-tests' into maintIngela Anderton Andin
* ia/ssl/renegotiate-tests: ssl: Add renegotiation exception
2015-12-11Merge branch 'maint'Lars Thorsen
2015-12-11[ssl] Moved description details to man(6) pageLars Thorsen
2015-12-11[ssl] Correct the documentation so it follows the DTDLars Thorsen
2015-12-10Report bad options for outgoing TLS distributionMagnus Henoch
If ssl:connect/3 returns an error related to options, let's log that so we have a chance to see it and fix it.
2015-12-10Save error reasons for TLS distribution connectionsMagnus Henoch
When establishing an outbound connection for TLS distribution, let's hold on to the failure reasons and use them as exit reasons. These exit reasons are normally invisible, but they can be seen in the logs after calling net_kernel:verbose(1). While there are trace messages in the code already, those require recompiling the module with a special flag, which is more cumbersome than changing the net_kernel verbosity level at run time.
2015-12-09ssl: Use test case time out insteadIngela Anderton Andin
2015-12-09ssl: Use spawn_executableIngela Anderton Andin
2015-12-09ssl: Add renegotiation exceptionIngela Anderton Andin
2015-12-09Merge branch 'maint'Ingela Anderton Andin