aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
AgeCommit message (Collapse)Author
2015-06-15Merge branch 'ia/ssl/unknown-hash/OTP-12829'Ingela Anderton Andin
* ia/ssl/unknown-hash/OTP-12829: ssl: Add unassigned values ssl: Do not crash on proprietary hash_sign algorithms
2015-06-10Merge branch 'ferd/deny-client-renegotiation'Henrik Nord
* ferd/deny-client-renegotiation: Add disable client-initiated renegotiation option Conflicts: lib/ssl/doc/src/ssl.xml lib/ssl/src/ssl.erl OTP-12815
2015-06-10ssl: Add unassigned valuesIngela Anderton Andin
2015-06-10Merge branch 'essen/fix-alpn-test'Henrik Nord
* essen/fix-alpn-test: ssl: Fix small error in an ALPN test
2015-06-08ssl: Do not crash on proprietary hash_sign algorithmsIngela Anderton Andin
TLS hash_sign algorithms may have proprietary values see http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml We should add callbacks to let applications handle them. But for now we do not want to crash if they are present and let other algorithms be negotiated.
2015-06-08ssl: Update appup for 18Ingela Anderton Andin
2015-06-03Add disable client-initiated renegotiation optionFred Hebert
Client-initiated renegotiation is more costly for the server than the client, and this feature can be abused in denial of service attempts. Although the ssl application already takes counter-measure for these (via cooldown periods between renegotiations), it can be useful to disable the feature entirely. This patch adds the `{client_renegotiation, boolean()}' option to the server-side of the SSL application (defaulting to `true' to be compatible with the current behaviour). The option disables the ability to do any renegotiation at all in the protocol's state, reusing the existing denial code, but without opening the code path that sets up a timed message to eventually reopen it up.
2015-06-02ssl: Fix small error in an ALPN testLoïc Hoguin
2015-06-02Merge branch 'tombriden/handle_ssl_error'Henrik Nord
* tombriden/handle_ssl_error: TLS Dist: Handle ssl_error and close ssl socket OTP-12799
2015-06-02Merge branch 'maint'Henrik Nord
Conflicts: OTP_VERSION lib/inets/test/httpd_SUITE.erl lib/inets/vsn.mk lib/ssh/src/ssh.erl lib/ssh/vsn.mk lib/ssl/src/ssl.appup.src lib/ssl/vsn.mk
2015-06-01Update release notesErlang/OTP
2015-05-29ssl: Prepare for releaseIngela Anderton Andin
2015-05-29ssl: Correct handling of bad input to premaster_secret calculationIngela Anderton Andin
alert records needs to be thrown from ssl_handshake:premaster_secret/[2/3] so that operations will end up in the catch clause of the invokation of certify_client_key_exchange/3 in ssl_connection.erl, and hence terminate gracefully and not continue to try and calculate the master secret with invalid inputs and crash.
2015-05-19ssl: Make test case timing independentIngela Anderton Andin
Refactored the code and moved client_check before call to ssl_test_lib:check_result(Server, ExpectedSNIHostname) as this call may consume client messages ( which is intentional) but was missed by the test case writer.
2015-05-19ssl: Use new API function connection_information in testsIngela Anderton Andin
connection_info -> connection_information
2015-05-19ssl: Increase readabilityIngela Anderton Andin
2015-05-19ssl: Add cleanup to testsIngela Anderton Andin
2015-05-18Merge branch 'ia/ssl/sleep-cuddle'Ingela Anderton Andin
* ia/ssl/sleep-cuddle: ssl: Adjust sleep time in test case
2015-05-18ssl: Adjust sleep time in test caseIngela Anderton Andin
Adjust time to make sure "enough" time has elapsed. Will have to do for now.
2015-05-13ssl: Align "=" sign in type declarations to decided policyIngela Anderton Andin
2015-05-13Revert "Prepare release"Henrik Nord
This reverts commit e09dd66dc4d89c62ddfd8c19791f9678d5d787c6.
2015-05-12Prepare releaseErlang/OTP
2015-05-12ssl: Refactored and corrected sni_fun handlingIngela Anderton Andin
Dialyzer warned about the incorrect match of Packets. Code was refactored and the problem avoided in the process. Dialyzer warned that the empty tuple is not a function as the contract said it should be. Changed the handling of the sni_fun default value to be undefined and added it to the contract.
2015-05-12ssl: add option sni_funQijiang Fan
The newly added function sni_fun allows dynamic update of SSL options like keys and certificates depending on different SNI hostname, rather than a predefined rules of SSL options.
2015-05-12ssl: add tests for SNI server supportQijiang Fan
This commit adds tests for SNI server support in: * ssl_sni_SUITE.erl * ssl_to_openssl_SUITE.erl And some more modifications: * make_certs also makes two certs for SNI, and adds extra options for SNI.
2015-05-12ssl: docs: SNI server, connection_information/1,2Qijiang Fan
2015-05-12ssl: add ssl:connection_information/[1,2]Qijiang Fan
This commit adds a new function, ssl:connection_information/[1,2] to retrive the connection information from a SSLSocket. And also, this deprecates a function ssl:connection_info/1, and reimplements connection_info/1 with the new function.
2015-05-12ssl: deny recursively defined sni_hostsQijiang Fan
2015-05-12ssl: add SNI server supportQijiang Fan
2015-05-11ssl: Align "=" sign in type declarations to decided policyIngela Anderton Andin
2015-05-11public_key, ssl: Align public_key and ssl docIngela Anderton Andin
Make sure that links from ssl to public_key work. OTP-12670 - Ignoring 1.2 extension in 1.0 or TLS-1.1 solved by 5edda23ee854038c9d4bcddd0d676ee0ffd20da5 is mentioned here to make the release scripts happy, as the branch solving this accidently had a name ending 1267 instead of 12670
2015-05-04ssl: Add missing tagIngela Anderton Andin
2015-04-30ssl: Put back markerIngela Anderton Andin
2015-04-30ssl: Fix linksIngela Anderton Andin
2015-04-30ssl: Align with application naming rulesIngela Anderton Andin
ssl SSL crypto Crypto stdlib STDLIB kernel Kernel public_key Public Key
2015-04-30ssl: Keep information in one place onlyIngela Anderton Andin
2015-04-30ssl: Correct makefileIngela Anderton Andin
2015-04-29TLS Dist: Handle ssl_error and close ssl socketTom Briden
In some instances, restarting a node causes a fatal SSL error on the other nodes which isn't handled leaving the socket open. Eventually the nodes will net tick timeout but the node being restarted never comes back to life By handling the fatal error and closing the socket, the restarting node can restart successfully even when the ssl error occurs
2015-04-22Revert "Add workaround for problems with s_client defaults"Ingela Anderton Andin
This reverts commit a3cf4eb4cdd2ce178d81b62faa9f47485fd82331. This workaround is no longer needed as the, TLS-1.2 extension, signature_algorithm is now correctly ignored by previous TLS versions.
2015-04-21ssl: Add unit test caseIngela Anderton Andin
2015-04-20ssl: Ignore signature_algorithm (TLS 1.2 extension) sent to TLS 1.0/1 serverAndreas Schultz
pre TLS 1.2 server should ignore the signature_algorithms extension. The server code would attempt to select the signature/hash algorithm even when using TLS 1.0 or 1.1. Instead it should simply use the default algorithm on those versions.
2015-04-20ssl: Adjust to public_key application removing legacy compact_bit_string switchIngela Anderton Andin
2015-04-16ssl: Add runtime depenency due to commit ↵Ingela Anderton Andin
4e0a5e36b38e3f15ed8f7d700d26f2424a47111c
2015-04-09ssl: Document enhancementsIngela Anderton Andin
2015-04-09ssl: Align with alphabetical orderIngela Anderton Andin
2015-04-09ssl: Align with editorial changesIngela Anderton Andin
2015-04-09ssl: Correct merge errorIngela Anderton Andin
2015-04-09ssl: Add linksIngela Anderton Andin
2015-04-09ssl: Correct typosIngela Anderton Andin
2015-04-09ssl: Correct XML-tagIngela Anderton Andin