aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
AgeCommit message (Collapse)Author
2019-04-01Merge branch 'ingela/ssl/AES-CCM/OTP-15626'Ingela Anderton Andin
* ingela/ssl/AES-CCM/OTP-15626: ssl: Adapt DTLS code to optimizations ssl: Add support AES_CCM cipher suites form RFC 6655
2019-03-29 ssl: Add missing tuple in shutdown reasonIngela Anderton Andin
2019-03-29ssl: Adapt DTLS code to optimizationsIngela Anderton Andin
2019-03-29ssl: Add support AES_CCM cipher suites form RFC 6655Ingela Anderton Andin
2019-03-29ssl: Correct test caseIngela Anderton Andin
Optimization to concatenate small user data packages recived closely after each other has invalidated assumptions in the test case.
2019-03-29ssl: Remove test cases from ssl_basic_SUITEIngela Anderton Andin
The test are moved to ssl_cipher_suite_SUITE
2019-03-29ssl: Remove basic test group from ssl_to_openssl_SUITEIngela Anderton Andin
This group has started to fail as our default has diverged from OpenSSL defaults and we are not really interested in testing OpenSSL defaults.
2019-03-26Revert "Prepare release"Henrik Nord
This reverts commit 0118046f9bda8dcf3594184fa439b79267db8017.
2019-03-25Prepare releaseErlang/OTP
2019-03-24ssl: Enhance testingIngela Anderton Andin
2019-03-22Merge branch 'peterdmv/ssl/document-tls13/OTP-13819'Péter Dimitrov
* peterdmv/ssl/document-tls13/OTP-13819: ssl: Update standards compliance Change-Id: Ie743a61fff2416abc741e1508864480a09091add
2019-03-22Merge branch 'ingela/ssl/default-supported-versions/OTP-14865'Ingela Anderton Andin
* ingela/ssl/default-supported-versions/OTP-14865: ssl: Remove default support for legacy versions
2019-03-21ssl: Update standards compliancePéter Dimitrov
Change-Id: I365965750e4b9747bf1fb8560f34afe6eecf7f02
2019-03-21Merge branch 'peterdmv/ssl/tls13-conn-info'Péter Dimitrov
* peterdmv/ssl/tls13-conn-info: ssl: Fix ssl:connection_information/1 in TLS 1.3 Change-Id: I492b0973bb4ee44354edf22ed3bc2a6e5c7b90c5
2019-03-21Revert "ssl: Correct handling of crypto exception handling."Ingela Anderton Andin
This reverts commit 884503bc69157d2a3c6bd72389b4e2a800f97fb6.
2019-03-21ssl: Remove default support for legacy versionsIngela Anderton Andin
TLS-1.0, TLS-1.1 and DTLS-1.0 are now considered legacy
2019-03-20ssl: Correct handling of crypto exception handling.Ingela Anderton Andin
Documentation was incorrect, and new specs provided dialyzer errors.
2019-03-19Merge branch 'maint'Rickard Green
* maint: Updated OTP version Prepare release
2019-03-19Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/ssl.erl lib/ssl/src/tls_connection.erl
2019-03-19Merge branch 'ingela/ssl/transport-transparance/ERL-861/OTP-15679' into maintIngela Anderton Andin
* ingela/ssl/transport-transparance/ERL-861/OTP-15679: ssl: Fix transport transparancy
2019-03-18Prepare releaseErlang/OTP
2019-03-18Merge branch 'ingela/ssl/recv-timeout-bug/ERL-884/ERL-883/OTP-14701' into ↵Erlang/OTP
maint-21 * ingela/ssl/recv-timeout-bug/ERL-884/ERL-883/OTP-14701: ssl: Cancel recv timer in all places
2019-03-18Merge branch 'ingela/ssl/transport-transparance/ERL-861/OTP-15679' into maint-21Erlang/OTP
* ingela/ssl/transport-transparance/ERL-861/OTP-15679: ssl: Fix transport transparancy
2019-03-18ssl: Fix ssl:connection_information/1 in TLS 1.3Péter Dimitrov
Store cipher suite information in session record. Test ssl:connection_information/1 in a TLS 1.3 connection. Change-Id: I7193e6dd2544540e446b5777b5768806cecf2bd3
2019-03-18Merge branch 'peterdmv/ssl/client-auth/OTP-15591'Péter Dimitrov
* peterdmv/ssl/client-auth/OTP-15591: ssl: Improve ssl logging ssl: Test handling of signature algorithms ssl: Handle unencrypted Alert (Illegal Parameter) ssl: Improve verification of received Certificate ssl: Fix Alert logging ssl: Fix get_handshake_context/2 ssl: Test HelloRetryRequest with client auth ssl: Verify signature algorithm in CV ssl: Verify CertificateVerify ssl: Test client authentication with certificate ssl: Validate client certificates (TLS 1.3) ssl: Test client authentication (empty cert) ssl: Implement state 'wait_cert' ssl: Add ssl logger support for CertificateRequest ssl: Fix ssl alerts Change-Id: Id4ba14d373f116038a7cb3ff9fc33faed23031c8
2019-03-16ssl: Cancel recv timer in all placesIngela Anderton Andin
Would cause connection to crash although all data was delivered to ssl:recv
2019-03-14ssl: Improve ssl loggingPéter Dimitrov
Remove function ssl:set_log_level/1. Its functionality is already implemented by logger:set_application_level/2. Set log level for ssl modules to debug at application start. Former implementation required an extra call to logger:set_application_level/2 (beside setting ssl option {log_level, debug}) to enable debug logging. Change-Id: Id21be7fd58915e11124cc136bb92d8a7526b8a74
2019-03-14ssl: Test handling of signature algorithmsPéter Dimitrov
Change-Id: I433924f9c590efa94423db5df52dd3f5d53d9d20
2019-03-14ssl: Handle unencrypted Alert (Illegal Parameter)Péter Dimitrov
Handle unencrypted 'Illegal Parameter' Alerts from openssl s_client when the server's connection states are already stepped into traffic encryption. Change-Id: I10951a9061e6f4b13d8ddb8ab99f8a812a483113
2019-03-14ssl: Improve verification of received CertificatePéter Dimitrov
Validate peer certificate against supported signature algorithms. Send 'Hanshake Failure' Alert if signature algorithm is not supported by the server. Change-Id: Iad428aad337f0f9764d23404c203f966664c4555
2019-03-14ssl: Fix Alert loggingPéter Dimitrov
Report the role of the peer when logging incoming Alerts. Change-Id: I7eec46bc36f9080f5087b6a38e7f14ac628fe286
2019-03-12Merge branch 'maint'Henrik Nord
* maint: Updated OTP version Prepare release
2019-03-11Prepare releaseErlang/OTP
2019-03-11ssl: Fix transport transparancyIngela Anderton Andin
2019-03-08Merge branch 'maint'Ingela Anderton Andin
2019-03-08ssl: Correct active once emulationIngela Anderton Andin
Conflicts: lib/ftp/test/ftp_SUITE.erl
2019-03-07ssl: Fix get_handshake_context/2Péter Dimitrov
Split get_handshake_context/2 into two functions. The new get_handshake_context_cv/2 returns the context for the verification of CertificateVerify. Change-Id: I461eb67bda1d9c1673e463d417c3e838fca6b40c
2019-03-07ssl: Test HelloRetryRequest with client authPéter Dimitrov
Change-Id: I6504d99a96ed6fc75dbdff78a6148ed39d3776c9
2019-03-07ssl: Verify signature algorithm in CVPéter Dimitrov
Verify if the signature algorithm used in the signature of CertificateVerify is one of those present in the supported_signature_algorithms field of the "signature_algorithms" extension in the CertificateRequest message. Change-Id: I7d3b5f10e3205447fb9a9a7e59b93568d1696432
2019-03-06ssl: Verify CertificateVerifyPéter Dimitrov
Verify CertificateVerify message against the handshake context and the public key provided by the Certificate message. Remove 'Context' argument from state handler functions and store data in the state variable. Refactor get_handshake_context/1 to cover all implemented cases. Change-Id: If803e05009331d1ec7e0ba2ea2b81d917a0add6d
2019-03-04ssl: Test client authentication with certificatePéter Dimitrov
Change-Id: I09c0501ea790941001b11a3f6d12a96f18da2bea
2019-03-04ssl: Validate client certificates (TLS 1.3)Péter Dimitrov
Implement validation of client certificates in state 'wait_cert'. Implement state 'wait_cv'. Clean up handler functions. Change-Id: I5c410bf7afe34632f27fabcd61670764fedb105d
2019-03-04ssl: Test client authentication (empty cert)Péter Dimitrov
Test client authentication when client responds with empty Certificate. Change-Id: I725ae60c6d097ca13c5f4354e35377ecacf98dea
2019-03-04ssl: Implement state 'wait_cert'Péter Dimitrov
Implement state 'wait_cert' with its handler function do_wait_cert/2. Send CertificateRequest if peer verification is enabled. Send Alert 'certificate required' if client answers with empty Certificate and option 'fail_if_no_peer_cert' is set to true. Change-Id: I72c73bcb6bc68ea60e6fe41cdd29ccfe40d18322
2019-03-04ssl: Add ssl logger support for CertificateRequestPéter Dimitrov
Change-Id: I5fdade8474147d05bc12d28fec91a47d4fd6e73b
2019-03-04ssl: Fix ssl alertsPéter Dimitrov
Add missing alert to description_atom/1. Function clauses ordered by value of the alert. Change-Id: Ibb68ea261c42070c757b2815abd3f7b179880128
2019-03-04Merge branch 'peterdmv/ssl/hello-retry-request/OTP-15590'Péter Dimitrov
* peterdmv/ssl/hello-retry-request/OTP-15590: ssl: Fix type spec for handshake_history() ssl: Add tests for hello_retry_request and groups ssl: Implement 'hello_retry_request' Change-Id: I04ad2860d0ba81462a1e36c7d6fcee6bc5c98c32
2019-03-04Merge branch 'maint'Raimo Niskanen
* maint: fixup! ssl: Add support for {active,N} ssl: Use common fonction to update {active,N} ssl: Document {active,N} ssl: Add support for {active,N}
2019-03-04Merge branch 'essen/ssl-active-n' into maintRaimo Niskanen
* essen/ssl-active-n: fixup! ssl: Add support for {active,N} ssl: Use common fonction to update {active,N} ssl: Document {active,N} ssl: Add support for {active,N} Conflicts: lib/ssl/src/ssl.erl
2019-02-28ssl: Fix type spec for handshake_history()Péter Dimitrov
handshake_history() was specified as {[binary()], [binary[]]}, although its real type was {iodata(), iodata()}, dialyzer did not give a warning until a new function matched out an element of handshake_history and used it as input data for crypto:hash/2. Change-Id: I60660e7296a52bf69bd7198a4cffee8338907726