aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
AgeCommit message (Collapse)Author
2011-11-15Replaced ets:next traversal with ets:foldl and throwIngela Anderton Andin
ets:next needs an explicit safe_fixtable call to be safe, we rather use ets:foldl and throw to get out of it when we find the correct entry.
2011-11-15Improved session cleanup handlingIngela Anderton Andin
Added session status "new" to mark sessions that are in the session database to reserve the session id but not resumable yet and that we want to separate from sessions that has been invalidated for further reuse.
2011-11-15Fix badarith in ssl_session:validate_session/2Ingela Anderton Andin
The time_stamp filed is now initated in the connection process init function, so that invalidations of sessions due to handshake failiures, will not cause sessions in the session table to have an uninitiated time_stamp field.
2011-11-15Merge branch 'ia/ssl/prepare-for-relese'Ingela Anderton Andin
* ia/ssl/prepare-for-relese: Prepare version and appup for release
2011-11-15Merge branch 'ia/public_key/ssl/crypto/PKCS-8/OTP-9312'Ingela Anderton Andin
* ia/public_key/ssl/crypto/PKCS-8/OTP-9312: Add clause for expected input to pubkey:pseudo_random_function/2 when ASN-1 compiler is fixed. Clean up of public_key code adding specs and documentation Added PKCS-8 support in ssl Additions to crypto and public_key needed for full PKCS-8 support Add PKCS-8 support to public_key
2011-11-11Prepare version and appup for releaseIngela Anderton Andin
2011-11-01Added PKCS-8 support in sslIngela Anderton Andin
2011-10-24fix handling of block_decipher/5 failureAndreas Schultz
A wrong decryption key would cause a badmatch in generic_block_cipher_from_bin/2. The try in block_decipher/5 was probably intendend to deal with that, but was misplace for this. Additionaly, generating a failure alert erly, without computing the record MAC, creates vector for a timing attack on CBC padding (for details check TLS 1.2 RFC 5246, Sect. 6.2.3.2.). This attach vector and the counter meassure applies to all SSL/TLS versions. As a counter messure, compute the MAC even when decryption or padding checks fail. A invalid padding will force a MAC failure by intentionaly invalidating the content.
2011-10-11Put back ssl:peercert/1Ingela Anderton Andin
I accidentally removed a little too much, only peercert/2 was deprecated.
2011-10-06Merge branch 'ia/ssl/remove-old-ssl/OTP-7048'Ingela Anderton Andin
* ia/ssl/remove-old-ssl/OTP-7048: Remove old ssl implementation and deprecated function ssl:peercert/1 Conflicts: lib/ssl/test/Makefile
2011-10-06Merge branch 'ia/ssl/dist-more-tests'Ingela Anderton Andin
* ia/ssl/dist-more-tests: Better option handling Improve code structure Remove ssl_prim calls that are remains from the old ssl distribution Add payload test
2011-10-04Merge branch 'dev' into majorBjörn-Egil Dahlberg
2011-10-04Better option handlingIngela Anderton Andin
Also cleaned up old gaurds.
2011-10-04Prepare releaseOTP_R14B04Erlang/OTP
2011-10-03Improve code structureIngela Anderton Andin
2011-10-03Remove ssl_prim calls that are remains from the old ssl distributionIngela Anderton Andin
2011-10-03Add payload testIngela Anderton Andin
2011-09-29Merge branch 'dev' into majorBjörn-Egil Dahlberg
* dev: Update copyright years
2011-09-29Update copyright yearsBjörn-Egil Dahlberg
2011-09-28Merge branch 'dev' into majorIngela Anderton Andin
2011-09-28Corrected documentation bugIngela Anderton Andin
2011-09-28Merge remote branch 'upstream/dev' into majorIngela Anderton Andin
* upstream/dev: Both the SSLv3 and TLS 1.0/TLS 1.1 specifications require implementations to ignore data following the ClientHello (i.e., extensions) if they do not understand them. fix unknown ssl extension parsing by changing length from bits to bytes Temporary disable tests on MAC due to issus with the MAC ODBC drivers
2011-09-27Both the SSLv3 and TLS 1.0/TLS 1.1 specifications requireIngela Anderton Andin
implementations to ignore data following the ClientHello (i.e., extensions) if they do not understand them. Data not following the protocol format for extensions will be ignored by the last dec_hello_extensions-clause. OTP-8596
2011-09-27fix unknown ssl extension parsing by changing length from bits to bytesBen Murphy
2011-09-20Merge branch 'dev' into majorHenrik Nord
Conflicts: erts/aclocal.m4 erts/include/internal/ethread_header_config.h.in
2011-09-20Merge branch 'ta/docs-fixes' into devHenrik Nord
* ta/docs-fixes: Fix misspelling of intermediate Fix typos in erts/preloaded/src Fix more misspellings of compatibility Fix misspelling of kept Fix misspelling of compatibility in ssl_basic_SUITE Fix misspelling of compatibility Fix misspelling of accommodate Fix misspelling of exceed Fix misspelling of accidentally Fix misspelling of erroneous in xmerl_xsd Fix misspelling of erroneous Fix misspelling of successful Fix typos in instrument(3) Fix typos in dbg(3) dialyzer: fix a small typo in list_to_bitstring test Fix typos in cover.erl Fix typos (variable name) in erl_nif(3) Fix typos in mod_esi(3) Fix trivial typos in erlang(3) OTP-9555
2011-09-16Remove old ssl implementation and deprecated function ssl:peercert/1Ingela Anderton Andin
2011-09-16Merge remote branch 'upstream/dev' into majorIngela Anderton Andin
* upstream/dev: Support explicit use of packet option httph and httph_bin
2011-09-16Support explicit use of packet option httph and httph_binIngela Anderton Andin
2011-09-15Fix more misspellings of compatibilityTuncer Ayaz
2011-09-15Fix misspelling of compatibility in ssl_basic_SUITETuncer Ayaz
2011-09-13Merge branch 'ia/ssl/dist/OTP-7053' into majorIngela Anderton Andin
* ia/ssl/dist/OTP-7053: First fully working version Use ssl instead of being a proxy command Connect from both sides works now
2011-09-09First fully working versionIngela Anderton Andin
2011-09-06Merge branch 'dev' into majorIngela Anderton Andin
* dev: Corrected faulty dialyzer spec
2011-09-06Corrected faulty dialyzer specIngela Anderton Andin
2011-09-05Merge remote branch 'upstream/dev' into majorIngela Anderton Andin
* upstream/dev: Corrected spec name errors: ip_adress -> ip_address port_num -> port_number
2011-09-05Corrected spec name errors: ip_adress -> ip_address port_num -> port_numberIngela Anderton Andin
2011-09-01Use ssl instead of being a proxy commandDan Gudmundsson
2011-09-01Connect from both sides works nowDan Gudmundsson
2011-08-31Merge remote branch 'upstream/dev' into majorIngela Anderton Andin
* upstream/dev: Use inet and gen_* dialyzer specs
2011-08-31Merge branch 'ia/ssl/use-inet-and-gen-specs' into devIngela Anderton Andin
* ia/ssl/use-inet-and-gen-specs: Use inet and gen_* dialyzer specs
2011-08-31Use inet and gen_* dialyzer specsIngela Anderton Andin
2011-08-30Merge branch 'dev' into majorIngela Anderton Andin
* dev: Corrected input argument to error_logger:error_report/1
2011-08-30Corrected input argument to error_logger:error_report/1Ingela Anderton Andin
2011-08-25Merge branch 'dev' into majorHenrik Nord
2011-08-08replace "a ssl" with "an ssl"Christian von Roques
2011-08-08Trivial documentation fixesChristian von Roques
2011-08-08*/c_src/Makefile*: Support parallel makeBjörn Gustavsson
Create directories first, not within implicit rules. If two 'install' instances runs at the same time attempting to create a directory, one of them may fail with an "File exists" error. I tried to use order-only prerequisites to create the directories, but run into two problems: First, order-only prerequisites are only implemented in Make 3.80 and later. Second, on a computer running Solaris/Intel 2.8 (with Make 3.80), order-only prerequisites seemed to work like ordinary prerequisites, causing targets to be re-built if the timestamp for the directory changed. Therefore, using a shell command to run mkdir seems to be the more portable solution.
2011-07-06Merge branch 'ia/ssl/connect-twice' into devIngela Anderton Andin
* ia/ssl/connect-twice: Added test case
2011-07-06Merge branch 'ia/ssl/improved-test-case' into devIngela Anderton Andin
* ia/ssl/improved-test-case: Improved test case so that it will not fail due to last_delay_timer = undefined