Age | Commit message (Collapse) | Author |
|
* ia/ssl/tls1.1and1.2: (46 commits)
ssl: Clean up of code thanks to dialyzer
ssl: Test suite adjustments
ssl & public_key: Prepare for release
ssl: Use crypto:strong_rand_bytes if possible
ssl & public_key: Add use of more "sha-rsa oids"
ssl: Fix inet header option to behave as in inet
ssl: TLS 1.2: fix hash and signature handling
ssl: TLS 1.2: fix Certificate Request list of Accepted Signatur/Hash combinations
ssl: Add Signature Algorithms hello extension from TLS 1.2
ssl: Fix rizzo tests to run as intended
ssl: TLS-1.1 and TLS-1.2 support should not be default until R16
ssl: Signture type bug
ssl: Add crypto support check (TLS 1.2 require sha256 support)
ssl: Dialyzer fixes
ssl: IDEA cipher is deprecated by TLS 1.2
ssl: Run relevant tests for all SSL/TLS versions
ssl: Add TLS version switches to openssl tests
ssl: Enable TLS 1.2
ssl: Enable mac_hash for TLS 1.2
ssl: Implement TLS 1.2 signature support
...
|
|
* sverk/ets-test_ms-bug/OTP-10190:
Fix bug in ets:test_ms/2.
|
|
* origin/peppe/common_test/ct_hooks_errors:
Fix IO printout crash caused by hook function
Fix timetrap error in pre-hooks
Conflicts:
lib/common_test/src/cth_surefire.erl
OTP-10050
OTP-10069
OTP-10072
|
|
|
|
* ia/odbc/test-suite-maint:
odbc: remove "-" in hostname from generated unique table name
|
|
* bjorn/compiler/illegal-size/OTP-10197:
compiler: Warn if the size of a binary segment is invalid
|
|
* hb/tools/xref_filenames/OTP-10192:
Allow non-ASCII characters in Xref filanmes
|
|
Column numbers was merged without understanding all the whole
story. See mail on erlang-patches for details.
This reverts commit df8e67e203b83f95d1e098fec88ad5d0ad840069, reversing
changes made to 0c9d90f314f364e5b1301ec89d762baabc57c7aa.
|
|
The compiler would silently accept and Dialyzer would crash on
code like:
<<X:(2.5)>>
It is never acceptable for Dialyzer to crash. The compiler should
at least generate a warning for such code. It is tempting to let
the compiler generate an error, but that would mean that code like:
Sz = 42.0,
<<X:Sz>>.
would be possible to compile with optimizations disabled, but not
with optimizations enabled.
Dialyzer crashes because it calls cerl:bitstr_bitsize/1, which
crashes if the type of size for the segment is invalid. The easiest
way to avoid that crash is to extend the sanity checks in v3_core
to also include the size field of binary segments. That will cause
the compiler to issue a warning and to replace the bad binary
construction with a call to erlang:error/1. (It also means that
Dialyzer will not issue a warning for bad size fields.)
|
|
|
|
|
|
Tickets solved by this branch: OTP-8871, OTP-8872 and OTP-9908
|
|
|
|
|
|
This options is useless and should be deprecated. But we behave
as inet does for now!
|
|
with TLS 1.2 the hash and signature on a certify message can
differ from the defaults. So we have to make sure to always
use the hash and signature algorithm indicated in the
handshake message
|
|
combinations
|
|
This is also avoids triggering some bugs in OpenSSL.
|
|
The Rizzo tests ran both SSL 3.0 and TLS 1.0 tests in the same test
case but the new group structure that run all relevant test for all
relevant SSL/TLS versions we need to change that to run the protocol version
of the group the we are currently running.
|
|
|
|
|
|
|
|
|
|
As we did not yet support IDEA ciphers and they have now become deprecated we
skip supporting them altogether.
|
|
|
|
|
|
|
|
|
|
|
|
TLS 1.2 introduces changes on how signatures
are calculate and encoded. This makes the
signature handling version aware
|
|
|
|
|
|
|
|
TLS 1.2 allows to negotiate the used PRF,
additional the default PRF uses a different
hash. This change make the PRF selectable
and hardwires the PRF for TLS < 1.2
|
|
dh parameter verification is done differently with TLS 1.2.
Prepare for that by passing the verion to verify_dh_params.
|
|
TLS 1.2 changes the layout of several handshake
records. This adds the TLS version to dec_hs/2
so it can decode those.
|
|
TLS 1.2 changed the way digital signatures are
done. key_exchange/3 needs to pass the version
to it.
|
|
now that we handle TLS 1.1+ records correctly, the test suite
have to take that into account.
|
|
|
|
With TLS 1.2 the handling of the IV in cipher blocks
changed. This prepares ssl_cipher:cipher/5 for that
change by passing the TLS version into it and allowing
generic_block_cipher_from_bin/4 to overload the IV.
|
|
TLS/SSL version before 1.2 always used a MD5/SHA combination
for the handshake hashes. With TLS 1.2 the default hash is
SHA256 and it is possible to negotiate a different hash.
This change delays the calculation of the handshake
hashes until they are really needed. At that point the hash
to use should be known.
For now MD5/SHA is still hard coded.
|
|
dsa -> dss
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|