1 SSL Release Notes
This document describes the changes made to the SSL application.
1.1 SSL 2.3.4
1.1.1 Improvements and New Features
-
All TCP options allowed in gen_tcp, are now also allowed in
SSL, except the option
{reuseaddr, Boolean}
. A new
function getopts
has been added to the SSL interface
module ssl
.
OwnId: OTP-4305, OTP-4159
1.2 SSL 2.3.3
1.2.1 Fixed Bugs and Malfunctions
-
The roles of the SSLeay and OpenSSL packages has been
clarified in the ssl(6) application manual page. Also
the URLs from which to download SSLeay has been updated.
OwnId: OTP-4002
Aux Id: seq5269
-
A call to
ssl:listen(Port, Options)
with
Options = []
resulted in the cryptic {error,
ebadf}
return value. The return value has been changed
to {error, enooptions}
, and the behaviour has been
documented in the listen/2
function.
OwnId: OTP-4016
Aux Id: seq7006
-
Use of the option
{nodelay, boolean()}
crashed
the ssl_server
.
OwnId: OTP-4070
Aux Id:
-
A bug caused the Erlang distribution over ssl to fail.
This bug has now been fixed.
OwnId: OTP-4072
Aux Id:
-
On Windows when the SSL port program encountered an
error code not anticipated it crashed.
OwnId: OTP-4132
Aux Id:
1.3 SSL 2.3.2
1.3.1 Fixed Bugs and Malfunctions
-
The
ssl:accept/1-2
function sometimes returned
{error, {What, Where}}
instead of {error,
What}
, where What
is an atom.
OwnId: OTP-3775
Aux Id: seq4991
1.4 SSL 2.3.1
1.4.1 Fixed Bugs and Malfunctions
-
Sometimes the SSL portprogram would loop in an accept
loop, without terminating even when the SSL application
was stopped..
OwnId: OTP-3691
1.5 SSL 2.3
Functions have been added to SSL to experimentally support
Erlang distribution.
1.6 SSL 2.2.1
The 2.2.1 version of SSL provides code replacement in runtime
by upgrading from, or downgrading to, versions 2.1 and 2.2.
1.7 SSL 2.2
1.7.1 Improvements and New Features
-
The restriction that only the creator of an SSL socket can
read from and write to the socket has been lifted.
OwnId: OTP-3301
-
The option
{packet, cdr}
for SSL sockets has been added,
which means that SSL sockets also supports CDR encoded packets.
OwnId: OTP-3302
1.7.2 Known Bugs and Problems
-
Setting of a CA certificate file with the
cacertfile
option (in calls to ssl:accept/1/2
or
ssl:connect/3/4
) does not work due to weaknesses
in the SSLeay package.
A work-around is to set the OS environment variable
SSL_CERT_FILE
before SSL is started. However, then
the CA certificate file will be global for all connections.
OwnId: OTP-3146
-
When changing controlling process of an SSL socket, a
temporary process is started, which is not gen_server
compliant.
OwnId: OTP-3146
-
Although there is a
cache
timeout option, it is
silently ignored.
OwnId: OTP-3146
-
There is currently no way to restrict the cipher sizes.
OwnId: OTP-3146
1.8 SSL 2.1
1.8.1 Improvements and New Features
-
The set of possible error reasons has been extended to
contain diagnostics on erronous certificates and failures
to verify certificates.
OwnId: OTP-3145
-
The maximum number of simultaneous SSL connections on
Windows has been increased from 31 to 127.
OwnId: OTP-3145
1.8.2 Fixed Bugs and Malfunctions
-
A dead-lock occuring when write queues are not empty has
been removed.
OwnId: OTP-3145
-
Error reasons have been unified and changed.
(** POTENTIAL INCOMPATIBILITY **)
OwnId: OTP-3145
-
On Windows a check of the existence of the environment
variable
ERLSRV_SERVICE_NAME
has been added. If
that variable is defined, the port program of the SSL
application will not terminated when a user logs off.
OwnId: OTP-3145
-
An error in the setting of the
nodelay
option
has been corrected.
OwnId: OTP-3145
-
The confounded notions of verify mode and verify depth has
been corrected. The option
verifydepth
has been
removed, and the two separate options verify
and
depth
has been added.
(** POTENTIAL INCOMPATIBILITY **)
OwnId: OTP-3145
1.8.3 Known Bugs and Problems
-
Setting of a CA certificate file with the
cacertfile
option (in calls to ssl:accept/1/2
or
ssl:connect/3/4
) does not work due to weaknesses
in the SSLeay package.
A work-around is to set the OS environment variable
SSL_CERT_FILE
before SSL is started. However, then
the CA certificate file will be global for all connections.
OwnId: OTP-3146
-
When changing controlling process of an SSL socket, a
temporary process is started, which is not gen_server
compliant.
OwnId: OTP-3146
-
Although there is a
cache
timeout option, it is
silently ignored.
OwnId: OTP-3146
-
There is currently no way to restrict the cipher sizes.
OwnId: OTP-3146
1.9 SSL 2.0
A complete new version of SSL with separate I/O channels
for all connections with non-blocking I/O multiplexing.
Copyright © 1991-2002
Ericsson Utvecklings AB