aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src/ssl_pkix_db.erl
diff options
context:
space:
mode:
authorAnders Svensson <[email protected]>2015-08-24 16:14:49 +0200
committerAnders Svensson <[email protected]>2015-08-25 00:03:03 +0200
commit502189ba42469d3332bc0658caa2bd0de1e3fcb9 (patch)
tree0099a98bd0d934766809085056fb1e2022b52790 /lib/ssl/src/ssl_pkix_db.erl
parent155c22ff3ce3f667d4a984bd6648f029e0998381 (diff)
downloadotp-502189ba42469d3332bc0658caa2bd0de1e3fcb9.tar.gz
otp-502189ba42469d3332bc0658caa2bd0de1e3fcb9.tar.bz2
otp-502189ba42469d3332bc0658caa2bd0de1e3fcb9.zip
Add service_opt() strict_mbit
There are differing opinions on whether or not reception of an arbitrary AVP setting the M-bit is an error. 1.3.4 of RFC 6733 says this about how an existing Diameter application may be modified: o The M-bit allows the sender to indicate to the receiver whether or not understanding the semantics of an AVP and its content is mandatory. If the M-bit is set by the sender and the receiver does not understand the AVP or the values carried within that AVP, then a failure is generated (see Section 7). It is the decision of the protocol designer when to develop a new Diameter application rather than extending Diameter in other ways. However, a new Diameter application MUST be created when one or more of the following criteria are met: M-bit Setting An AVP with the M-bit in the MUST column of the AVP flag table is added to an existing Command/Application. An AVP with the M-bit in the MAY column of the AVP flag table is added to an existing Command/Application. The point here is presumably interoperability: that the command grammar should specify explicitly what mandatory AVPs much be understood, and that anything more is an error. On the other hand, 3.2 says thus about command grammars: avp-name = avp-spec / "AVP" ; The string "AVP" stands for *any* arbitrary AVP ; Name, not otherwise listed in that Command Code ; definition. The inclusion of this string ; is recommended for all CCFs to allow for ; extensibility. This renders 1.3.4 pointless unless "*any* AVP" is qualified by "not setting the M-bit", since the sender can effectively violate 1.3.4 without this necessitating an error at the receiver. If clients add arbitrary AVPs setting the M-bit then request handling becomes more implementation-dependent. The current interpretation in diameter is strict: if a command grammar doesn't explicitly allow an AVP setting the M-bit then reception of such an AVP is regarded as an error. The strict_mbit option now allows this behaviour to be changed, false turning all responsibility for the M-bit over to the user.
Diffstat (limited to 'lib/ssl/src/ssl_pkix_db.erl')
0 files changed, 0 insertions, 0 deletions