Age | Commit message (Collapse) | Author |
|
* hb/dialyzer/bugfix/OTP-12111:
dialyzer: fix a -Wunderspecs bug
|
|
Sometimes bogus warnings were generated for parametrized types.
Thanks to Krzesimir Sarnecki for pointing the bug out.
Also corrected warnings where the structure of opaque types were
exposed (thanks to Kostis for pointing the bug out).
|
|
|
|
|
|
* hans/ssh/patch-17.0.2:
ssh: Updated vsn.mk
ssh: negotiation_timeout bug fixed
ssh: Negotiation_timeout testcase
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
rickard/port-emigrate-bug/maint/OTP-12084
* rickard/port-emigrate-bug/OTP-12084:
Verify run-queue asserts
Fix emigrate bug in erts_port_task_schedule()
Conflicts:
erts/emulator/beam/erl_port_task.c
|
|
This is only an openssh-client-erlang-server test, because
no public API to select ciphers is available for the erlang
client yet.
|
|
* rickard/+swct/OTP-12102:
Fix +swct doc
|
|
|
|
|
|
Simplify erl_epmd:names/1, keeping the same functionalities, relying
on inet:gethostbyname/1 being able to handle both atoms and strings.
|
|
This change also simplifies the code avoiding a double (conditional)
call to inet:gethostbyname/1 (in net_adm:names/1 and then
erl_epmd:names/1).
|
|
|
|
* hans/ssh/new_test_case:
ssh: Add testcases for max_sessions option
|
|
Now checks that if we have max_session sessions we could close one session and open a new one. That is checked both for parallel and non-parallel logins.
|
|
maint
* ia/ssl/certificate_types/certificate_requests/OTP-12026:
public_key: Updated User Guide with ECC records
ssl: Make sure the correct ROOT-cert is used
ssl: Test ECDSA and improve test suite maintainability
public_key: Correct ASN1-type EcpkParameters in PEM handling
public_key: Correct ASN-1 spec
ssl: Correct handling of certificate_types in Certificate Requests
|
|
|
|
* lukas/erts/fix_neg_of_int64_min/OTP-12097:
erts: Fix neg int overflow when sint is min size
|
|
* nox/clang-ubsan/OTP-12097:
Properly handle SINT_MIN in small_to_big()
Use offsetof() in io.c
|
|
* pascalchap/observer_issue:
correction of huge status bar
|
|
|
|
When an indefinite length was given, the decoder could look beyond
the end of the buffer for the 0,0 that signals the end of the value.
|
|
The BER encoder always encodes length as definite lengths. Therefore
indefinite lengths are not well-tested. Add code to the roundtrip
functions in asn1_test_list to automatically rewrite definite
lengths to indefinite length and call the decoder again.
|
|
* hans/ssh/prepare-release:
ssh: Updated vsn.mk
|
|
|
|
* hans/ssh/negotiation_timeout_bug/OTP-12057:
ssh: negotiation_timeout bug fixed
ssh: Negotiation_timeout testcase
|
|
|
|
|
|
When dealing with older certificates that does not indicate its signer
with a certificate extension, we must search the database for the issure.
Finding the issuer is not enough, we need to verify the signature
with the key in the found issuer cert.
|
|
Use generated certs instead of hard coded
|
|
* rickard/nosuspend-bug/OTP-12082:
Fix build of test port program
Update Makefile.src
Add async_ports test
Fix abort of nosuspend-tasks in erts_port_task_schedule()
|
|
When INT64_MIN is the value of a Sint64 we have to first cast it to
an Uint64 before negating it. Otherwise we get an integer overflow
which is undefined behaviour and in gcc 4.9 this results in -0 instead
of -9223372036854775808 in gcc 4.8.
|
|
OTP-12081
* tuncer/sanitizers:
Implement --enable-sanitizers[=sanitizers]
|
|
|
|
|
|
|
|
FROM TLS 1.2 RFC:
The interaction of the certificate_types and
supported_signature_algorithms fields is somewhat complicated.
certificate_types has been present in TLS since SSLv3, but was
somewhat underspecified. Much of its functionality is superseded by
supported_signature_algorithms. The following rules apply:
- Any certificates provided by the client MUST be signed using a
hash/signature algorithm pair found in
supported_signature_algorithms.
- The end-entity certificate provided by the client MUST contain a
key that is compatible with certificate_types. If the key is a
signature key, it MUST be usable with some hash/signature
algorithm pair in supported_signature_algorithms.
- For historical reasons, the names of some client certificate types
include the algorithm used to sign the certificate. For example,
in earlier versions of TLS, rsa_fixed_dh meant a certificate
signed with RSA and containing a static DH key. In TLS 1.2, this
functionality has been obsoleted by the
supported_signature_algorithms, and the certificate type no longer
restricts the algorithm used to sign the certificate. For
example, if the server sends dss_fixed_dh certificate type and
{{sha1, dsa}, {sha1, rsa}} signature types, the client MAY reply
with a certificate containing a static DH key, signed with RSA-
SHA1.
|
|
* lukas/erts/malloc_failure_errors/OTP-12085:
erts: Print error reason when malloc fails
|