Age | Commit message (Collapse) | Author |
|
|
|
When dealing with older certificates that does not indicate its signer
with a certificate extension, we must search the database for the issure.
Finding the issuer is not enough, we need to verify the signature
with the key in the found issuer cert.
|
|
Use generated certs instead of hard coded
|
|
|
|
|
|
FROM TLS 1.2 RFC:
The interaction of the certificate_types and
supported_signature_algorithms fields is somewhat complicated.
certificate_types has been present in TLS since SSLv3, but was
somewhat underspecified. Much of its functionality is superseded by
supported_signature_algorithms. The following rules apply:
- Any certificates provided by the client MUST be signed using a
hash/signature algorithm pair found in
supported_signature_algorithms.
- The end-entity certificate provided by the client MUST contain a
key that is compatible with certificate_types. If the key is a
signature key, it MUST be usable with some hash/signature
algorithm pair in supported_signature_algorithms.
- For historical reasons, the names of some client certificate types
include the algorithm used to sign the certificate. For example,
in earlier versions of TLS, rsa_fixed_dh meant a certificate
signed with RSA and containing a static DH key. In TLS 1.2, this
functionality has been obsoleted by the
supported_signature_algorithms, and the certificate type no longer
restricts the algorithm used to sign the certificate. For
example, if the server sends dss_fixed_dh certificate type and
{{sha1, dsa}, {sha1, rsa}} signature types, the client MAY reply
with a certificate containing a static DH key, signed with RSA-
SHA1.
|
|
* lukas/erts/malloc_failure_errors/OTP-12085:
erts: Print error reason when malloc fails
|
|
* lukas/os_mon/testfixes/OTP-12053:
os_mon: Fix so that all testcases are run
os_mon: Ignore posix_only on windows and solaris
|
|
For some reason only a new testcases were run on the majority of
platforms. After this change all tests are run on all unix and win32
platforms.
|
|
|
|
* lukas/erts/fd_bind_tc_fix/OTP-12061:
erts: Fix tc and docs after {fd,FD} bind change
|
|
The sha of the original change is 52810718b
|
|
|
|
OTP-12052
* derek121/epmd-docs-2:
Fix minor grammatical errors in epmd docs
|
|
|
|
OTP-12075
* garret-smith/gs-jinterface-exceptions:
Include the cause when raising a new IOException
|
|
Conflicts:
erts/doc/src/notes.xml
erts/preloaded/ebin/prim_inet.beam
erts/vsn.mk
lib/kernel/doc/src/notes.xml
lib/kernel/vsn.mk
|
|
* tuncer/system_principles-versions-typo:
Fix a minor typo in system_principles/versions.xml
|
|
|
|
* lukas/kernel/bind_with_fdopen/OTP-12061:
Fix default behaviour for legacy fdopen
erts: Fix inet close on prebound fds
kernel: When doing an fdopen we now also bind the fd to the specified addr/port
|
|
Update testcase for gen_udp:open/2 with option fd
|
|
Inet close must remove fd from select/poll without closing the fd.
|
|
|
|
Small grammar changes.
|
|
|
|
|
|
OTP-12063
* nox/maps-shell-expansion:
Expand shell functions in map expressions
|
|
* egil/fix-xmerl-example:
xmerl: Fix xmerl example motorcycle2html
|
|
* egil/maps-spec-to-doc-gen/OTP-12058:
edoc: More Map tests
edoc: Fix Map type information for docs
erl_docgen: Add Map type information for docs
|
|
|
|
Mitigate gen_server:cast/2 race conditions in testcases.
|
|
|
|
|
|
* sverk/alloc-size-overflow:
erts: Fix size overflow bugs in memory allocation
|
|
OTP-12062
|
|
OPT-12055
* lharc/patch-1:
documentation: maps:values() returns list of keys
|
|
OTP-12052
* vinoski/vinoski/erl-sdio-option:
add missing description for erl +SDio option
|
|
|
|
|
|
|
|
|
|
* siri/alarm_handler-doc/OTP-12025:
Fix bug in alarm_handler documentation
|
|
The documentation erroneously specified that clear_alarm/1 would clear
*all* alarms with id AlarmId. This is now corrected according to the
implementation - only the latest received alarm with the given AlarmId
is cleared.
|
|
* siri/sys-FormFunc-spec/OTP-11800:
Fix spec of format function in sys
|
|
|
|
|
|
* nox/filelib-wildcard-broken-link:
Update stdlib appup file
Update runtime dependencies
Update preloaded
Add tests of filelib and symlinks
Fix handling of broken symlinks in filelib
Conflicts:
erts/preloaded/ebin/erl_prim_loader.beam
|
|
Allow upgrade from OTP 17.1 to newer.
|
|
|
|
|