Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
|
|
* hans/ssh/codenomicon_degradation/OTP-12784:
ssh: update ssh version
ssh: Plain text message returned for invalid version exchange
ssh: Implement keyboard_interactive on server side
ssh: Check e and f parameters in kexdh
ssh: Set max num algoritms in msg_kexinit negotiation
|
|
* ia/ssl/crypto-bad-input/OTP-12783:
ssl: Prepare for release
ssl: Correct handling of bad input to premaster_secret calculation
|
|
* ia/ssh/recvbuf/OTP-12782:
ssh: handle that inet:getopts(Socket, [recbuf]) may return {ok, []}
|
|
* ia/inets/filter-headers/OTP-12776:
inets: Prepare for release
inets: Add customize option
|
|
|
|
alert records needs to be thrown from
ssl_handshake:premaster_secret/[2/3] so that operations will end up in
the catch clause of the invokation of certify_client_key_exchange/3 in
ssl_connection.erl, and hence terminate gracefully and not continue to try
and calculate the master secret with invalid inputs and crash.
|
|
|
|
This is how OpenSSH does. The bytes returned will be put on the
user's tty, so it is better with text than a ssh_msg_disconnect
|
|
|
|
rfc 4253 says in section 8 that:
"Values of 'e' or 'f' that are not in the range [1, p-1] MUST NOT be
sent or accepted by either side. If this condition is violated, the
key exchange fails."
This commit implements the reception check.
|
|
This is to prevent some dos-attac scenarios. The limit is hard-coded.
|
|
If something bad happens and the socket is closed the
call inet:getopts(Socket, [recbuf]) may return {ok, []}. We
want to treat this as a fatal error and terminate gracefully.
The same goes for the case that inet:getopts returns {error, Reason}
that was not handled either.
|
|
|
|
Many HTTP headers are optional, and it could be desirable for the
server to filter and maybe even alter them without replacing the
mod_* modules that generate/process them. Add new behaviour
httpd_custom_api with default implementation in httpd_custom.erl.
Add behaviour module in 18 as then we can specify optional callbacks.
|
|
|
|
|
|
* anders/diameter/test/OTP-12767:
Replace config suite call to erlang:now/0
Fix incorrect suite usage of OTP 18 monotonic time
Make tls suite crash more verbosely
|
|
* anders/diameter/17.5.5/OTP-12757:
vsn -> 1.9.2
Update appup for 17.5.5
Fix mangled release note
|
|
* anders/diameter/sctp/OTP-12744:
Fix diameter_sctp listener race
Tweak transport suite failures
Run traffic suite over SCTP
|
|
* anders/diameter/counters/OTP-12741:
Fix counting of no_result_code/invalid_error_bit
Count relayed answers
Rename dictionary-related functions/variables
Lift answer send up the call chain
Count discarded incoming messages
Include R-bit in unknown message counter keys
Fix broken relay counters
Fix broken result code counters
Add counters testcase to relay suite
|
|
Commit 4b691d8d made it possible for accepting transport processes to be
started concurrently, and commit 77c1b162 adapted diameter_sctp to this,
but missed that the publication of the listener process in diameter_reg
has to precede the return of its start function. As a result, concurrent
starts could result in multiple listener processes.
|
|
Make anything but a comm_up sctp_assoc_change crash. Make timeouts more
reasonable.
|
|
Previously it was only run over TCP.
Configure a pool of accepting processes since simultaneous connections
are otherwise prone to rejection, as discussed in commit 4b691d8d.
Tweak timeouts to more reasonable values.
|
|
To remove a compilation warning with OTP 18.
|
|
Value was used as strictly increasing when it's only non-decreasing,
causing testcases to fail.
|
|
To see why it's failing on at least one test machine.
|
|
|
|
- OTP-12741: disfunctional counters
- OTP-12744: diameter_sctp race
No load order requirements.
|
|
|
|
The message was regarded as unknown if the answer message in question
set the E-bit and the application dictionary was not the common
dictionary.
|
|
That is, outgoing answer messages received in response to a
handle_request callback having returned {relay, Opts}.
|
|
To clarify what it is that's being computed, which isn't entirely
obvious. No functional change, just renaming.
|
|
As the first step in starting to count outgoing, relayed answer
messages.
|
|
An incoming Diameter message is either a request, an answer to an
outstanding request, or an unexpected answer. The latter weren't
counted, but are now counted on keys of this form:
{pid(), {{unknown, 0}, recv, discarded}}
The form of the second element is similar to those of other counters,
like:
{{relay, 0|1}, send|recv, invalid_error_bit}
Compare this to the key used when counting known answers:
{{ApplicationId, CommandCode, 0}, recv}
The application id and command code aren't included so as not to count
on arbitrary keys, a topic last visited in commit 49e8b11c.
|
|
To differentiate between requests and answers, in analogy with relay
counters. This isn't backwards compatible, but these counters aren't yet
documented.
|
|
Commit 49e8b11c broke the counting of relayed message, causing them to
be accumulated as unknown messages.
|
|
Commit a1df50b3 broke result code counters in the case of answer
messages sent as a header/avp lists (unless the avps, untypically, set
the name field), and for answers sent/received in the relay application.
|
|
|
|
|
|
* hans/ssh/ssh_msg_debug_fun/OTP-12738:
ssh: option for handling the SSH_MSG_DEBUG message's printouts
|
|
* hans/inets/bad_content_length/OTP-12739:
inets: reject negative content-length
|
|
Which fails for a variety of reasons to be addressed in subsequent
commits.
|
|
A fun could be given in the options that will be called whenever
the SSH_MSG_DEBUG message arrives. This enables the user to
format the printout or just discard it.
The default is changed to not print the message. In RFC4253
printing is a SHOULD, but our new default is to protect logs
from dos attacs.
|
|
|
|
|