Age | Commit message (Collapse) | Author |
|
|
|
|
|
Check that the certificate chain ends with a trusted ROOT CA e.i. a
self-signed certificate, but provide an option partial_chain to
enable the application to define an intermediat CA as trusted.
TLS RFC says:
"unknown_ca
A valid certificate chain or partial chain was received, but the
certificate was not accepted because the CA certificate could not
be located or couldn't be matched with a known, trusted CA. This
message is always fatal."
and also states:
"certificate_list
This is a sequence (chain) of certificates. The sender's
certificate MUST come first in the list. Each following
certificate MUST directly certify the one preceding it. Because
certificate validation requires that root keys be distributed
independently, the self-signed certificate that specifies the root
certificate authority MAY be omitted from the chain, under the
assumption that the remote end must already possess it in order to
validate it in any case."
X509 RFC says:
"The selection of a trust anchor is a matter of policy: it could be
the top CA in a hierarchical PKI, the CA that issued the verifier's
own certificate(s), or any other CA in a network PKI. The path
validation procedure is the same regardless of the choice of trust
anchor. In addition, different applications may rely on different
trust anchors, or may accept paths that begin with any of a set of
trust anchors."
|
|
* bjorn/asn1/misc-bug-fixes/OTP-12125:
Workaround for combining two object sets separated by extension
Clean up and correct handling of parameters for parameterized types
Check the formal parameter for parameterized type definitions
Report errors also for unused parameterized types
Remove unused code for ABSTRACT-SYNTAX and TYPE-IDENTIFIER
Correct expansion of parameterized types
Add the module name to the #classdef{} record
Eliminate the use of #identifier{} outside the tokeniser and parser
Fix problem with object identifiers in external modules
Rewrite get_referenced_type/2
Teach the ASN.1 compiler to handle objects in field names
Teach the ASN.1 compiler to understand "EXPORTS ALL"
Teach the ASN.1 compiler the parse option
|
|
* bjorn/asn1/decoding-robustness/OTP-12145:
BER decoding: Improve error checking for indefinite length
BER: Test decoding of indefinite lengths
|
|
maint
* lucafavatella/improve-cpu_sup-error-when-slow-port-init:
Clarify error for slow `cpu_sup` port init
|
|
* rickard/memory_consuming_tuple_tests:
Only run upper boundry tuple test with lots of memory
|
|
|
|
OTP-12128
* vinoski/enif-schedule-nif:
Fix leak of NIF exports
Use separate allocation type for NIF export
|
|
|
|
|
|
* hans/common_test/Makefile_fix:
common_test: update Makefile for ct_property_test module.
|
|
|
|
* ia/public_key/utf8-doc:
public_key: Correct documentation of ASN-1 type utf8String
|
|
|
|
|
|
* sverk/term_to_binary-realloc-size/OTP-12141:
erts: Fix bug in term_to_binary that reallocates binary with wrong size
|
|
* sverk/MIN_SMALL-to-integer:
erts: Correct conversion of MIN_SMALL numeral to fixnum
OTP-12140
|
|
list_to_integer and binary_to_integer returned un-normalized bignum for
-134217728 on 32-bit and -576460752303423488 on 64-bit.
Thanks to Jesper Louis Andersen, Mikael Pettersson
and Anthony Ramine for report, initial patch and optimization suggestion.
|
|
* sverk/nif-inspect-copy-bug/OTP-9828:
erts: Fix bug with enif_make_copy reallocating writable binary
Conflicts:
erts/emulator/test/nif_SUITE.erl
|
|
* egil/fix-llvm-cc-warnings/OTP-12138:
odbc: Suppress signedness warnings for 'char *'
ic: Suppress unused-value warning
erts: Fix tentative-definition-incomplete-type
erts: Don't redefine '_XOPEN_SOURCE'
|
|
* egil/maps-with-doc-tests/OTP-12137:
stdlib: Test maps:with/2
stdlib: Document maps:with/2
|
|
that could invalidate a pointer received from an earlier
call to enif_inspect_binary.
Solution: Emasculate writable binary at enif_inspect_binary. There are
room for optimizations here as we now do an unconditional emasculation
even though enif_make_copy is not called later in the NIF.
|
|
|
|
* arekinath/ssh/aes-ctr:
ssh: check if ssh client supports newer cipher- and MAC-algorithms
SSH: only enable ciphers/MACs when they are available in crypto
SSH: add ssh_to_openssh test for ciphers and macs
SSH: documentation update for new algos
SSH: add support for aes128-ctr and hmac-sha2-256
|
|
|
|
|
|
|
|
|
|
* hans/proptest/init/OTP-12119:
ssh: Add simple experimental property test suites
inets: Add simple experimental property test suite
common_test: Add experimental module ct_property_test
|
|
|
|
|
|
This module may change without warning...
|
|
|
|
The following type of code would crash the compiler:
OSET SOME-CLASS ::= {OSET1, ..., OSET2}
|
|
The previous code looked at the actual parameters supplied when
instantiating the type to determine the type of the argument; the
correct way is to determine the type by looking at the governor and
case of the formal parameter.
|
|
Check the formal parameters for a parameterized type definition.
If the governor for a formal parameter is absent, the formal parameter
must be in upper case.
|
|
Definitions for parameterized types are verified once very early,
and one more time when they are instantiated.
Errors found during the first check were ignored, so errors for
unused parameterized types were not reported.
|
|
Before classes were fully implemented, there was support for
ABSTRACT-SYNTAX and TYPE-IDENTIFIER. Some of that code is still
there and is no longer used. Get rid of it and correct comments.
|
|
Attempting to compile:
SomeType{SOME-CLASS-NAME, SOME-CLASS-NAME:SomeSet} ::= ...
SEQUENCE {
something SOME-CLASS-NAME.&id({SomeSet})
}
would crash the compiler, because the actual parameter for
SOME-CLASS-NAME was not substituted into the governor for
the SomeSet parameter.
While we are at it, combine the functionality of is_class/2
and get_class_def/2 (eliminating is_class/2). Most callers
call both function.
|
|
If we want construct an #'Externaltypereference'{} from
a #classdef{} record, we will need the module name.
|
|
The only remaining use of #identifier{} in asn1ct_check was in a
temporary packaging of a value that would be ultimately be put
into #valuedef{}.
Therefore we can eliminate that last usage but putting the value
directly into a #valuedef{} and we can move the record definition
into asn1ct_parser2.
|
|
When parsing ASN.1, certain constructs can only be understood in
the full context of the entire ASN.1 module.
For instance, the value following ID in this simplified excerpt
from MTSAbstractService88:
administration-88 PORT ::= {
ID {id-pt-administration 88}
}
the value following "ID" can be interpreted either as value
for:
SEQUENCE {
id-pt-administration INTEGER
}
or as an OBJECT IDENTIFIER.
Our ASN.1 parser assumes that a SEQUENCE is meant, and if that
later turns out to be wrong, the SEQUENCE value is rewritten to
an OBJECT IDENTIFIER. The problem is that at the time of the
rewrite, we no longer know in which ASN.1 module id-pt-administration
was defined in, and we have to use the module name in the state{}
record. Unfortunately, the module name in the state{} record may
not always be correct.
While there are attempts in the code to keep the module name
up-to-date when checking imported types, it is not done consistently,
and it seems to be a difficult and error-prone task to attempt
to make it consistent.
A safer and less error-prone approach is to make sure that we
don't lose the module name while parsing. To make it clear what
we are doing, we will introduce a new #seqtag{} record that
are used for tags in SEQUENCE values. The name is based on its
primary use. The record also contains the module in case it happens
to be an OBJECT IDENTIFIER.
|
|
Make sure that we continue to follow external references until
we find a real type.
|
|
|
|
EXPORTS ALL is the same as leaving out the EXPORTS statement.
|
|
|
|
|
|
* bjorn/compiler/fix-scope-bug/OTP-12132:
sys_core_fold: Eliminate name capture bug
|
|
The scope is supposed to contain all variables that are currently
live. We need this information for certain optimizations to
avoid capturing a name (a name that is in the scope must be renamed;
for an example, see move_let_into_expr/2 or any function that calls
sub_subst_scope/1). We also use the scope to optimize sub_del_var/2
and sub_is_val/2.
When optimizing case expressions, the scope could be reset to an
empty list (because sub_new/0 was called instead of sub_new/1).
That could cause name capture if inlining was turned on.
As simple way to force this bug is to uncomment the
"-define(DEBUG, 1)." near the beginning of the file. Without this
correction, most files in the test suite fail to compile.
|