Age | Commit message (Collapse) | Author |
|
When checking the client certificate verify message the server used
the wrong algorithm identifier to determine the signing algorithm,
causing a function clause error in the public_key application when the
key-exchange algorithm and the public key algorithm of the client
certificate happen to differ.
|
|
* maint-r13:
Add test suite for cosFileTransfer
|
|
|
|
* maint-r13:
Prepare release
Add additional test to cover this correction
correct the encoding of ExtensionAdditionGroup
temp
Add support for ExtensionAdditionGroup notation in nested types as well
Add test suites for (most) CORBA applications
Prepare release
An empty element declared as simpleContent was not properly validated.
Conflicts:
lib/asn1/doc/src/notes.xml
lib/asn1/test/asn1_SUITE.erl.src
lib/asn1/test/asn1_SUITE_data/extensionAdditionGroup.erl
lib/asn1/test/test_undecoded_rest.erl
lib/asn1/vsn.mk
lib/xmerl/doc/src/notes.xml
lib/xmerl/vsn.mk
|
|
|
|
* pan/win2003-crash/OTP-8876:
Teach read_topology not to crash on W2K3
|
|
|
|
* kenneth/asn1/enc_extaddgrp/OTP-8866:
Add additional test to cover this correction
correct the encoding of ExtensionAdditionGroup
temp
Add support for ExtensionAdditionGroup notation in nested types as well
|
|
|
|
|
|
|
|
maint-r14
* ia/ssl-and-public_key/verify_fun_peer_awarness/OTP-8873:
Peer awarness
|
|
* ia/public_key/basic_constraints/OTP-8867:
Better handling of v1 and v2 certificates.
|
|
maint-r14
* ia/ssl-and-public_key/backwards-compatibility/OTP-8858:
Backwards compatibility
|
|
Changed the verify fun so that it differentiate between the peer
certificate and CA certificates by using valid_peer or valid as the
second argument to the verify fun. It may not always be trivial or
even possible to know when the peer certificate is reached otherwise.
|
|
V1 and v2 certificates does not have any extensions
so then validate_extensions should just accept that
there are none and not end up in missing_basic_constraints clause.
|
|
Changed implementation to retain backwards compatibility for old
option {verify, 0} that shall be equivalent to {verify, verify_none},
also separate the cases unknown CA and selfsigned peer cert, and
restored return value of deprecated function public_key:pem_to_der/1.
|
|
|
|
|
|
In the previous version support for ExtensionAdditionGroups (i.e [[...]])
was added but it did not handle the occurence of the notation in nested types.
Now this is handled as well and the support is hopefully complete.
Also cleanup of warnings for obsolete guard functions in test suites.
|
|
|
|
|
|
../lars_otp into maint-r13
* 'lars/xmerl/validation-of-empty-element/OTP-8599' of ../lars_otp:
An empty element declared as simpleContent was not properly validated.
|
|
|
|
|
|
* 'egil/fix-ei-on-vxwork/OTP-8838' of ../egil_otp:
Fix ei to build on vxworks
|
|
* 'bmk/inets/prepare_for_r14b' of ../bmk_otp:
Prepare release for inets-5.5 (R14B).
|
|
* 'bmk/snmp/prepare_for_r14b' of ../bjorn_otp:
Prepare for R14B
|
|
* 'bmk/megaco/prepare_for_r14b' of ../bjorn_otp:
Prepare release of megaco-3.15 (R14B)
|
|
|
|
|
|
|
|
|
|
* pan/epmd-vulnerabilities/OTP-8780:
Teach testcases to survive TIME_WAIT overload
Update erl_interface doc and testsuite for epmd changes
Restore null termination of input buffer
Teach testcase epmd_SUITE:too_large to accept econnaborted
Teach epmd_cli.c to not respond 'Killed' when killing denied
Calculate minimal packet size for ALIVE2 requests correctly
Document epmd and it's options properly and fixup help text
Fix anomalies in epmd not yet reported as security issues
Remove two buffer overflow vulnerabilities in EPMD
Remove all support for ancient EPMD protocol
Remove very old protocol from EPMD
Conflicts:
lib/erl_interface/src/epmd/epmd_port.c
|
|
* sv/ei-writev:
fix incorrect writev iovec buffer handling in ei
OTP-8837
|
|
* rickard/timer-wheel/OTP-8835:
Use mutex instead of rwlock
|
|
* pan/windows-testcases/OTP-8820:
Teach Winsock initialization to be thread safe
Make ei_threaded_send synchronized
Increase timeout value in ei_accept_SUITE
Teach ei_accept_SUITE to wait for node publish instead of using random sleeps
Teach port suite to not use unix-specific commands and not leave them running
Add line macros to gen_udp_SUITE:connect
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* egil/ei/fix-declspec/OTP-8826:
Remove USE_DECLSPEC_THREAD from erl_interface
|
|
* ia/public_key-subject-alternative-name/OTP-8825:
Improved certificate extension handling
Add handling of SubjectAltName of type otherName
|
|
For platforms that support writev, ei uses iovec structures to be able
to easily send noncontiguous data buffers. When sending large
messages, the socket can of course block, in which case ei adjusts its
iovecs to pick up where it left off when the socket becomes writeable
again. Unfortunately the code that handled the case when the number of
bytes written are less than the current iovec size adjusted only the
iovec byte count but not the iovec data pointer, resulting in the same
data being sent multiple times.
The fix is trivial: in addition to subtracting the count of bytes
already written from the current iovec's size, also increment the
current iovec's data pointer by the number of bytes already written.
Tested manually on Linux and verified to fix a problem detected in
production with writing large binaries from a cnode to a regular
node. No unit tests were added, however, because they use the local
loopback which acts more like a pipe than an inter-host TCP
connection. The closing of the TCP window on the receiving side and
the resultant write blocking on the socket, which in turn caused the
code that mishandled the iovecs to be exercised, could unfortunately
not be readily duplicated in the erl_interface test suite.
|
|
* pan/binary-bif-valgrind-leak/OTP-8823:
Teach erl_bif_binary not leak memory by doing malloc(0)
|
|
|
|
Use mutex instead of rwlock since the read lock is more or less
unused and it can be quite contended.
|
|
|