Age | Commit message (Collapse) | Author |
|
Conflicts:
lib/ssh/src/ssh_connection_handler.erl
|
|
|
|
|
|
|
|
* ingela/inets/clean-white-space/OTP-13663:
inets: Prepare for release
inets: Handle multiple \t in mime types file
|
|
* ingela/maint/ssl/max-session-table/OTP-13490:
ssl: Mitigate load increase when the whole session table is invalidated
|
|
* joedevivo/maint/ssl/PR-1063/OTP-13635:
ssl:recv timeout() can be 0
|
|
maint-18
* ingela/maint/ssl/tls-1.2-available-hashsigns/OTP-13670:
ssl: ordsets:intersection/2 did not give the expected result
|
|
into maint-18
* kennethlakin/maint/tls-use-negotiated-prf/PR-1042/OTP-13546:
ssl: Use cipher suite's PRF in prf/5
|
|
* ingela/ssl/maint-rel:
ssl: Prepare for release
|
|
|
|
|
|
|
|
Use the negotiated cipher suite's PRF algorithm in calls to
ssl:prf/5, rather than a hard-coded one.
For TLS 1.0 the PRF algorithm was hard-coded to MD5/SHA1. This
was correct 100% of the time.
For TLS 1.1 and 1.2 the PRF algorithm was hard-coded to SHA256.
This was correct only some of the time for TLS 1.2 and none of the
time for TLS 1.1. Because the TLS handshake code calls tls_v1:prf/5
through another path, the handshaking process used the negotiated
PRF and did not encounter this bug.
A new test (prf) has been added to ssl_basic_SUITE to guard against future
breakage.
|
|
gen_tcp:recv allows this, and if you're doing something like
Transport:recv(Socket, 0, 0), TCP will work and SSL will exit with
function_clause
There were other cases of this throughout the module. This PR cleans
them all up.
|
|
Turns out we can not count on the "hashsigns" sent by the client and
the supported "hashigns" sets to have required properties of ordsets.
|
|
|
|
|
|
|
|
* ingela/inets/deprecated-inets_regexp/OTP-13533:
inets: Prepare for release
inets: Put back inets_regexp module in OTP 18
|
|
* ingela/ssl/maint/algo-fixes/OTP-13525:
ssl: Correct guard expression
ssl: Correct cipher suites conversion
|
|
* peppe/ct_misc_18_patches:
Add flag/option for disabling the character escaping functionality
Fix bug using the wrong lists search function
Fix bug with clashing timestamp values
Fix problem with stylesheet tags getting escaped
Skip pre/post test IO suite if cover or debug is running
Tweak pre_post_io test case to run without failing
Fix various log related problems
|
|
* peppe/ct_remove_nodelay/OTP-13462:
Update the reference manual
Make the nodelay setting configurable and false per default
|
|
* zandra/cth_surefire-bug/OTP-13513:
add testcase for the surefire hook bug
fix cht_surefire bug when pre_init_per_suite fails
|
|
|
|
Put back unused module inets_regexp and remove it in OTP 19 instead as
it is an incompatibility, although it is an undocumented module and
should not affect other applications (the world is not perfect).
|
|
OTP-13537
|
|
OTP-13462
|
|
|
|
|
|
OTP-13536
|
|
OTP-13535
The return value of ct:get_timetrap_info/0 has been modified.
|
|
|
|
|
|
The guard should check that the TLS version is at least TLS-1.2.
|
|
Correct conversion errors form commit d2381e1a8d7cd54f7dc0a5105d172460b005a8fb
Please enter the commit message for your changes. Lines starting
|
|
|
|
|
|
When pre_init_per_suite fails before reaching the cth_surefire
pre_init_per_suite unexpected XML was produced. This commit fixes
that.
|
|
|
|
|
|
* ingela/inets/http_server-ssl-peer-cert/OTP-13510:
inets: Prepare for release
inets: Add peer_cert to ESI environment
|
|
* ingela/ssl/config-signature-algs/OTP-13261:
ssl: Prepare for release
ssl: Add option signature_algs
|
|
* ingela/ssl/3-4-tuples-cipher-suites-mix/OTP-13511:
ssl: Corrections to cipher suite handling
|
|
It was not possible to mix ssl 3 and 4 tuple cipher suites in the
ciphers option.
Some ssl_cipher:suite/1 clauses wrongly returned 3-tuples that
should have been 4 tuples
|
|
|
|
|
|
|
|
In TLS-1.2 The signature algorithm and the hash function algorithm
used to produce the digest that is used when creating the digital signature
may be negotiated through the signature algorithm extension RFC 5246.
We want to make these algorithm pairs configurable.
In connections using lower versions of TLS these algorithms are
implicit defined and can not be negotiated or configured.
DTLS is updated to not cause dialyzer errors, but needs to get a real
implementation later.
|
|
|