aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2014-09-09ssl, public_key: Add new option partial_chainIngela Anderton Andin
Check that the certificate chain ends with a trusted ROOT CA e.i. a self-signed certificate, but provide an option partial_chain to enable the application to define an intermediat CA as trusted. TLS RFC says: "unknown_ca A valid certificate chain or partial chain was received, but the certificate was not accepted because the CA certificate could not be located or couldn't be matched with a known, trusted CA. This message is always fatal." and also states: "certificate_list This is a sequence (chain) of certificates. The sender's certificate MUST come first in the list. Each following certificate MUST directly certify the one preceding it. Because certificate validation requires that root keys be distributed independently, the self-signed certificate that specifies the root certificate authority MAY be omitted from the chain, under the assumption that the remote end must already possess it in order to validate it in any case." X509 RFC says: "The selection of a trust anchor is a matter of policy: it could be the top CA in a hierarchical PKI, the CA that issued the verifier's own certificate(s), or any other CA in a network PKI. The path validation procedure is the same regardless of the choice of trust anchor. In addition, different applications may rely on different trust anchors, or may accept paths that begin with any of a set of trust anchors."
2014-09-08Merge branch 'bjorn/asn1/misc-bug-fixes/OTP-12125' into maintBjörn Gustavsson
* bjorn/asn1/misc-bug-fixes/OTP-12125: Workaround for combining two object sets separated by extension Clean up and correct handling of parameters for parameterized types Check the formal parameter for parameterized type definitions Report errors also for unused parameterized types Remove unused code for ABSTRACT-SYNTAX and TYPE-IDENTIFIER Correct expansion of parameterized types Add the module name to the #classdef{} record Eliminate the use of #identifier{} outside the tokeniser and parser Fix problem with object identifiers in external modules Rewrite get_referenced_type/2 Teach the ASN.1 compiler to handle objects in field names Teach the ASN.1 compiler to understand "EXPORTS ALL" Teach the ASN.1 compiler the parse option
2014-09-08Merge branch 'bjorn/asn1/decoding-robustness/OTP-12145' into maintBjörn Gustavsson
* bjorn/asn1/decoding-robustness/OTP-12145: BER decoding: Improve error checking for indefinite length BER: Test decoding of indefinite lengths
2014-09-08Merge branch 'lucafavatella/improve-cpu_sup-error-when-slow-port-init' into ↵Marcus Arendt
maint * lucafavatella/improve-cpu_sup-error-when-slow-port-init: Clarify error for slow `cpu_sup` port init
2014-09-05Merge branch 'rickard/memory_consuming_tuple_tests' into maintRickard Green
* rickard/memory_consuming_tuple_tests: Only run upper boundry tuple test with lots of memory
2014-09-05Only run upper boundry tuple test with lots of memoryRickard Green
2014-09-05Merge branch 'vinoski/enif-schedule-nif' into maintRickard Green
OTP-12128 * vinoski/enif-schedule-nif: Fix leak of NIF exports Use separate allocation type for NIF export
2014-09-05Fix leak of NIF exportsRickard Green
2014-09-05Use separate allocation type for NIF exportRickard Green
2014-09-05Merge branch 'hans/common_test/Makefile_fix' into maintHans Nilsson
* hans/common_test/Makefile_fix: common_test: update Makefile for ct_property_test module.
2014-09-05common_test: update Makefile for ct_property_test module.Hans Nilsson
2014-09-05Merge branch 'ia/public_key/utf8-doc' into maintIngela Anderton Andin
* ia/public_key/utf8-doc: public_key: Correct documentation of ASN-1 type utf8String
2014-09-05Merge branch 'maint' of git-server:otp into maintIngela Anderton Andin
2014-09-05public_key: Correct documentation of ASN-1 type utf8StringIngela Anderton Andin
2014-09-04Merge branch 'sverk/term_to_binary-realloc-size/OTP-12141' into maintSverker Eriksson
* sverk/term_to_binary-realloc-size/OTP-12141: erts: Fix bug in term_to_binary that reallocates binary with wrong size
2014-09-04Merge branch 'sverk/MIN_SMALL-to-integer' into maintSverker Eriksson
* sverk/MIN_SMALL-to-integer: erts: Correct conversion of MIN_SMALL numeral to fixnum OTP-12140
2014-09-04erts: Correct conversion of MIN_SMALL numeral to fixnumSverker Eriksson
list_to_integer and binary_to_integer returned un-normalized bignum for -134217728 on 32-bit and -576460752303423488 on 64-bit. Thanks to Jesper Louis Andersen, Mikael Pettersson and Anthony Ramine for report, initial patch and optimization suggestion.
2014-09-04Merge branch 'sverk/nif-inspect-copy-bug/OTP-9828' into maintSverker Eriksson
* sverk/nif-inspect-copy-bug/OTP-9828: erts: Fix bug with enif_make_copy reallocating writable binary Conflicts: erts/emulator/test/nif_SUITE.erl
2014-09-04Merge branch 'egil/fix-llvm-cc-warnings/OTP-12138' into maintBjörn-Egil Dahlberg
* egil/fix-llvm-cc-warnings/OTP-12138: odbc: Suppress signedness warnings for 'char *' ic: Suppress unused-value warning erts: Fix tentative-definition-incomplete-type erts: Don't redefine '_XOPEN_SOURCE'
2014-09-04Merge branch 'egil/maps-with-doc-tests/OTP-12137' into maintBjörn-Egil Dahlberg
* egil/maps-with-doc-tests/OTP-12137: stdlib: Test maps:with/2 stdlib: Document maps:with/2
2014-09-03erts: Fix bug with enif_make_copy reallocating writable binarySverker Eriksson
that could invalidate a pointer received from an earlier call to enif_inspect_binary. Solution: Emasculate writable binary at enif_inspect_binary. There are room for optimizations here as we now do an unconditional emasculation even though enif_make_copy is not called later in the NIF.
2014-09-03erts: Fix bug in term_to_binary that reallocates binary with wrong sizeSverker Eriksson
2014-09-03Merge branch 'arekinath/ssh/aes-ctr' into maintMarcus Arendt
* arekinath/ssh/aes-ctr: ssh: check if ssh client supports newer cipher- and MAC-algorithms SSH: only enable ciphers/MACs when they are available in crypto SSH: add ssh_to_openssh test for ciphers and macs SSH: documentation update for new algos SSH: add support for aes128-ctr and hmac-sha2-256
2014-09-03Merge branch 'hans/update_vsn.mk' into maintHans Nilsson
2014-09-03ssh: update vsn.mkHans Nilsson
2014-09-03inets: update vsn.mkHans Nilsson
2014-09-03common_test: update vsn.mkHans Nilsson
2014-09-02Merge branch 'hans/proptest/init/OTP-12119' into maintHans Nilsson
* hans/proptest/init/OTP-12119: ssh: Add simple experimental property test suites inets: Add simple experimental property test suite common_test: Add experimental module ct_property_test
2014-09-02ssh: Add simple experimental property test suitesHans Nilsson
2014-09-02inets: Add simple experimental property test suiteHans Nilsson
2014-09-02common_test: Add experimental module ct_property_testHans Nilsson
This module may change without warning...
2014-09-02ssh: check if ssh client supports newer cipher- and MAC-algorithmsMarcus Arendt
2014-09-01Workaround for combining two object sets separated by extensionBjörn Gustavsson
The following type of code would crash the compiler: OSET SOME-CLASS ::= {OSET1, ..., OSET2}
2014-09-01Clean up and correct handling of parameters for parameterized typesBjörn Gustavsson
The previous code looked at the actual parameters supplied when instantiating the type to determine the type of the argument; the correct way is to determine the type by looking at the governor and case of the formal parameter.
2014-09-01Check the formal parameter for parameterized type definitionsBjörn Gustavsson
Check the formal parameters for a parameterized type definition. If the governor for a formal parameter is absent, the formal parameter must be in upper case.
2014-09-01Report errors also for unused parameterized typesBjörn Gustavsson
Definitions for parameterized types are verified once very early, and one more time when they are instantiated. Errors found during the first check were ignored, so errors for unused parameterized types were not reported.
2014-09-01Remove unused code for ABSTRACT-SYNTAX and TYPE-IDENTIFIERBjörn Gustavsson
Before classes were fully implemented, there was support for ABSTRACT-SYNTAX and TYPE-IDENTIFIER. Some of that code is still there and is no longer used. Get rid of it and correct comments.
2014-09-01Correct expansion of parameterized typesBjörn Gustavsson
Attempting to compile: SomeType{SOME-CLASS-NAME, SOME-CLASS-NAME:SomeSet} ::= ... SEQUENCE { something SOME-CLASS-NAME.&id({SomeSet}) } would crash the compiler, because the actual parameter for SOME-CLASS-NAME was not substituted into the governor for the SomeSet parameter. While we are at it, combine the functionality of is_class/2 and get_class_def/2 (eliminating is_class/2). Most callers call both function.
2014-09-01Add the module name to the #classdef{} recordBjörn Gustavsson
If we want construct an #'Externaltypereference'{} from a #classdef{} record, we will need the module name.
2014-09-01Eliminate the use of #identifier{} outside the tokeniser and parserBjörn Gustavsson
The only remaining use of #identifier{} in asn1ct_check was in a temporary packaging of a value that would be ultimately be put into #valuedef{}. Therefore we can eliminate that last usage but putting the value directly into a #valuedef{} and we can move the record definition into asn1ct_parser2.
2014-09-01Fix problem with object identifiers in external modulesBjörn Gustavsson
When parsing ASN.1, certain constructs can only be understood in the full context of the entire ASN.1 module. For instance, the value following ID in this simplified excerpt from MTSAbstractService88: administration-88 PORT ::= { ID {id-pt-administration 88} } the value following "ID" can be interpreted either as value for: SEQUENCE { id-pt-administration INTEGER } or as an OBJECT IDENTIFIER. Our ASN.1 parser assumes that a SEQUENCE is meant, and if that later turns out to be wrong, the SEQUENCE value is rewritten to an OBJECT IDENTIFIER. The problem is that at the time of the rewrite, we no longer know in which ASN.1 module id-pt-administration was defined in, and we have to use the module name in the state{} record. Unfortunately, the module name in the state{} record may not always be correct. While there are attempts in the code to keep the module name up-to-date when checking imported types, it is not done consistently, and it seems to be a difficult and error-prone task to attempt to make it consistent. A safer and less error-prone approach is to make sure that we don't lose the module name while parsing. To make it clear what we are doing, we will introduce a new #seqtag{} record that are used for tags in SEQUENCE values. The name is based on its primary use. The record also contains the module in case it happens to be an OBJECT IDENTIFIER.
2014-09-01Rewrite get_referenced_type/2Björn Gustavsson
Make sure that we continue to follow external references until we find a real type.
2014-09-01Teach the ASN.1 compiler to handle objects in field namesBjörn Gustavsson
2014-09-01Teach the ASN.1 compiler to understand "EXPORTS ALL"Björn Gustavsson
EXPORTS ALL is the same as leaving out the EXPORTS statement.
2014-09-01Teach the ASN.1 compiler the parse optionBjörn Gustavsson
2014-09-01Update primary bootstrapBjörn Gustavsson
2014-09-01Merge branch 'bjorn/compiler/fix-scope-bug/OTP-12132' into maintBjörn Gustavsson
* bjorn/compiler/fix-scope-bug/OTP-12132: sys_core_fold: Eliminate name capture bug
2014-09-01sys_core_fold: Eliminate name capture bugBjörn Gustavsson
The scope is supposed to contain all variables that are currently live. We need this information for certain optimizations to avoid capturing a name (a name that is in the scope must be renamed; for an example, see move_let_into_expr/2 or any function that calls sub_subst_scope/1). We also use the scope to optimize sub_del_var/2 and sub_is_val/2. When optimizing case expressions, the scope could be reset to an empty list (because sub_new/0 was called instead of sub_new/1). That could cause name capture if inlining was turned on. As simple way to force this bug is to uncomment the "-define(DEBUG, 1)." near the beginning of the file. Without this correction, most files in the test suite fail to compile.
2014-09-01Merge branch 'nox/erl_scan-fix-column-tracking' into maintMarcus Arendt
* nox/erl_scan-fix-column-tracking: Properly track column numbers in erl_scan
2014-09-01Merge branch 'siri/ct-runtime-deps/OTP-12037' into maintSiri Hansen
* siri/ct-runtime-deps/OTP-12037: [ct] Update runtime dependencies towards test_server