aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2018-07-12Merge PR-1870 from sverker/kernel/connect-to-self/ERL-643/OTP-15182Sverker Eriksson
Fix net_kernel:connect_node/1 to local node
2018-07-11Merge branch 'sverker/erts/monitored_by-docs/ERL-648/OTP-15180' into maintSverker Eriksson
* sverker/erts/monitored_by-docs/ERL-648/OTP-15180: os_mon: Fix volatile test cpu_sup_SUITE:util_api erts: Fix spec and docs for process_info 'monitored_by'
2018-07-11Merge branch 'sverker/ic/encode-long-buffer-overflow/OTP-15179' into maintSverker Eriksson
Dummy merge as ic is gone.
2018-07-11ic: Tweak tests to provoke more outbuf reallocationsSverker Eriksson
Docs says min _memchunk is 32, so lets use that.
2018-07-11ic: Fix memory leak in oe_ei_decode_wstringSverker Eriksson
2018-07-11ic: Fix correct external format sizesSverker Eriksson
longs, longlongs and wchar were too small on 64-bit which could lead to potential buffer overflow at encoding. __OE_DOUBLESZ__ was too big, probably due to old text format.
2018-07-11Merge branch 'ingela/backport/merge' into maintIngela Anderton Andin
* ingela/backport/merge: ssl: Prepare for release ssl: Fix test case to only check relevant info for the test ssl: Correct connection_information on ECC-curves ssl: No cipher suite sign restriction in TLS-1.2 ssl: Add psk as anonymous key exchange in ssl_handshake:select_hashsign/5 ssl: anon test should use dh or ecdh anon keyexchange ssl: Correct key_usage check ssl: Fix ECDSA key decode clause ssl: Avoid hardcoding of cipher suites and fix ECDH suite handling ssl: Run all test case combinations ssl: Correct ECC suite and DTLS ECC handling
2018-07-11Merge branch 'ingela/maint-20/chipher-suite-handling/OTP-15178' into ↵Ingela Anderton Andin
ingela/backport/merge
2018-07-11Merge pull request #1869 from ↵Ingela Andin
IngelaAndin/ingela/ssl/unexpected-call/ERL-664/OTP-15174 ssl: Improve error handling
2018-07-10ssl: Make sure tls_ssl_accept_timeout has a clean startIngela Anderton Andin
2018-07-10kernel: Fix net_kernel:connect_node/1 to local nodeSverker Eriksson
to be no-op and return true as it always has before OTP-21.0.
2018-07-10ssl: Prepare for releaseIngela Anderton Andin
2018-07-10ssl: Fix test case to only check relevant info for the testIngela Anderton Andin
Conflicts: lib/ssl/test/ssl_basic_SUITE.erl
2018-07-10ssl: Correct connection_information on ECC-curvesIngela Anderton Andin
2018-07-10ssl: No cipher suite sign restriction in TLS-1.2Ingela Anderton Andin
Conflicts: lib/ssl/test/ssl_ECC_SUITE.erl
2018-07-10ssl: Add psk as anonymous key exchange in ssl_handshake:select_hashsign/5Ingela Anderton Andin
Failing to recognize psk as an anonymous key exchange would fail the connection when trying to decode an undefined certificate.
2018-07-10ssl: anon test should use dh or ecdh anon keyexchangeIngela Anderton Andin
2018-07-10ssl: Correct key_usage checkIngela Anderton Andin
The Key Usage extension is described in section 4.2.1.3 of X.509, with the following possible flags: KeyUsage ::= BIT STRING { digitalSignature (0), nonRepudiation (1), -- recent editions of X.509 have -- renamed this bit to contentCommitment keyEncipherment (2), dataEncipherment (3), keyAgreement (4), keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) } In SSL/TLS, when the server certificate contains a RSA key, then: either a DHE or ECDHE cipher suite is used, in which case the RSA key is used for a signature (see section 7.4.3 of RFC 5246: the "Server Key Exchange" message); this exercises the digitalSignature key usage; or "plain RSA" is used, with a random value (the 48-byte pre-master secret) being encrypted by the client with the server's public key (see section 7.4.7.1 of RFC 5246); this is right in the definition of the keyEncipherment key usage flag. dataEncipherment does not apply, because what is encrypted is not directly meaningful data, but a value which is mostly generated randomly and used to derive symmetric keys. keyAgreement does not apply either, because that one is for key agreement algorithms which are not a case of asymmetric encryption (e.g. Diffie-Hellman). The keyAgreement usage flag would appear in a certificate which contains a DH key, not a RSA key. nonRepudiation is not used, because whatever is signed as part of a SSL/TLS key exchange cannot be used as proof for a third party (there is nothing in a SSL/TLS tunnel that the client could record and then use to convince a judge when tring to sue the server itself; the data which is exchanged within the tunnel is not signed by the server). When a ECDSA key is used then "keyAgreement" flag is needed for beeing ECDH "capable" (as opposed to ephemeral ECDHE)
2018-07-10ssl: Fix ECDSA key decode clauseIngela Anderton Andin
2018-07-10ssl: Avoid hardcoding of cipher suites and fix ECDH suite handlingIngela Anderton Andin
ECDH suite handling did not use the EC parameters form the certs as expected. Conflicts: lib/ssl/src/ssl_cipher.erl
2018-07-10ssl: Run all test case combinationsIngela Anderton Andin
Fix test case code to use keyAgreement for ECDH_ECDSA Conflicts: lib/ssl/test/ssl_ECC.erl lib/ssl/test/ssl_ECC_openssl_SUITE.erl lib/ssl/test/ssl_to_openssl_SUITE.erl
2018-07-10ssl: Correct ECC suite and DTLS ECC handlingIngela Anderton Andin
When test handling was corrected it was obvious that DTLS ECC handling was not compleated. Conflicts: lib/ssl/src/ssl.erl lib/ssl/test/Makefile lib/ssl/test/ssl_ECC.erl lib/ssl/test/ssl_ECC_SUITE.erl lib/ssl/test/ssl_ECC_openssl_SUITE.erl
2018-07-09os_mon: Fix volatile test cpu_sup_SUITE:util_apiSverker Eriksson
Don't match floats.
2018-07-09erts: Fix spec and docs for process_info 'monitored_by'Sverker Eriksson
to include ports and NIF resources. Added new opaque type 'nif_resource'.
2018-07-09ssl: Improve error handlingIngela Anderton Andin
When doing ssl:controlling_process on a ssl socket that has not performed the TLS/DTLS handshake that call will succeed even though the documentation stated otherwise. However if some other ssl option was incorrect the call would hang. Now {error, closed} will be returned in the latter case, which is logical independent on if it should succeed or not in the former case. The former case will continue to succeed, as it is not dependent of the TLS/DTLS connection being established, and the documentation is altered slightly to not explicitly disallow it. If the TLS/DTLS connection later fails and the socket mode is active, the new controlling process will be notified as expected.
2018-07-09Merge pull request #1862 from rschlaikjer/rschlaikjer-httpc-ssl-redirect-bugPéter Dimitrov
httpc 301 redirect: Do not assert scheme ports are equal
2018-07-06Merge pull request #1867 from ↵Ingela Andin
IngelaAndin/ingela/ssl/no-ca-sign-restriction-TLS-1.2/ERL-381/OTP-15173 Ingela/ssl/no ca sign restriction tls 1.2/erl 381/otp 15173
2018-07-06Don't modify URI, explicitly pass scheme to get_portRoss Schlaikjer
2018-07-06Update scheme on redirect URI and accumulatorRoss Schlaikjer
This is necessary to prevent an error when calling get_port inside resolve_authority
2018-07-06Fix accidental Port assertion in resolve_authorityRoss Schlaikjer
2018-07-06Add test case on relative redirects with portsRoss Schlaikjer
2018-07-06Do not assert that new URI port is same as old portRoss Schlaikjer
When handling 301 redirects from http -> https on Erlang 21.0.1, the following error is encountered: ``` 8> Options = []. 9> httpc:request(head, {"http://rhye.org", []}, Options, []). {error,{shutdown,{{error,{badmatch,443}}, [{httpc_response,resolve_uri,7, [{file,"/usr/local/lib/erlang/lib/inets-7.0/src/http_client/httpc_response.erl"}, {line,431}]}, {httpc_response,redirect,2, [{file,"/usr/local/lib/erlang/lib/inets-7.0/src/http_client/httpc_response.erl"}, {line,396}]}, {httpc_handler,handle_response,1, [{file,"httpc_handler.erl"},{line,1052}]}, {httpc_handler,handle_info,2, [{file,"httpc_handler.erl"},{line,283}]}, {gen_server,try_dispatch,4, [{file,"gen_server.erl"},{line,637}]}, {gen_server,handle_msg,6, [{file,"gen_server.erl"},{line,711}]}, {proc_lib,init_p_do_apply,3, [{file,"proc_lib.erl"},{line,249}]}]}}} ``` This seems to be caused by the following code in `resolve_uri`: ``` resolve_uri(Scheme, Host, Port, Path, Query, URI, Map0) -> case maps:is_key(scheme, URI) of true -> Port = get_port(URI) ``` The value of `Port` passed in to `resolve_uri` here is 80, since the original URL is http. However, since the redirected URL is https, the `get_port` call returns 443, which is not equal to 80, and crashes. Assigning to a new variable seems to fix redirects.
2018-07-06Add mixed test group, http -> https redirect testRoss Schlaikjer
2018-07-06Merge branch 'hasse/erts/correct_absform' into maintHans Bolinder
* hasse/erts/correct_absform: erts: Correct The Abstract Format
2018-07-06Merge branch 'bjorn/compiler/cuddle-with-tests' into maintBjörn Gustavsson
* bjorn/compiler/cuddle-with-tests: Call test_lib:recompile/1 from init_per_suite/1
2018-07-06Merge branch 'bjorn/erts/fix-disassembler' into maintBjörn Gustavsson
* bjorn/erts/fix-disassembler: beam_debug: Fix printing of floating point registers
2018-07-06Call test_lib:recompile/1 from init_per_suite/1Björn Gustavsson
Call test_lib:recompile/1 from init_per_suite/1 instead of from all/0. That makes it easy to find the log from the compilation in the log file for the init_per_suite/1 test case.
2018-07-05Merge branch 'ingela/cuddle/basic_SUITE' into maintIngela Anderton Andin
* ingela/cuddle/basic_SUITE: ssl: Fix test case to only check relevant info for the test
2018-07-05erts: Correct The Abstract FormatHans Bolinder
A minor correction regarding literal character types.
2018-07-05ssl: Fix test case to only check relevant info for the testIngela Anderton Andin
2018-07-05ssl: Correct connection_information on ECC-curvesIngela Anderton Andin
2018-07-05ssl: No cipher suite sign restriction in TLS-1.2Ingela Anderton Andin
2018-07-05Merge pull request #1866 from ↵Ingela Andin
IngelaAndin/ingela/ssl/PSK-hash-sign-selection/ERL-641 Failing to recognize PSK as an anonymous key exchange would fail the connection when trying to decode an undefined certificate OTP-15172
2018-07-05beam_debug: Fix printing of floating point registersBjörn Gustavsson
2018-07-05Merge branch 'sverker/purge-vfork' into maintSverker Eriksson
* sverker/purge-vfork: erts: Remove obsolete paragraph about ERL_NO_VFORK
2018-07-04Merge branch 'sverker/kernel/silence-dialyzer/OTP-15170' into maintSverker Eriksson
Dummy merge * sverker/kernel/silence-dialyzer/OTP-15170: kernel: Silence dialyzer # Conflicts: # lib/kernel/src/dist_util.erl
2018-07-04ssl: Do not use legacy formatIngela Anderton Andin
2018-07-04ssl: Add connection information on new cipher_suite formatIngela Anderton Andin
2018-07-04ssl: Add psk as anonymous key exchange in ssl_handshake:select_hashsign/5Ingela Anderton Andin
Failing to recognize psk as an anonymous key exchange would fail the connection when trying to decode an undefined certificate.
2018-07-04Merge branch 'maint-21' into maintJohn Högberg
* maint-21: Updated OTP version Update release notes Update version numbers Eliminate a crash in the beam_jump pass stdlib: Fix a 'chars_limit' bug Fix a race condition when generating async operation ids Fix internal compiler error for map_get/2 beam_type: Fix unsafe optimization public_key: Remove moduli 5121 and 7167 Thoose were added by 598629aeba9de98e8cdf5637043eb34e5d407751 but are not universaly supported.