Age | Commit message (Collapse) | Author |
|
into maint-18
* kennethlakin/maint/tls-use-negotiated-prf/PR-1042/OTP-13546:
ssl: Use cipher suite's PRF in prf/5
|
|
* ingela/ssl/maint-rel:
ssl: Prepare for release
|
|
|
|
Use the negotiated cipher suite's PRF algorithm in calls to
ssl:prf/5, rather than a hard-coded one.
For TLS 1.0 the PRF algorithm was hard-coded to MD5/SHA1. This
was correct 100% of the time.
For TLS 1.1 and 1.2 the PRF algorithm was hard-coded to SHA256.
This was correct only some of the time for TLS 1.2 and none of the
time for TLS 1.1. Because the TLS handshake code calls tls_v1:prf/5
through another path, the handshaking process used the negotiated
PRF and did not encounter this bug.
A new test (prf) has been added to ssl_basic_SUITE to guard against future
breakage.
|
|
|
|
|
|
* ingela/inets/deprecated-inets_regexp/OTP-13533:
inets: Prepare for release
inets: Put back inets_regexp module in OTP 18
|
|
* ingela/ssl/maint/algo-fixes/OTP-13525:
ssl: Correct guard expression
ssl: Correct cipher suites conversion
|
|
* peppe/ct_misc_18_patches:
Add flag/option for disabling the character escaping functionality
Fix bug using the wrong lists search function
Fix bug with clashing timestamp values
Fix problem with stylesheet tags getting escaped
Skip pre/post test IO suite if cover or debug is running
Tweak pre_post_io test case to run without failing
Fix various log related problems
|
|
* peppe/ct_remove_nodelay/OTP-13462:
Update the reference manual
Make the nodelay setting configurable and false per default
|
|
* zandra/cth_surefire-bug/OTP-13513:
add testcase for the surefire hook bug
fix cht_surefire bug when pre_init_per_suite fails
|
|
|
|
Put back unused module inets_regexp and remove it in OTP 19 instead as
it is an incompatibility, although it is an undocumented module and
should not affect other applications (the world is not perfect).
|
|
OTP-13537
|
|
OTP-13462
|
|
|
|
|
|
OTP-13536
|
|
OTP-13535
The return value of ct:get_timetrap_info/0 has been modified.
|
|
|
|
|
|
The guard should check that the TLS version is at least TLS-1.2.
|
|
Correct conversion errors form commit d2381e1a8d7cd54f7dc0a5105d172460b005a8fb
Please enter the commit message for your changes. Lines starting
|
|
|
|
|
|
When pre_init_per_suite fails before reaching the cth_surefire
pre_init_per_suite unexpected XML was produced. This commit fixes
that.
|
|
|
|
|
|
* ingela/inets/http_server-ssl-peer-cert/OTP-13510:
inets: Prepare for release
inets: Add peer_cert to ESI environment
|
|
* ingela/ssl/config-signature-algs/OTP-13261:
ssl: Prepare for release
ssl: Add option signature_algs
|
|
* ingela/ssl/3-4-tuples-cipher-suites-mix/OTP-13511:
ssl: Corrections to cipher suite handling
|
|
It was not possible to mix ssl 3 and 4 tuple cipher suites in the
ciphers option.
Some ssl_cipher:suite/1 clauses wrongly returned 3-tuples that
should have been 4 tuples
|
|
|
|
|
|
|
|
In TLS-1.2 The signature algorithm and the hash function algorithm
used to produce the digest that is used when creating the digital signature
may be negotiated through the signature algorithm extension RFC 5246.
We want to make these algorithm pairs configurable.
In connections using lower versions of TLS these algorithms are
implicit defined and can not be negotiated or configured.
DTLS is updated to not cause dialyzer errors, but needs to get a real
implementation later.
|
|
|
|
|
|
* sverker/erts/trap_exit-race/OTP-13452:
erts: Fix race for process_flag(trap_exit,true)
|
|
* rickard/proc-free-fix/OTP-13446:
Fix bad refc management of process struct
# Conflicts:
# erts/emulator/beam/erl_process.c
|
|
* rickard/port-sig-dropped-fix/OTP-13424:
Fix implementation of dropped signal to port
|
|
* dgud/mnesia/hang-sym-trans/OTP-13423:
mnesia: Send mnesia_down messages to waiting transactions
|
|
* rickard/ethr-event-futex-wait-timeout/OTP-13420:
Fix premature timeouts for ethread events on Linux
|
|
* rickard/last_calls/OTP-13418:
Unbreak process_info(Pid,last_calls)
|
|
* lukas/erts/fix_enomem_error_code/OTP-13419:
erts: Create erl_crash.dump when out of memory
|
|
* ia/inets/bracket-option/OTP-13417:
inets: Prepare for release
inets: Mend ipv6_host_with_brackets option
|
|
and a concurrent exit signal.
We now actually guarantee that the process will not die
from exit signal *after* the call to process_flag(trap_exit,true)
has returned.
The race is narrow and probably quite hard to observe even if you
manage to provoke it. Has only been confirmed with the help of
return trace and a sleep in send_exit_signal().
Solution:
Seize status lock to prevent send_exit_signal() from reading
an old status (without TRAP_EXIT) and then writing PENDING_EXIT
after TRAP_EXIT has been set by process_flag_2().
|
|
|
|
|
|
=== OTP-17.5.6.9 ===
Changed Applications:
- diameter-1.9.2.4
- erts-6.4.1.6
- ssl-6.0.1.2
Unchanged Applications:
- asn1-3.0.4
- common_test-1.10.1
- compiler-5.0.4
- cosEvent-2.1.15
- cosEventDomain-1.1.14
- cosFileTransfer-1.1.16
- cosNotification-1.1.21
- cosProperty-1.1.17
- cosTime-1.1.14
- cosTransactions-1.2.14
- crypto-3.5
- debugger-4.0.3.1
- dialyzer-2.7.4
- edoc-0.7.16
- eldap-1.1.1
- erl_docgen-0.3.7
- erl_interface-3.7.20
- et-1.5
- eunit-2.2.9
- gs-1.5.16
- hipe-3.11.3
- ic-4.3.6
- inets-5.10.9
- jinterface-1.5.12
- kernel-3.2.0.1
- megaco-3.17.3
- mnesia-4.12.5
- observer-2.0.4
- odbc-2.10.22
- orber-3.7.1
- os_mon-2.3.1
- ose-1.0.2
- otp_mibs-1.0.10
- parsetools-2.0.12
- percept-0.8.10
- public_key-0.23
- reltool-0.6.6
- runtime_tools-1.8.16.1
- sasl-2.4.1
- snmp-5.1.2
- ssh-3.2.4
- stdlib-2.4
- syntax_tools-1.6.18
- test_server-3.8.1
- tools-2.7.2
- typer-0.9.8
- webtool-0.8.10
- wx-1.3.3
- xmerl-1.3.7
Conflicts:
OTP_VERSION
erts/doc/src/notes.xml
erts/vsn.mk
lib/diameter/doc/src/notes.xml
lib/diameter/src/base/diameter_service.erl
lib/diameter/src/diameter.appup.src
lib/diameter/vsn.mk
lib/ssl/doc/src/notes.xml
lib/ssl/vsn.mk
otp_versions.table
|