| Age | Commit message (Collapse) | Author |
|---|
|
Handle unencrypted 'Illegal Parameter' Alerts from openssl s_client
when the server's connection states are already stepped into
traffic encryption.
Change-Id: I10951a9061e6f4b13d8ddb8ab99f8a812a483113
|
|
Validate peer certificate against supported signature algorithms.
Send 'Hanshake Failure' Alert if signature algorithm is not
supported by the server.
Change-Id: Iad428aad337f0f9764d23404c203f966664c4555
|
|
Report the role of the peer when logging incoming Alerts.
Change-Id: I7eec46bc36f9080f5087b6a38e7f14ac628fe286
|
|
Split get_handshake_context/2 into two functions. The new
get_handshake_context_cv/2 returns the context for the
verification of CertificateVerify.
Change-Id: I461eb67bda1d9c1673e463d417c3e838fca6b40c
|
|
Change-Id: I6504d99a96ed6fc75dbdff78a6148ed39d3776c9
|
|
Verify if the signature algorithm used in the signature of
CertificateVerify is one of those present in the
supported_signature_algorithms field of the "signature_algorithms"
extension in the CertificateRequest message.
Change-Id: I7d3b5f10e3205447fb9a9a7e59b93568d1696432
|
|
Verify CertificateVerify message against the handshake context and
the public key provided by the Certificate message.
Remove 'Context' argument from state handler functions and store
data in the state variable.
Refactor get_handshake_context/1 to cover all implemented cases.
Change-Id: If803e05009331d1ec7e0ba2ea2b81d917a0add6d
|
|
Change-Id: I09c0501ea790941001b11a3f6d12a96f18da2bea
|
|
Implement validation of client certificates in state
'wait_cert'.
Implement state 'wait_cv'.
Clean up handler functions.
Change-Id: I5c410bf7afe34632f27fabcd61670764fedb105d
|
|
Test client authentication when client responds with empty
Certificate.
Change-Id: I725ae60c6d097ca13c5f4354e35377ecacf98dea
|
|
Implement state 'wait_cert' with its handler function
do_wait_cert/2.
Send CertificateRequest if peer verification is enabled.
Send Alert 'certificate required' if client answers with empty
Certificate and option 'fail_if_no_peer_cert' is set to true.
Change-Id: I72c73bcb6bc68ea60e6fe41cdd29ccfe40d18322
|
|
Change-Id: I5fdade8474147d05bc12d28fec91a47d4fd6e73b
|
|
Add missing alert to description_atom/1.
Function clauses ordered by value of the alert.
Change-Id: Ibb68ea261c42070c757b2815abd3f7b179880128
|
|
* peterdmv/ssl/hello-retry-request/OTP-15590:
ssl: Fix type spec for handshake_history()
ssl: Add tests for hello_retry_request and groups
ssl: Implement 'hello_retry_request'
Change-Id: I04ad2860d0ba81462a1e36c7d6fcee6bc5c98c32
|
|
|
|
* sverker/to_erl-utf8/ERL-854:
erts: Remove 7-bit ASCII limitation in to_erl
|
|
* sverker/erl_docgen/prettify-cfunc-docs/OTP-15637:
erl_docgen: Prettify c-function argument lists
erl_docgen: Indent c-function line continuations
|
|
* maint:
Set early enough start time
inet_db: fix a bug when .hosts file is never reloaded
|
|
* inet_db-startup-fix:
Set early enough start time
inet_db: fix a bug when .hosts file is never reloaded
|
|
Adhering to the review in GitHub PR #2066:
The start time should be set so the resolver file can get
re-read as soon as possible to not get the whole timeout time
before detecting that the resolver file has been created.
|
|
* rickard/deprecations-removals:
Fix bootstrap
|
|
* maint:
stdlib: Optimize calendar:system_time_to_rfc3339()
|
|
* hasse/stdlib/optimize_calendar_rfc3339/OTP-15630:
stdlib: Optimize calendar:system_time_to_rfc3339()
|
|
|
|
|
|
* siri/logger/os-timestamp/OTP-15625:
Update preloaded
[logger] Change timestamp from erlang:system_time to os:system_time
|
|
* maint:
fixup! ssl: Add support for {active,N}
ssl: Use common fonction to update {active,N}
ssl: Document {active,N}
ssl: Add support for {active,N}
|
|
|
|
Rewords one sentence in common_test documentation
|
|
* essen/ssl-active-n:
fixup! ssl: Add support for {active,N}
ssl: Use common fonction to update {active,N}
ssl: Document {active,N}
ssl: Add support for {active,N}
Conflicts:
lib/ssl/src/ssl.erl
|
|
|
|
|
|
Add application:set_env/1 and application:set_env/2
OTP-15642
|
|
|
|
Move size=all binary clause pruning to v3_kernel
|
|
Tune BEAM instructions for the new compiler (part 1)
|
|
Optimize the beam_ssa_dead sub pass
|
|
Optimize v3_kernel for thousands of clauses
|
|
It is equivalent to calling application:set_env/4 on
each application individually, except it is more efficient.
When given duplicate apps or duplicate keys, set_env/1
and set_env/2 will warn. The warning will also be emitted
during boot:
$ erl -config dupkeys.config -s erlang halt
2019-02-27 11:16:02.653100 application: kernel; duplicate parameter: key1
=WARNING REPORT==== 27-Feb-2019::11:16:02.653100 ===
application: kernel; duplicate parameter: key1
$ erl -config dupapps.config -s erlang halt
2019-02-27 11:16:02.653100 duplicate application config: kernel
=WARNING REPORT==== 27-Feb-2019::11:16:02.653100 ===
duplicate application config: kernel
Prior to this patch, the behaviour was unspecified,
and duplicate keys and duplicate apps would behave
different depending on the amount of config, the name
of the config files, and how those configs would be
listed. The goal is to raise an error in the future.
|
|
The advantage of moving it up is that it reduces the
size of the code emitted by v3_kernel, speeding
v3_kernel itself and beam_kernel_to_ssa pass.
|
|
|
|
The is_nonempty_list test is very frequently followed by
get_tl, and frequently followed by get_hd.
|
|
It turns out that the combination of is_nonempty_list
and test_heap is no longer frequent.
|
|
|
|
The test_arity instruction is often followed by get_tuple_element.
|
|
|
|
Prior to this patch, v3_kernel would do multiple
passes on the clauses to group them. This commit
unrolls those passes, making v3_kernel up to 10%
faster in those cases.
|
|
|
|
This is cleaner and slightly faster.
|
|
The general complexity of the shortcut sub pass of `beam_ssa_dead` is
quadratic, but those optimizations will reduce the constant factor
somewhat.
|
