Age | Commit message (Collapse) | Author |
|
Change-Id: Ie60b2a2651ea975cebd0ccf0c7e2953f89986463
|
|
Change-Id: Ifb933d1bad647b941b7324c0712a7bc20ae74efa
|
|
Implement handling of the signature algorithms extension described by
RFC 8446. This commit updates the behavior of legacy TLS versions to
align them with RFC 8446 (TLS 1.3) and RFC 5246 (TLS 1.2).
- TLS 1.0/1.1 clients validate the client certificate against the
certificate_type field of the CertificateRequest message.
- TLS 1.2 client verifies the hash/signature algorithm pair of the
client certificate when processing a CertificateRequest. Old
behavior only checked the signature algorithms.
- TLS 1.2 server verifies that the server certificate is signed by
a hash/signature algorithm pair that appears in the
"singature_algorithms" or "signature_algorithms_cert" (RFC 8446)
extensions of the ClientHello.
Change-Id: I3e0a0d7408984f5e5b1233968934fe34d64eb2b7
|
|
Add documentation to the ssl option "signature_algs_cert"
introduced by TLS 1.3. The client/server will send a
"signature_algorithms_cert" extension, if TLS 1.3 or later
is used.
Change-Id: I17d612f311a1deef7e29473c3998e7f99fa56f02
|
|
* ingela/ssl/extensions-and-TLS-1.3-handshaking:
ssl: Correct extension decoding and dialyzer spec
ssl: Generalize extensions handling
|
|
|
|
|
|
* siri/appups-21.2:
Update kernel, stdlib and sasl appups for OTP-21.2
|
|
* sverker/erts/cleanup-efile-argc-checks:
erts: Remove unnecessary NIF argc tests
|
|
Rewrite BSM optimizations in the new SSA-based intermediate format
|
|
|
|
This has been superseded by bs_get_tail/3. Note that it is NOT
removed from the emulator or beam_disasm, as old modules are still
legal.
|
|
Remove the variable aliasing support that was needed for the
old beam_bsm pass.
|
|
|
|
The beam_ssa_bsm pass welds chained matches together, but the match
expressions themselves are unchanged and if there's a tail
alignment check it will be done each time. This subpass figures out
the checks we've already done and deletes the redundant ones.
|
|
This commit improves the bit-syntax match optimization pass,
leveraging the new SSA intermediate format to perform much more
aggressive optimizations. Some highlights:
* Watch contexts can be reused even after being passed to a
function or being used in a try block.
* Sub-binaries are no longer eagerly extracted, making it far
easier to keep "happy paths" free from binary creation.
* Trivial wrapper functions no longer disable context reuse.
|
|
As TLS 1.3 introduces more extensions in other places than in hello messages
we like to have generalize extension handling encode/decode with some
hello wrappers.
Also extend property tests of handshake encod/decode
|
|
|
|
jhogberg/john/compiler/validator-aliased-type-fixes/ERL-735
beam_validator: Use set_aliased_type in more operations
|
|
It's impossible to call NIF with wrong argc from Erlang
and thus pointless to throw badarg.
|
|
The following code broke because aliases weren't tracked for hd/1:
bug(Bool) ->
Bug = remote:call(),
if
Bool -> %% Branch of some kind.
_ = hd(Bug),
remote:call(),
hd(Bug)
end.
Related to 1f221b27f1336e747f7409692f260055dd3ddf79
|
|
fix for ppc64le / add travis test for ppc64le
OTP-15313
|
|
|
|
|
|
|
|
|
|
|
|
* ingela/ftp/tftp/app.src-fix:
ftp, tftp: Version should not be hardcoded in <app>.app.src
|
|
|
|
get_anno/3: as get_anno but with a default value
definitions/1-2: returns a map of variable definitions (#b_set{})
uses/1-2: returns a map of all uses of a given variable
mapfold_blocks_rpo/4: mapfolds over blocks
|
|
The upcoming beam_ssa_bsm pass makes this redundant.
|
|
The upcoming beam_ssa_bsm pass allows match contexts to be used
across function calls that take said context as an argument, which
means it's fairly common for them to end up in Y registers.
|
|
Clean up variable-related cruft in new SSA passes
|
|
* sverker/erts/beautify-ifdef-DEBUG:
erts: Beautify away #ifdef DEBUG
|
|
Add a more scalable ETS ordered_set implementation
|
|
* maint:
crypto: Fix accidental merge
|
|
* hans/crypto/fix_bad_merge:
crypto: Fix accidental merge
|
|
Commit 8c47a7657d03777a03a6838c7ec937b6347d07f8 accidently
reverted the changes in lib/crypto/src/crypto.erl correctly
introduced in e8de0736005e91afd992e49f434e08c940eddfa0
This fix re-introduces the correct changes.
|
|
|
|
|
|
|
|
* ingela/ssl/openssl-test-interop:
ssl: Improve interop checks
|
|
|
|
* maint:
Updated OTP version
Update release notes
Update version numbers
erts: Fix memory leak when sending to terminating port
|
|
* maint-19:
Updated OTP version
Update release notes
Update version numbers
erts: Fix memory leak when sending to terminating port
|
|
Now that variables are represented as #b_var{}, there's no longer
any risk of colliding with anything else.
|
|
We chose to refer to variables through their var_name() because we
anticipated the need to annotate them, but it turned out we didn't
really need that, and many things become a lot cleaner if the
entire #b_var{} is used to represent variables.
|
|
|
|
* ingela/ERL-622/fix:
ssl: Move link to correct process
|
|
The link should be between the connection process and the tls_sender
process. But the start of the tls_sender process needs to be done
by the process that also starts the connection process in order to
correctly create the opaque #ssl_socket{}.
|