| Age | Commit message (Collapse) | Author |
|---|
|
* maint:
syntax_tools: Correct unfolding of the stacktrace variable
|
|
maint
* hasse/syntax_tools/fix_stacktrace_var/OTP-15291/ERL-719:
syntax_tools: Correct unfolding of the stacktrace variable
|
|
* peterdmv/ssl/property_test_client_hello:
ssl: Property test hello extensions
Change-Id: I78f5cdef8702141b78e9123efe34e381a5e5d12c
|
|
|
|
'ingela/ssl/unorded-or-incomplete-cert-chain/OTP-12983/OTP-15060' into maint
* ingela/ssl/unorded-or-incomplete-cert-chain/OTP-12983/OTP-15060:
ssl: Handle incomplete and unorded chains
|
|
If the peer sends an incomplete chain that we can reconstruct with
our known CA-certs it will be accepted.
We will assume that the peer honors the protocol and sends an orded
chain, however if validation fails we will try to order the chain in
case it was unorded. Will also handle that extraneous cert where present.
See Note form RFC 8446
Note: Prior to TLS 1.3, "certificate_list" ordering required each
certificate to certify the one immediately preceding it; however,
some implementations allowed some flexibility. Servers sometimes
send both a current and deprecated intermediate for transitional
purposes, and others are simply configured incorrectly, but these
cases can nonetheless be validated properly. For maximum
compatibility, all implementations SHOULD be prepared to handle
potentially extraneous certificates and arbitrary orderings from any
TLS version, with the exception of the end-entity certificate which
MUST be first.
|
|
* maint:
crypto: Fix valgrind error
|
|
* hans/crypto/valgrind:
crypto: Fix valgrind error
|
|
|
|
|
|
* anders/diameter/21.1/OTP-15202:
vsn -> 2.1.6
Update appup for 21.1
|
|
* anders/diameter/dpr/OTP-15198:
Fix function_clause when sending a request after an outgoing DPA
|
|
* sverker/enif-cancel-select/OTP-15095:
erts: Add ERL_NIF_SELECT_CANCEL flag for enif_select
|
|
Extend test generators with ClientHello extensions:
- TLS 1.2: supported_version
- TLs 1.3: supported_version and signature_scheme_list
Change-Id: I43356a2a921edade124eceb004f20411c7e92619
|
|
* peterdmv/ssl/tls13_ciphers:
ssl: Fix cipher suite handling
ssl: Add TLS 1.3 cipher suites
Change-Id: I6b306d29642ba38639157ed1afea8b8df38af30e
|
|
* maint:
crypto: Remove 'experimental' comments for ecdh
|
|
* hans/crypto/x25519_x448/OTP-15240:
crypto: Remove 'experimental' comments for ecdh
|
|
|
|
* ingela/ssl/psk-correction/OTP-15285:
ssl: Correct handling of all PSK cipher suites
|
|
Before only some PSK suites would be correctly negotiated and most PSK
ciphers suites would fail the connection.
PSK cipher suites are anonymous in the sense that they do not use
certificates except for rsa_psk.
|
|
* maint:
erlang-mode: fix void variable align-rules-list error
|
|
erlang-mode: fix void variable align-rules-list error
|
|
|
|
The bug was introduced in 9ab233.
See also https://bugs.erlang.org/browse/ERL-719.
|
|
|
|
* raimo/improve-doc-indexing/ERL-666:
Correct doc markers
Improve indexing of cref docs
|
|
|
|
|
|
OTP-15198 Fix function_clause when sending a request after outgoing DPA
|
|
* siri/supervisor/warn-shutdown-race/ERL-724:
[supervisor] Add warning about race condition
|
|
* siri/cuddle:
[sasl] Flush logger handlers to file before terminating node
|
|
|
|
|
|
* maint:
public_key: Remove strange and unused(?) DSAPrivateKey from verify/5
|
|
* hans/public_key/DSAPrivateKey_in_verify/OTP-15284:
public_key: Remove strange and unused(?) DSAPrivateKey from verify/5
|
|
* maint:
crypto: Bug fix - crypto:next_iv regarding aes_ige256
crypto: Bug fix - blowfish_cbc allowed in crypto:next_iv
|
|
* hans/crypto/next_iv/OTP-15283:
crypto: Bug fix - crypto:next_iv regarding aes_ige256
crypto: Bug fix - blowfish_cbc allowed in crypto:next_iv
|
|
|
|
|
|
|
|
ERL-724: "During a 'gentle' shutdown, supervisors unlink from their
children before sending shutdown signals to them. This can lead to a
race condition in supervision trees, when the timeout for gentle
shutdown of a parent supervisor expires and it kills a child
supervisor that has just unlinked from a child of its own, leaving the
child supervisor's own child still running after its supervisor is
killed."
This commit adds a warning about this in the documentation.
|
|
Implementations of TLS 1.3 which choose to support prior versions of
TLS SHOULD support TLS 1.2. That is, a TLS 1.3 ClientHello shall
advertise support for TLS 1.2 ciphers in order to be able to connect
to TLS 1.2 servers.
This commit changes the list of the advertised cipher suites to
include old TLS 1.2 ciphers.
Change-Id: Iaece3ac4b66a59dfbe97068b682d6010d74522b8
|
|
TLS_AES_128_GCM_SHA256 = {0x13,0x01}
TLS_AES_256_GCM_SHA384 = {0x13,0x02}
TLS_CHACHA20_POLY1305_SHA256 = {0x13,0x03}
Change-Id: I3406aaedac812fc43519ff31e5f00d26e375c5d5
|
|
* peterdmv/ssl/add_signature_algorithms:
ssl: Use 'HighestVersion' instead of extra function call
ssl: Add new extension with encode/decode functions
ssl: Format code in handle options
Change-Id: Iba3600edc86dc646a7bbabf550d88e7884877e18
|
|
* ingela/ssl/property-tests:
ssl: Correct compression decoding
ssl: Add property tests framework
ssl: Fix typo
|
|
* maint:
Update PCRE from version 8.41 to version 8.42
|
|
* rickard/pcre-8.42/OTP-15217:
Update PCRE from version 8.41 to version 8.42
|
|
* maint:
erts: Fix configure check when cross-compiling
|
|
erts: Fix configure check when cross-compiling
OTP-15282
|
|
* maint:
Updated OTP version
Update release notes
Update version numbers
kernel: Fix missing abort_connection in net_kernel
Prevent inconsistent node lists
Fix an endless rescheduling loop when a process is executing process_info(self(), ...)
|
