| Age | Commit message (Collapse) | Author |
|---|
|
See also http://bugs.erlang.org/browse/ERL-95.
|
|
Previously, if certificate revocation checking was turned on, and a
certificate didn't contain a CRL Distribution Points extension, and
there was no relevant CRL in the cache, then ssl_handshake:crl_check
would accept the certificate even if the crl_check option was set to
reject certificates for which the revocation status could not be
determined. With this change, such certificates will only be accepted
if the crl_check option was set to best_effort.
The process for CRL validation is described in section 6.3 of RFC
5280. The text doesn't mention any special treatment to be given to
certificates without distribution points: it just says "For each
distribution point..." (section 6.3.3), which would leave the
revocation status undetermined, unless there were "any available CRLs
not specified in a distribution point but issued by the certificate
issuer". Thus the result of this algorithm should be UNDETERMINED in
this case, not UNREVOKED, and the crl_check option should govern how
the implementation reacts to this result.
|
|
When establishing a TLS connection with {verify, verify_none}, if the
server has a certificate with a critical extension, for example a
"Netscape Cert Type" extension, certificate verification would fail,
which is surprising given that the name of the option suggests that no
verification would be performed.
With this change, certificate extensions marked as critical are
ignored when using verify_none.
|
|
* hb/add_dialyzer_suppressions/OTP-12862:
xmerl: Remove 'no_return' Dialyzer warnings
xmerl: Add suppression of Dialyzer warnings
eunit: Add suppression of Dialyzer warnings
debugger: Add suppression of Dialyzer warnings
kernel: Add suppression of Dialyzer warnings
mnesia: Add suppression of Dialyzer warnings
observer: Add suppression of Dialyzer warnings
runtime_tools: Add suppression of Dialyzer warnings
stdlib: Add suppression of Dialyzer warnings
test_server: Add suppression of Dialyzer warnings
tools: Add suppression of Dialyzer warnings
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* ia/pr/958/OTP-13334:
ssl: verify cert signature against original cert binary
|
|
* tuncer/ei-breakage:
ei: fix breakage reported by Sergei Golovan
Revert "musl: fix gethostbyname_r/gethostbyaddr_ selection"
OTP-13328
|
|
* bjorn/asn1/suppressions/OTP-13324:
asn1: Suppress warnings for improper lists in generated code
|
|
ResA may have been GC'd after its last use.
|
|
|
|
* dgud/mnesia/del_schema_hangs/OTP-13284:
mnesia: let loader check if tablelock is needed
mnesia: Avoid deadlock possibility in mnesia:del_table_copy schema
|
|
* egil/fix-lcnt-dead-code/OTP-13319:
tools: Remove dead code in lcnt
|
|
|
|
* bjorn/compiler/beam_bsm/OTP-13309:
Eliminate crash because of unsafe delaying of sub-binary creation
|
|
* nybek/speed_up_supervisor_count_children:
Speed up supervisor:count_children/1; simple_one_for_one
Add supervisor:get_callback_module/1
OTP-13290
|
|
* hb/dialyzer/fix_bitstr_bug/OTP-13312:
dialyzer: Correct byte_size() and comparisons
|
|
The current implementation is roughly O(N*M) where N is the number of items to be removed, and M is the number of items in the map. This does not include the cost of `maps:from_list` or `maps:to_list`. This leads to pretty horrifying execution times on large maps regardless of how many or few keys are to be removed.
The new implementation is O(N) where N is the number of items to be removed. For each N there's the cost of removing a key from a map, and but in practice that turns out to be a vast improvement for all map sizes I tested
The new maps:take/2 implementation similarly builds a list of keys and values by iterating only the list of desired keys, and then hands it off to maps:from_list. This turned out to be faster than N maps:put calls.
|
|
move_table_copy needs the lock that was set previously in del_table_copy.
This doesn't work on old nodes, so bump protocol version and check it.
Remove old protocol conversion code, which have been around since OTP-R15.
Checking if lock is needed requires rpc communication via mnesia_gvar
ets table to be backwards compatible.
|
|
The argument of byte_size() is a bitstring().
The code in erl_bif_types that finds cases where comparisons always
return true or false is corrected when it comes to maps and bit
strings.
|
|
OTP-13311
* sverk/ecc-fixes:
Ensure testing ssl with supported ciphers only
Only use supported EC curves in crypto tests
Check the result of EC_GROUP_new_curve_* calls
|
|
When searching for a certificate's issuer in the `CertDB`, verify the signature
against the original DER certificate from the handshake instead of a re-encoding
of the parsed certificate. This avoids false negatives due to differences
between DER encoding implementations of OTP and other platforms.
|
|
* sverk/hipe-line-table-bug/OTP-13282:
erts: Fix bug concerning line information for hipe modules
|
|
* sverk/proc-exiting-timer-race/OTP-13245:
erts: Fix race between receive timeout and exit signal
|
|
|
|
|
|
* ia/ssl/handshake-fragmentation/OTP-13306:
ssl: Big handshake messages needs to be fragmented on TLS record level
|
|
* hb/dialyzer/fix_plt_remove/OTP-13103:
dialyzer: Fix a bug concerning the option 'plt_remove'
|
|
[James Fish:]
Dialyzer always asserts that files and directories passed in its
options exist. Therefore it is not possible to remove a beam/module
from a PLT when the beam file no longer exists. Dialyzer should not to
check files exist on disk when removing from the PLT.
|
|
* hb/tools/fix_bc_bug/OTP-13277:
tools: Correct a Cover test
|
|
|
|
* anders/diameter/appup/OTP-13283:
Add missing appup after 17.5.6.8 merge
|
|
The following code would fail to compile:
decode(<<Code/integer, Bin/binary>>) ->
<<C1/integer, B1/binary>> = Bin,
case C1 of
X when X =:= 1 orelse X =:= 2 ->
Bin2 = <<>>;
_ ->
Bin2 = B1
end,
case Code of
1 -> decode(Bin2);
_ -> Bin2
end.
The error message would be:
t: function decode/1+28:
Internal consistency check failed - please report this bug.
Instruction: return
Error: {match_context,{x,0}}:
The beam_bsm pass would delay the creation of a sub-binary when it was
unsafe to do so. The culprit was the btb_follow_branch/3 function that
for performance reasons cached labels that had already been checked.
The problem was the safety of a label also depends on the contents
of the registers. Therefore, the key for caching needs to be both
the label and the register contents.
Reported-by: José Valim
|
|
A previous commit introduced a change that exposed dead code in this
module and caused dialyzer warnings. This dead code was taken out.
While at it, performed some code refactoring in the handling of the
bs_get_integer primop.
|
|
|
|
del_table_copy grabs a write lock in a new process in prepare_op/3 to
change 'where_to_read' when a table copy is updated.
When del_table_copy(schema, Node) is called all copies located on Node
are deleted, and thus many locks are taken. Since this was done outside
of the schema-transaction, mnesia's deadlock prevention algorithms
was sidestepped and a deadlock could occur.
Fix by always grabbing write-locks for all changed tabs early and in the same
transaction, this might slow done the operation some but it must be done
and it also cleans up the code.
|
|
* ia/ssl/validator:
ssl: Only start a new session validator if the old one has finished its work
|
|
|
|
* tnt-dev/fix-function-index-sort:
Don't sort function index when it's not necessary
OTP-13302
|
|
* binarin/epmd-race:
Prevent down nodes going undetected in epmd
OTP-13301
|
|
* legoscia/tls-dist-listen-ip:
TLS distribution: bind erts socket to localhost
OTP-13300
|
