| Age | Commit message (Collapse) | Author |
|---|
|
OTP-15146
|
|
* maint-21:
Updated OTP version
Update release notes
Update version numbers
Fix trace_info/2
Provide build support for standalone corba repo
Fix release notes for OTP-21.0.2
Move to a dirty scheduler even when we have pending system tasks
|
|
* siri/logger/post-21/OTP-15132:
[logger] Allow setting kernel parameter 'logger_level' to 'all'
[kernel] Reduce risk of dead lock when terminating logger_sup
[logger] Fix regexp replacement for unicode strings
Update proc_lib:report_cb to obey logger formatter's size limiting params
[logger] Allow report callback with two arguments returning a string
Don't call report_cb from cth_log_redirect - formatter does that
Add legacy test of sasl_report_file_h and size limiting
[logger] Remove compiler warnings in test
[logger] Fix problem with test cases waiting for handler restart
[logger] Add ?LOG macro which takes Level as argument
[logger] Improve spec for set_handler_config/3 and set_primary_config/2
[logger] Generate .png file from .dia
[logger] Update documentation
|
|
|
|
|
|
|
|
|
|
If the report callback is a fun of arity 2, then the second argument
is a map with the keys 'encoding', 'depth' and 'chars_limit', and the
fun must return a string which is size limited according to the given
depth and chars_limit.
If the report callback is a fun of arity 1, then it must return a
tuple containing a format string and a list of arguments. The
formatter will produce the string, and limit it's size.
|
|
|
|
|
|
|
|
|
|
|
|
Specify which keys and associated values are allowed.
|
|
|
|
|
|
|
|
|
|
* john/erts/fix-dirty-reschedule-bug/OTP-15154:
Move to a dirty scheduler even when we have pending system tasks
|
|
* john/erts/fix-21.0.2-release-notes:
Fix release notes for OTP-21.0.2
|
|
* rickard/trace-info-bug/OTP-15183:
Fix trace_info/2
|
|
* rickard/corba-build/OTP-15176:
Provide build support for standalone corba repo
|
|
|
|
Fix net_kernel:connect_node/1 to local node
|
|
|
|
* sverker/erts/monitored_by-docs/ERL-648/OTP-15180:
os_mon: Fix volatile test cpu_sup_SUITE:util_api
erts: Fix spec and docs for process_info 'monitored_by'
|
|
Dummy merge as ic is gone.
|
|
Docs says min _memchunk is 32, so lets use that.
|
|
|
|
longs, longlongs and wchar were too small on 64-bit
which could lead to potential buffer overflow at encoding.
__OE_DOUBLESZ__ was too big, probably due to old text format.
|
|
* ingela/backport/merge:
ssl: Prepare for release
ssl: Fix test case to only check relevant info for the test
ssl: Correct connection_information on ECC-curves
ssl: No cipher suite sign restriction in TLS-1.2
ssl: Add psk as anonymous key exchange in ssl_handshake:select_hashsign/5
ssl: anon test should use dh or ecdh anon keyexchange
ssl: Correct key_usage check
ssl: Fix ECDSA key decode clause
ssl: Avoid hardcoding of cipher suites and fix ECDH suite handling
ssl: Run all test case combinations
ssl: Correct ECC suite and DTLS ECC handling
|
|
ingela/backport/merge
|
|
IngelaAndin/ingela/ssl/unexpected-call/ERL-664/OTP-15174
ssl: Improve error handling
|
|
|
|
to be no-op and return true
as it always has before OTP-21.0.
|
|
|
|
Conflicts:
lib/ssl/test/ssl_basic_SUITE.erl
|
|
|
|
Conflicts:
lib/ssl/test/ssl_ECC_SUITE.erl
|
|
Failing to recognize psk as an anonymous key exchange would fail the connection
when trying to decode an undefined certificate.
|
|
|
|
The Key Usage extension is described in section 4.2.1.3 of X.509, with the following possible flags:
KeyUsage ::= BIT STRING {
digitalSignature (0),
nonRepudiation (1), -- recent editions of X.509 have
-- renamed this bit to contentCommitment
keyEncipherment (2),
dataEncipherment (3),
keyAgreement (4),
keyCertSign (5),
cRLSign (6),
encipherOnly (7),
decipherOnly (8) }
In SSL/TLS, when the server certificate contains a RSA key, then:
either a DHE or ECDHE cipher suite is used, in which case the RSA key
is used for a signature (see section 7.4.3 of RFC 5246: the "Server
Key Exchange" message); this exercises the digitalSignature key usage;
or "plain RSA" is used, with a random value (the 48-byte pre-master
secret) being encrypted by the client with the server's public key
(see section 7.4.7.1 of RFC 5246); this is right in the definition of
the keyEncipherment key usage flag.
dataEncipherment does not apply, because what is encrypted is not
directly meaningful data, but a value which is mostly generated
randomly and used to derive symmetric keys. keyAgreement does not
apply either, because that one is for key agreement algorithms which
are not a case of asymmetric encryption (e.g. Diffie-Hellman). The
keyAgreement usage flag would appear in a certificate which contains a
DH key, not a RSA key. nonRepudiation is not used, because whatever is
signed as part of a SSL/TLS key exchange cannot be used as proof for a
third party (there is nothing in a SSL/TLS tunnel that the client
could record and then use to convince a judge when tring to sue the
server itself; the data which is exchanged within the tunnel is not
signed by the server).
When a ECDSA key is used then "keyAgreement" flag is needed for beeing
ECDH "capable" (as opposed to ephemeral ECDHE)
|
|
|
|
ECDH suite handling did not use the EC parameters form the certs
as expected.
Conflicts:
lib/ssl/src/ssl_cipher.erl
|
|
Fix test case code to use keyAgreement for ECDH_ECDSA
Conflicts:
lib/ssl/test/ssl_ECC.erl
lib/ssl/test/ssl_ECC_openssl_SUITE.erl
lib/ssl/test/ssl_to_openssl_SUITE.erl
|
|
When test handling was corrected it was obvious that DTLS ECC handling
was not compleated.
Conflicts:
lib/ssl/src/ssl.erl
lib/ssl/test/Makefile
lib/ssl/test/ssl_ECC.erl
lib/ssl/test/ssl_ECC_SUITE.erl
lib/ssl/test/ssl_ECC_openssl_SUITE.erl
|
|
Don't match floats.
|
|
to include ports and NIF resources.
Added new opaque type 'nif_resource'.
|
|
When doing ssl:controlling_process on a ssl socket that has not
performed the TLS/DTLS handshake that call will succeed even though
the documentation stated otherwise. However if some other ssl option
was incorrect the call would hang. Now {error, closed} will be
returned in the latter case, which is logical independent on if it
should succeed or not in the former case. The former case will continue
to succeed, as it is not dependent of the TLS/DTLS connection being
established, and the documentation is altered slightly to not
explicitly disallow it. If the TLS/DTLS connection later fails and
the socket mode is active, the new controlling process will be
notified as expected.
|
|
httpc 301 redirect: Do not assert scheme ports are equal
|
