Age | Commit message (Collapse) | Author |
|
Filipe David Manana
OTP-9114: [ftp] Added (type) spec for all exported functions.
OTP-9123: mod_esi:deliver/2 made to accept binary data.
Bernard Duggan
OTP-9124: [httpd] Prevent XSS in error pages.
Michael Santos
OTP-9131: [httpd] Wrong security property names used in documentation.
Garrett Smith
OTP-9157: [httpd] Improved error messages.
Ricardo Catalinas Jim�nez
OTP-9158: [httpd] Fix timeout message generated by mod_esi.
Bernard Duggan
OTP-9202: [httpd] Extended support for file descriptors.
Attila Rajmund Nohl
OTP-9230: The default ssl kind has now been changed to essl.
OTP-9246: [httpc] httpc manager crash because of a handler retry
race condition.
Merge branch 'bmk/inets/inet56_integration' into dev
|
|
conformance tests suite certificates has expired.
New conformance tests uses another format to save certificates so
we need to implement PKCS-12 support.
CRL tests are commented out as the CRL support is not included
in the main development yet.
|
|
|
|
|
|
* hw/call-chmod-without-f:
Call chmod without the "-f" flag
Conflicts:
erts/emulator/test/Makefile
lib/asn1/test/Makefile
lib/crypto/test/Makefile
lib/debugger/test/Makefile
lib/docbuilder/test/Makefile
lib/edoc/test/Makefile
lib/erl_interface/test/Makefile
lib/inviso/test/Makefile
lib/parsetools/test/Makefile
lib/percept/test/Makefile
lib/ssl/test/Makefile
lib/syntax_tools/test/Makefile
lib/test_server/test/Makefile
lib/tools/test/Makefile
OTP-9170
|
|
* ia/public_key/encode-decode-ssh/OTP-9144:
Implemented encode/decode support for ssh public key files
|
|
|
|
bmk/inets/ftp/missing_spec_causes_dialyxer_problems/OTP-9114
Also fixed a bunch of "end-years" (was 2010 but should have been 2011,
which the commit hook not happy with).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This patch allows the public_key module to decode and encode RSA and DSA
keys encoded using the SubjectPublicKeyInfo format. When
pem_entry_encode is called on an RSA or DSA public key type, the key is
wrapped in the SubjectPublicKeyInfo format.
|
|
|
|
|
|
|
|
|
|
Data to sign and verify should be inputed as binaries.
Also cleaned up and moved some dialyzer specs.
|
|
|
|
"-f" is a non-standard chmod option which at least SGI IRIX and HP UX do
not support. As the only effect of the "-f" flag is to suppress warning
messages, it can be safely omitted.
|
|
|
|
Conflicts:
lib/public_key/src/pubkey_cert.erl
|
|
|
|
maint-r14
* ia/ssl-and-public_key/verify_fun_peer_awarness/OTP-8873:
Peer awarness
|
|
* ia/public_key/basic_constraints/OTP-8867:
Better handling of v1 and v2 certificates.
|
|
Changed the verify fun so that it differentiate between the peer
certificate and CA certificates by using valid_peer or valid as the
second argument to the verify fun. It may not always be trivial or
even possible to know when the peer certificate is reached otherwise.
|
|
V1 and v2 certificates does not have any extensions
so then validate_extensions should just accept that
there are none and not end up in missing_basic_constraints clause.
|
|
* ia/public_key/basic_constraints/OTP-8867:
Better handling of v1 and v2 certificates.
|
|
* ia/ssl-and-public_key/backwards-compatibility/OTP-8858:
Backwards compatibility
Conflicts:
lib/ssl/src/ssl_certificate_db.erl
Use short INFO-message. Debugging information can be fairly
easily recreated so we do not want to clutter the logs.
|
|
Changed implementation to retain backwards compatibility for old
option {verify, 0} that shall be equivalent to {verify, verify_none},
also separate the cases unknown CA and selfsigned peer cert, and
restored return value of deprecated function public_key:pem_to_der/1.
|
|
V1 and v2 certificates does not have any extensions
so then validate_extensions should just accept that
there are none and not end up in missing_basic_constraints clause.
|
|
DSS-Params may be null in a certificate as it can inherit the
parameters.
Also ignore CA-certs that do not follow ASN-1 spec in RFC 5280.
|
|
* ia/fix-dialyzer-specs:
Corrected and added dialyzer specs
|
|
|
|
|
|
Added the functionality so that the verification fun will be called
when a certificate is considered valid by the path validation to allow
access to eachs certificate in the path to the user application.
Removed clause that only check that a extension is not critical,
it does alter the verification rusult only withholds information from
the application.
Try to verify subject-AltName, if unable to verify it let
application try.
|
|
|
|
Changed the behavior of the verify_fun option so that
the application can be responsible for handling path validation
errors even on the server side. Also replaced the not yet
documented validate_extensions_fun to be handled by the
verify_fun instead.
If the verify callback fun returns {fail, Reason}, the verification process is
immediately stopped and an alert is sent to the peer and the TLS/SSL
handshake is terminated. If the verify callback fun returns {valid,
UserState}, the verification process is continued. If the verify callback
fun always returns {valid, UserState}, the TLS/SSL handshake will not be
terminated with respect to verification failures and the connection
will be established. The verify callback fun will also be
able to verify application specific extensions.
|
|
* dgud/public_key/make_cert_fix:
Complete rename of erl_make_certs
Rename
Fix issuer issue in generated certs
|
|
Handling of unkown CA certificats was changed in ssl and
public_key to work as intended.
In the process of doing this some test cases has been corrected as
they where wrong but happened to work together with the
incorrect unknown CA handling.
|