Age | Commit message (Collapse) | Author |
|
|
|
|
|
* maint:
Updated OTP version
Update release notes
ssl: Prepare for release
ssl: Remove duplicate release note
ssl: Fix filter function to not discard AEAD cipher suites
Conflicts:
OTP_VERSION
|
|
|
|
|
|
Conflicts:
OTP_VERSION
|
|
* ingela/ssl/no-sslv2-hello-support/OTP-14824:
ssl: Remove interoperability option v2_hello_compatible
|
|
* peterdmv/use_uri_string/OTP-14902:
common_test: Use uri_string
ssl: Use uri_string
public_key: Use uri_string
observer: Use uri_string
Change-Id: I4beac2289db039cc7d566807727c5aaf7fadf942
|
|
|
|
|
|
Change-Id: I1249b93b1e4a971cf1af2cb96a65563e23117e2b
|
|
|
|
The interoperability option to fallback to insecure renegotiation
now has to be explicitly turned on.
|
|
* maint:
Updated OTP version
Prepare release
ssl: Prepare for release
ssl: Backport PR-1709
ssh: Fix cli
ssh: Test for disabled shell
|
|
* maint-19:
Updated OTP version
Prepare release
ssl: Prepare for release
ssl: Backport PR-1709
ssh: Fix cli
ssh: Test for disabled shell
Conflicts:
OTP_VERSION
lib/ssh/doc/src/notes.xml
lib/ssh/src/ssh.erl
lib/ssh/vsn.mk
lib/ssl/doc/src/notes.xml
lib/ssl/vsn.mk
otp_versions.table
|
|
|
|
Conflicts:
lib/ssl/doc/src/ssl.xml
lib/ssl/src/ssl.erl
lib/ssl/src/ssl_cipher.erl
lib/ssl/test/ssl_basic_SUITE.erl
lib/ssl/test/ssl_test_lib.erl
|
|
Preferably customized cipher suites will be based on the default value.
But all may be used as base and hence it will be good to
handle anonymous suites separately as they are intended for testing purposes.
|
|
|
|
|
|
* ingela/DTLS-supported:
ssl: Fix typo
dtls: Add DTLS handling to utility functions
ssl: Document enhancment
ssl: Document DTLS
|
|
|
|
|
|
|
|
|
|
Remove one of the duplicate word "use"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* maint-20:
Updated OTP version
Update release notes
Update version numbers
public_key: verify ip (both v4 and v6)
public_key: Added IP4 address checks to hostname_verification tests
ssl: Fix test cases to work on all test platforms
public_key: Fix dialyzer spec
ssl: Sessions must be registered with SNI if exists
ssl: Extend hostname check to fallback to checking IP-address
public_key, ssl: Handles keys so that APIs are preserved correctly
ssl: Use ?FUNCTION_NAME
ssl: Prepare for release
ssl: Countermeasurements for Bleichenbacher attack
Conflicts:
lib/public_key/doc/src/public_key.xml
lib/public_key/test/public_key_SUITE.erl
lib/public_key/test/public_key_SUITE_data/pkix_verify_hostname_subjAltName_IP.pem
lib/public_key/test/public_key_SUITE_data/verify_hostname_ip.conf
lib/ssl/src/dtls_connection.erl
lib/ssl/src/ssl_connection.erl
lib/ssl/src/ssl_handshake.erl
|
|
=== OTP-18.3.4.1.1 ===
Changed Applications:
- ssl-7.3.3.0.1
Unchanged Applications:
- asn1-4.0.2
- common_test-1.12.1
- compiler-6.0.3
- cosEvent-2.2
- cosEventDomain-1.2
- cosFileTransfer-1.2
- cosNotification-1.2.1
- cosProperty-1.2
- cosTime-1.2.1
- cosTransactions-1.3.1
- crypto-3.6.3
- debugger-4.1.2
- dialyzer-2.9
- diameter-1.11.2
- edoc-0.7.18
- eldap-1.2.1
- erl_docgen-0.4.2
- erl_interface-3.8.2
- erts-7.3.1
- et-1.5.1
- eunit-2.2.13
- gs-1.6
- hipe-3.15
- ic-4.4
- inets-6.2.4
- jinterface-1.6.1
- kernel-4.2
- megaco-3.18
- mnesia-4.13.4
- observer-2.1.2
- odbc-2.11.1
- orber-3.8.1
- os_mon-2.4
- ose-1.1
- otp_mibs-1.1
- parsetools-2.1.1
- percept-0.8.11
- public_key-1.1.1
- reltool-0.7
- runtime_tools-1.9.3
- sasl-2.7
- snmp-5.2.2
- ssh-4.2.2.1
- stdlib-2.8
- syntax_tools-1.7
- test_server-3.10
- tools-2.8.3
- typer-0.9.10
- webtool-0.9.1
- wx-1.6.1
- xmerl-1.3.10
Conflicts:
OTP_VERSION
lib/ssl/vsn.mk
otp_versions.table
|
|
|
|
|
|
|
|
|
|
|
|
* lukas/docs/xmllint_fixes/OTP-14721:
ssl/ssh: Remove/ignore unused XML_FILES doc files
Refactor xmllint check and make it fail on failure
Add toplevel xmllint make target
Conflicts:
lib/crypto/doc/src/Makefile
|
|
|
|
|
|
If no SNI is available and the hostname is an IP-address also check
for IP-address match. This check is not as good as a DNS hostname check
and certificates using IP-address are not recommended.
|
|
|
|
This commit also adds a check to see that all files that
are part of an xi:include also have part of XML_FILES
and vice versa. It also fixes any applications where this
was not true.
|
|
If no SNI is available and the hostname is an IP-address also check
for IP-address match. This check is not as good as a DNS hostname check
and certificates using IP-address are not recommended.
|