Age | Commit message (Collapse) | Author |
|
* maint-19:
Updated OTP version
Prepare release
ssl: Prepare for release
ssl: Backport PR-1709
ssh: Fix cli
ssh: Test for disabled shell
Conflicts:
OTP_VERSION
lib/ssh/doc/src/notes.xml
lib/ssh/src/ssh.erl
lib/ssh/vsn.mk
lib/ssl/doc/src/notes.xml
lib/ssl/vsn.mk
otp_versions.table
|
|
|
|
Preferably customized cipher suites will be based on the default value.
But all may be used as base and hence it will be good to
handle anonymous suites separately as they are intended for testing purposes.
|
|
|
|
|
|
Remove one of the duplicate word "use"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* maint-20:
Updated OTP version
Update release notes
Update version numbers
public_key: verify ip (both v4 and v6)
public_key: Added IP4 address checks to hostname_verification tests
ssl: Fix test cases to work on all test platforms
public_key: Fix dialyzer spec
ssl: Sessions must be registered with SNI if exists
ssl: Extend hostname check to fallback to checking IP-address
public_key, ssl: Handles keys so that APIs are preserved correctly
ssl: Use ?FUNCTION_NAME
ssl: Prepare for release
ssl: Countermeasurements for Bleichenbacher attack
Conflicts:
lib/public_key/doc/src/public_key.xml
lib/public_key/test/public_key_SUITE.erl
lib/public_key/test/public_key_SUITE_data/pkix_verify_hostname_subjAltName_IP.pem
lib/public_key/test/public_key_SUITE_data/verify_hostname_ip.conf
lib/ssl/src/dtls_connection.erl
lib/ssl/src/ssl_connection.erl
lib/ssl/src/ssl_handshake.erl
|
|
=== OTP-18.3.4.1.1 ===
Changed Applications:
- ssl-7.3.3.0.1
Unchanged Applications:
- asn1-4.0.2
- common_test-1.12.1
- compiler-6.0.3
- cosEvent-2.2
- cosEventDomain-1.2
- cosFileTransfer-1.2
- cosNotification-1.2.1
- cosProperty-1.2
- cosTime-1.2.1
- cosTransactions-1.3.1
- crypto-3.6.3
- debugger-4.1.2
- dialyzer-2.9
- diameter-1.11.2
- edoc-0.7.18
- eldap-1.2.1
- erl_docgen-0.4.2
- erl_interface-3.8.2
- erts-7.3.1
- et-1.5.1
- eunit-2.2.13
- gs-1.6
- hipe-3.15
- ic-4.4
- inets-6.2.4
- jinterface-1.6.1
- kernel-4.2
- megaco-3.18
- mnesia-4.13.4
- observer-2.1.2
- odbc-2.11.1
- orber-3.8.1
- os_mon-2.4
- ose-1.1
- otp_mibs-1.1
- parsetools-2.1.1
- percept-0.8.11
- public_key-1.1.1
- reltool-0.7
- runtime_tools-1.9.3
- sasl-2.7
- snmp-5.2.2
- ssh-4.2.2.1
- stdlib-2.8
- syntax_tools-1.7
- test_server-3.10
- tools-2.8.3
- typer-0.9.10
- webtool-0.9.1
- wx-1.6.1
- xmerl-1.3.10
Conflicts:
OTP_VERSION
lib/ssl/vsn.mk
otp_versions.table
|
|
|
|
|
|
|
|
|
|
|
|
* lukas/docs/xmllint_fixes/OTP-14721:
ssl/ssh: Remove/ignore unused XML_FILES doc files
Refactor xmllint check and make it fail on failure
Add toplevel xmllint make target
Conflicts:
lib/crypto/doc/src/Makefile
|
|
|
|
|
|
If no SNI is available and the hostname is an IP-address also check
for IP-address match. This check is not as good as a DNS hostname check
and certificates using IP-address are not recommended.
|
|
|
|
This commit also adds a check to see that all files that
are part of an xi:include also have part of XML_FILES
and vice versa. It also fixes any applications where this
was not true.
|
|
If no SNI is available and the hostname is an IP-address also check
for IP-address match. This check is not as good as a DNS hostname check
and certificates using IP-address are not recommended.
|
|
* lars/doc-cleanup/OTP-14475:
[edoc] Remove unused module otpsgml_layout.erl
Remove unused files from the documentation build
|
|
|
|
|
|
|
|
|
|
This reverts commit eaf8ca41dfa4850437ad270d3897399c9358ced0.
|
|
|
|
Conflicts:
OTP_VERSION
lib/inets/vsn.mk
lib/ssl/vsn.mk
|
|
|
|
When the server_name_indication is sent automatize the
clients check of that the hostname is present in the
servers certificate. Currently server_name_indication shall
be on the dns_id format. If server_name_indication is disabled
it is up to the user to do its own check in the verify_fun.
|
|
This reverts commit dc57404252c47520f352834ad9be45ad684f96c9.
|
|
|
|
|
|
Commit 87584ae85893df917ca83cb0c40748fd4da0f3bc added missing release note
but not in the correct place.
|
|
|
|
Conflicts:
OTP_VERSION
erts/vsn.mk
lib/crypto/c_src/crypto.c
lib/crypto/src/crypto.erl
lib/ssh/src/ssh.erl
|
|
|
|
Add session_id and remove undocumented ssl:session_info/1
Add client_random, server_random and master_secret, they will not be included
in ssl:connection_information/1 as they may affect the connections security if
used recklessly.
|
|
* maint:
Updated OTP version
Prepare release
Conflicts:
OTP_VERSION
lib/typer/doc/src/notes.xml
lib/typer/vsn.mk
|
|
|
|
|
|
The size/1 callback was added as a non-optional callback in
42b8a29dbae1d626f32bc16dd81a129caf741138 but wasn't added to the
documentation for the ssl_session_cache_api behavior.
Signed-off-by: Steven Danna <[email protected]>
|
|
If a handshake message is really big it could happen that the ssl
process would hang due to failing of requesting more data from the
socket. This has been fixed.
Also added option to limit max handshake size. It has a default
value that should be big enough to handle normal usage and small
enough to mitigate DoS attacks.
|