Age | Commit message (Collapse) | Author |
|
* fenollp/otp-edoc-usage-fixes:
Fix edoc usage errors
OTP-11702
|
|
* hb/dialyzer/deprecate_types/OTP-10342:
Deprecate pre-defined built-in types
|
|
The types array(), dict(), digraph(), gb_set(), gb_tree(), queue(),
set(), and tid() have been deprecated. They will be removed in OTP 18.0.
Instead the types array:array(), dict:dict(), digraph:graph(),
gb_set:set(), gb_tree:tree(), queue:queue(), sets:set(), and ets:tid()
can be used. (Note: it has always been necessary to use ets:tid().)
It is allowed in OTP 17.0 to locally re-define the types array(), dict(),
and so on.
New types array:array/1, dict:dict/2, gb_sets:set/1, gb_trees:tree/2,
queue:queue/1, and sets:set/1 have been added.
|
|
in pure DER format.
The incorrect code could cause a memory leek when certs where inputed
in DER.
|
|
|
|
Errors discovered using `erldocs`:
Superfluous @hidden tag would exit edoc application;
'Multiple @spec tag': appended a @clear tag after macro condition;
'@spec arity does not match': added missing argument.
|
|
* ia/public_key/specs:
public_key: Export some dialyzer types
|
|
Move dilayzer types from include file to erl file and use
-export_type
|
|
|
|
|
|
|
|
public_key:private_key/0 was referenced but undefined, and lib/ssl had a
local definition of private_key/0.
To fix that, make the following changes:
* add public_key:private_key/0 type
* document public_key/0 and private_key/0
* fix incorrect definitions and references
|
|
* ia/Vagabond/adt-honor-cipher-order/OTP-11621:
Implement 'honor_cipher_order' SSL server-side option
|
|
Conflicts:
otp_build
|
|
did not support secure renegotiation
|
|
HonorCipherOrder as implemented in Apache, nginx, lighttpd, etc. This
instructs the server to prefer its own cipher ordering rather than the
client's and can help protect against things like BEAST while
maintaining compatability with clients which only support older ciphers.
This code is mostly written by Andrew Thompson, only the test case was
added by Andreas Schultz.
|
|
|
|
|
|
The server code erroneously took the list of curves supported by the
client from it's own hello extension, effectively breaking curve
selection all together.
Also the default fallback secp256k1 curve is not supported by
all clients. secp256r1 is recommended as part of the NIST Suite B
cryptographic suites. The chances are much better that all clients
support it, so use that as fallback.
|
|
|
|
|
|
Newer OpenSSL versions allow to selectively disable GF2m elliptic curves.
Selectively enable GF2m curves is support for them is available.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
New design : ssl - Main
tls - Reflect tls specific semantics
dtls - Reflect dtls specific semantics
|
|
|
|
|
|
|
|
|
|
|
|
- Set to disable to explicitly disable SNI support.
- Set to a hostname when upgrading from TCP to TLS.
|
|
See RFC 6066 section 3
|
|
|
|
We do not need a traceback on every close in inet_tls_dist and this
breaks using nodetool in control scripts on SSL clustered nodes
|
|
* RoadRunnr/fix_dtls_fragment_decoder/OTP-11376:
ssl: fix initialization of DTLS fragment reassembler
|
|
|
|
Also the server should only send ECC point formats extension not ECC curve
extension.
|
|
The DTLS fragment reassembler use a list [{Start, End}] for the
fragments. When the first received fragment was not the starting
fragment, that list got initialized with [{Start, Length}],
causing the merge of following fragment to fail.
|
|
|
|
|
|
|
|
|
|
Also refactor so that TLS and DTLS can have common functions when possible.
|
|
This code is to 99 % written by Andreas Schultz only some small changes
to start integrating with OTPs DTLS solution.
|
|
Common functions will be located in ssl_handshake.erl while
specific functions will be located in tls_handshake.erl and dtls_handshake.erl
|
|
This code is to 99 % written by Andreas Schultz only some small changes
to start integrating with OTPs DTLS solution.
|