Age | Commit message (Collapse) | Author |
|
* upstream/dev:
Both the SSLv3 and TLS 1.0/TLS 1.1 specifications require implementations to ignore data following the ClientHello (i.e., extensions) if they do not understand them.
fix unknown ssl extension parsing by changing length from bits to bytes
Temporary disable tests on MAC due to issus with the MAC ODBC drivers
|
|
implementations to ignore data following the ClientHello (i.e.,
extensions) if they do not understand them.
Data not following the protocol format for extensions will be
ignored by the last dec_hello_extensions-clause.
OTP-8596
|
|
|
|
Conflicts:
erts/aclocal.m4
erts/include/internal/ethread_header_config.h.in
|
|
* ta/docs-fixes:
Fix misspelling of intermediate
Fix typos in erts/preloaded/src
Fix more misspellings of compatibility
Fix misspelling of kept
Fix misspelling of compatibility in ssl_basic_SUITE
Fix misspelling of compatibility
Fix misspelling of accommodate
Fix misspelling of exceed
Fix misspelling of accidentally
Fix misspelling of erroneous in xmerl_xsd
Fix misspelling of erroneous
Fix misspelling of successful
Fix typos in instrument(3)
Fix typos in dbg(3)
dialyzer: fix a small typo in list_to_bitstring test
Fix typos in cover.erl
Fix typos (variable name) in erl_nif(3)
Fix typos in mod_esi(3)
Fix trivial typos in erlang(3)
OTP-9555
|
|
* upstream/dev:
Support explicit use of packet option httph and httph_bin
|
|
|
|
|
|
* ia/ssl/dist/OTP-7053:
First fully working version
Use ssl instead of being a proxy command
Connect from both sides works now
|
|
|
|
|
|
|
|
|
|
* ia/ssl/use-inet-and-gen-specs:
Use inet and gen_* dialyzer specs
|
|
|
|
|
|
|
|
We want the certificate table to be handled the same way as the
session table and not have a global name, so that we may easier
create a separate ssl-manager to handle erlang distribution over ssl.
|
|
* ia/ssl/use-erlang-send-after-instead-of-timer-send-after:
Use erlang:send_after instead of timer:send_after
Conflicts:
lib/ssl/test/ssl_session_cache_SUITE.erl
|
|
Also save latest delay cleanup timer ref so that we can
use erlang:read_timer to write a more reliable
test case.
|
|
|
|
|
|
|
|
In ssl-4.1.5 temporary clean-up processes would crash resulting in
that the session table would not be cleaned up (e.i. using more and
more memory) and error reports would be printed, but connections would
not be affected.
|
|
|
|
that a session not be resumed. This is a change from TLS 1.0 to
conform with widespread implementation practice. Erlang ssl will now
in TLS 1.0 conform to the widespread implementation practice instead
of the specification to avoid performance issues.
|
|
Filipe David Manana
OTP-9114: [ftp] Added (type) spec for all exported functions.
OTP-9123: mod_esi:deliver/2 made to accept binary data.
Bernard Duggan
OTP-9124: [httpd] Prevent XSS in error pages.
Michael Santos
OTP-9131: [httpd] Wrong security property names used in documentation.
Garrett Smith
OTP-9157: [httpd] Improved error messages.
Ricardo Catalinas Jim�nez
OTP-9158: [httpd] Fix timeout message generated by mod_esi.
Bernard Duggan
OTP-9202: [httpd] Extended support for file descriptors.
Attila Rajmund Nohl
OTP-9230: The default ssl kind has now been changed to essl.
OTP-9246: [httpc] httpc manager crash because of a handler retry
race condition.
Merge branch 'bmk/inets/inet56_integration' into dev
|
|
Invalidation of a session for reusing should first flag that the
session may no longer be reused and then later when all possible
pending reuses have been handled delete the session from the
database. This could otherwise cause the client to terminate due to
{badarg,[{erlang,byte_size,[undefined]}, and the server to terminate due to
{{badmatch,{resumed,undefined}}.
|
|
reason badarg. Neither SSL nor INETS catches this, resulting in crashes
with incomprehensible reasons.
OTP-9289
|
|
reason badarg. Neither SSL nor INETS catches this, resulting in crashes
with incomprehensible reasons.
OTP-9289
|
|
|
|
|
|
ssl:send/2 takes iodata() as a second
argument. erlang:iolist_to_binary should really be called
erlang:iodata_to_binary which caused the mismatch in the first place.
|
|
|
|
* ia/public_key/encode-decode-ssh/OTP-9144:
Implemented encode/decode support for ssh public key files
|
|
|
|
|
|
* ia/ssl/prepare-release:
Prepare for release
|
|
|
|
When making an SSL connection (either as client or as server), the
process implementing the connection may use as much as hundreds of
kilobytes of memory, even when idle. This is problematic for any
application maintaining more than just a few SSL connections.
This patch introduces the option { hibernate_after, int() } to the
ssl:connect and ssl:listen functions, making the SSL connection
process go into hibernation after the specified number of milliseconds
of inactivity. This will reduce the memory used by the process to
just a few hundred bytes, making applications with thousands or
more SSL connections feasible, as long as most of the connections
are idle for most of the time (which is typically the case).
The approach of making the process go into hibernation only after
some time of inactivity was chosen because hibernation incurs some
CPU usage, and it is therefore not desirable for a process to
hibernate after each call.
|
|
|
|
|
|
|
|
Suppressed dialyzer warnings with spec if possible to
minimize clutter from this file belonging to old ssl.
|
|
|
|
maint-r14
* ia/ssl/unknown-extension-handling-verify-none/OTP-9029:
Prepare for release
Verification of a critical extended_key_usage-extension corrected
|
|
|
|
When a verify fun is supplied, it should not be called to verify
the extended_key_usage-extension when it is already verified
by the ssl_certificate:validate_extension/2
|
|
Handshake hashes, premaster secret and "public_key_info" does not need
to be saved when the connection has been established. The own certificate is
no longer duplicated in the state.
|
|
-------------------------------------------------------------------------
ssl's published documentation states:
ssl_accept(ListenSocket) ->
ssl_accept(ListenSocket, Timeout) -> ok | {error, Reason}
(see http://www.erlang.org/doc/man/ssl.html#ssl_accept-1)
while its code has the specs:
-spec ssl_accept(#sslsocket{}) -> {ok, #sslsocket{}} | {error, reason()}.
-spec ssl_accept(#sslsocket{}, list() | timeout()) -> {ok, #sslsocket{}} | {error, reason()}.
One of the two cannot be right. This should be fixed.
Moreover, I do not see why the spec just mentions list() for the options when the documentation explicitly mentions the options of ssl.
Kostis
---------------------------------------------------------------------
|