Age | Commit message (Collapse) | Author |
|
crashing.
When TLS client sends Supported Elliptic Curves Client Hello Extension
the server shall select a curve supported by both sides or refuse to
negotiate the use of an ECC cipher suite.
|
|
When TLS client sends a Supported Elliptic Curves Client Hello Extension
containing an unknown curve enum value, a server crashes with a
function_clause instead of just ignoring specified unknown curve.
|
|
|
|
* ia/ssl/proplist-input-check/OTP-11760:
ssl: Add input sanity check
|
|
Avoid puzzling behavior due to options being disregarded if they
are not key value tuples.
|
|
|
|
|
|
|
|
* ia/ssl/prepare-for-release:
ssl: Prepare for release
|
|
|
|
* fenollp/otp-edoc-usage-fixes:
Fix edoc usage errors
OTP-11702
|
|
* hb/dialyzer/deprecate_types/OTP-10342:
Deprecate pre-defined built-in types
|
|
* schlagert/fix_basic_appups:
Dynamically configure typer_SUITE according to environment
Disable hipe_SUITE when environment doesn't support it
Make hipe non-upgradable by setting appup file empty
Fix missing module on hipe app file template
Add test suites performing app and appup file checks
Introduce appup test utility
Fix library application appup files
Fix non-library appup files according to issue #240
OTP-11744
|
|
Add the mentioned test suites for *all* library and touched
non-library applications.
|
|
The types array(), dict(), digraph(), gb_set(), gb_tree(), queue(),
set(), and tid() have been deprecated. They will be removed in OTP 18.0.
Instead the types array:array(), dict:dict(), digraph:graph(),
gb_set:set(), gb_tree:tree(), queue:queue(), sets:set(), and ets:tid()
can be used. (Note: it has always been necessary to use ets:tid().)
It is allowed in OTP 17.0 to locally re-define the types array(), dict(),
and so on.
New types array:array/1, dict:dict/2, gb_sets:set/1, gb_trees:tree/2,
queue:queue/1, and sets:set/1 have been added.
|
|
|
|
in pure DER format.
The incorrect code could cause a memory leek when certs where inputed
in DER.
|
|
|
|
|
|
Errors discovered using `erldocs`:
Superfluous @hidden tag would exit edoc application;
'Multiple @spec tag': appended a @clear tag after macro condition;
'@spec arity does not match': added missing argument.
|
|
* ia/public_key/specs:
public_key: Export some dialyzer types
|
|
Move dilayzer types from include file to erl file and use
-export_type
|
|
|
|
|
|
|
|
|
|
public_key:private_key/0 was referenced but undefined, and lib/ssl had a
local definition of private_key/0.
To fix that, make the following changes:
* add public_key:private_key/0 type
* document public_key/0 and private_key/0
* fix incorrect definitions and references
|
|
* ia/ssl/tests:
ssl: Avoid test case timing issues
|
|
* ia/Vagabond/adt-honor-cipher-order/OTP-11621:
Implement 'honor_cipher_order' SSL server-side option
|
|
|
|
The R16B03-1 release
|
|
|
|
Conflicts:
otp_build
|
|
did not support secure renegotiation
|
|
* dgud/test_unicode/OTP-10877:
sasl test: Quote executable paths (can contain spaces)
rt_tools: Handle unicode chars in printouts
kernel: code_SUITE fix unicode option
Fix (unicode) debug info in test cases
stdlib: Fix format if module resides in a unicode directory
Fix testing with unicode paths
test_server: Fix ts write unicode in config files
|
|
HonorCipherOrder as implemented in Apache, nginx, lighttpd, etc. This
instructs the server to prefer its own cipher ordering rather than the
client's and can help protect against things like BEAST while
maintaining compatability with clients which only support older ciphers.
This code is mostly written by Andrew Thompson, only the test case was
added by Andreas Schultz.
|
|
* ia/ssl/openssl-reneogtiation-bug:
ssl: Add versions to check for sane OpenSSL version for renegotiation
|
|
|
|
|
|
|
|
The server code erroneously took the list of curves supported by the
client from it's own hello extension, effectively breaking curve
selection all together.
Also the default fallback secp256k1 curve is not supported by
all clients. secp256r1 is recommended as part of the NIST Suite B
cryptographic suites. The chances are much better that all clients
support it, so use that as fallback.
|
|
|
|
|
|
|
|
Newer OpenSSL versions allow to selectively disable GF2m elliptic curves.
Selectively enable GF2m curves is support for them is available.
|
|
|
|
The R16B03 release
Conflicts:
lib/sasl/vsn.mk
|
|
|
|
|
|
|