Age | Commit message (Collapse) | Author |
|
* pan/win_static_openssl/OTP-9280:
Mend --with-ssl= in erts/configure
Update OpenSSL license text in crypto
Link OpenSSL libraries static on Windows
|
|
that a session not be resumed. This is a change from TLS 1.0 to
conform with widespread implementation practice. Erlang ssl will now
in TLS 1.0 conform to the widespread implementation practice instead
of the specification to avoid performance issues.
|
|
Filipe David Manana
OTP-9114: [ftp] Added (type) spec for all exported functions.
OTP-9123: mod_esi:deliver/2 made to accept binary data.
Bernard Duggan
OTP-9124: [httpd] Prevent XSS in error pages.
Michael Santos
OTP-9131: [httpd] Wrong security property names used in documentation.
Garrett Smith
OTP-9157: [httpd] Improved error messages.
Ricardo Catalinas Jim�nez
OTP-9158: [httpd] Fix timeout message generated by mod_esi.
Bernard Duggan
OTP-9202: [httpd] Extended support for file descriptors.
Attila Rajmund Nohl
OTP-9230: The default ssl kind has now been changed to essl.
OTP-9246: [httpc] httpc manager crash because of a handler retry
race condition.
Merge branch 'bmk/inets/inet56_integration' into dev
|
|
Invalidation of a session for reusing should first flag that the
session may no longer be reused and then later when all possible
pending reuses have been handled delete the session from the
database. This could otherwise cause the client to terminate due to
{badarg,[{erlang,byte_size,[undefined]}, and the server to terminate due to
{{badmatch,{resumed,undefined}}.
|
|
reason badarg. Neither SSL nor INETS catches this, resulting in crashes
with incomprehensible reasons.
OTP-9289
|
|
reason badarg. Neither SSL nor INETS catches this, resulting in crashes
with incomprehensible reasons.
OTP-9289
|
|
|
|
|
|
|
|
ssl:send/2 takes iodata() as a second
argument. erlang:iolist_to_binary should really be called
erlang:iodata_to_binary which caused the mismatch in the first place.
|
|
|
|
|
|
|
|
* hw/call-chmod-without-f:
Call chmod without the "-f" flag
Conflicts:
erts/emulator/test/Makefile
lib/asn1/test/Makefile
lib/crypto/test/Makefile
lib/debugger/test/Makefile
lib/docbuilder/test/Makefile
lib/edoc/test/Makefile
lib/erl_interface/test/Makefile
lib/inviso/test/Makefile
lib/parsetools/test/Makefile
lib/percept/test/Makefile
lib/ssl/test/Makefile
lib/syntax_tools/test/Makefile
lib/test_server/test/Makefile
lib/tools/test/Makefile
OTP-9170
|
|
* ia/public_key/encode-decode-ssh/OTP-9144:
Implemented encode/decode support for ssh public key files
|
|
|
|
|
|
|
|
* ia/ssl/prepare-release:
Prepare for release
|
|
|
|
When making an SSL connection (either as client or as server), the
process implementing the connection may use as much as hundreds of
kilobytes of memory, even when idle. This is problematic for any
application maintaining more than just a few SSL connections.
This patch introduces the option { hibernate_after, int() } to the
ssl:connect and ssl:listen functions, making the SSL connection
process go into hibernation after the specified number of milliseconds
of inactivity. This will reduce the memory used by the process to
just a few hundred bytes, making applications with thousands or
more SSL connections feasible, as long as most of the connections
are idle for most of the time (which is typically the case).
The approach of making the process go into hibernation only after
some time of inactivity was chosen because hibernation incurs some
CPU usage, and it is therefore not desirable for a process to
hibernate after each call.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Suppressed dialyzer warnings with spec if possible to
minimize clutter from this file belonging to old ssl.
|
|
|
|
|
|
|
|
|
|
maint-r14
* ia/ssl/unknown-extension-handling-verify-none/OTP-9029:
Prepare for release
Verification of a critical extended_key_usage-extension corrected
|
|
|
|
When a verify fun is supplied, it should not be called to verify
the extended_key_usage-extension when it is already verified
by the ssl_certificate:validate_extension/2
|
|
Handshake hashes, premaster secret and "public_key_info" does not need
to be saved when the connection has been established. The own certificate is
no longer duplicated in the state.
|
|
-------------------------------------------------------------------------
ssl's published documentation states:
ssl_accept(ListenSocket) ->
ssl_accept(ListenSocket, Timeout) -> ok | {error, Reason}
(see http://www.erlang.org/doc/man/ssl.html#ssl_accept-1)
while its code has the specs:
-spec ssl_accept(#sslsocket{}) -> {ok, #sslsocket{}} | {error, reason()}.
-spec ssl_accept(#sslsocket{}, list() | timeout()) -> {ok, #sslsocket{}} | {error, reason()}.
One of the two cannot be right. This should be fixed.
Moreover, I do not see why the spec just mentions list() for the options when the documentation explicitly mentions the options of ssl.
Kostis
---------------------------------------------------------------------
|
|
The previous code happened to worked if the select-statment returned
only on entry.
|
|
|
|
|
|
|
|
|
|
Added cache invalidation control of ssl certificates so that
sessions will not be reused if file content is changed.
There was a glitch in ssl:close that made it possible to
to get eaddrinuse even though reuseadder-option was used.
Also improved tests for better user-close handling.
|