| Age | Commit message (Collapse) | Author |
|---|
|
When handling merging of back ported
Counter measurements for Bleichenbacher attack
a line from DTLS was accidentally lost.
|
|
|
|
|
|
|
|
* maint-20:
Updated OTP version
Update release notes
Update version numbers
public_key: verify ip (both v4 and v6)
public_key: Added IP4 address checks to hostname_verification tests
ssl: Fix test cases to work on all test platforms
public_key: Fix dialyzer spec
ssl: Sessions must be registered with SNI if exists
ssl: Extend hostname check to fallback to checking IP-address
public_key, ssl: Handles keys so that APIs are preserved correctly
ssl: Use ?FUNCTION_NAME
ssl: Prepare for release
ssl: Countermeasurements for Bleichenbacher attack
Conflicts:
lib/public_key/doc/src/public_key.xml
lib/public_key/test/public_key_SUITE.erl
lib/public_key/test/public_key_SUITE_data/pkix_verify_hostname_subjAltName_IP.pem
lib/public_key/test/public_key_SUITE_data/verify_hostname_ip.conf
lib/ssl/src/dtls_connection.erl
lib/ssl/src/ssl_connection.erl
lib/ssl/src/ssl_handshake.erl
|
|
=== OTP-18.3.4.1.1 ===
Changed Applications:
- ssl-7.3.3.0.1
Unchanged Applications:
- asn1-4.0.2
- common_test-1.12.1
- compiler-6.0.3
- cosEvent-2.2
- cosEventDomain-1.2
- cosFileTransfer-1.2
- cosNotification-1.2.1
- cosProperty-1.2
- cosTime-1.2.1
- cosTransactions-1.3.1
- crypto-3.6.3
- debugger-4.1.2
- dialyzer-2.9
- diameter-1.11.2
- edoc-0.7.18
- eldap-1.2.1
- erl_docgen-0.4.2
- erl_interface-3.8.2
- erts-7.3.1
- et-1.5.1
- eunit-2.2.13
- gs-1.6
- hipe-3.15
- ic-4.4
- inets-6.2.4
- jinterface-1.6.1
- kernel-4.2
- megaco-3.18
- mnesia-4.13.4
- observer-2.1.2
- odbc-2.11.1
- orber-3.8.1
- os_mon-2.4
- ose-1.1
- otp_mibs-1.1
- parsetools-2.1.1
- percept-0.8.11
- public_key-1.1.1
- reltool-0.7
- runtime_tools-1.9.3
- sasl-2.7
- snmp-5.2.2
- ssh-4.2.2.1
- stdlib-2.8
- syntax_tools-1.7
- test_server-3.10
- tools-2.8.3
- typer-0.9.10
- webtool-0.9.1
- wx-1.6.1
- xmerl-1.3.10
Conflicts:
OTP_VERSION
lib/ssl/vsn.mk
otp_versions.table
|
|
|
|
Back ported for security reasons.
Remove DTLS changes as DTLS is not at all working in OTP 18.
|
|
|
|
|
|
|
|
'ingela/maint-20/ssl/extend-hostname-check/OTP-14632/OTP-14655/OTP-14766' into maint-20
* ingela/maint-20/ssl/extend-hostname-check/OTP-14632/OTP-14655/OTP-14766:
ssl: Fix test cases to work on all test platforms
public_key: Fix dialyzer spec
ssl: Sessions must be registered with SNI if exists
ssl: Extend hostname check to fallback to checking IP-address
public_key, ssl: Handles keys so that APIs are preserved correctly
ssl: Use ?FUNCTION_NAME
|
|
|
|
* lukas/docs/xmllint_fixes/OTP-14721:
ssl/ssh: Remove/ignore unused XML_FILES doc files
Refactor xmllint check and make it fail on failure
Add toplevel xmllint make target
Conflicts:
lib/crypto/doc/src/Makefile
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Use hradcoded rsa keys as this will work on all legacy platforms.
In test case dns_name_reuse only do the relevant client check in the
final test.
|
|
|
|
If no SNI is available and the hostname is an IP-address also check
for IP-address match. This check is not as good as a DNS hostname check
and certificates using IP-address are not recommended.
|
|
|
|
Use ?FUNCTION_NAME macro to enhance code as we will not back-port this
version of the ssl application to versions pre OTP 19.
|
|
|
|
|
|
|
|
Back ported for security reasons.
Remove DTLS changes as DTLS is not at all working in OTP 18.
|
|
|
|
|
|
|
|
This commit also adds a check to see that all files that
are part of an xi:include also have part of XML_FILES
and vice versa. It also fixes any applications where this
was not true.
|
|
As TLS clients will perform a hostname check against certificates
the IP-address does not make much sense.
|
|
* ingela/dtls/no-packet-upd/OTP-14664:
ssl: No support for packet option over unreliable transport
|
|
* ingela/ssl/extend-hostname-check/OTP-14632/OTP-14655:
ssl: Fix test cases to work on all test platforms
public_key: Fix dialyzer spec
ssl: Sessions must be registered with SNI if exists
ssl: Extend hostname check to fallback to checking IP-address
public_key, ssl: Handles keys so that APIs are preserved correctly
|
|
|
|
Use ?FUNCTION_NAME macro to enhance code as we will not back-port this
version of the ssl application to versions pre OTP 19.
|
|
Use hradcoded rsa keys as this will work on all legacy platforms.
In test case dns_name_reuse only do the relevant client check in the
final test.
|
|
* ingela/ssl/remove-deprcated-string:
ssl: Use new string functions
|
|
|
|
If no SNI is available and the hostname is an IP-address also check
for IP-address match. This check is not as good as a DNS hostname check
and certificates using IP-address are not recommended.
|
|
|
|
* lars/doc-cleanup/OTP-14475:
[edoc] Remove unused module otpsgml_layout.erl
Remove unused files from the documentation build
|
|
The functions are not performance critical. Will be used
when errors occurs, CRL data base is managed or legacy OpenSSL names
are used for ciphers.
|
|
|
|
|
|
|
|
OTP-14236 requires ssl runtime dependencies to update to latest public_key.
OTP-14181 makes ssl test cases dependent on latest version latest public_key.
|
|
The ssl application uses the new function in many of its test cases.
|
