| Age | Commit message (Collapse) | Author |
|---|
|
* ia/ssl/remove-default-DES/OTP-13195:
ssl: Remove DES ciphers from default configuration
|
|
DES is not considered secure.
Also correct 'Server Name Indication' support description.
|
|
* bjorn/remove-test_server/OTP-12705:
Remove test_server as a standalone application
Erlang mode for Emacs: Include ct.hrl instead test_server.hrl
Remove out-commented references to the test_server applications
Makefiles: Remove test_server from include path and code path
Eliminate use of test_server.hrl and test_server_line.hrl
|
|
|
|
|
|
Since no test suites includede test_server.hrl, there is no need
to have test_server in the include path or code path.
|
|
|
|
* ia/pr/958/OTP-13334:
ssl: verify cert signature against original cert binary
|
|
|
|
OTP-13311
* sverk/ecc-fixes:
Ensure testing ssl with supported ciphers only
Only use supported EC curves in crypto tests
Check the result of EC_GROUP_new_curve_* calls
|
|
When searching for a certificate's issuer in the `CertDB`, verify the signature
against the original DER certificate from the handshake instead of a re-encoding
of the parsed certificate. This avoids false negatives due to differences
between DER encoding implementations of OTP and other platforms.
|
|
|
|
|
|
|
|
* ia/ssl/validator:
ssl: Only start a new session validator if the old one has finished its work
|
|
|
|
* legoscia/tls-dist-listen-ip:
TLS distribution: bind erts socket to localhost
OTP-13300
|
|
|
|
* legoscia/tls-dist-connect-options:
ssl_dist_SUITE: don't use deprecated functions
TLS distribution: support inet_dist_connect_options
OTP-13285
|
|
There are two problematic areas: EC curve selection and
interoperability tests with OpenSSL.
The tests shouldn't assume any particular EC curve is available, but
should always check the list of curves reported by
tls_v1:ecc_curves/1.
And during interoperability tests the tests shouldn't assume that any
cipher suite supported by Erlang is also supported by OpenSSL. There
are OpenSSL packages where the command line openssl tool only supports
a subset of the ciphers available in libcrypto. The actual list of
supported cipher suites thus shall be queried from OpenSSL.
|
|
|
|
* legoscia/tls_dist_wait_for_code_server:
TLS distribution: wait for code server
OTP-13268
|
|
If the session table is big the validator may not have finshed before
the validation interval is up, in this case we should not start a new
validator adding to the cpu load.
|
|
|
|
* ia/ssl/test-alpn-cuddle:
ssl: Fix typos that broke alpn tests
|
|
|
|
|
|
|
|
|
|
As sslv3 is being faced out we need to test for old version support as well as
newer versions.
|
|
Use erlang:unique_integer/1 instead of erlang:now/0 to generate a
unique node name.
Use rand:uniform/1 instead of random:uniform/1, so we don't need to
generate a seed ourselves.
|
|
Allow adding extra options for outgoing TLS distribution connnections,
as supported for plain TCP connections.
|
|
|
|
* legoscia/tls_dist_error_reporting:
Report bad options for outgoing TLS distribution
Save error reasons for TLS distribution connections
Report bad options for TLS distribution connections
OTP-13219
|
|
There is no reason for the socket on the erts side of the proxy to
accept connections from other hosts, so let's bind it to the loopback
interface.
Also change {ip, {127,0,0,1}} to {ip, loopback} for the erts side of
the socket for outgoing connections, to avoid hardcoding IPv4.
|
|
=== OTP-18.2 ===
Changed Applications:
- asn1-4.0.1
- common_test-1.11.1
- compiler-6.0.2
- crypto-3.6.2
- dialyzer-2.8.2
- diameter-1.11.1
- erl_docgen-0.4.1
- erl_interface-3.8.1
- erts-7.2
- eunit-2.2.12
- hipe-3.14
- inets-6.1
- jinterface-1.6.1
- kernel-4.1.1
- observer-2.1.1
- parsetools-2.1.1
- public_key-1.1
- runtime_tools-1.9.2
- sasl-2.6.1
- snmp-5.2.1
- ssh-4.2
- ssl-7.2
- stdlib-2.7
- test_server-3.9.1
- tools-2.8.2
- typer-0.9.10
- wx-1.6
- xmerl-1.3.9
Unchanged Applications:
- cosEvent-2.2
- cosEventDomain-1.2
- cosFileTransfer-1.2
- cosNotification-1.2
- cosProperty-1.2
- cosTime-1.2
- cosTransactions-1.3
- debugger-4.1.1
- edoc-0.7.17
- eldap-1.2
- et-1.5.1
- gs-1.6
- ic-4.4
- megaco-3.18
- mnesia-4.13.2
- odbc-2.11.1
- orber-3.8
- os_mon-2.4
- ose-1.1
- otp_mibs-1.1
- percept-0.8.11
- reltool-0.7
- syntax_tools-1.7
- webtool-0.9
Conflicts:
OTP_VERSION
erts/vsn.mk
|
|
=== OTP-18.2 ===
Changed Applications:
- asn1-4.0.1
- common_test-1.11.1
- compiler-6.0.2
- crypto-3.6.2
- dialyzer-2.8.2
- diameter-1.11.1
- erl_docgen-0.4.1
- erl_interface-3.8.1
- erts-7.2
- eunit-2.2.12
- hipe-3.14
- inets-6.1
- jinterface-1.6.1
- kernel-4.1.1
- observer-2.1.1
- parsetools-2.1.1
- public_key-1.1
- runtime_tools-1.9.2
- sasl-2.6.1
- snmp-5.2.1
- ssh-4.2
- ssl-7.2
- stdlib-2.7
- test_server-3.9.1
- tools-2.8.2
- typer-0.9.10
- wx-1.6
- xmerl-1.3.9
Unchanged Applications:
- cosEvent-2.2
- cosEventDomain-1.2
- cosFileTransfer-1.2
- cosNotification-1.2
- cosProperty-1.2
- cosTime-1.2
- cosTransactions-1.3
- debugger-4.1.1
- edoc-0.7.17
- eldap-1.2
- et-1.5.1
- gs-1.6
- ic-4.4
- megaco-3.18
- mnesia-4.13.2
- odbc-2.11.1
- orber-3.8
- os_mon-2.4
- ose-1.1
- otp_mibs-1.1
- percept-0.8.11
- reltool-0.7
- syntax_tools-1.7
- webtool-0.9
|
|
|
|
* ia/libressl:
ssl: Print openssl version string
ssl: Do not use environment variables in openSSL config file
|
|
|
|
|
|
|
|
* ia/libressl:
ssl: Print openssl version string
ssl: Do not use environment variables in openSSL config file
|
|
|
|
LibreSSL does not allow it.
|
|
|
|
|
|
|
|
|
|
|
