Age | Commit message (Collapse) | Author |
|
|
|
* ia/ssl/validator:
ssl: Only start a new session validator if the old one has finished its work
|
|
|
|
* legoscia/tls-dist-listen-ip:
TLS distribution: bind erts socket to localhost
OTP-13300
|
|
Generalise much of inet_tls_dist, so that inet6_tls_dist can reuse it.
|
|
|
|
* legoscia/tls-dist-connect-options:
ssl_dist_SUITE: don't use deprecated functions
TLS distribution: support inet_dist_connect_options
OTP-13285
|
|
There are two problematic areas: EC curve selection and
interoperability tests with OpenSSL.
The tests shouldn't assume any particular EC curve is available, but
should always check the list of curves reported by
tls_v1:ecc_curves/1.
And during interoperability tests the tests shouldn't assume that any
cipher suite supported by Erlang is also supported by OpenSSL. There
are OpenSSL packages where the command line openssl tool only supports
a subset of the ciphers available in libcrypto. The actual list of
supported cipher suites thus shall be queried from OpenSSL.
|
|
Just like crl_verify_valid/5 checks for a positive result given
certain options, crl_verify_error/6 checks for a negative result.
|
|
|
|
* legoscia/tls_dist_wait_for_code_server:
TLS distribution: wait for code server
OTP-13268
|
|
If the session table is big the validator may not have finshed before
the validation interval is up, in this case we should not start a new
validator adding to the cpu load.
|
|
|
|
* ia/ssl/test-alpn-cuddle:
ssl: Fix typos that broke alpn tests
|
|
|
|
|
|
|
|
|
|
As sslv3 is being faced out we need to test for old version support as well as
newer versions.
|
|
Use erlang:unique_integer/1 instead of erlang:now/0 to generate a
unique node name.
Use rand:uniform/1 instead of random:uniform/1, so we don't need to
generate a seed ourselves.
|
|
Allow adding extra options for outgoing TLS distribution connnections,
as supported for plain TCP connections.
|
|
|
|
* legoscia/tls_dist_error_reporting:
Report bad options for outgoing TLS distribution
Save error reasons for TLS distribution connections
Report bad options for TLS distribution connections
OTP-13219
|
|
There is no reason for the socket on the erts side of the proxy to
accept connections from other hosts, so let's bind it to the loopback
interface.
Also change {ip, {127,0,0,1}} to {ip, loopback} for the erts side of
the socket for outgoing connections, to avoid hardcoding IPv4.
|
|
=== OTP-18.2 ===
Changed Applications:
- asn1-4.0.1
- common_test-1.11.1
- compiler-6.0.2
- crypto-3.6.2
- dialyzer-2.8.2
- diameter-1.11.1
- erl_docgen-0.4.1
- erl_interface-3.8.1
- erts-7.2
- eunit-2.2.12
- hipe-3.14
- inets-6.1
- jinterface-1.6.1
- kernel-4.1.1
- observer-2.1.1
- parsetools-2.1.1
- public_key-1.1
- runtime_tools-1.9.2
- sasl-2.6.1
- snmp-5.2.1
- ssh-4.2
- ssl-7.2
- stdlib-2.7
- test_server-3.9.1
- tools-2.8.2
- typer-0.9.10
- wx-1.6
- xmerl-1.3.9
Unchanged Applications:
- cosEvent-2.2
- cosEventDomain-1.2
- cosFileTransfer-1.2
- cosNotification-1.2
- cosProperty-1.2
- cosTime-1.2
- cosTransactions-1.3
- debugger-4.1.1
- edoc-0.7.17
- eldap-1.2
- et-1.5.1
- gs-1.6
- ic-4.4
- megaco-3.18
- mnesia-4.13.2
- odbc-2.11.1
- orber-3.8
- os_mon-2.4
- ose-1.1
- otp_mibs-1.1
- percept-0.8.11
- reltool-0.7
- syntax_tools-1.7
- webtool-0.9
Conflicts:
OTP_VERSION
erts/vsn.mk
|
|
=== OTP-18.2 ===
Changed Applications:
- asn1-4.0.1
- common_test-1.11.1
- compiler-6.0.2
- crypto-3.6.2
- dialyzer-2.8.2
- diameter-1.11.1
- erl_docgen-0.4.1
- erl_interface-3.8.1
- erts-7.2
- eunit-2.2.12
- hipe-3.14
- inets-6.1
- jinterface-1.6.1
- kernel-4.1.1
- observer-2.1.1
- parsetools-2.1.1
- public_key-1.1
- runtime_tools-1.9.2
- sasl-2.6.1
- snmp-5.2.1
- ssh-4.2
- ssl-7.2
- stdlib-2.7
- test_server-3.9.1
- tools-2.8.2
- typer-0.9.10
- wx-1.6
- xmerl-1.3.9
Unchanged Applications:
- cosEvent-2.2
- cosEventDomain-1.2
- cosFileTransfer-1.2
- cosNotification-1.2
- cosProperty-1.2
- cosTime-1.2
- cosTransactions-1.3
- debugger-4.1.1
- edoc-0.7.17
- eldap-1.2
- et-1.5.1
- gs-1.6
- ic-4.4
- megaco-3.18
- mnesia-4.13.2
- odbc-2.11.1
- orber-3.8
- os_mon-2.4
- ose-1.1
- otp_mibs-1.1
- percept-0.8.11
- reltool-0.7
- syntax_tools-1.7
- webtool-0.9
|
|
|
|
* ia/libressl:
ssl: Print openssl version string
ssl: Do not use environment variables in openSSL config file
|
|
|
|
|
|
|
|
* ia/libressl:
ssl: Print openssl version string
ssl: Do not use environment variables in openSSL config file
|
|
|
|
LibreSSL does not allow it.
|
|
|
|
|
|
|
|
|
|
|
|
* ia/ssl/windows-tests:
ssl: Use test case time out instead
ssl: Use spawn_executable
|
|
* ia/ssl/renegotiate-tests:
ssl: Add renegotiation exception
|
|
|
|
|
|
|
|
If ssl:connect/3 returns an error related to options, let's log that
so we have a chance to see it and fix it.
|
|
When establishing an outbound connection for TLS distribution, let's
hold on to the failure reasons and use them as exit reasons. These
exit reasons are normally invisible, but they can be seen in the logs
after calling net_kernel:verbose(1).
While there are trace messages in the code already, those require
recompiling the module with a special flag, which is more cumbersome
than changing the net_kernel verbosity level at run time.
|
|
|
|
|
|
|
|
|