aboutsummaryrefslogtreecommitdiffstats
path: root/lib
AgeCommit message (Collapse)Author
2014-09-09ssl, public_key: Add new option partial_chainIngela Anderton Andin
Check that the certificate chain ends with a trusted ROOT CA e.i. a self-signed certificate, but provide an option partial_chain to enable the application to define an intermediat CA as trusted. TLS RFC says: "unknown_ca A valid certificate chain or partial chain was received, but the certificate was not accepted because the CA certificate could not be located or couldn't be matched with a known, trusted CA. This message is always fatal." and also states: "certificate_list This is a sequence (chain) of certificates. The sender's certificate MUST come first in the list. Each following certificate MUST directly certify the one preceding it. Because certificate validation requires that root keys be distributed independently, the self-signed certificate that specifies the root certificate authority MAY be omitted from the chain, under the assumption that the remote end must already possess it in order to validate it in any case." X509 RFC says: "The selection of a trust anchor is a matter of policy: it could be the top CA in a hierarchical PKI, the CA that issued the verifier's own certificate(s), or any other CA in a network PKI. The path validation procedure is the same regardless of the choice of trust anchor. In addition, different applications may rely on different trust anchors, or may accept paths that begin with any of a set of trust anchors."
2014-09-09ssh: update for triq testsHans Nilsson
2014-09-09common_test: ct_property_test call correct Triq function.Hans Nilsson
2014-09-09ct_property_test: add Triq supportTuncer Ayaz
Also, ensure that the right module's counterexample/0 is called.
2014-09-08Don't leave extra bit in decoded AVP dataAnders Svensson
The bit is added in diameter_codec to induce a decode error in the case of 5014 errors, but was not removed before returning the decoded result. Code examining the binary data in a diameter_avp record would then see the extra bit.
2014-09-08vsn -> 1.7.1Anders Svensson
2014-09-08Update appup for OTP-12094Anders Svensson
diameter_codec must be loaded before diameter_traffic.
2014-09-08Update appup for OTP-12080Anders Svensson
2014-09-08Update appup for OTP-12069Anders Svensson
2014-09-08inets: Soft upgradeIngela Anderton Andin
2014-09-08Fix best effort decode of Failed-AVPAnders Svensson
Commit c2c00fdd didn't get it quite right: it only decoded failed AVPs in the common dictionary since it's this dictionary an answer-message is decoded in. An extra dictionary isn't something that's easily passed through the decode without rewriting dictionary compilation however, and that's no small job, so continue with the use/abuse of the process dictionary by storing the dictionary module for the decode to retrieve. This is one step worse than previous uses since the dictionary is put in one module (diameter_codec) and got in another (the dictionary module), but it's the lesser of two evils.
2014-09-08Fix decode of Failed-AVP in RFC 3588 answer-messageAnders Svensson
Commit 066544fa had the unintended consequence of breaking the decode of Failed-AVP in answer-message as defined in the RFC 3588, since the grammar doesn't list Failed-AVP as an explicit component AVP, in contrast to the RFC 6733 grammar, which does. Handle this case explicitly, as an exception, just as with Failed-AVP as parent AVP.
2014-09-08Fix counters for answer-messageAnders Svensson
An answer message that sets the E-bit is encoded/decoded with Diameter common dictionary, using the answer-message grammar specified in the RFC. However, the dictionary of the application in question is the one that knows the command code of the message. Commit df19c272 didn't make this distinction when incrementing counters for an answer-message, using the common dictionary for both purposes, causing the message to be counted as unknown. This commit remedies that.
2014-09-08crypto: Verify OpenSSL library major version at loadSverker Eriksson
to prevent strange memory corruption crashes due to mismatch between header and library versions.
2014-09-08Merge branch 'bjorn/asn1/misc-bug-fixes/OTP-12125' into maintBjörn Gustavsson
* bjorn/asn1/misc-bug-fixes/OTP-12125: Workaround for combining two object sets separated by extension Clean up and correct handling of parameters for parameterized types Check the formal parameter for parameterized type definitions Report errors also for unused parameterized types Remove unused code for ABSTRACT-SYNTAX and TYPE-IDENTIFIER Correct expansion of parameterized types Add the module name to the #classdef{} record Eliminate the use of #identifier{} outside the tokeniser and parser Fix problem with object identifiers in external modules Rewrite get_referenced_type/2 Teach the ASN.1 compiler to handle objects in field names Teach the ASN.1 compiler to understand "EXPORTS ALL" Teach the ASN.1 compiler the parse option
2014-09-08Merge branch 'bjorn/asn1/decoding-robustness/OTP-12145' into maintBjörn Gustavsson
* bjorn/asn1/decoding-robustness/OTP-12145: BER decoding: Improve error checking for indefinite length BER: Test decoding of indefinite lengths
2014-09-08Merge branch 'lucafavatella/improve-cpu_sup-error-when-slow-port-init' into ↵Marcus Arendt
maint * lucafavatella/improve-cpu_sup-error-when-slow-port-init: Clarify error for slow `cpu_sup` port init
2014-09-05common_test: update Makefile for ct_property_test module.Hans Nilsson
2014-09-05Merge branch 'ia/public_key/utf8-doc' into maintIngela Anderton Andin
* ia/public_key/utf8-doc: public_key: Correct documentation of ASN-1 type utf8String
2014-09-05public_key: Correct documentation of ASN-1 type utf8StringIngela Anderton Andin
2014-09-04Merge branch 'egil/fix-llvm-cc-warnings/OTP-12138' into maintBjörn-Egil Dahlberg
* egil/fix-llvm-cc-warnings/OTP-12138: odbc: Suppress signedness warnings for 'char *' ic: Suppress unused-value warning erts: Fix tentative-definition-incomplete-type erts: Don't redefine '_XOPEN_SOURCE'
2014-09-04Merge branch 'egil/maps-with-doc-tests/OTP-12137' into maintBjörn-Egil Dahlberg
* egil/maps-with-doc-tests/OTP-12137: stdlib: Test maps:with/2 stdlib: Document maps:with/2
2014-09-03Update documentationRaimo Niskanen
2014-09-03Clean up some config wartsRaimo Niskanen
2014-09-03Merge branch 'arekinath/ssh/aes-ctr' into maintMarcus Arendt
* arekinath/ssh/aes-ctr: ssh: check if ssh client supports newer cipher- and MAC-algorithms SSH: only enable ciphers/MACs when they are available in crypto SSH: add ssh_to_openssh test for ciphers and macs SSH: documentation update for new algos SSH: add support for aes128-ctr and hmac-sha2-256
2014-09-03ssh: update vsn.mkHans Nilsson
2014-09-03inets: update vsn.mkHans Nilsson
2014-09-03common_test: update vsn.mkHans Nilsson
2014-09-02ssh: Add simple experimental property test suitesHans Nilsson
2014-09-02inets: Add simple experimental property test suiteHans Nilsson
2014-09-02common_test: Add experimental module ct_property_testHans Nilsson
This module may change without warning...
2014-09-02ssh: check if ssh client supports newer cipher- and MAC-algorithmsMarcus Arendt
2014-09-01Workaround for combining two object sets separated by extensionBjörn Gustavsson
The following type of code would crash the compiler: OSET SOME-CLASS ::= {OSET1, ..., OSET2}
2014-09-01Clean up and correct handling of parameters for parameterized typesBjörn Gustavsson
The previous code looked at the actual parameters supplied when instantiating the type to determine the type of the argument; the correct way is to determine the type by looking at the governor and case of the formal parameter.
2014-09-01Check the formal parameter for parameterized type definitionsBjörn Gustavsson
Check the formal parameters for a parameterized type definition. If the governor for a formal parameter is absent, the formal parameter must be in upper case.
2014-09-01Report errors also for unused parameterized typesBjörn Gustavsson
Definitions for parameterized types are verified once very early, and one more time when they are instantiated. Errors found during the first check were ignored, so errors for unused parameterized types were not reported.
2014-09-01Remove unused code for ABSTRACT-SYNTAX and TYPE-IDENTIFIERBjörn Gustavsson
Before classes were fully implemented, there was support for ABSTRACT-SYNTAX and TYPE-IDENTIFIER. Some of that code is still there and is no longer used. Get rid of it and correct comments.
2014-09-01Correct expansion of parameterized typesBjörn Gustavsson
Attempting to compile: SomeType{SOME-CLASS-NAME, SOME-CLASS-NAME:SomeSet} ::= ... SEQUENCE { something SOME-CLASS-NAME.&id({SomeSet}) } would crash the compiler, because the actual parameter for SOME-CLASS-NAME was not substituted into the governor for the SomeSet parameter. While we are at it, combine the functionality of is_class/2 and get_class_def/2 (eliminating is_class/2). Most callers call both function.
2014-09-01Add the module name to the #classdef{} recordBjörn Gustavsson
If we want construct an #'Externaltypereference'{} from a #classdef{} record, we will need the module name.
2014-09-01Eliminate the use of #identifier{} outside the tokeniser and parserBjörn Gustavsson
The only remaining use of #identifier{} in asn1ct_check was in a temporary packaging of a value that would be ultimately be put into #valuedef{}. Therefore we can eliminate that last usage but putting the value directly into a #valuedef{} and we can move the record definition into asn1ct_parser2.
2014-09-01Fix problem with object identifiers in external modulesBjörn Gustavsson
When parsing ASN.1, certain constructs can only be understood in the full context of the entire ASN.1 module. For instance, the value following ID in this simplified excerpt from MTSAbstractService88: administration-88 PORT ::= { ID {id-pt-administration 88} } the value following "ID" can be interpreted either as value for: SEQUENCE { id-pt-administration INTEGER } or as an OBJECT IDENTIFIER. Our ASN.1 parser assumes that a SEQUENCE is meant, and if that later turns out to be wrong, the SEQUENCE value is rewritten to an OBJECT IDENTIFIER. The problem is that at the time of the rewrite, we no longer know in which ASN.1 module id-pt-administration was defined in, and we have to use the module name in the state{} record. Unfortunately, the module name in the state{} record may not always be correct. While there are attempts in the code to keep the module name up-to-date when checking imported types, it is not done consistently, and it seems to be a difficult and error-prone task to attempt to make it consistent. A safer and less error-prone approach is to make sure that we don't lose the module name while parsing. To make it clear what we are doing, we will introduce a new #seqtag{} record that are used for tags in SEQUENCE values. The name is based on its primary use. The record also contains the module in case it happens to be an OBJECT IDENTIFIER.
2014-09-01Rewrite get_referenced_type/2Björn Gustavsson
Make sure that we continue to follow external references until we find a real type.
2014-09-01Teach the ASN.1 compiler to handle objects in field namesBjörn Gustavsson
2014-09-01Teach the ASN.1 compiler to understand "EXPORTS ALL"Björn Gustavsson
EXPORTS ALL is the same as leaving out the EXPORTS statement.
2014-09-01Teach the ASN.1 compiler the parse optionBjörn Gustavsson
2014-09-01Merge branch 'bjorn/compiler/fix-scope-bug/OTP-12132' into maintBjörn Gustavsson
* bjorn/compiler/fix-scope-bug/OTP-12132: sys_core_fold: Eliminate name capture bug
2014-09-01sys_core_fold: Eliminate name capture bugBjörn Gustavsson
The scope is supposed to contain all variables that are currently live. We need this information for certain optimizations to avoid capturing a name (a name that is in the scope must be renamed; for an example, see move_let_into_expr/2 or any function that calls sub_subst_scope/1). We also use the scope to optimize sub_del_var/2 and sub_is_val/2. When optimizing case expressions, the scope could be reset to an empty list (because sub_new/0 was called instead of sub_new/1). That could cause name capture if inlining was turned on. As simple way to force this bug is to uncomment the "-define(DEBUG, 1)." near the beginning of the file. Without this correction, most files in the test suite fail to compile.
2014-09-01Merge branch 'nox/erl_scan-fix-column-tracking' into maintMarcus Arendt
* nox/erl_scan-fix-column-tracking: Properly track column numbers in erl_scan
2014-09-01Merge branch 'siri/ct-runtime-deps/OTP-12037' into maintSiri Hansen
* siri/ct-runtime-deps/OTP-12037: [ct] Update runtime dependencies towards test_server
2014-09-01Merge branch 'maint-17' into maintMarcus Arendt
Conflicts: OTP_VERSION