Age | Commit message (Collapse) | Author |
|
algorithms
With the addition of more ciphers that are not supported in all
configurations, using a manually prefiltered cipher list (e.g. EC vs.
non-EC ciphers) becomes to complex. Replace the manual split with
ssl_cipher:filter_suites/1 in all places.
Conflicts:
lib/ssl/src/ssl.erl
lib/ssl/src/tls_v1.erl
|
|
|
|
* ia/ssl/improved-options-handling/OTP-11950:
ssl: Correct test SUITE
ssl: Add format_status function to ssl connection process
inets: Correct httpc_SUITE
ssl: Add ssl options to listen options tracker
ssl: Move init
|
|
* anders/diameter/17.1/OTP-11943:
Update appup for OTP-11946, OTP-11936: 5014, Failed-AVP decode
Update appup for OTP-11938: terminate watchdog after DPR reception
Update appup for OTP-11721: log and counter hardening
Update appup for OTP-11937: counters
Update appup for OTP-11901: diameter_sctp function_clause
Update appup for OTP-11934: watchdog process leak
Update appup for OTP-11893: request table leak
Update appup for OTP-11891: result code counters for CEA/DWA/DPA
vsn -> 1.7
Fix broken release note for diameter-1.4.4
|
|
* anders/diameter/hardening/OTP-11721:
Change answer_errors default from report to discard
|
|
Modules: diameter_watchdog, diameter_peer_fsm
diameter_watchdog must be loaded first.
|
|
Modules: diameter_codec, diameter_peer_fsm, diameter_watchdog,
diameter_traffic, diameter_service, diameter_lib,
dictionary modules
diameter_lib and diameter_traffic (in that order) must be loaded first.
diameter_codec last must be loaded before diameter_peer_fsm and
diameter_watchdog.
|
|
Conflicts:
OTP_VERSION
lib/ssh/test/ssh_basic_SUITE.erl
lib/ssh/vsn.mk
|
|
Modules: diameter_peer_fsm, diameter_watchdog, diameter_codec,
diameter_traffic
diameter_traffic must be loaded first.
|
|
|
|
|
|
* hans/ssh/patch-17.0.2:
ssh: Prepare for release
ssh: Use correct timeout value for the connection timeout
ssh: Add max_session parameter to ssh:daemon
|
|
* ia/inets/prep:
inets: Prepare for release
|
|
* ia/inets/maint-17/string-lengths/OTP-11925:
inets: httpd - Behave well on not so long but wrong request lines
inets: httpc - update test suite framwork to adopt to change in httpd
inets: httpd - Reject incorrect large request lines early
|
|
config_reload tests are not enough to test httpd "block/unblock"
used by config_reload, so renable some test cases in the old_httpd_SUITE
after making them work with the new code. Should be cleaned up and moved
to httpd_SUITE.
|
|
Modules: diameter_service
|
|
Modules: diameter_traffic, diameter_peer_fsm, diameter_watchdog
diameter_traffic must be loaded first.
|
|
|
|
Those were bug fixes, not known issues.
|
|
|
|
|
|
In the same vein as commit 00584303, to avoid logging traffic-related
happenings.
Not that the value in diameter.hrl is just documentation: the value is
set explicitly when diameter:start_service/2 creates diameter_app
records.
|
|
* anders/diameter/Failed-AVP/OTP-11936:
Do best-effort decode of Failed-AVP
Add a testcase that expects a decoded value in Failed-AVP
|
|
* anders/diameter/5014/OTP-11946:
Fix handling of AVP length errors (5014) in unknown AVPs
Add testcases that send unknown AVPs with a bad AVP Length
|
|
* anders/diameter/hardening/OTP-11721:
Simplify example server
Make example server answer unsupported requests with 3001
Make example code quiet
Don't count messages on arbitrary keys
Replace traffic-related log reports with no-op function calls
|
|
Commit 4ce2d3a6 (diameter-1.4.2, OTP-11007) disabled the decode of
values in Failed-AVP components since any error caused the decode of
Failed-AVP itself to fail. This is less than useful since (1) we should
be able to decode it given that we've sent it (modulo mangling on the
way to the peer and back), and (2) it's not unheard of to examine
Failed-AVP to see what the peer objected to.
This commits adds a best-effort decode: decode if possible, otherwise
not, using the same abuse of the process dictionary as commit bbdb027c.
|
|
This isn't currently the case, but soon will be.
|
|
Commit 4ce2d3a6 added the insertion of a single bit into binary AVP data
to induce an encode error in the case of a header length that pointed
past the available bytes: a 5014 = DIAMETER_INVALID_AVP_LENGTH error.
Commit 838856b fixed this for stringish Diameter types, but both commits
neglected the case in which the offending AVP isn't known to the
dictionary in question. Unless the AVP was regarded as erroneous for
other reasons (eg. an M-bit resulting in 5001) it would be happily be
packed into an 'AVP' field. If it was regarded as an error, the record
could be passed back to diameter_codec:pack_avp/1, and if the record
contained header data then there was no clause to deal with the
unpleasantry.
Deal with it by having the dictionary module strip the extra bit and
flag the AVP as 5014, and by having diameter_codec handle any extra bit
coming from an dictionary compiled against an old diameter_gen. An old
dictionary won't detect 5014 however, so dictionaries should be
recompiled.
Change most of the guards in diameter_codec from is_bitstring/1 to
is_binary/1. What's being passed to the decode functions are binaries
received other the network. The only case in which a non-binary
bitstring is when we've placed an extra bit there ourselves. (Modulo
someone doing something they shouldn't.)
|
|
In particular, a length that points past the end of the message. This
goes undetected there is some other problem with the AVP (eg. M-bit),
which is a problem we're about to fix.
|
|
* saa/add_default_value_for_maps_get/OTP-11951:
stdlib: Fix indentation of maps doc
Add docs and test for maps:get/3
Add default value for maps:get
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* dgud/observer/tests/OTP-11949:
observer: Let wx create statusbar
observer: Destroy the wx env
observer: Fix range check
Test Tweaks
Enable tests
|
|
In particular, remove the unnecessary list-or-record answer.
|
|
As it should. The previous discard (surely) pre-dated being able to
return {answer_message, 3001} from a handle_request callback.
|
|
The output could make it impossible to use the shell. Counters returned
diameter:service_info/2 can be used to check for expected happenings.
|
|
That is, don't use a key constructed from an incoming Diameter header
unless the message is known to the dictionary in question. Otherwise
there are 2^32 application ids, 2^24 command codes, and 2 R-bits for an
ill-willed peer to choose from, each resulting in new keys in the
counter table (diameter_stats).
The usual {ApplicationId, CommandCode, Rbit} in a key is replaced by the
atom 'unknown' if the message in question is unknown to the decoding
dictionary.
Counters for messages sent and received by a relay are (still) not
implemented.
|
|
The former were a little over-enthusiastic and could cause a node to be
logged to death if a peer Diameter node was sufficiently ill-willed.
The function calls are to diameter_lib:log/4, the arguments of which
identify the happening in question, and which does nothing but provide a
function to trace on. Many existing log calls have been shrunk.
The only remaining traffic-related report (hopefully) is that resulting
from {answer_errors, report} config, and this has been slimmed.
|
|
* dgud/mnesia/timing-issue:
mnesia: Fix timing issue
|
|
* dgud/testcasecuddling:
mnesia: Improve tests
|
|
* dgud/mnesia/force-load-hangs/OTP-11948:
mnesia: Handle failed net_loads better
|
|
* egil/fix-maps-pretty-layout/OTP-11947:
dialyzer: Add Maps type mismatch test
hipe,compiler: Fix Map literals pretty printing
|
|
|
|
* nox/maps-cerl-ann_make_tree:
Support maps in cerl:ann_make_tree/3
|
|
Do application restart as old soft upgrade was not correct
|
|
* anders/diameter/dpr/OTP-11938:
Ensure watchdog dies with transport if DPA was sent
|