Age | Commit message (Collapse) | Author |
|
|
|
If upper limit is reached invalidate the current cache entries, e.i the session
lifetime is the max time a session will be keept, but it may be invalidated
earlier if the max limit for the table is reached. This will keep the ssl
manager process well behaved, not exhusting memeory. Invalidating the entries
will incrementally empty the cache to make room for fresh sessions entries.
|
|
|
|
* siri/ct_netconfc/log-silent/OTP-13035:
Don't attempt logging when log type is 'silent'
|
|
* swvist/topic/ssh-key-callback-options:
Support SSH key callback module options
OTP-13156
|
|
* soranoba/fix-file-position/PR-646:
Unify internal error handling
Fix file:pread and :pwrite to use character encoding
Clean up code for file:position/2
Fix file:position (not raw mode)
OTP-13155
|
|
* siri/ct_netconfc/clear-timer/OTP-13008:
Flush timeout message from message queue when canceling timer
|
|
This patch allows extra callback options to be passed to the module
implementing the SSH callback module behaviour.
A module implementing the SSH key callback API is used to customize
the handling of public key. This patch allows extra callback options
to be passed to the module implementing the SSH callback module
behaviour.
The key_cb option has been changed:
{key_cb, atom()} -> {key_cb, key_cb()}
Where:
key_cb() :: atom() | {atom(), list()}
The callback options, if specified, is made available to the callback
module via the options passed to it under the key 'key_cb_private'.
More details and some backgorund is available here[1].
[1]: http://erlang.org/pipermail/erlang-patches/2015-November/004800.html
|
|
* legoscia/tls_dist_options:
Test interface listen option for TLS distribution
Test socket listen options for TLS distribution
Test port options for TLS distribution
TLS Dist: Use inet_dist_ options
Conflicts:
lib/ssl/src/ssl_tls_dist_proxy.erl
lib/ssl/test/ssl_dist_SUITE.erl
OTP-12838
|
|
* scrapinghub/sni_with_connect:
inets: SNI to be passed with requests through CONNECT
OTP-12985
|
|
* ia/inets/esi-timeout/OTP-13110:
inets: Add warning header in "chunk trailer" when mod_esi callback times out or fails
inets: Remove exit that generates an incorrect internal server error
|
|
or fails
Also remove legacy debug macros and add help function httpd_util:error_log/2
to avoid code duplication.
|
|
|
|
* maint-18:
Updated OTP version
Update release notes
ssh: vsn.mk updated
ssh: New test cases for SSH_MSG_KEX_DH_GEX_REQUEST_OLD
ssh: update existing testcases
ssh: Improve group selection
ssh: implemented server side SSH_MSG_KEX_DH_GEX_REQUEST_OLD for putty client
Conflicts:
lib/ssh/src/ssh_transport.erl
lib/ssh/test/ssh_protocol_SUITE.erl
lib/ssh/vsn.mk
|
|
httpc should fill SNI extenstion for HTTPS requests sent through
CONNECT tunnel to provide proper access to websites using SNI
|
|
The shell command 'rp' prints strings as lists of integers
when pretty printing of lists is 'false'.
|
|
* hans/ssh/optimize_sftp_window_handling/OTP-13130:
ssh: sftpd callback takes new option 'recv_window_size', defaults to 1000000
ssh: added 'pending' in recv_window handling and limit sending
|
|
|
|
|
|
|
|
|
|
Now it chooses the first found if no exact match.
|
|
|
|
* legoscia/ssl_connection_terminate_crash:
Avoid crash for SSL connections with nonexistent keyfile
OTP-13144
|
|
* legoscia/tls_dist_nodelay:
Add test for dist_nodelay option
Honour dist_nodelay socket option in tls_dist proxy
OTP-13143
|
|
* legoscia/ssl-dist-error-handling:
In ssl_tls_dist_proxy, pass along EPMD registration errors
OTP-13142
|
|
* zandra/fix-24h-macro-in-suite:
fix 24h macro in test suite
|
|
* ppikula/fix-24h-macro:
fix incorrect number of seconds in 24h macro The previous commit - 7b93f5d8a224a0a076a420294c95a666a763ee60 fixed the macro only in one place.
OTP-13141
|
|
|
|
|
|
|
|
|
|
Add test that checks that the option inet_dist_use_interface is used
when starting a node with TLS distribution.
|
|
Add test that checks that the option inet_dist_listen_options is used
when starting a node with TLS distribution.
This test was adapted from inet_dist_options_options in
erl_distribution_SUITE.
|
|
Add test that checks that the options inet_dist_listen_min and
inet_dist_listen_max are used when starting a node with TLS
distribution.
|
|
The inet_dist_ options, such as min/max port numbers aren't used
with TLS distribution. This commits uses those settings in the
same way as they're used in inet_tcp_dist.erl
|
|
* hans/ssh/fd_more/OTP-12966:
ssh: testcases for starting daemon with given fd
ssh: Make it possible for more than one daemon started with option fd
|
|
|
|
* hans/ssh/aes_gcm_crypto/OTP-13018:
ssh: fix dialyzer reported error
ssh: renegotiate test group for AES_GCM
ssh: documentation updates
ssh: AEAD_AES_(128|256)_GCM and aes(128|256)[email protected] crypto
ssh: refactor packet reception
|
|
* tuncer/musl:
musl: fix gethostbyname_r/gethostbyaddr_ selection
|
|
* legoscia/tls-dist-shutdown:
Adjust shutdown strategies for distribution over TLS
OTP-13134
|
|
|
|
|
|
|
|
Note that the rfc5647 is ambigous so this implementation of AEAD_AES_(128|256)_GCM
may or may not be compatible with others. They are note enabled by default but may
be enabled by the user. See the Reference Manual, Application SSH for details of
how we interpret the rfc.
To be safe, use [email protected] or [email protected] instead.
|
|
There was an assymetric relationship between receiving a ssh-packet (decrypting-mac-decompress) and sending one. When sending, most of the work was defined in the ssh_transport module, while at reception the ssh_connection_handler was the one knowing what to do.
This commit moves the reception down to the ssh_transport module where it belongs.
|
|
* bjorn/compiler/fix-missing-filename/OTP-13113:
Fix missing filename and line number in warning
|
|
When the 'bin_opt_info' is given, warnings without filenames
and line numbers could sometimes be produced:
no_file: Warning: INFO: matching non-variables after
a previous clause matching a variable will prevent delayed
sub binary optimization
The reason for the missing information is that #c_alias{} records lack
location information. There are several ways to fix the problem. The
easiest seems to be to get the location information from the
code).
Noticed-by: José Valim
|
|
|
|
* ia/ssl/tls-client-hello-version/OTP-13114:
ssl: Client should send the hello message in the lowest version it is willing to support
|