aboutsummaryrefslogtreecommitdiffstats
path: root/lib
AgeCommit message (Collapse)Author
2016-02-25Merge branch 'legoscia/fix-ssl-example/PR-976/OTP-13363' into maintIngela Anderton Andin
* legoscia/fix-ssl-example/PR-976/OTP-13363: ssl: Modernize utility function Fix ssl example
2016-02-25Merge branch 'bernardd/gen_tcp_export_socket' into maintHenrik Nord
* bernardd/gen_tcp_export_socket: Export gen_tcp:socket() type OTP-13380
2016-02-25Merge branch 'kostis/hipe-icode-cleanup' into maintHenrik Nord
* kostis/hipe-icode-cleanup: Fix dialyzer warning and some code refactoring OTP-13379
2016-02-25Merge branch 'legoscia/crl-check-without-dp' into maintHenrik Nord
* legoscia/crl-check-without-dp: Be suspicious of certificates without CRL DPs Refactor ssl_crl_SUITE: extract crl_verify_error/6 OTP-13378
2016-02-25Merge branch 'legoscia/critical-extension-verify-none' into maintHenrik Nord
* legoscia/critical-extension-verify-none: ssl: with verify_none, accept critical extensions OTP-13377
2016-02-25Merge branch 'benwilson512/better-maps-with' into maintHenrik Nord
* benwilson512/better-maps-with: Improved maps:with/2 and maps:without/2 algorithm OTP-13376
2016-02-25Merge branch 'hans/eldap/unbind/OTP-13327' into maintHans Nilsson
Conflicts: lib/eldap/src/eldap.erl
2016-02-25Merge branch 'hans/eldap/referral/OTP-12272' into maintHans Nilsson
2016-02-24[erl_interface] Correct documentationHans Bolinder
Fix mistakes found by 'xmllint'.
2016-02-23ssl: Modernize utility functionIngela Anderton Andin
Use application:ensure_all_started/2 instead of hard coding dependencies
2016-02-23Merge branch 'hans/ssh/maint_cuddle_tests' into maintHans Nilsson
2016-02-23Merge branch 'maint-18' into maintHenrik Nord
2016-02-22eldap: experimental impl of controls in LDAPMessageHans Nilsson
2016-02-22eldap: referral resultCodeHans Nilsson
2016-02-22Fix ssl exampleMagnus Henoch
As recently discussed on the erlang-questions mailing list, this example fails to start the ssl application because ssl depends on asn1 nowadays. Let's future-proof this by using application:ensure_all_started/1.
2016-02-22Fix a few dialyzer warningsHans Bolinder
2016-02-22ssh: catch port_close in testHans Nilsson
2016-02-22ssh: remove calls to crypto:start|stopHans Nilsson
Conflicts: lib/ssh/test/ssh_upgrade_SUITE.erl
2016-02-22ssh: add timetrap to all test suitesHans Nilsson
2016-02-22ssh: remove some spurions test printoutsHans Nilsson
2016-02-22Merge branch 'ia/ssl/connection_information/OTP-13232/OTP-13343' into maintIngela Anderton Andin
* ia/ssl/connection_information/OTP-13232/OTP-13343: ssl: Newer cipher suites now presented correctly ssl: Include options form connect/listen/accept in connection_information/[1,2]
2016-02-22ssl: Newer cipher suites now presented correctlyIngela Anderton Andin
Older SSL/TLS versions have cipher suites that look like {key_exchange(), cipher(), MAC::hash()} and the hash function used by the PRF (Pseudo Random function) is implicit and always the same for that protocol version. In TLS 1.2 a cipher suite is {key_exchange(), cipher(), MAC::hash(), PRF::hash()}. Internally a cipher suite is always a four tuple but for backwards compatibility older cipher suites will be presented as a three tuples, however new cipher suites should be presented as four tuples.
2016-02-22debugger: Editorial changes in documentationxsipewe
2016-02-22Merge branch 'dgud/observer/doc' into maintDan Gudmundsson
* dgud/observer/doc: Observer: Editorial changes in documentation
2016-02-22Observer: Editorial changes in documentationtmanevik
2016-02-22ssl: Include options form connect/listen/accept in connection_information/[1,2]Ingela Anderton Andin
Make sure that options only relevant for one role (client|server) is set to undefined when the other role is invoked. As there are many options to ssl, and many are optional, we choose to filter out all undefined options to avoid overwhelming the user with not relevant information. This way there is no need for any special handling of the role specific options which is also nice.
2016-02-19eldap: unbindRequestHans Nilsson
2016-02-19Fix public_key documentation typosMagnus Henoch
2016-02-18Prepare releaseErlang/OTP
2016-02-18[ct_netconfc] Fix XML parsing when multiple messages in packageSiri Hansen
If a ssh package contained more than one netconf end tag, then the second end tag was never detected in ct_netconfc:handle_data. Instead it was included in the XML data given to the xmerl parser, which then failed with reason "\"]]>\" is not allowed in content". This problem was introduced by OTP-13007.
2016-02-18Merge branch 'legoscia/ssl-doc-typos' into maintHenrik Nord
* legoscia/ssl-doc-typos: Fix typos in ssl.xml OTP-13339
2016-02-17kernel: Correct contract for inet:getifaddrs/1Hans Bolinder
See also http://bugs.erlang.org/browse/ERL-95.
2016-02-17Be suspicious of certificates without CRL DPsMagnus Henoch
Previously, if certificate revocation checking was turned on, and a certificate didn't contain a CRL Distribution Points extension, and there was no relevant CRL in the cache, then ssl_handshake:crl_check would accept the certificate even if the crl_check option was set to reject certificates for which the revocation status could not be determined. With this change, such certificates will only be accepted if the crl_check option was set to best_effort. The process for CRL validation is described in section 6.3 of RFC 5280. The text doesn't mention any special treatment to be given to certificates without distribution points: it just says "For each distribution point..." (section 6.3.3), which would leave the revocation status undetermined, unless there were "any available CRLs not specified in a distribution point but issued by the certificate issuer". Thus the result of this algorithm should be UNDETERMINED in this case, not UNREVOKED, and the crl_check option should govern how the implementation reacts to this result.
2016-02-17ssl: with verify_none, accept critical extensionsMagnus Henoch
When establishing a TLS connection with {verify, verify_none}, if the server has a certificate with a critical extension, for example a "Netscape Cert Type" extension, certificate verification would fail, which is surprising given that the name of the option suggests that no verification would be performed. With this change, certificate extensions marked as critical are ignored when using verify_none.
2016-02-17xmerl: Remove 'no_return' Dialyzer warningsHans Bolinder
2016-02-17xmerl: Add suppression of Dialyzer warningsHans Bolinder
2016-02-17eunit: Add suppression of Dialyzer warningsHans Bolinder
2016-02-17debugger: Add suppression of Dialyzer warningsHans Bolinder
2016-02-17kernel: Add suppression of Dialyzer warningsHans Bolinder
2016-02-17mnesia: Add suppression of Dialyzer warningsHans Bolinder
2016-02-17observer: Add suppression of Dialyzer warningsHans Bolinder
2016-02-17runtime_tools: Add suppression of Dialyzer warningsHans Bolinder
2016-02-17stdlib: Add suppression of Dialyzer warningsHans Bolinder
2016-02-17test_server: Add suppression of Dialyzer warningsHans Bolinder
2016-02-17tools: Add suppression of Dialyzer warningsHans Bolinder
2016-02-16Merge branch 'ia/pr/958/OTP-13334' into maintIngela Anderton Andin
* ia/pr/958/OTP-13334: ssl: verify cert signature against original cert binary
2016-02-15Merge branch 'tuncer/ei-breakage' into maintHenrik Nord
* tuncer/ei-breakage: ei: fix breakage reported by Sergei Golovan Revert "musl: fix gethostbyname_r/gethostbyaddr_ selection" OTP-13328
2016-02-12asn1: Suppress warnings for improper lists in generated codeBjörn Gustavsson
2016-02-12Merge branch 'dgud/mnesia/del_schema_hangs/OTP-13284' into maintDan Gudmundsson
* dgud/mnesia/del_schema_hangs/OTP-13284: mnesia: let loader check if tablelock is needed mnesia: Avoid deadlock possibility in mnesia:del_table_copy schema
2016-02-10tools: Remove dead code in lcntBjörn-Egil Dahlberg