Age | Commit message (Collapse) | Author |
|
|
|
The current SSL implementation has a PEM cache running through the ssl
manager process, whose primary role is caching CA chains from files on
disk. This is intended as a way to save on disk operation when the
requested certificates are often the same, and those cache values are
both time-bound and reference-counted. The code path also includes
caching the Erlang-formatted certificate as decoded by the public_key
application
The same code path is used for DER-encoded certificates, which are
passed in memory and do not require file access. These certificates are
cached, but not reference-counted and also not shared across
connections.
For heavy usage of DER-encoded certificates, the PEM cache becomes a
central bottleneck for a server, forcing the decoding of every one of
them individually through a single critical process. It is also not
clear if the cache remains useful for disk certificates in all cases.
This commit adds a configuration variable for the ssl application
(bypass_pem_cache = true | false) which allows to open files and decode
certificates in the calling connection process rather than the manager.
When this action takes place, the operations to cache and return data
are replaced to strictly return data.
To provide a transparent behaviour, the 'CacheDbRef' used to keep track
of the certificates in the cache is replaced by the certificates itself,
and all further lookup functions or folds can be done locally.
This has proven under benchmark to more than triple the performance of
the SSL application under load (once the session cache had also been
disabled).
|
|
* maint-19:
Updated OTP version
Prepare release
erts: Make sure to flush potential exit message
|
|
|
|
|
|
into maint
* bjorn/compiler/ambiguous_catch_try_state/ERL-209/OTP-13804:
[ERL-209] Fix ambiguous_catch_try_state inconsistency error
|
|
* bjorn/asn1/support-parallel-build/OTP-13624:
asn1_test_lib: Compile ASN.1 modules in parallel
Support 'make -j' when compiling ASN.1 modules
|
|
Test that the changes in the previous commit allows us to
compile ASN.1 modules in parallel.
|
|
When attempting to build multiple ASN.1 modules in parallel (e.g. by
running 'make -j'), the ASN.1 compiler could crash because the names
of the .asn1db files clashed. For example, if A.asn1 and B.asn1 both
import from C.asn1, the compiler would write a C.asn1db file when
compiling A.asn1 and when compiling B.asn1.
We can avoid this problem if the compiler only writes the
module's own .asn1db file. That is, when compiling A.asn1,
the compiler would only write A.asn1db, not C.asn1db. Also,
make sure that we make the write atomic by first writing to
a temporary file that is then renamed.
|
|
* lukas/erts/fix_init_stop_code_load_race/OTP-13802:
erts/kernel: Fix code loading deadlock during init:stop
|
|
When init:stop is called it walks the application hierarchy
and terminates each process. Some of these processes may do
something while terminating and sometimes that something
needs to load some new code in order to work. When this happens
the code_server could just be in the process of terminating
or the erl_prim_loader could be active. In both these cases
the request to load the new code would cause a deadlock in the
termination of the system.
This commit fixes this by init rejecting attempts to load new code
when init:stop has been called and fixing a termination race in
the code_server.
This however means that the process that tried to do something
when told to terminate (for instance logging that it is terminating)
will crash instead of loading the code.
|
|
* binarin/even-more-absolute-paths/PR-1103/OTP-13800:
Use perl discovered by configure
Don't make assumptions about build tools paths
|
|
It is not safe to share code between 'catch' blocks.
|
|
|
|
Conflicts:
lib/ssl/src/ssl.appup.src
|
|
|
|
* lukas/kernel/fix_os_cmd_background_compat/OTP-13741:
kernel: Use ^D as eot for os:cmd on unix platforms
|
|
* raimo/ssl/version-selection/maint-19/OTP-13753:
Improve version selection
|
|
This is needed as doing only an 'exit' will only exit the
program, but any children started in the program that have
stdout/stderr still open will keep the port open until they
terminate. i.e.
os:cmd("while true; do echo sleep 1; sleep 1; done&").
would block os:cmd forever because the while loop keeps its copies
of stdout/stderr open forever.
It could be argued that this is correct behaviour, and it is
the way it works on windows, but changing this breaks backwards
compatability for os:cmd which is not acceptable.
|
|
|
|
|
|
|
|
Change it to { Input :: string() | undefined, Body :: string() }
|
|
|
|
into maint
* duncaen/crypto/fix-algo_cipher-array-size/PR-1140/OTP-13789:
Fix segfault in crypto by increasing algo_cipher array
|
|
* bjorn/compiler/not_live/ERL-202/OTP-13780:
beam_block: Fix potentially unsafe optimization in move_allocates/1
|
|
beam_block has an optimization that only is safe when it is applied
immediately after code generation. That is pointed out in a comment:
NOTE: Moving allocation instructions is only safe because it is done
immediately after code generation so that we KNOW that if {x,X} is
initialized, all x registers with lower numbers are also initialized.
That assumption may not be true after other optimizations, such as
the beam_utils:live_opt/1 optimization.
The new beam_reorder pass added in OTP 19 runs before beam_block.
Therefore, the optimization is potentially unsafe. The optimization
is also unsafe if compilation is started from assembly code in a
.S file.
Rewrite the optimization to make it safe. See the newly added comment
for details.
ERL-202
|
|
* elbrujohalcon/dialyzer/fix-spec/PR-1134/OTP-13786:
Improve format_warning/1 spec
|
|
maint
* ellbee/odbc/configure-OS-X-El-Capitan/PR-1137/OTP-13781:
Make ODBC configure handle OS X El Capitan
|
|
|
|
maint
* efine/inets/validate-inet6fb4/ERL-200/PR-1132/OTP-13776:
Test inet6fb4 in basic suite
Actually verify result of testcase
Fix inets_sup_SUITE for local tests
Add test for inet6fb4 validation
Fix httpd_conf:validate_properties/1 for ipfamily
|
|
* comtihon/fprof/fix-gc-tags/PR-1136/OTP-13778:
fix gc_start\end bug
|
|
* raimo/SCTP-socket-stats/ERL-102/OTP-13773:
Fix SCTP send stats in inet_drv
Test inet:getstat/1 dead for SCTP send
Fix test suite compilation warnings
|
|
|
|
Change ODBC configure.in script to recognize OS X El Capitan (Darwin v15.x)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Let it handle `dial_warning()` input as well, to match what `format_warning/2` expects.
|
|
* okumin/kernel/remove-duplicated-line/PR-1119/OTP-13771:
Remove a duplicated pattern matching in erl_epmd.erl
|
|
maint
* lemenkov/kernel/fix-register_ipv6_epmd/PR-1129/OTP-13770:
Respect -proto_dist switch while connection to EPMD
|
|
Conflicts:
OTP_VERSION
erts/doc/src/notes.xml
erts/vsn.mk
lib/common_test/doc/src/notes.xml
lib/common_test/vsn.mk
lib/ssl/doc/src/notes.xml
lib/ssl/src/ssl.appup.src
lib/ssl/vsn.mk
lib/stdlib/test/ets_SUITE.erl
otp_versions.table
|
|
inets:start/2 fails when using the legacy option inet6fb4 with a
configuration proplist. It is not translated to inet as documented.
This breaks existing code that relies on the documented behavior.
This commit fixes the issue by translating inet6fb4 everywhere it is
encountered in httpd_conf:validate_properties/1.
From inets documentation (http://erlang.org/doc/man/httpd.html):
{ipfamily, inet | inet6}
Default is inet, legacy option inet6fb4 no longer makes sense
and will be translated to inet.
Fixes ERL-200.
|
|
|
|
* raimo/ssl/version-selection/maint-18/OTP-13753:
Improve version selection
|
|
* peppe/ct_telnet_duplicated_lines/OTP-13730:
Fix error with duplicated printouts by ct_telnet:expect/3
|
|
OTP-13730
|