aboutsummaryrefslogtreecommitdiffstats
path: root/lib
AgeCommit message (Collapse)Author
2017-02-08ssl: Avoid SSL/TLS hello format confusionIngela Anderton Andin
Valid SSL 3.0 or TLS hellos might accidentally match SSL 2.0 format (and sometimes the other way around before inspecting data) so we need to match SSL 3.0 and TLS first and only match SSL 2.0 hellos when flag to support it is set.
2017-02-02Merge branch 'ingela/inets/maint/httpd-gracefull-shutdown/OTP-14174' into maintIngela Anderton Andin
* ingela/inets/maint/httpd-gracefull-shutdown/OTP-14174: inets: httpd - shutdown gracefully on connection or TLS handshake errors
2017-02-02Merge branch 'ingela/ssl/config-propagation' into maintIngela Anderton Andin
* ingela/ssl/config-propagation: ssl: Simplify configuration code ssl: Make sure PEM cache works as intended
2017-02-01ssl: Simplify configuration codeIngela Anderton Andin
Use map instead of large tuple, which was not an option when the code was written originally. More simplifications along these lines may be done later to the state record.
2017-02-01ssl: Make sure PEM cache works as intendedIngela Anderton Andin
Move of PEM cache to own process was flawed and not all PEM files where cached properly. We must properly handle both the ditributed and the normal mode of the ssl application.
2017-02-01Merge branch 'maint-19' into maintDan Gudmundsson
* maint-19: Updated OTP version Prepare release Fixed crash when a table was deleted during checkpoint traversal
2017-01-31Merge branch 'hans/ssh/speed_dh_keygen/OTP-14169' into maintHans Nilsson
2017-01-31Prepare releaseErlang/OTP
2017-01-31Merge branch 'hans/ssh/increase_benchmark_timetrap' into maintHans Nilsson
2017-01-30Fixed crash when a table was deleted during checkpoint traversalDan Gudmundsson
Set fixtable false will fail on deleted tables, catch that and also report checkpoint deactivate error, so user can see why checkpoint was deactivated and backup fails.
2017-01-30inets: httpd - shutdown gracefully on connection or TLS handshake errorsIngela Anderton Andin
2017-01-30ssh: increase timetrap for ssh_benchmark_SUITEHans Nilsson
2017-01-30ssh: optimize kex dh_gex using new crypto functionalityHans Nilsson
2017-01-27crypto: Added optional length to paramlist in generate_keyHans Nilsson
2017-01-27Merge branch 'ingela/ssl/key-ext-validate/ERL-338/OTP-14141' into maintIngela Anderton Andin
* ingela/ssl/key-ext-validate/ERL-338/OTP-14141: ssl: The certificate path may be used as a source to find intermediate CAs for the CRL ssl: Handle more than one DistributionPoint ssl: Correct ssl_certificate:validate/3
2017-01-26ssl: The certificate path may be used as a source to find intermediate CAs ↵Ingela Anderton Andin
for the CRL
2017-01-26Merge branch 'hans/public_key/verify_hostname/OTP-13009' into maintHans Nilsson
2017-01-26Merge branch 'hans/ssh/bad_hostkey_sign_kex_dh_gex/OTP-14166' into maintHans Nilsson
2017-01-26Fix observer application crash (#1296)visciang
Fix observer application crash When clicking an HTML-link to a port before the port tab has been opened for the first time, observer would crash since port info is not initiated. This is now corrected. Also, when clicking on an HTML link to a port, and the port does not exist, then pop up an info dialog saying "No such port". OTP-14151
2017-01-25public_key: pkix_verify_hostname (RFC 6125)Hans Nilsson
2017-01-25ssh: correct host key signature calculationHans Nilsson
2017-01-25Merge branch 'ingela/ssl/crl-validity' into maintIngela Anderton Andin
* ingela/ssl/crl-validity: ssl: Make crls valid for a week instead of 24 hours
2017-01-25Merge branch 'ingela/ssl/pem-chache-own-process/OTP-13874' into maintIngela Anderton Andin
* ingela/ssl/pem-chache-own-process/OTP-13874: ssl: Move PEM cache to a dedicated process
2017-01-24ssl: Handle more than one DistributionPointIngela Anderton Andin
2017-01-24ssl: Correct ssl_certificate:validate/3Ingela Anderton Andin
Changes made to ssl_certificate:validate appear to be preventing CRL validation from happening when an id-ce-extKeyUsage extension is present in the cert before the DistributionPoint extension. https://github.com/erlang/otp/blob/448e8aca77dd29ed5b37d56f0700d24ac26a7243/lib/ssl/src/ssl_certificate.erl#L131 See also ERL-338 and PR-1302
2017-01-24Merge branch 'schimulkar/os_mon/linux-on-ibm-z/PR-1309/OTP-14161' into maintBjörn-Egil Dahlberg
* schimulkar/os_mon/linux-on-ibm-z/PR-1309/OTP-14161: Adding s390x support
2017-01-23ssh: ssh_dbg now reports HELLO msgs and timestampsHans Nilsson
2017-01-20Merge branch 'hans/ssh/cuddle_tests' into maintHans Nilsson
2017-01-20Merge branch 'egil/cuddle-more-tests' into maintBjörn-Egil Dahlberg
* egil/cuddle-more-tests: runtime_tools: Fix utf-8 encoding in LTTng.xml Handle unicode in path in test
2017-01-19ssh: fix mpint-bug in property testsHans Nilsson
2017-01-19Merge branch 'hans/ssh/reduce_decrypt_error_info_leakage/OTP-14109' into maintHans Nilsson
2017-01-19ssl: Move PEM cache to a dedicated processIngela Anderton Andin
The PEM cache handling has proven to be too disruptive of the manager process.
2017-01-18ssh: Reduce info leakage on decrypt errorsHans Nilsson
Use same message when there are packet errors like too long length, MAC, decrypt or decode errors. This is regarded as good practise to prevent some attacks
2017-01-18Merge branch 'raimo/snmp/compile-enum-refinement/ERL-325/OTP-14145' into maintRaimo Niskanen
* raimo/snmp/compile-enum-refinement/ERL-325/OTP-14145: Bump version Do without compilation time in SNMP versions[12]() Test enum refinement MIB Fix enum refinement in usertype in SYNTAX
2017-01-18Merge pull request #1311 from leoliu/fix-ERL-336Hans Nilsson
Add a missing aes_gcm -spec clause to crypto:block_encrypt/4
2017-01-17Merge branch 'egil/cuddle-tests' into maintBjörn-Egil Dahlberg
* egil/cuddle-tests: stdlib: Increase timetrap for rand_SUITE common_test: Increase timetrap for cth_hooks_SUITE compiler: Increase timetrap timeouts for lc_SUITE
2017-01-17runtime_tools: Fix utf-8 encoding in LTTng.xmlBjörn-Egil Dahlberg
2017-01-17Bump versionRaimo Niskanen
2017-01-17Do without compilation time in SNMP versions[12]()Raimo Niskanen
2017-01-17Merge pull request #1308 from philipcristiano/file_apiHans Nilsson
ssh: Correct ssh_sftpd_file_api dialzyer spec
2017-01-17Merge branch 'ingela/ssl/hs-stream/OTP-14138' into maintIngela Anderton Andin
* ingela/ssl/hs-stream/OTP-14138: ssl: Handle really big handshake packages
2017-01-17ssl: Handle really big handshake packagesIngela Anderton Andin
If a handshake message is really big it could happen that the ssl process would hang due to failing of requesting more data from the socket. This has been fixed. Also added option to limit max handshake size. It has a default value that should be big enough to handle normal usage and small enough to mitigate DoS attacks.
2017-01-17Add a missing aes_gcm -spec clause to crypto:block_encrypt/4Leo Liu
Fix https://bugs.erlang.org/browse/ERL-336.
2017-01-16Adding s390x supportSatyen Chimulkar
2017-01-13Test enum refinement MIBRaimo Niskanen
2017-01-13Fix enum refinement in usertype in SYNTAXRaimo Niskanen
2017-01-13Merge pull request #1261 from smangelsdorf/default_attrs_bugLars Thorsén
Include explicit attrs when default_attrs=true
2017-01-12ssh: Correct ssh_sftpd_file_api dialzyer specPhilip Cristiano
The `State` seems to have been included twice in 91acfc.
2017-01-12Merge branch 'hasse/stdlib/fix_anno_types/OTP-14131' into maintHans Bolinder
* hasse/stdlib/fix_anno_types/OTP-14131: stdlib: Correct signatures of functions in erl_parse
2017-01-12ssl: Make crls valid for a week instead of 24 hoursIngela Anderton Andin
With the 24 option we might be unlucky and get failing tests just because cert expired before the test is run.