Age | Commit message (Collapse) | Author |
|
|
|
|
|
* ia/ssl/connection_information/OTP-13232/OTP-13343:
ssl: Newer cipher suites now presented correctly
ssl: Include options form connect/listen/accept in connection_information/[1,2]
|
|
Older SSL/TLS versions have cipher suites
that look like {key_exchange(), cipher(), MAC::hash()}
and the hash function used by the PRF (Pseudo Random function)
is implicit and always the same for that protocol version.
In TLS 1.2 a cipher suite is
{key_exchange(), cipher(), MAC::hash(), PRF::hash()}.
Internally a cipher suite is always a four tuple but
for backwards compatibility older cipher suites
will be presented as a three tuples, however new cipher suites
should be presented as four tuples.
|
|
|
|
* dgud/observer/doc:
Observer: Editorial changes in documentation
|
|
|
|
Make sure that options only relevant for one role (client|server) is set
to undefined when the other role is invoked. As there are many options to
ssl, and many are optional, we choose to filter out all undefined options
to avoid overwhelming the user with not relevant information.
This way there is no need for any special handling of the role specific options
which is also nice.
|
|
|
|
|
|
If a ssh package contained more than one netconf end tag, then the
second end tag was never detected in ct_netconfc:handle_data. Instead
it was included in the XML data given to the xmerl parser, which then
failed with reason "\"]]>\" is not allowed in content".
This problem was introduced by OTP-13007.
|
|
* legoscia/ssl-doc-typos:
Fix typos in ssl.xml
OTP-13339
|
|
See also http://bugs.erlang.org/browse/ERL-95.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* ia/pr/958/OTP-13334:
ssl: verify cert signature against original cert binary
|
|
* tuncer/ei-breakage:
ei: fix breakage reported by Sergei Golovan
Revert "musl: fix gethostbyname_r/gethostbyaddr_ selection"
OTP-13328
|
|
|
|
* dgud/mnesia/del_schema_hangs/OTP-13284:
mnesia: let loader check if tablelock is needed
mnesia: Avoid deadlock possibility in mnesia:del_table_copy schema
|
|
|
|
* bjorn/compiler/beam_bsm/OTP-13309:
Eliminate crash because of unsafe delaying of sub-binary creation
|
|
* nybek/speed_up_supervisor_count_children:
Speed up supervisor:count_children/1; simple_one_for_one
Add supervisor:get_callback_module/1
OTP-13290
|
|
move_table_copy needs the lock that was set previously in del_table_copy.
This doesn't work on old nodes, so bump protocol version and check it.
Remove old protocol conversion code, which have been around since OTP-R15.
Checking if lock is needed requires rpc communication via mnesia_gvar
ets table to be backwards compatible.
|
|
The argument of byte_size() is a bitstring().
The code in erl_bif_types that finds cases where comparisons always
return true or false is corrected when it comes to maps and bit
strings.
|
|
OTP-13311
* sverk/ecc-fixes:
Ensure testing ssl with supported ciphers only
Only use supported EC curves in crypto tests
Check the result of EC_GROUP_new_curve_* calls
|
|
When searching for a certificate's issuer in the `CertDB`, verify the signature
against the original DER certificate from the handshake instead of a re-encoding
of the parsed certificate. This avoids false negatives due to differences
between DER encoding implementations of OTP and other platforms.
|
|
|
|
* ia/ssl/handshake-fragmentation/OTP-13306:
ssl: Big handshake messages needs to be fragmented on TLS record level
|
|
[James Fish:]
Dialyzer always asserts that files and directories passed in its
options exist. Therefore it is not possible to remove a beam/module
from a PLT when the beam file no longer exists. Dialyzer should not to
check files exist on disk when removing from the PLT.
|
|
|
|
* anders/diameter/appup/OTP-13283:
Add missing appup after 17.5.6.8 merge
|
|
The following code would fail to compile:
decode(<<Code/integer, Bin/binary>>) ->
<<C1/integer, B1/binary>> = Bin,
case C1 of
X when X =:= 1 orelse X =:= 2 ->
Bin2 = <<>>;
_ ->
Bin2 = B1
end,
case Code of
1 -> decode(Bin2);
_ -> Bin2
end.
The error message would be:
t: function decode/1+28:
Internal consistency check failed - please report this bug.
Instruction: return
Error: {match_context,{x,0}}:
The beam_bsm pass would delay the creation of a sub-binary when it was
unsafe to do so. The culprit was the btb_follow_branch/3 function that
for performance reasons cached labels that had already been checked.
The problem was the safety of a label also depends on the contents
of the registers. Therefore, the key for caching needs to be both
the label and the register contents.
Reported-by: José Valim
|
|
|
|
del_table_copy grabs a write lock in a new process in prepare_op/3 to
change 'where_to_read' when a table copy is updated.
When del_table_copy(schema, Node) is called all copies located on Node
are deleted, and thus many locks are taken. Since this was done outside
of the schema-transaction, mnesia's deadlock prevention algorithms
was sidestepped and a deadlock could occur.
Fix by always grabbing write-locks for all changed tabs early and in the same
transaction, this might slow done the operation some but it must be done
and it also cleans up the code.
|
|
* ia/ssl/validator:
ssl: Only start a new session validator if the old one has finished its work
|
|
* tnt-dev/fix-function-index-sort:
Don't sort function index when it's not necessary
OTP-13302
|
|
* legoscia/tls-dist-listen-ip:
TLS distribution: bind erts socket to localhost
OTP-13300
|
|
* legoscia/patch-3:
Fix documentation of net_kernel:allow/1
OTP-13299
|
|
* rj/release-handler-noproc-fix:
Fix noproc crash during release installation
OTP-13291
|
|
Speed up supervisor:count_children/1 for simple_one_for_one
supervisors. This is achieved by avoiding looping through all the
child process and verifying that each one is alive.
For a supervisor with 100,000 'temporary' children the count-time will
drop from approx 25ms to about 0.005ms.
For a supervisor with 100,000 'permanent' or 'transient' children the
count-time will drop from approx 30ms to about 0.005ms.
This avoids having the supervisor block for an extended period while
the count takes place. Under normal circumstances the accuracy of the
result should also improve since the duration is too short for many
processes to die during the count.
|
|
This function is used by release_handler during upgrade. This was
earlier implemented in the release_handler, but it required a copy og
the definition of the supervisor's internal state, which caused
problems when this state was updated.
|