Age | Commit message (Collapse) | Author |
|
* ia/ssl/partial_chain/OTP-12149:
ssl: One more workaround as tcp has no delivery gurantee on application level
ssl: Prepare for release - soft upgrade
ssl, public_key: Add new option partial_chain
|
|
* lukas/docfixes-17.3/OTP-12152:
Fix some spelling misstakes
|
|
|
|
|
|
|
|
* anders/diameter/17.3_release/OTP-12093:
vsn -> 1.7.1
Update appup for OTP-12094
Update appup for OTP-12080
Update appup for OTP-12069
|
|
* anders/diameter/5014/OTP-12074:
Don't leave extra bit in decoded AVP data
|
|
* anders/diameter/Failed-AVP/OTP-12094:
Fix best effort decode of Failed-AVP
Fix decode of Failed-AVP in RFC 3588 answer-message
|
|
* anders/diameter/counters/OTP-12080:
Fix counters for answer-message
Count relayed messages on {relay, Rbit}
Count request retransmissions
Fix counting of outgoing requests
|
|
* anders/diameter/info/OTP-12069:
Map binary process info to a reference/byte count
Add info item for diameter:service_info/2
Add (process) info tuple to diameter:service_info/2
Add diameter_dbg:sizes/0
Tweak comments
|
|
* sverk/crypto-check-version/OTP-12146:
crypto: Verify OpenSSL library major version at load
|
|
* fishcakez/dialyzer_beam_opts:
Use compile options when dialyzing beam files
|
|
Check that the certificate chain ends with a trusted ROOT CA e.i. a
self-signed certificate, but provide an option partial_chain to
enable the application to define an intermediat CA as trusted.
TLS RFC says:
"unknown_ca
A valid certificate chain or partial chain was received, but the
certificate was not accepted because the CA certificate could not
be located or couldn't be matched with a known, trusted CA. This
message is always fatal."
and also states:
"certificate_list
This is a sequence (chain) of certificates. The sender's
certificate MUST come first in the list. Each following
certificate MUST directly certify the one preceding it. Because
certificate validation requires that root keys be distributed
independently, the self-signed certificate that specifies the root
certificate authority MAY be omitted from the chain, under the
assumption that the remote end must already possess it in order to
validate it in any case."
X509 RFC says:
"The selection of a trust anchor is a matter of policy: it could be
the top CA in a hierarchical PKI, the CA that issued the verifier's
own certificate(s), or any other CA in a network PKI. The path
validation procedure is the same regardless of the choice of trust
anchor. In addition, different applications may rely on different
trust anchors, or may accept paths that begin with any of a set of
trust anchors."
|
|
|
|
|
|
Also, ensure that the right module's counterexample/0 is called.
|
|
The bit is added in diameter_codec to induce a decode error in the case
of 5014 errors, but was not removed before returning the decoded result.
Code examining the binary data in a diameter_avp record would then see
the extra bit.
|
|
|
|
diameter_codec must be loaded before diameter_traffic.
|
|
|
|
|
|
|
|
Commit c2c00fdd didn't get it quite right: it only decoded failed AVPs
in the common dictionary since it's this dictionary an answer-message is
decoded in. An extra dictionary isn't something that's easily passed
through the decode without rewriting dictionary compilation however, and
that's no small job, so continue with the use/abuse of the process
dictionary by storing the dictionary module for the decode to retrieve.
This is one step worse than previous uses since the dictionary is put in
one module (diameter_codec) and got in another (the dictionary module),
but it's the lesser of two evils.
|
|
Commit 066544fa had the unintended consequence of breaking the decode of
Failed-AVP in answer-message as defined in the RFC 3588, since the
grammar doesn't list Failed-AVP as an explicit component AVP, in
contrast to the RFC 6733 grammar, which does. Handle this case
explicitly, as an exception, just as with Failed-AVP as parent AVP.
|
|
An answer message that sets the E-bit is encoded/decoded with Diameter
common dictionary, using the answer-message grammar specified in the
RFC. However, the dictionary of the application in question is the one
that knows the command code of the message. Commit df19c272 didn't make
this distinction when incrementing counters for an answer-message, using
the common dictionary for both purposes, causing the message to be
counted as unknown. This commit remedies that.
|
|
to prevent strange memory corruption crashes due to
mismatch between header and library versions.
|
|
* bjorn/asn1/misc-bug-fixes/OTP-12125:
Workaround for combining two object sets separated by extension
Clean up and correct handling of parameters for parameterized types
Check the formal parameter for parameterized type definitions
Report errors also for unused parameterized types
Remove unused code for ABSTRACT-SYNTAX and TYPE-IDENTIFIER
Correct expansion of parameterized types
Add the module name to the #classdef{} record
Eliminate the use of #identifier{} outside the tokeniser and parser
Fix problem with object identifiers in external modules
Rewrite get_referenced_type/2
Teach the ASN.1 compiler to handle objects in field names
Teach the ASN.1 compiler to understand "EXPORTS ALL"
Teach the ASN.1 compiler the parse option
|
|
* bjorn/asn1/decoding-robustness/OTP-12145:
BER decoding: Improve error checking for indefinite length
BER: Test decoding of indefinite lengths
|
|
maint
* lucafavatella/improve-cpu_sup-error-when-slow-port-init:
Clarify error for slow `cpu_sup` port init
|
|
|
|
* ia/public_key/utf8-doc:
public_key: Correct documentation of ASN-1 type utf8String
|
|
|
|
* egil/fix-llvm-cc-warnings/OTP-12138:
odbc: Suppress signedness warnings for 'char *'
ic: Suppress unused-value warning
erts: Fix tentative-definition-incomplete-type
erts: Don't redefine '_XOPEN_SOURCE'
|
|
* egil/maps-with-doc-tests/OTP-12137:
stdlib: Test maps:with/2
stdlib: Document maps:with/2
|
|
* arekinath/ssh/aes-ctr:
ssh: check if ssh client supports newer cipher- and MAC-algorithms
SSH: only enable ciphers/MACs when they are available in crypto
SSH: add ssh_to_openssh test for ciphers and macs
SSH: documentation update for new algos
SSH: add support for aes128-ctr and hmac-sha2-256
|
|
|
|
|
|
|
|
|
|
|
|
This module may change without warning...
|
|
|
|
The following type of code would crash the compiler:
OSET SOME-CLASS ::= {OSET1, ..., OSET2}
|
|
The previous code looked at the actual parameters supplied when
instantiating the type to determine the type of the argument; the
correct way is to determine the type by looking at the governor and
case of the formal parameter.
|
|
Check the formal parameters for a parameterized type definition.
If the governor for a formal parameter is absent, the formal parameter
must be in upper case.
|
|
Definitions for parameterized types are verified once very early,
and one more time when they are instantiated.
Errors found during the first check were ignored, so errors for
unused parameterized types were not reported.
|
|
Before classes were fully implemented, there was support for
ABSTRACT-SYNTAX and TYPE-IDENTIFIER. Some of that code is still
there and is no longer used. Get rid of it and correct comments.
|
|
Attempting to compile:
SomeType{SOME-CLASS-NAME, SOME-CLASS-NAME:SomeSet} ::= ...
SEQUENCE {
something SOME-CLASS-NAME.&id({SomeSet})
}
would crash the compiler, because the actual parameter for
SOME-CLASS-NAME was not substituted into the governor for
the SomeSet parameter.
While we are at it, combine the functionality of is_class/2
and get_class_def/2 (eliminating is_class/2). Most callers
call both function.
|
|
If we want construct an #'Externaltypereference'{} from
a #classdef{} record, we will need the module name.
|
|
The only remaining use of #identifier{} in asn1ct_check was in a
temporary packaging of a value that would be ultimately be put
into #valuedef{}.
Therefore we can eliminate that last usage but putting the value
directly into a #valuedef{} and we can move the record definition
into asn1ct_parser2.
|