Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
TLS 1.2 allows to negotiate the used PRF,
additional the default PRF uses a different
hash. This change make the PRF selectable
and hardwires the PRF for TLS < 1.2
|
|
dh parameter verification is done differently with TLS 1.2.
Prepare for that by passing the verion to verify_dh_params.
|
|
TLS 1.2 changes the layout of several handshake
records. This adds the TLS version to dec_hs/2
so it can decode those.
|
|
TLS 1.2 changed the way digital signatures are
done. key_exchange/3 needs to pass the version
to it.
|
|
now that we handle TLS 1.1+ records correctly, the test suite
have to take that into account.
|
|
|
|
With TLS 1.2 the handling of the IV in cipher blocks
changed. This prepares ssl_cipher:cipher/5 for that
change by passing the TLS version into it and allowing
generic_block_cipher_from_bin/4 to overload the IV.
|
|
TLS/SSL version before 1.2 always used a MD5/SHA combination
for the handshake hashes. With TLS 1.2 the default hash is
SHA256 and it is possible to negotiate a different hash.
This change delays the calculation of the handshake
hashes until they are really needed. At that point the hash
to use should be known.
For now MD5/SHA is still hard coded.
|
|
dsa -> dss
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Replace _hash functions with {digest,_} argument
to existing sign/verify functions.
|
|
|
|
* ia/ssl/recv-bug/OTP-10118:
ssl: Fix bug in the handling of remote connection closure of {active,false} ssl sockets.
|
|
A general case clause was put before a less general so that the less
general case would never match.
|
|
ssl sockets.
|
|
* ia/ssl/bottlenecks/OTP-10113:
ssl: Test case fixes
ssl: Avoid second bottleneck in supervisor
ssl: File handling optimization
ssl: Simpler PEM cache
ssl: Refactored for readability
ssl: Use md5 as file ref id instead of filenames
ssl: Move ets:select bottleneck in server
ssl: Renegotiate updates session id in gen_fsm state
ssl: Use ordered_set in cache
ssl: Move and avoid ets:select bottleneck in client
ssl: Reuse session check optimization
ssl: Avoid supervior bottleneck
|
|
* ia/ssh/missing-reason-in-catch-exit/OTP-10112:
Improved handling of multiple closes
|
|
|
|
Do proc_lib:spawn_link instead of proc_lib:start_link as synchronized
init is not used/needed anyway.
|
|
Avoid cach validation with file:file_info/2 as this i too expensive and
causes a bottleneck in the file server. Instead we expose a new API function
ssl:clear_pem_cache/0 to deal with the problem. As we think it will be
of occasional use and the normal case is that the cache will be valid we think
it is the right thing to do.
Convert file paths to binary representation in the ssl API module to
avoid uncessarry calls in file later on.
Also add sanity checks for openssl versions in testsuite due to new
openssl bugs.
|
|
* lukas/otp/install_with_whitespace/OTP-10107:
Update to work with space in include path
Update to work with whitespace in exec path
|
|
OTP-10109
|
|
|
|
Instance of state variable that are "updated" in a function is called
for example State0 and the last instance, that should be returned, is
called State possible intermidiat versions are suffixed by increasing
numbers. State0 may be rturned in error cases.
Avoid nesting case statments.
|
|
Aviods storing a lot of data
|
|
Only use ssl_manager for selecting new ids to guarantee uniqueness,
but reuse check does not need to be performed by the manager.
|
|
The session id keept in the connection processes state must be updated to be
the id selected by ssl_handshake:client_hello, failing to do so will
cause a crash if the session is not reused.
|
|
So we can use partial bound keys for matching
|
|
Do not use ssl_manager process for selecting an id. It's unnecessary
to involve the manager process at all on the client side.
|
|
|
|
This is done by using proc_lib and gen_fsm:enter_loop
so that supervisor will not have to wait for the relative long initialization
of an ssl connection process before starting another connection process.
|
|
* kenneth/asn1/multiple_extaddgroup/OTP-10058:
Add support for multiple ExtensionAdditionGroups
|
|
OTP-10106
OTP-10107
|
|
* bjorn/remove-hybrid-heap/OTP-10105:
Remove stale code for hybrid heap and incremental GC
Remove the hipe_bifs:show_message_area/0 BIF
Remove support for erlang:system_info(global_heaps_size)
Remove the erlang:garbage_collect_message_area/0 BIF
Remove workarounds for hybrid and shared heaps in test suites
|
|
exit:{normal} -> exit:{normal, _} this typo could sometimes cause a crash
when trying to close a channel that was already closed.
|
|
1. Sometimes the solver forgot that a list had entered the error
state. The bug has been fixed by storing the atom 'error' in
MapDict. An example where the bug occurred is
io_lib_pretty:printable_bin(). The returned spec was weaker than it
should have been, but the fix-point loop hid the bug (in this case).
2. lists:partition() has been substituted for lists:splitwith() in
enumerate_constraints(). This fix together with 3. solves a
problem with long execution times for deeply nested fun:s. An
example which is now much faster is
lib/compiler/test/lc_SUITE:deeply_nested/1
(included as dialyzer/test/small_SUITE_data/src/deep_lc.erl).
3. The calculation of components in enumerate_constraints() has been
simplified and optimized. The important thing here is that _all_ of
the simple constraints have been saturated before entering the
complex part.
4. The pretty printing of constraints has been improved.
|
|
* lukas/stdlib/ensure_dir_infinite_loop/OTP-10104:
Fix infinite loop when an invalid drive letter it given
|