| Age | Commit message (Collapse) | Author |
|---|
|
ssl: Correct key_usage check
|
|
epmd: allow alternative to dns resolving for nodename
|
|
* siri/kernel/dont-store-incl-apps-in-env/OTP-15071:
Don't save included_applications as application environment variable
|
|
This makes it possible to create a custom integration with a
key-value store for example. The key would then point to the
actual address. You would have to write your own epmd module
to make use of that feature.
|
|
* richcarl/eliminate_lib_module/PR-1786/OTP-15072:
Fix minor issues
Eliminate call to ct:get_progname() in ts_erl_config
Use \n escape instead of integer 10
Move error formatting to erl_error.erl and delete lib.erl
Move extended parse functions in lib.erl to erl_eval.erl
Move lib:eval_str/1 into mod_esi.erl
Remove lib:progname/0
Eliminate call to lib:progname/1 in slave.erl
Add ct:get_progname/0
Remove lib:error_message/2
Remove lib:flush_receive/0
Remove lib:send/2 and lib:sendw/2
Move lib:nonl/1 into yecc.erl
|
|
The Key Usage extension is described in section 4.2.1.3 of X.509, with the following possible flags:
KeyUsage ::= BIT STRING {
digitalSignature (0),
nonRepudiation (1), -- recent editions of X.509 have
-- renamed this bit to contentCommitment
keyEncipherment (2),
dataEncipherment (3),
keyAgreement (4),
keyCertSign (5),
cRLSign (6),
encipherOnly (7),
decipherOnly (8) }
In SSL/TLS, when the server certificate contains a RSA key, then:
either a DHE or ECDHE cipher suite is used, in which case the RSA key
is used for a signature (see section 7.4.3 of RFC 5246: the "Server
Key Exchange" message); this exercises the digitalSignature key usage;
or "plain RSA" is used, with a random value (the 48-byte pre-master
secret) being encrypted by the client with the server's public key
(see section 7.4.7.1 of RFC 5246); this is right in the definition of
the keyEncipherment key usage flag.
dataEncipherment does not apply, because what is encrypted is not
directly meaningful data, but a value which is mostly generated
randomly and used to derive symmetric keys. keyAgreement does not
apply either, because that one is for key agreement algorithms which
are not a case of asymmetric encryption (e.g. Diffie-Hellman). The
keyAgreement usage flag would appear in a certificate which contains a
DH key, not a RSA key. nonRepudiation is not used, because whatever is
signed as part of a SSL/TLS key exchange cannot be used as proof for a
third party (there is nothing in a SSL/TLS tunnel that the client
could record and then use to convince a judge when tring to sue the
server itself; the data which is exchanged within the tunnel is not
signed by the server).
When a ECDSA key is used then "keyAgreement" flag is needed for beeing
ECDH "capable" (as opposed to ephemeral ECDHE)
|
|
* lukas/erts/otp-21-misc:
erts: Fix unused variable warning in unix prim file
erts: Fix erts_os_times warning
kernel: Fix comment in kernel_config
kernel: Refactor erl_signal_handler startup
kernel: Remove doc for unused browser_cmd variable
|
|
The error_logger is no longer added here.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* hasse/tools/xref_fix:
tools: Handle fast restarts of Xref server
|
|
* hans/ssh/rekey_limit/OTP-15069:
ssh: Test the infinity rekey_limit option
ssh: Add infinity as values to rekey_limit
|
|
|
|
Zero is removed from the Minutes in the new tuple value to remove a loop possibility. The zero is kept for bytes since that is not dangerous and a removal would be an unnecssary incompatibility.
|
|
|
|
* siri/logger-fix:
Update reference manuals for logger
Update some specs in logger
|
|
|
|
* maint:
Updated OTP version
Prepare release
ssh: Renegotiation -> renegotiate
ssh: Fix DH group exchange server bug for PuTTY and others following draft-draft-00 from 2001 and not the rfc4419
ssh: Fix server crashes for exit-normal signals
|
|
* maint-19:
Updated OTP version
Prepare release
ssh: Renegotiation -> renegotiate
ssh: Fix DH group exchange server bug for PuTTY and others following draft-draft-00 from 2001 and not the rfc4419
ssh: Fix server crashes for exit-normal signals
Conflicts:
OTP_VERSION
lib/ssh/doc/src/notes.xml
lib/ssh/src/ssh_connection_handler.erl
lib/ssh/src/ssh_transport.erl
lib/ssh/vsn.mk
otp_versions.table
|
|
During cross compilation, the ct module is not available.
|
|
|
|
|
|
|
|
Remove comments about deprecation in OTP-21
|
|
|
|
* hans/ssh/reneg_bug_19/OTP-15066:
ssh: Renegotiation -> renegotiate
|
|
* hans/ssh/dh_gex_putty_19/OTP-15064:
ssh: Fix DH group exchange server bug for PuTTY and others following draft-draft-00 from 2001 and not the rfc4419
|
|
* maint:
Updated OTP version
Prepare release
ssh: Renegotiation -> renegotiate
ssh: Fix DH group exchange server bug for PuTTY and others following draft-draft-00 from 2001 and not the rfc4419
crypto: get_engine_load_cmd_list excluded if no engine support
crypto: Fix compilation for LibreSSL 2.7.x
crypto: Disable test_engine if engine is disabled
crypto: disable engine if OPENSSL_NO_EC* is set If that flag is set, and openssl/engine.h is included, there will be an erro further down in files included by engine.h
Conflicts:
OTP_VERSION
|
|
* maint-20:
Updated OTP version
Prepare release
ssh: Renegotiation -> renegotiate
ssh: Fix DH group exchange server bug for PuTTY and others following draft-draft-00 from 2001 and not the rfc4419
crypto: get_engine_load_cmd_list excluded if no engine support
crypto: Fix compilation for LibreSSL 2.7.x
crypto: Disable test_engine if engine is disabled
crypto: disable engine if OPENSSL_NO_EC* is set If that flag is set, and openssl/engine.h is included, there will be an erro further down in files included by engine.h
|
|
I had missed the one in lower section.
|
|
Update global name typespec
|
|
Fix syntactic issues in EDoc comments across some libs
|
|
|
|
* hans/ssh/reneg_bug_20/OTP-15066:
ssh: Renegotiation -> renegotiate
|
|
* hans/ssh/dh_gex_putty/OTP-15064:
ssh: Fix DH group exchange server bug for PuTTY and others following draft-draft-00 from 2001 and not the rfc4419
|
|
* hans/crypto/OPENSSL_NO_EC/OTP-15073:
crypto: Disable test_engine if engine is disabled
crypto: disable engine if OPENSSL_NO_EC* is set If that flag is set, and openssl/engine.h is included, there will be an erro further down in files included by engine.h
|
|
* siri/logger-fix:
Change logger callback removing_handler/1 to removing_handler/2
Don't crash logger_server due to unexpected message
Add logger:update_process_metadata/1
Improve documentation of logger:set_*_config functions
Change return type from logger_formatter:format/2
Improve test of logger_disk_log_h and logger_std_h
Update logger documentation
Set single_line=true by default in logger_formatter
|
|
|
|
|
|
|
|
|
|
This used to be string() is now changed to unicode:chardata().
|
|
|
|
Introduce is_map_key/2 guard BIF
OTP-15037
|
|
Remove unused source files in lib/hipe/opt
|
|
* john/tools/cuddle-lcnt-tests:
Ensure that lcnt server is terminated after lcnt:stop/0
|
