| Age | Commit message (Collapse) | Author |
|---|
|
This is the method added in draft-ietf-dime-rfc3588bis, whereby
a TLS handshake immediately follows connection establishment and
CER/CEA is sent over the secured connection.
|
|
|
|
|
|
RFC 3588 requires that a Diameter server support TLS but in
practise this seems to mean TLS over SCTP since there are limitations
with running over SCTP: see RFC 6083 (DTLS over SCTP), which is a
response to RFC 3436 (TLS over SCTP). The current RFC 3588 draft
acknowledges this by equating the Inband-Security-Id value TLS
with TLS/TCP and DTLS/SCTP but underlying support for DTLS is
still thin on the ground.
|
|
If TLS has been configured on Inband-Security-Id then the transport
process receives a message from the peer_fsm process indicating
whether or not to upgrade to TLS.
The current draft of RFC 3588 deprecates (but retains for backwards
compatibility) the use of Inband-Security-Id for negotiating TLS,
adding the possibility of TLS having be negotiated before capabilities
exchange. This commit handles the deprecated case.
|
|
When an initial message is received and TLS is a possibility, must
wait for a message from the peer process before either commencing
a handshake or receiving more messages.
|
|
To upgrade a connection to TLS or not, that is the question. It
is possible for us to send a CER offering both NO_INBAND_SECURITY
and TLS and for the peer to answer likewise: RFC 3588 doesn't make
clear that a CEA should be unambiguous about the choice of security.
Thus, if TLS is offered then assume the server is prepared to
for a handshake. Similarly, when receiving a CER, choose TLS if
it's offered and be unambiguous about our choice in CEA. There is
no ssl:maybe_accept that would let us receive a handshake if it
comes or another message if it doesn't.
The choice of TLS should probably be made into a callback so that
an application can decide based on the peer's Origin-Realm for
example. Such a callback could also be used to reject a CER/CEA.
Handle Inband-Security-Id values other than NO_INBAND_SECURITY and
TLS by assuming that they require no intervention by the transport
module, treating them like NO_INBAND_SECURITY. Whether or not this
is reasonable (or useful) is unclear. There may be a need for more
sychronization than we have on offer. (Having to do something before
taking the connection up for example.)
Note that diameter_peer_fsm must be upgraded before diameter_capx
because of the new return value from diameter_capx:recv_CEA/2.
|
|
|
|
|
|
* dev: (38 commits)
Update documentation
Rid ct_telnet of doc build warnings
Create temporary fix for problem with parallel test cases
Update primary bootstrap
Correct "Missing Suites" link
Add documentation on timetraps and start flags
Add missing tests for timetrap handling and fix remaining errors
Solve problem with ct_init/end_per_group being counted as test cases
Fix errors in test suites
Fix invalid call to undefined function
Fix problem with test_server_ctrl creating invalid conf test
Improve info in CT framework log
Update vsn.mk for common_test and test_server
Enhance logging performance
Change order of include files
Add link to last executed test suite on index page
Fix problem with location value when init config func calls help func
Fix crash when CTHook init fails
Correct error in test suite
Fix error with incorrect notification after end_per_testcase craches
...
Conflicts:
bootstrap/bin/start.boot
bootstrap/bin/start_clean.boot
bootstrap/lib/compiler/ebin/beam_asm.beam
bootstrap/lib/compiler/ebin/beam_disasm.beam
bootstrap/lib/compiler/ebin/compile.beam
bootstrap/lib/compiler/ebin/sys_pre_expand.beam
bootstrap/lib/kernel/ebin/code.beam
bootstrap/lib/kernel/ebin/code_server.beam
bootstrap/lib/kernel/ebin/hipe_unified_loader.beam
bootstrap/lib/kernel/ebin/inet.beam
bootstrap/lib/kernel/ebin/inet_config.beam
bootstrap/lib/kernel/ebin/inet_dns.beam
bootstrap/lib/stdlib/ebin/beam_lib.beam
bootstrap/lib/stdlib/ebin/dets.beam
bootstrap/lib/stdlib/ebin/erl_compile.beam
bootstrap/lib/stdlib/ebin/erl_internal.beam
bootstrap/lib/stdlib/ebin/erl_scan.beam
bootstrap/lib/stdlib/ebin/erl_tar.beam
bootstrap/lib/stdlib/ebin/io_lib_fread.beam
bootstrap/lib/stdlib/ebin/otp_internal.beam
bootstrap/lib/stdlib/ebin/sofs.beam
bootstrap/lib/stdlib/ebin/supervisor.beam
bootstrap/lib/stdlib/ebin/zip.beam
lib/common_test/src/ct.erl
lib/common_test/src/ct_run.erl
lib/common_test/test/ct_error_SUITE.erl
lib/common_test/test/ct_repeat_1_SUITE.erl
lib/common_test/test/ct_skip_SUITE.erl
lib/test_server/src/test_server.erl
|
|
OTP-9396
OTP-9372
OTP-9155
|
|
OTP-9572
|
|
* origin/peppe/common_test/r14b04_tickets.fix: (35 commits)
Create temporary fix for problem with parallel test cases
Correct "Missing Suites" link
Add documentation on timetraps and start flags
Add missing tests for timetrap handling and fix remaining errors
Solve problem with ct_init/end_per_group being counted as test cases
Fix errors in test suites
Fix invalid call to undefined function
Fix problem with test_server_ctrl creating invalid conf test
Improve info in CT framework log
Update vsn.mk for common_test and test_server
Enhance logging performance
Change order of include files
Add link to last executed test suite on index page
Fix problem with location value when init config func calls help func
Fix crash when CTHook init fails
Correct error in test suite
Fix error with incorrect notification after end_per_testcase craches
Fix problem with error message not being printed correctly
Add cases to check test case status versus end_per_testcase failure
Fix incorrect call to end_tc when tc_status=ok and end_per_testcase times out
...
OTP-9600
OTP-9593
OTP-9592
OTP-9585
OTP-9584
OTP-9575
OTP-9520
OTP-9518
OTP-9501
OTP-9429
OTP-9398
OTP-9397
OTP-9396
OTP-9379
OTP-9372
OTP-9371
OTP-9370
OTP-9369
OTP-9311
OTP-9237
OTP-9155
OTP-8933
|
|
OTP-9600
|
|
* dev:
Update copyright years
|
|
|
|
* dev:
Skip create_big_boot on platforms without crypto
Remove test_server path instead of cwd for clash test
Skip getaddr_v6 test if on the ipv4_only host
Use static port for old solaris versions
Extend time to wait for zone files to be loaded
Allow out of memory exception for max_port checks
Extend slave start timeout for windows tests
Double timeout to make sure debug builds pass
Use now instead of os:timestamp
Increase timeout in scheduler_suspend for slow platforms
Skip update_cpu_info if 'taskset' cannot be found
|
|
* lukas/fix_erts_testcases/OTP-9596:
Skip create_big_boot on platforms without crypto
Remove test_server path instead of cwd for clash test
Skip getaddr_v6 test if on the ipv4_only host
Use static port for old solaris versions
Extend time to wait for zone files to be loaded
Allow out of memory exception for max_port checks
Extend slave start timeout for windows tests
Double timeout to make sure debug builds pass
Use now instead of os:timestamp
Increase timeout in scheduler_suspend for slow platforms
Skip update_cpu_info if 'taskset' cannot be found
|
|
|
|
* sa/dialyzer-bug-fixes:
Fix typer's crash for nonexisting files
Remove unused macro
Decrease tuple arity limit
Fix bug in dataflow
OTP-9597
|
|
This has to be done as many other applications depend
on that crypto is present.
|
|
With the introduction of common_test as test framework
the working directory of the tests changed to be the
emulator_test directory. So we now have to remove the
../test_server directory instead. This change only affect
tests run with a emulator which has not been installed.
|
|
|
|
Solaris version before 10 have some problem with releasing
addresses after doing a gen_udp:open, which causes inet_res
to get a econnrefused. With this fix we hope that the static
port will not collide with anything.
|
|
This change was made in order to make slow solaris machines
work.
|
|
|
|
|
|
* anders/diameter/testsuites/OTP-9553:
Remove forgotten dbg
|
|
|
|
OTP-9592
|
|
|
|
OTP-9593
|
|
|
|
* anders/diameter/testsuites/OTP-9553:
Don't install Emakefile at release_tests
|
|
Emakefile contained compile flags that caused compilation of suites
to fail in some cases. common_test will generate an Emakefile and
diameter has no need for one of its own.
|
|
|
|
* rc/eunit-2.2.1:
removed some never-matching clauses reported by dialyzer
updated author e-mails and homepages
removed cvs keywords from files
removed files that should not be checked in
OTP-9591
|
|
* rc/edoc-0.7.9:
bumped revision
removed some never-matching clauses reported by dialyzer
Fix macro expansion in comments following Erlang types
URI-escape bytes as two hex digits always (reported by Alfonso De Gregorio)
updated author e-mail
recognize some more URI schemas in wiki text, in particular https
OTP-9590
|
|
|
|
* raimo/sctp-getsetopts-dev/OTP-9544:
erts,kernel: Bugfix - read SCTP socket options from right protocol layer
erts: Fix bug SCTP send can only be called from controlling process
|
|
|
|
* dgud/mnesia/prepare-release:
[mnesia] Prepare release
|
|
|
|
* sverker/revert-md2-With-RSA-Encryption:
Revert "Prepare for release"
Revert "Support md2WithRSAEncryption certificates in public_key"
Revert "Support 'md2' hash in crypto:rsa_sign/3 and crypto:rsa_verify/4"
|
|
* bjorn/line-numbers/OTP-9468:
beam_lib_SUITE: Don't assume that "Abst" is the last chunk
test_server: Show line number for caller of test_server:fail()
|
|
* bjorn/parallel-make/OTP-9451:
ic documentation: Support parallel make
system documentation: Support parallel make
Support parallel make when running erl_interface tests
odbc/c_src/Makefile.in: Support parallel make
tools/c_src/Makefile.in: Support parallel make
gs: Correct support for parallel make
|
|
* dev:
distribution_SUITE:bulk_send_bigbig/1: Fail with more information
distribution_SUITE: Use unique slave node names
beam_lib: Handle rare race in the crypto key server functionality
busy_port_SUITE: Avoid crash in register/2
[wx] Re-generate code
[wx] Remove optional shadowing clauses
[wx] Remove warning
[wx] Fix trailing whitespace
[wx] Test colors in textctrl
[wx] Fix cleanup memory references
|
|
* bjorn/stdlib/fix-beam_lib-race/OTP-9586:
beam_lib: Handle rare race in the crypto key server functionality
|
|
|
|
* dgud/wx/wx-bugs:
[wx] Re-generate code
[wx] Remove optional shadowing clauses
[wx] Remove warning
[wx] Fix trailing whitespace
[wx] Test colors in textctrl
[wx] Fix cleanup memory references
|
