| Age | Commit message (Collapse) | Author |
|---|
|
|
|
maint-r14
* ia/ssl-and-public_key/verify_fun_peer_awarness/OTP-8873:
Peer awarness
|
|
* ia/public_key/basic_constraints/OTP-8867:
Better handling of v1 and v2 certificates.
|
|
Changed the verify fun so that it differentiate between the peer
certificate and CA certificates by using valid_peer or valid as the
second argument to the verify fun. It may not always be trivial or
even possible to know when the peer certificate is reached otherwise.
|
|
V1 and v2 certificates does not have any extensions
so then validate_extensions should just accept that
there are none and not end up in missing_basic_constraints clause.
|
|
Changed implementation to retain backwards compatibility for old
option {verify, 0} that shall be equivalent to {verify, verify_none},
also separate the cases unknown CA and selfsigned peer cert, and
restored return value of deprecated function public_key:pem_to_der/1.
|
|
|
|
* 'bmk/inets/prepare_for_r14b' of ../bmk_otp:
Prepare release for inets-5.5 (R14B).
|
|
* 'bmk/snmp/prepare_for_r14b' of ../bjorn_otp:
Prepare for R14B
|
|
|
|
|
|
|
|
* pan/epmd-vulnerabilities/OTP-8780:
Teach testcases to survive TIME_WAIT overload
Update erl_interface doc and testsuite for epmd changes
Restore null termination of input buffer
Teach testcase epmd_SUITE:too_large to accept econnaborted
Teach epmd_cli.c to not respond 'Killed' when killing denied
Calculate minimal packet size for ALIVE2 requests correctly
Document epmd and it's options properly and fixup help text
Fix anomalies in epmd not yet reported as security issues
Remove two buffer overflow vulnerabilities in EPMD
Remove all support for ancient EPMD protocol
Remove very old protocol from EPMD
Conflicts:
lib/erl_interface/src/epmd/epmd_port.c
|
|
* sv/ei-writev:
fix incorrect writev iovec buffer handling in ei
OTP-8837
|
|
|
|
|
|
|
|
|
|
|
|
* egil/ei/fix-declspec/OTP-8826:
Remove USE_DECLSPEC_THREAD from erl_interface
|
|
* ia/public_key-subject-alternative-name/OTP-8825:
Improved certificate extension handling
Add handling of SubjectAltName of type otherName
|
|
For platforms that support writev, ei uses iovec structures to be able
to easily send noncontiguous data buffers. When sending large
messages, the socket can of course block, in which case ei adjusts its
iovecs to pick up where it left off when the socket becomes writeable
again. Unfortunately the code that handled the case when the number of
bytes written are less than the current iovec size adjusted only the
iovec byte count but not the iovec data pointer, resulting in the same
data being sent multiple times.
The fix is trivial: in addition to subtracting the count of bytes
already written from the current iovec's size, also increment the
current iovec's data pointer by the number of bytes already written.
Tested manually on Linux and verified to fix a problem detected in
production with writing large binaries from a cnode to a regular
node. No unit tests were added, however, because they use the local
loopback which acts more like a pipe than an inter-host TCP
connection. The closing of the TCP window on the receiving side and
the resultant write blocking on the socket, which in turn caused the
code that mishandled the iovecs to be exercised, could unfortunately
not be readily duplicated in the erl_interface test suite.
|
|
|
|
|
|
* peppe/common_test/dev/OTP-8805:
Fix problem with {fail,Result} from end_tc not being recognized
Fix problem with prepared_tests tuple not being recognized
Add verification terms to test suite
Fix various test suite, makefile, and doc related problems
Fix error in the repeat_until_* group property handling
|
|
* peppe/common_test/dev/OTP-8804:
Update the configuration data chapter in the user's guide
|
|
* peppe/common_test/dev/OTP-8803:
Add Andrey Pampukha to AUTHORS file
|
|
* peppe/common_test/dev/OTP-8753:
Fix problem with prepared_tests tuple not being recognized
Add verification terms to test suite
Fix various test suite, makefile, and doc related problems
Fix error in the repeat_until_* group property handling
Add test suite for groups with repeat property
Add verification events to sequence group test suite
Fix error in handling of sequence groups
Fix error in test suite
Fix problems with sequences and sub-groups
Add test cases to sequence suite
Fix error with group term in ct:run_test/1
Add test suite to examplify problem with nested groups in a sequence
|
|
|
|
Added the functionality so that the verification fun will be called
when a certificate is considered valid by the path validation to allow
access to eachs certificate in the path to the user application.
Removed clause that only check that a extension is not critical,
it does alter the verification rusult only withholds information from
the application.
Try to verify subject-AltName, if unable to verify it let
application try.
|
|
* kenneth/asn1/docfixes/OTP-8829:
Add warning about since long unsupported [{Cname,Val}] repr. of SEQUENCE/SET
|
|
* kenneth/gs-deprecate-warning/OTP-8824:
Add warning in documentation about that GS will be deprecated and removed from distribution soon
|
|
* kenneth/asn1/nested_extaddgroup/OTP-8797:
Add support for ExtensionAdditionGroup notation in nested types as well
Conflicts:
lib/asn1/test/test_undecoded_rest.erl
|
|
* kenneth/runtime_tools/inviso_autostart/OTP-8783:
patch from user regarding inviso_autostart_server in runtime_tools
|
|
* kenneth/asn1/uper_contrained_number/OTP-8779:
Fix bug in UNALIGNED PER regarding encode/decode of constrained number with valuerange > 1024
|
|
into dev
* kenneth/runtime_tools/inviso-patches-from-E-user/OTP-8755:
Minor corrections and remove of temporary workaround.
|
|
DECLSPEC causes access violations on vista.
|
|
* bjorn/http-packet-error/OTP-8831:
Make gen_tcp:recv/2 consistent with ssl:recv/2
|
|
|
|
Othe minor corrections as well.
|
|
* ia/ssl-http-error-test:
Add test suite for packet http_error.
|
|
* ia/ssl-4.0.1/documentation:
Updated documentation for ssl-4.0.1
|
|
When the HTTP packet mode has been enabled for a socket,
the ssl and gen_tcp modules have different error indications
when there is an error while parsing the HTTP header:
ssl:recv(SSLSocket, 0) -> {ok, {http_error, _Str}}
gen_tcp:recv(Socket, 0) -> {error, {http_error, _Str}}
We have decided to change gen_tcp:recv/2 to behave the same
way as ssl:recv/2. That means that there will be always be
an ok tuple if data could be succefully read from the socket,
and an error tuple if there was a read error at the socket level.
|
|
|
|
* maint-r13:
Add test suite for ic
Add test suite for runtime_tools
Add test suite for debugger
Add test suite for os_mon
|
|
|
|
* dgud/et_fixes/OTP-8830:
Fix wx viewer so it works on windows/mac.
|
|
* cg/docs-fixes:
Linkify applications listed under "See Also"
Fix minor typos in the documentation
|
|
Check operations that can overflow, e.g.,
erl_call -sname $(perl -e 'print "x"x5000')
perl -e 'print "-module(", "x"x10000, ");"' | erl_call -m -r -sname foo
|
|
* ia/ssl-forgot-DH-params-DER:
Add missed DER dh option.
|
