Age | Commit message (Collapse) | Author |
|
When dealing with older certificates that does not indicate its signer
with a certificate extension, we must search the database for the issure.
Finding the issuer is not enough, we need to verify the signature
with the key in the found issuer cert.
|
|
Use generated certs instead of hard coded
|
|
|
|
|
|
FROM TLS 1.2 RFC:
The interaction of the certificate_types and
supported_signature_algorithms fields is somewhat complicated.
certificate_types has been present in TLS since SSLv3, but was
somewhat underspecified. Much of its functionality is superseded by
supported_signature_algorithms. The following rules apply:
- Any certificates provided by the client MUST be signed using a
hash/signature algorithm pair found in
supported_signature_algorithms.
- The end-entity certificate provided by the client MUST contain a
key that is compatible with certificate_types. If the key is a
signature key, it MUST be usable with some hash/signature
algorithm pair in supported_signature_algorithms.
- For historical reasons, the names of some client certificate types
include the algorithm used to sign the certificate. For example,
in earlier versions of TLS, rsa_fixed_dh meant a certificate
signed with RSA and containing a static DH key. In TLS 1.2, this
functionality has been obsoleted by the
supported_signature_algorithms, and the certificate type no longer
restricts the algorithm used to sign the certificate. For
example, if the server sends dss_fixed_dh certificate type and
{{sha1, dsa}, {sha1, rsa}} signature types, the client MAY reply
with a certificate containing a static DH key, signed with RSA-
SHA1.
|
|
* lukas/os_mon/testfixes/OTP-12053:
os_mon: Fix so that all testcases are run
os_mon: Ignore posix_only on windows and solaris
|
|
For some reason only a new testcases were run on the majority of
platforms. After this change all tests are run on all unix and win32
platforms.
|
|
|
|
The sha of the original change is 52810718b
|
|
|
|
OTP-12075
* garret-smith/gs-jinterface-exceptions:
Include the cause when raising a new IOException
|
|
Conflicts:
erts/doc/src/notes.xml
erts/preloaded/ebin/prim_inet.beam
erts/vsn.mk
lib/kernel/doc/src/notes.xml
lib/kernel/vsn.mk
|
|
|
|
Update testcase for gen_udp:open/2 with option fd
|
|
|
|
|
|
OTP-12063
* nox/maps-shell-expansion:
Expand shell functions in map expressions
|
|
* egil/fix-xmerl-example:
xmerl: Fix xmerl example motorcycle2html
|
|
* egil/maps-spec-to-doc-gen/OTP-12058:
edoc: More Map tests
edoc: Fix Map type information for docs
erl_docgen: Add Map type information for docs
|
|
|
|
Mitigate gen_server:cast/2 race conditions in testcases.
|
|
|
|
|
|
OTP-12062
|
|
OPT-12055
* lharc/patch-1:
documentation: maps:values() returns list of keys
|
|
|
|
|
|
|
|
|
|
* siri/alarm_handler-doc/OTP-12025:
Fix bug in alarm_handler documentation
|
|
The documentation erroneously specified that clear_alarm/1 would clear
*all* alarms with id AlarmId. This is now corrected according to the
implementation - only the latest received alarm with the given AlarmId
is cleared.
|
|
* siri/sys-FormFunc-spec/OTP-11800:
Fix spec of format function in sys
|
|
|
|
* nox/filelib-wildcard-broken-link:
Update stdlib appup file
Update runtime dependencies
Update preloaded
Add tests of filelib and symlinks
Fix handling of broken symlinks in filelib
Conflicts:
erts/preloaded/ebin/erl_prim_loader.beam
|
|
Allow upgrade from OTP 17.1 to newer.
|
|
|
|
|
|
This commit complements 769996c0cd4cb68c157e39de725642f209ed7423 and
adds tests for the following problems introduced by
f11aabdc9fec593c31e6c4f3fa25c1707e9c35df:
Given the symlink 'dirlink' pointing to an existing dir, then
- filelib:is_regular("dirlink") -> false
- filelib:is_dir("dirlink") -> false
Given the symlink 'filelink' pointing to an existing file, then
- filelib:is_regular("filelink") -> false
- filelib:is_file("filelink") -> false
- filelib:last_modified("filelink") and filelib:filesize("filelink")
return the info of the link and not the file
Given the symlink "broken_symlink" pointing to a non-existing file, then
- filelib:wildcard("broken_symlink",File) -> []
|
|
This fixes a bug introduced in f11aabdc9fec593c31e6c4f3fa25c1707e9c35df where
filelib:eval_read_file_info/2 was made to use file:read_link_info/1 to never
follow symlinks. This fixed wildcard/1 but broke every other function using
eval_read_file_info/2.
Reported-by: Louis-Philippe Gauthier
Reported-by: Danil Zagoskin
|
|
OTP-12053
* weisslj/disksup-posix-only:
Add 'disksup_posix_only' parameter to disksup
|
|
OTP-12051
* lucafavatella/refactor-eunit-check_arity:
Refactor function in eunit using is_function/2
|
|
OTP-12050
* nox/fix-javadoc:
Fix a few javadoc errors
|
|
OTP-12049
* vladdu/jinterface_stream_exceptions:
jinterface: OtpInputStream exceptions show useless value
|
|
* dnet/parse_sni:
added SNI decode test to SSL handshake suite
ssl: parse SNI in received client hello records
OTP-12048
|
|
* mururu/fix-typo:
Fix typo in erl_eval:exprs comments
|
|
* nox/io_lib_format-width-too-small:
Properly handle fields too short in io_lib_format
OTP-12041
|
|
|
|
The argument FormFunc is sys:handle_debug/4war erronously specified as
dbg_fun(), which is a debug function. This has now been corrected by
adding a new type, format_fun().
|
|
is_function/2 looks present since at least OTP R13B03, so the change
shall not undermine running eunit on older versions of Erlang.
This commit is only refactoring - it contains no functional changes.
|
|
|