| Age | Commit message (Collapse) | Author |
|---|
|
For testing purposes ssl now also support some anonymous cipher suites
when explicitly configured to do so.
Also moved session cache tests to its own suite, so that timeout
of end_per_testcase when the mnesia is used as session cache will
not affect other test cases.
|
|
Conflicts:
lib/public_key/src/pubkey_cert.erl
|
|
* ks/dialyzer-fixes:
Fix two errors in dialyzer
|
|
* ks/hipe-cleanups:
Cleanup and small fixes in hipe files
|
|
* mh/dollar-font-lock:
Emacs erlang-mode: fix syntax highlighting of $ in two cases
|
|
A string whose last character is a dollar sign used to make the syntax
highlighter believe that the string never ends, breaking highlighting
of following code:
-vsn("$Revision: 42 $").
And the double quote as a character constant with a (superfluous)
backslash used to make the syntax highlighter believe that a new
string started:
foo() ->
$\".
This change fixes both problems by adding two regexps to
font-lock-syntactic-keywords in erlang-font-lock-init.
One case that is still broken is when a multi-line string ends with a
dollar sign:
bar() ->
"This multi-line string
ends with a $".
baz() ->
this_gets_incorrectly_highlighted.
|
|
|
|
maint-r14
* ia/ssl-and-public_key/verify_fun_peer_awarness/OTP-8873:
Peer awarness
|
|
* ia/public_key/basic_constraints/OTP-8867:
Better handling of v1 and v2 certificates.
|
|
Changed the verify fun so that it differentiate between the peer
certificate and CA certificates by using valid_peer or valid as the
second argument to the verify fun. It may not always be trivial or
even possible to know when the peer certificate is reached otherwise.
|
|
V1 and v2 certificates does not have any extensions
so then validate_extensions should just accept that
there are none and not end up in missing_basic_constraints clause.
|
|
* ia/public_key/basic_constraints/OTP-8867:
Better handling of v1 and v2 certificates.
|
|
* ia/ssl-and-public_key/backwards-compatibility/OTP-8858:
Backwards compatibility
Conflicts:
lib/ssl/src/ssl_certificate_db.erl
Use short INFO-message. Debugging information can be fairly
easily recreated so we do not want to clutter the logs.
|
|
Changed implementation to retain backwards compatibility for old
option {verify, 0} that shall be equivalent to {verify, verify_none},
also separate the cases unknown CA and selfsigned peer cert, and
restored return value of deprecated function public_key:pem_to_der/1.
|
|
Changes which fix some problems reported by dialyzer users:
1. The handling of nested opaque types
2. The handling of remote types in record expressions used as types
While at it, updated dialyzer's RELEASE_NOTES to reflect these fixes
and did some cleanups to dialyzer_utils.erl so that it gets in sync
with dialyzer's main development branch.
|
|
Add a function clause in the epp_dodger:tokens_to_string/1 to
avoid a crash in case the argument is a character.
|
|
|
|
V1 and v2 certificates does not have any extensions
so then validate_extensions should just accept that
there are none and not end up in missing_basic_constraints clause.
|
|
* ia/ssl-asn1-spec-dss-params/OTP-7884:
Handling of DSA key parameters
|
|
* pl/observer-installation:
Fix installation of example file in lib/observer
OTP-8857
|
|
* ta/eliminate-warnings:
mnesia: Do not auto-import error/2
hipe: Do not auto-import min/2 and max/2
edoc: Do not auto-import error/1
OTP-8855
|
|
* vd/otpmbox_hash:
add OtpMbox.hash() method
OTP-8854
|
|
DSS-Params may be null in a certificate as it can inherit the
parameters.
Also ignore CA-certs that do not follow ASN-1 spec in RFC 5280.
|
|
The OtpMbox class was missing the hash() method while overriding
equals(). This can cause problems when using jinterface in a
larger Java application.
|
|
* ia/fix-dialyzer-specs:
Corrected and added dialyzer specs
|
|
Files (actually one file - multitrace.erl), marked as EXAMPLE_FILES are
installed into $(RELSYSDIR)/src which is inconsistent with installation
procedure for other example file in other modules.
This file should be installed into $(RELSYSDIR)/examples directory.
Signed-off-by: Peter Lemenkov <[email protected]>
|
|
Make it explicit that the shutdown timeout is to be specified in
milliseconds.
|
|
Resolve name clash with auto-imported BIF error/2.
|
|
Resolve name clash with auto-imported BIFs min/2 and max/2.
|
|
Resolve name clash with auto-imported BIF error/1.
|
|
|
|
|
|
|
|
* 'bmk/inets/prepare_for_r14b' of ../bmk_otp:
Prepare release for inets-5.5 (R14B).
|
|
* 'bmk/snmp/prepare_for_r14b' of ../bjorn_otp:
Prepare for R14B
|
|
|
|
|
|
|
|
* pan/epmd-vulnerabilities/OTP-8780:
Teach testcases to survive TIME_WAIT overload
Update erl_interface doc and testsuite for epmd changes
Restore null termination of input buffer
Teach testcase epmd_SUITE:too_large to accept econnaborted
Teach epmd_cli.c to not respond 'Killed' when killing denied
Calculate minimal packet size for ALIVE2 requests correctly
Document epmd and it's options properly and fixup help text
Fix anomalies in epmd not yet reported as security issues
Remove two buffer overflow vulnerabilities in EPMD
Remove all support for ancient EPMD protocol
Remove very old protocol from EPMD
Conflicts:
lib/erl_interface/src/epmd/epmd_port.c
|
|
* sv/ei-writev:
fix incorrect writev iovec buffer handling in ei
OTP-8837
|
|
|
|
|
|
|
|
|
|
|
|
* egil/ei/fix-declspec/OTP-8826:
Remove USE_DECLSPEC_THREAD from erl_interface
|
|
* ia/public_key-subject-alternative-name/OTP-8825:
Improved certificate extension handling
Add handling of SubjectAltName of type otherName
|
|
For platforms that support writev, ei uses iovec structures to be able
to easily send noncontiguous data buffers. When sending large
messages, the socket can of course block, in which case ei adjusts its
iovecs to pick up where it left off when the socket becomes writeable
again. Unfortunately the code that handled the case when the number of
bytes written are less than the current iovec size adjusted only the
iovec byte count but not the iovec data pointer, resulting in the same
data being sent multiple times.
The fix is trivial: in addition to subtracting the count of bytes
already written from the current iovec's size, also increment the
current iovec's data pointer by the number of bytes already written.
Tested manually on Linux and verified to fix a problem detected in
production with writing large binaries from a cnode to a regular
node. No unit tests were added, however, because they use the local
loopback which acts more like a pipe than an inter-host TCP
connection. The closing of the TCP window on the receiving side and
the resultant write blocking on the socket, which in turn caused the
code that mishandled the iovecs to be exercised, could unfortunately
not be readily duplicated in the erl_interface test suite.
|
|
|
|
|
