Age | Commit message (Collapse) | Author |
|
From RFC 6347:
4.1.2.7. Handling Invalid Records
Unlike TLS, DTLS is resilient in the face of invalid records (e.g.,
invalid formatting, length, MAC, etc.). In general, invalid
records SHOULD be silently discarded, thus preserving the
association; however, an error MAY be logged for diagnostic
purposes. Implementations which choose to generate an alert
instead, MUST generate fatal level alerts to avoid attacks where
the attacker repeatedly probes the implementation to see how it
responds to various types of error. Note that if DTLS is run over
UDP, then any implementation which does this will be extremely
susceptible to denial-of-service (DoS) attacks because UDP forgery
is so easy. Thus, this practice is NOT RECOMMENDED for such
transports.
|
|
HTTP server truncates existing logs
OTP-14530
|
|
* ingela/ssl/cert-handling:
ssl: Correct cipher suite handling
ssl: Modernize DSA cert chain generation
ssl: Clean
ssl: Remove test of OpenSSL
ssl: Use new cert generation
|
|
sys_core_fold: Fix unsafe optimization of non-variable apply
OTP-14526
|
|
Correct type specification in ssl:prf/5
|
|
* ingela/dtls/cuddle:
ssl: Handle OpenSSL output correctly
|
|
This is mainly fixing the test suites so that they test the intended cipher
suites, issue reported in ERL-460.
Also ssl_cipher:anonymous_suites was corrected for DTLS.
|
|
|
|
* anders/diameter/message_cb/OTP-14486:
Add simple message_cb to example server
Fix inappropriate message callbacks
|
|
* anders/diameter/20.0/shared_transport/OTP-14011:
Don't assume nodes are eternally connected when sharing transport
|
|
* anders/diameter/transport/ERL-332:
Remove irrelevant comment
Add missing setopts after deferred diameter_{tcp,sctp} actions
|
|
Adjust to handle output from OpenSSL in a more general way, so that
"unknown option" should be caught for all cases and the test case
skipped if that is the case and other data form OpenSSL should be
ignored.
|
|
This code was not used and we already have mixed chains ECDH_RSA tests
|
|
We are not testing OpenSSL. We want to test interoperability with OpenSSL
|
|
|
|
The sys_core_fold pass would do an unsafe "optimization" when an
apply operation did not have a variable in the function position
as in the following example:
> cat test1.core
module 'test1' ['test1'/2]
attributes []
'i'/1 =
fun (_f) -> _f
'test1'/2 =
fun (_f, _x) ->
apply apply 'i'/1 (_f) (_x)
end
> erlc test1.core
no_file: Warning: invalid function call
Reported-by: Mikael Pettersson
|
|
|
|
array: fix spec typo
|
|
* maint-20:
Updated OTP version
Update release notes
Update version numbers
Fix doc for the 'quiet' option; it defaults to false
asn1: Fix missing quotes of external encoding call
Add a dedicated close function for TCP ports to prevent issues like ERL-430/448
Close TCP ports properly on send timeout
erts: Add missing release note
|
|
|
|
|
|
* sverker/asn1/missing-quotes/OTP-14519:
asn1: Fix missing quotes of external encoding call
|
|
* john/kernel/fix-disk-log-docs/OTP-14498:
Fix doc for the 'quiet' option; it defaults to false
|
|
|
|
|
|
Fix typo in httpc.xml: http -> httpc
|
|
* raimo/kernel/fix-spec-for-inet-get_rc-0/ERL-454:
Improve spec and doc for inet:get_rc/0
|
|
into maint
* raimo/stdlib/stop-deprecated-warn-crypto-rand_bytes-1/ERL-459:
Change crypto:rand_bytes/1 deprecated -> removed
|
|
introduced by 8e4a9864385242b962ce7446f7daa4f58cfecca5.
|
|
|
|
|
|
|
|
introduced in 03f3ec41f5468413235e3923a542a11cfd631089
|
|
Added test cases for mod_disk_log covering repair scenarios.
|
|
|
|
* ingela/public_key/ssl/CRL-error-propagation/OTP-14236:
ssl: Try to make asn1 decode errors of certificates as specific as possible
ssl,public_key: Provide details for CRL check failiures when revokation state can not be determined
ssl: Enhance error logging
|
|
Log actual http status code of response.
OTP-14510
|
|
An existing internal format disk_log will be repaired if possible.
If not possible a new log will be created. This is the behaviour
described in the documentation and code comments.
|
|
Current implementation expects Seed to be a list.
Correct type specification to match.
|
|
|
|
state can not be determined
|
|
|
|
|
|
In OpenSSL version >= 1.0.1 the hash algos sha, sha224, sha256, sha384 and sha512 are supported.
In 1.0.0 sha, sha224 and sha256 are supported
In 0.9.8 sha is supported
|
|
|
|
|
|
|
|
|
|
|
|
|