aboutsummaryrefslogtreecommitdiffstats
path: root/lib
AgeCommit message (Collapse)Author
2018-08-27Merge branch 'peterdmv/inets/fix_http_client/OTP-15242' into maint-20Péter Dimitrov
* peterdmv/inets/fix_http_client/OTP-15242: inets: Prepare for release inets: Robust handling of 204, 304, 1xx responses Change-Id: I12dced982907c3462fefb8a4ffaae8b365821f97
2018-08-27Merge branch 'peterdmv/inets/fix_http_server/OTP-15241' into maint-20Péter Dimitrov
* peterdmv/inets/fix_http_server/OTP-15241: inets: Do not use chunked encoding with 1xx, 204, 304 Change-Id: I4dc1cb6dc62cc5a090d49248c5fbfbb23f33004f
2018-08-27inets: Prepare for releasePéter Dimitrov
Change-Id: I891cc997475780f22a60119778984739d560f203
2018-08-24inets: Robust handling of 204, 304, 1xx responsesPéter Dimitrov
All 1xx (informational), 204 (no content), and 304 (not modified) responses MUST NOT include a message-body, and thus are always terminated by the first empty line after the header fields. This implies that chunked encoding MUST NOT be used for these status codes. This commit updates the client to gracefully handle responses from faulty server implementations that can send chunked encoded 204, 304 or 1xx responses. Change-Id: I2dd502e28b3c6e121640083118fa5c3e479f5194
2018-08-23Prepare releaseErlang/OTP
2018-08-23Merge branch 'lars/crypto/multiple-engine-load/OTP-15233' into maint-20Erlang/OTP
* lars/crypto/multiple-engine-load/OTP-15233: Updated the engine load functionality
2018-08-22inets: Do not use chunked encoding with 1xx, 204, 304Péter Dimitrov
All 1xx (informational), 204 (no content), and 304 (not modified) responses MUST NOT include a message-body, and thus are always terminated by the first empty line after the header fields. This implies that chunked encoding MUST NOT be used for these status codes. Change-Id: If6778165c947e64bc20d1ecab7a669e0b096f1a9
2018-08-21Updated the engine load functionalityLars Thorsen
- engine_load/3/4 can be called multiple times for same engine if it allows it (eg doesn't contain global data) - ensure_engine_loaded/2/3 is new functions that guarantees that the engine is just loaded once by adding it to OpenSSL internal engine list and check that before loading. - ensure_engine_unloaded/1/2 is new functions that is used to unload engines loaded with ensure_engine_loaded (remove it from OpenSSL internal engine list and then unload). - new utility functions engine_by_id/1, engine_add/1, engine_remove/1, engine_get_id/1 and engine_get_name/1
2018-08-17Clean up bag index tablesDan Gudmundsson
Index records for bag tables with ram_copies was not deleted after "real" objects where deleted and thus a memory leak.
2018-08-15inets: Remove 21 test caseIngela Anderton Andin
A test case unrelated to the patch was accidentally added when backporting the solution.
2018-08-14Update release notesErlang/OTP
2018-08-14Merge branch 'ingela/inets/maint-20/status-501/ERIERL-218/OTP-15215' into ↵Erlang/OTP
maint-20 * ingela/inets/maint-20/status-501/ERIERL-218/OTP-15215: inets: Prepare for release inets: Use status code 501 when no mod_* handles the request # Conflicts: # lib/inets/test/httpd_SUITE.erl # lib/inets/vsn.mk
2018-08-14inets: Prepare for releaseIngela Anderton Andin
2018-08-14inets: Use status code 501 when no mod_* handles the requestIngela Anderton Andin
Conflicts: lib/inets/test/httpd_SUITE.erl
2018-08-09Update release notesErlang/OTP
2018-08-09Update version numbersErlang/OTP
2018-08-09Merge branch 'dgud/mnesia/add_table_copy_ram/OTP-15226' into maint-20Erlang/OTP
* dgud/mnesia/add_table_copy_ram/OTP-15226: Relax add_table_copy restriction
2018-08-09Merge branch 'john/crypto/fix-segfault-on-badarg/OTP-15194/ERL-673' into ↵Erlang/OTP
maint-20 * john/crypto/fix-segfault-on-badarg/OTP-15194/ERL-673: crypto: Fix crash in compute_key(ecdh, ...) on badarg
2018-08-09Merge branch 'ingela/ssl/empty-sni/OTP-15168' into maint-20Erlang/OTP
* ingela/ssl/empty-sni/OTP-15168: ssl: Correct handling of empty server SNI extension
2018-08-09Merge branch 'ingela/ssl/ECC/ERIERL-210/OTP-15203' into maint-20Erlang/OTP
* ingela/ssl/ECC/ERIERL-210/OTP-15203: ssl: Make sure that a correct cipher suite is selected
2018-08-09Merge branch ↵Erlang/OTP
'john/compiler/fix-deterministic-include-paths/OTP-15204/ERL-679' into maint-20 * john/compiler/fix-deterministic-include-paths/OTP-15204/ERL-679: Omit include path debug info for +deterministic builds
2018-08-09Merge branch 'dgud/mnesia/master-nodes/OTP-15221' into maint-20Erlang/OTP
* dgud/mnesia/master-nodes/OTP-15221: Do NOT disc_load from ram_copies when master_node is set
2018-08-09crypto: Fix crash in compute_key(ecdh, ...) on badargJohn Högberg
When term2point was passed a non-binary argument, `my_ecpoint` would be left uninitialized and the cleanup code would free a garbage pointer.
2018-08-09Relax add_table_copy restrictionDan Gudmundsson
Allow to add replicas even if all other replicas are down when the other replicase are not stored on disk.
2018-08-09Omit include path debug info for +deterministic buildsJohn Högberg
Compiling the same file with different include paths resulted in different files with the `+deterministic` flag even if everything but the paths were identical. This was caused by the absolute path of each include directory being unconditionally included in a debug information chunk. This commit fixes this by only including this information in non-deterministic builds.
2018-08-08Do NOT disc_load from ram_copies when master_node is setDan Gudmundsson
Setting master_nodes to a node with ram_copies replica and that node had not loaded the table, could cause it load an empty table, even though (non master) nodes had disc_replicas. This meant that tables where unexpected empty after multiple failures happened. When this happen do not load the table and wait for user to force_load it on some node, preferably with a disk copy.
2018-08-06ssl: Make sure that a correct cipher suite is selectedIngela Anderton Andin
The keyexchange ECDHE-RSA requires an RSA-keyed server cert (corresponding for ECDHE-ECDSA), the code did not assert this resulting in that a incorrect cipher suite could be selected. Alas test code was also wrong hiding the error.
2018-08-02Prepare releaseErlang/OTP
2018-08-02Fix NIF stack recursion bug and enforce a limitRaimo Niskanen
Fix recursion bug when decoding Constructed value within another value - here the allowed buffer for the recursed decode shall only be the size of the enclosing value, not the whole buffer. Return ASN1_ERROR if BER decode recurses more than about 8 kWords.
2018-07-20Prepare releaseErlang/OTP
2018-07-20Merge branch ↵Erlang/OTP
'ingela/inets/error-handling-eisdir-mod-get/ERIERL-207/OTP-15192' into maint-20 * ingela/inets/error-handling-eisdir-mod-get/ERIERL-207/OTP-15192: inets: Prepare for release inets: Improve error handling
2018-07-20Merge branch 'sverker/ic/encode-long-buffer-overflow/OTP-15179' into maint-20Erlang/OTP
* sverker/ic/encode-long-buffer-overflow/OTP-15179: ic: Tweak tests to provoke more outbuf reallocations ic: Fix memory leak in oe_ei_decode_wstring ic: Fix correct external format sizes
2018-07-20Merge branch 'ingela/ssl/engine-vs-certfile/ERLERL-211/OTP-15193' into maint-20Erlang/OTP
* ingela/ssl/engine-vs-certfile/ERLERL-211/OTP-15193: ssl: Engine key trumps certfile option
2018-07-20Merge branch 'ingela/maint-20/chipher-suite-handling/OTP-15178' into maint-20Erlang/OTP
* ingela/maint-20/chipher-suite-handling/OTP-15178: ssl: Prepare for release ssl: Fix test case to only check relevant info for the test ssl: Correct connection_information on ECC-curves ssl: No cipher suite sign restriction in TLS-1.2 ssl: Add psk as anonymous key exchange in ssl_handshake:select_hashsign/5 ssl: anon test should use dh or ecdh anon keyexchange ssl: Correct key_usage check ssl: Fix ECDSA key decode clause ssl: Avoid hardcoding of cipher suites and fix ECDH suite handling ssl: Run all test case combinations ssl: Correct ECC suite and DTLS ECC handling
2018-07-17ssl: Engine key trumps certfile optionIngela Anderton Andin
2018-07-17inets: Prepare for releaseIngela Anderton Andin
2018-07-17inets: Improve error handlingIngela Anderton Andin
2018-07-11ic: Tweak tests to provoke more outbuf reallocationsSverker Eriksson
Docs says min _memchunk is 32, so lets use that.
2018-07-11ic: Fix memory leak in oe_ei_decode_wstringSverker Eriksson
2018-07-11ic: Fix correct external format sizesSverker Eriksson
longs, longlongs and wchar were too small on 64-bit which could lead to potential buffer overflow at encoding. __OE_DOUBLESZ__ was too big, probably due to old text format.
2018-07-10ssl: Prepare for releaseIngela Anderton Andin
2018-07-10ssl: Fix test case to only check relevant info for the testIngela Anderton Andin
Conflicts: lib/ssl/test/ssl_basic_SUITE.erl
2018-07-10ssl: Correct connection_information on ECC-curvesIngela Anderton Andin
2018-07-10ssl: No cipher suite sign restriction in TLS-1.2Ingela Anderton Andin
Conflicts: lib/ssl/test/ssl_ECC_SUITE.erl
2018-07-10ssl: Add psk as anonymous key exchange in ssl_handshake:select_hashsign/5Ingela Anderton Andin
Failing to recognize psk as an anonymous key exchange would fail the connection when trying to decode an undefined certificate.
2018-07-10ssl: anon test should use dh or ecdh anon keyexchangeIngela Anderton Andin
2018-07-10ssl: Correct key_usage checkIngela Anderton Andin
The Key Usage extension is described in section 4.2.1.3 of X.509, with the following possible flags: KeyUsage ::= BIT STRING { digitalSignature (0), nonRepudiation (1), -- recent editions of X.509 have -- renamed this bit to contentCommitment keyEncipherment (2), dataEncipherment (3), keyAgreement (4), keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) } In SSL/TLS, when the server certificate contains a RSA key, then: either a DHE or ECDHE cipher suite is used, in which case the RSA key is used for a signature (see section 7.4.3 of RFC 5246: the "Server Key Exchange" message); this exercises the digitalSignature key usage; or "plain RSA" is used, with a random value (the 48-byte pre-master secret) being encrypted by the client with the server's public key (see section 7.4.7.1 of RFC 5246); this is right in the definition of the keyEncipherment key usage flag. dataEncipherment does not apply, because what is encrypted is not directly meaningful data, but a value which is mostly generated randomly and used to derive symmetric keys. keyAgreement does not apply either, because that one is for key agreement algorithms which are not a case of asymmetric encryption (e.g. Diffie-Hellman). The keyAgreement usage flag would appear in a certificate which contains a DH key, not a RSA key. nonRepudiation is not used, because whatever is signed as part of a SSL/TLS key exchange cannot be used as proof for a third party (there is nothing in a SSL/TLS tunnel that the client could record and then use to convince a judge when tring to sue the server itself; the data which is exchanged within the tunnel is not signed by the server). When a ECDSA key is used then "keyAgreement" flag is needed for beeing ECDH "capable" (as opposed to ephemeral ECDHE)
2018-07-10ssl: Fix ECDSA key decode clauseIngela Anderton Andin
2018-07-10ssl: Avoid hardcoding of cipher suites and fix ECDH suite handlingIngela Anderton Andin
ECDH suite handling did not use the EC parameters form the certs as expected. Conflicts: lib/ssl/src/ssl_cipher.erl
2018-07-10ssl: Run all test case combinationsIngela Anderton Andin
Fix test case code to use keyAgreement for ECDH_ECDSA Conflicts: lib/ssl/test/ssl_ECC.erl lib/ssl/test/ssl_ECC_openssl_SUITE.erl lib/ssl/test/ssl_to_openssl_SUITE.erl