| Age | Commit message (Collapse) | Author |
|---|
|
revert/1 did not handle the types tuple() and map() correctly.
|
|
'ingela/ssl/unorded-or-incomplete-cert-chain/OTP-12983/OTP-15060' into maint
* ingela/ssl/unorded-or-incomplete-cert-chain/OTP-12983/OTP-15060:
ssl: Handle incomplete and unorded chains
|
|
If the peer sends an incomplete chain that we can reconstruct with
our known CA-certs it will be accepted.
We will assume that the peer honors the protocol and sends an orded
chain, however if validation fails we will try to order the chain in
case it was unorded. Will also handle that extraneous cert where present.
See Note form RFC 8446
Note: Prior to TLS 1.3, "certificate_list" ordering required each
certificate to certify the one immediately preceding it; however,
some implementations allowed some flexibility. Servers sometimes
send both a current and deprecated intermediate for transitional
purposes, and others are simply configured incorrectly, but these
cases can nonetheless be validated properly. For maximum
compatibility, all implementations SHOULD be prepared to handle
potentially extraneous certificates and arbitrary orderings from any
TLS version, with the exception of the end-entity certificate which
MUST be first.
|
|
|
|
* anders/diameter/21.1/OTP-15202:
vsn -> 2.1.6
Update appup for 21.1
|
|
* anders/diameter/dpr/OTP-15198:
Fix function_clause when sending a request after an outgoing DPA
|
|
|
|
|
|
* hans/crypto/x25519_x448/OTP-15240:
crypto: Remove 'experimental' comments for ecdh
|
|
Before only some PSK suites would be correctly negotiated and most PSK
ciphers suites would fail the connection.
PSK cipher suites are anonymous in the sense that they do not use
certificates except for rsa_psk.
|
|
erlang-mode: fix void variable align-rules-list error
|
|
Include paths don't actually affect code generation in any way, but
it's reasonable for a build tool like rebar3 to recompile when the
include paths change. This commit restores the old behavior without
the +deterministic flag.
|
|
|
|
The bug was introduced in 9ab233.
See also https://bugs.erlang.org/browse/ERL-719.
|
|
* raimo/improve-doc-indexing/ERL-666:
Correct doc markers
Improve indexing of cref docs
|
|
|
|
OTP-15198 Fix function_clause when sending a request after outgoing DPA
|
|
* siri/supervisor/warn-shutdown-race/ERL-724:
[supervisor] Add warning about race condition
|
|
* siri/cuddle:
[sasl] Flush logger handlers to file before terminating node
|
|
OTP-15287 (ERIERL-206)
|
|
OTP-15287 (ERIERL-206)
|
|
For some outgoing messages (not response) the following
error(s) has been corrected:
* encrypted: logged incorrectly, should have written the v3-header
and the scoped pdu, but was actually logged as-is (encrypted),
making conversion impossible.
* un-encrypted: messages was not logged at all.
OTP-15287 (ERIERL-206)
|
|
If conversion of an Audit Trail Log (ATL) entry failed,
this could result in an abort of the entire conversion,
not just the one entry. This has now been improved so
that the failure now results in a "error message" into
the "stream". Furthermore, we now keep track of the number
of entries we succeede and fail to convert.
OTP-15287 (ERIERL-206)
|
|
|
|
* hans/public_key/DSAPrivateKey_in_verify/OTP-15284:
public_key: Remove strange and unused(?) DSAPrivateKey from verify/5
|
|
|
|
|
|
|
|
ERL-724: "During a 'gentle' shutdown, supervisors unlink from their
children before sending shutdown signals to them. This can lead to a
race condition in supervision trees, when the timeout for gentle
shutdown of a parent supervisor expires and it kills a child
supervisor that has just unlinked from a child of its own, leaving the
child supervisor's own child still running after its supervisor is
killed."
This commit adds a warning about this in the documentation.
|
|
* rickard/pcre-8.42/OTP-15217:
Update PCRE from version 8.41 to version 8.42
|
|
* maint-21:
Updated OTP version
Update release notes
Update version numbers
kernel: Fix missing abort_connection in net_kernel
Prevent inconsistent node lists
Fix an endless rescheduling loop when a process is executing process_info(self(), ...)
|
|
Correct dialyzer spec for key option
OTP-15281
|
|
|
|
|
|
|
|
* sverker/erts/ets-memstat-false-leak/ERL-720/OTP-15278:
erts: Refactor ets FixedDeletion allocations
erts: Fix ets memstat false leak of FixedDeletion
|
|
|
|
Erl compare ext lists bug (ERL-705)
|
|
|
|
|
|
Implement socket options recvtclass, recvtos, recvttl and pktoptions.
Document the implemented socket options, new types and message formats.
The options recvtclass, recvtos and recvttl are boolean options that
when activated (true) for a socket will cause ancillary data to be
received through recvmsg(). That is for packet oriented sockets
(UDP and SCTP).
The required options for this feature were recvtclass and recvtos,
and recvttl was only added to test that the ancillary data parsing
handled multiple data items in one message correctly.
These options does not work on Windows since ancillary data
is not handled by the Winsock2 API.
For stream sockets (TCP) there is no clear connection between
a received packet and what is returned when reading data from
the socket, so recvmsg() is not useful. It is possible to get
the same ancillary data through a getsockopt() call with
the IPv6 socket option IPV6_PKTOPTIONS, on Linux named
IPV6_2292PKTOPTIONS after the now obsoleted RFC where it originated.
(unfortunately RFC 3542 that obsoletes it explicitly undefines
this way to get packet ancillary data from a stream socket)
Linux also has got a way to get packet ancillary data for IPv4
TCP sockets through a getsockopt() call with IP_PKTOPTIONS,
which appears to be Linux specific.
This implementation uses a flag field in the inet_drv.c socket
internal data that records if any setsockopt() call with recvtclass,
recvtos or recvttl (IPV6_RECVTCLASS, IP_RECVTOS or IP_RECVTTL)
has been activated. If so recvmsg() is used instead of recvfrom().
Ancillary data is delivered to the application by a new return
tuple format from gen_udp:recv/2,3 containing a list of
ancillary data tuples [{tclass,TCLASS} | {tos,TOS} | {ttl,TTL}],
as returned by recvmsg(). For a socket in active mode a new
message format, containing the ancillary data list, delivers
the data in the same way.
For gen_sctp the ancillary data is delivered in the same way,
except that the gen_sctp return tuple format already contained
an ancillary data list so there are just more possible elements
when using these socket options. Note that the active mode
message format has got an extra tuple level for the ancillary
data compared to what is now implemented gen_udp.
The gen_sctp active mode format was considered to be the odd one
- now all tuples containing ancillary data are flat,
except for gen_sctp active mode.
Note that testing has not shown that Linux SCTP sockets deliver
any ancillary data for these socket options, so it is probably
not implemented yet. Remains to be seen what FreeBSD does...
For gen_tcp inet:getopts([pktoptions]) will deliver the latest
received ancillary data for any activated socket option recvtclass,
recvtos or recvttl, on platforms where IP_PKTOPTIONS is defined
for an IPv4 socket, or where IPV6_PKTOPTIONS or IPV6_2292PKTOPTIONS
is defined for an IPv6 socket. It will be delivered as a
list of ancillary data items in the same way as for gen_udp
(and gen_sctp).
On some platforms, e.g the BSD:s, when you activate IP_RECVTOS
you get ancillary data tagged IP_RECVTOS with the TOS value,
but on Linux you get ancillary data tagged IP_TOS with the
TOS value. Linux follows the style of RFC 2292, and the BSD:s
use an older notion. For RFC 2292 that defines the IP_PKTOPTIONS
socket option it is more logical to tag the items with the
tag that is the item's, than with the tag that defines that you
want the item. Therefore this implementation translates all
BSD style ancillary data tags to the corresponding Linux style
data tags, so the application will only see the tags 'tclass',
'tos' and 'ttl' on all platforms.
|
|
Fix type spec of ms_transform:parse_trans/2
|
|
causing erlang:memory to report too much ets memory.
|
|
* hans/crypto/init_test_engine_fix:
crypto: Let otp_test_engine only add what is needed OpenSSL_add_all_algorithms hangs on some test machines
|
|
* hasse/dialyzer/improve_guards/OTP-15268/ERL-680:
dialyzer: Improve handling of complex guards
|
|
It can also return errors and warnings.
|
|
* ingela/ssl/send-recv-dead-lock/ERL-622:
ssl: Improve close handling
ssl: Adopt distribution over TLS to use new sender process
ssl: Add new sender process for TLS state machine
|
|
OpenSSL_add_all_algorithms hangs on some test machines
|
|
* maint-20:
Updated OTP version
Update release notes
Change-Id: I78586395e5784dc76b8a803a25f8054a251e1fd8
|
|
Fix kernel_app doc logger_level default from info to notice
|
