Age | Commit message (Collapse) | Author |
|
* maint-20:
Updated OTP version
Prepare release
|
|
|
|
Do not allow an empty string as node name
|
|
|
|
|
|
* maint:
"cork" tcp socket around file:sendfile
Add nopush TCP socket option
|
|
* igor/tcp-nopush-ERL-698/OTP-15357:
"cork" tcp socket around file:sendfile
Add nopush TCP socket option
|
|
|
|
* sverker/erts/ets-select_replace-bug/OTP-15346:
erts: Fix bug in ets:select_replace for bound key
|
|
maint-20
* hans/eldap/prevent_EXIT_at_close/OTP-15342/ERIERL-242:
eldap: Fix race at socket close
|
|
|
|
|
|
Implement Signature Algorithms (TLS 1.3)
|
|
* maint:
beam_utils: Handle bs_start_match2 in anno_defs
|
|
into maint
* john/compiler/bs_match-anno-liveness-fix/OTP-15353/ERL-753:
beam_utils: Handle bs_start_match2 in anno_defs
|
|
The previous check whether ErLLVM could be enabled and/or tested simply
checked whether a suitable version of the LLVM tool chain was present
in the path. Obviously this is not enough: there should also be a check
that we are running in an architecture on which the ErLLVM compiler
has been ported. Fix the function that provides this functionality and
also rename it in order to more appropriately describe what it does.
In principle, this change introduces a backwards incompatibility as the
function is one of those exported by the `hipe' module, but this
function was not documented and the chances that it has been used
somewhere else that the test suite are pretty low (if not zero).
|
|
|
|
The option 'signature_algs_cert' is not set by default.
Change-Id: Ib87cedc5e48b3ac7a36a30bc7caa08d3193f12fa
|
|
Update default hash algorithm (md5 -> sha1) used for generating
the server and CA certificates.
Default support for md5 has been removed for TLS 1.2 and OTP-15248
introduced a check for the whole {hash, signature} algorithm pair
as defined by RFC5246.
Change-Id: I964914914f522c10ef11c8c7c72bb9e4a0c38010
|
|
Change-Id: Ie60b2a2651ea975cebd0ccf0c7e2953f89986463
|
|
Change-Id: Ifb933d1bad647b941b7324c0712a7bc20ae74efa
|
|
Implement handling of the signature algorithms extension described by
RFC 8446. This commit updates the behavior of legacy TLS versions to
align them with RFC 8446 (TLS 1.3) and RFC 5246 (TLS 1.2).
- TLS 1.0/1.1 clients validate the client certificate against the
certificate_type field of the CertificateRequest message.
- TLS 1.2 client verifies the hash/signature algorithm pair of the
client certificate when processing a CertificateRequest. Old
behavior only checked the signature algorithms.
- TLS 1.2 server verifies that the server certificate is signed by
a hash/signature algorithm pair that appears in the
"singature_algorithms" or "signature_algorithms_cert" (RFC 8446)
extensions of the ClientHello.
Change-Id: I3e0a0d7408984f5e5b1233968934fe34d64eb2b7
|
|
Add documentation to the ssl option "signature_algs_cert"
introduced by TLS 1.3. The client/server will send a
"signature_algorithms_cert" extension, if TLS 1.3 or later
is used.
Change-Id: I17d612f311a1deef7e29473c3998e7f99fa56f02
|
|
|
|
|
|
* maint:
Updated OTP version
Prepare release
erts: Fix UNC path handling on Windows
erts: Fix a compiler warning
eldap: Fix race at socket close
Fix bug for sockopt pktoptions on BSD
erts: Fix memory leak on file read errors
|
|
* maint-21:
Updated OTP version
Prepare release
erts: Fix UNC path handling on Windows
erts: Fix a compiler warning
eldap: Fix race at socket close
Fix bug for sockopt pktoptions on BSD
erts: Fix memory leak on file read errors
|
|
|
|
maint-21
* ingela/maint/ssl/packet-options-to-tls-sender/OTP-15348:
ssl: TLS sender process needs to get updates of the socket option packet
|
|
* ingela/maint/ssl/close-alert-ERL-738/OTP-15337:
ssl: ERL-738 - Correct alert handling with new TLS sender process
|
|
maint-21
* hans/eldap/prevent_EXIT_at_close/OTP-15342/ERIERL-242:
eldap: Fix race at socket close
|
|
* john/erts/fix-unc-paths-windows/OTP-15333/ERL-737:
erts: Fix UNC path handling on Windows
erts: Fix a compiler warning
|
|
maint-21
* bjorn/compiler/fix-binary-matching/ERL-689/OTP-15335:
Fix rare bug in binary matching (again)
|
|
* raimo/BSD-sockopt-pktoptions/ERIERL-187/OTP-14297:
Fix bug for sockopt pktoptions on BSD
|
|
Conflicts:
erts/preloaded/ebin/prim_inet.beam
|
|
RaimoNiskanen/raimo/getifaddrs-netns/ERIERL-189/OTP-15121
Implement {netns,NS} option for inet:getifaddrs/1 and friends
|
|
* john/kernel/cuddle-seq_trace-test:
seq_trace: Fix label_capability_mismatch test
|
|
* maint:
crypto: Update RSA tests after algorithms doc chapter
crypto: Update RSA options to match specs and different OpenSSL versions - Put rsa_pkcs1_oaep_padding in supports/0 - #ifdef updates - Refine PKCS1_OAEP defines
|
|
|
|
- Put rsa_pkcs1_oaep_padding in supports/0
- #ifdef updates
- Refine PKCS1_OAEP defines
|
|
When compiled on OTP 22, the test suite will not load on the
OTP 20 node required for this test.
|
|
* maint:
Run emacs tests from test_suite
Emacs: consider case in erlang-get-identifier-at-point
Emacs: do not accept compiler warnings in selected elisp files
Emacs: add test-erlang-mode
|
|
* pr/1949:
Run emacs tests from test_suite
Emacs: consider case in erlang-get-identifier-at-point
Emacs: do not accept compiler warnings in selected elisp files
Emacs: add test-erlang-mode
|
|
|
|
|
|
|
|
maint
Conflicts:
lib/ssl/src/tls_sender.erl
|
|
* dgud/stdlib/unicode-11/OTP-15111:
Update to Unicode-11
|
|
This is unlikely to be the last of the path problems seen after
OTP 21, and I'm starting to regret my decision to unconditionally
use long paths. The idea to hit all long-path problems all the time
was good in theory as it makes such bugs far more visible, but
there just aren't enough people who test pre-release versions on
Windows, making this the world's slowest game of whack-a-mole.
|
|
If the socket option is set to {packet, 1|2|3|4} sender process needs to
add a packet length header. If packet is changed with ssl:setopts/2 this needs
to be communicated to tls_sender.
|