Age | Commit message (Collapse) | Author |
|
key support
This patch adds support for RSA, DSA and EC private keys encoded using PKCS8 format.
Test *.pem files are made with converting existing *.pem files using openssl:
openssl pkcs8 -in ... -out ... -topk8 -nocrypt
|
|
* lukas/ssl/fix_erl_epmd_usage/OTP-15086:
ssl: Fix usage of erl_epmd in tls dist
|
|
Fixes: 662f3c7ba50ff8ec13d8
|
|
* lukas/erts/cpu_time_thread/OTP-15090:
erts: Make cpu_timestamp use per thread on Linux
|
|
* peppe/peppe/kernel/logger_handler_fixes:
Various logger handler improvements and updated test cases
Make it possible to disable sync and drop mode
Conflicts:
lib/kernel/test/logger_disk_log_h_SUITE.erl
lib/kernel/test/logger_std_h_SUITE.erl
|
|
|
|
* hasse/dialyzer/funs_in_dead_code/OTP-15079/ERL-593:
dialyzer: Do not emit warnings for unreachable funs
|
|
* origin/ingela/ssl/deprecate-ssl-accept/OTP-15056:
ssl: Deprecate ssl:ssl_accept/[1,2,3]
|
|
|
|
* sverker/ets-delete_all_objects-trap/OTP-15078:
erts: Rename untrapping db_free_*empty*_table
erts: Make ets:delete_all_objects yield on fixed table
erts: Optimize ets delete all in fixed table
erts: Refactor ets select iteration code
erts: Cleanup ets code
erts: Optimize ets hash object deallocactions
erts: Refactor pseudo deleted ets objects
erts: Make atomic ets:delete_all_objects yield
erts: Fix reduction bump for ets:delete/1
|
|
* sverker/crypto-upgrade-bug/OTP-15088:
crypto: Robustify the do-once-initialization
crypto: Fix upgrade bug when engine support is missing
|
|
Introduce boolean 'library_initialized' that is set once
and never cleared as that is how initialization must be done.
Kept 'library_refc' as it may be interesting for debugging.
Moved the three init_*_types() functions last as those must
only be called once and there were error cases bailing out after them.
|
|
library_refc was not checked causing crash
when init_digest_types() was called a second time.
|
|
* hans/ssh/channel_cb_reason/OTP-15084:
ssh: Terminate reason was always the name of the called callback module
|
|
* hans/ssh/monitor/OTP-15082:
ssh: Replace link by monitor for exit supervision
|
|
Add ?OTP_RELEASE, -if and -elif to the preprocessor
OTP-15087
|
|
OTP-14988
|
|
ssl: Correct key_usage check
|
|
epmd: allow alternative to dns resolving for nodename
|
|
* siri/kernel/dont-store-incl-apps-in-env/OTP-15071:
Don't save included_applications as application environment variable
|
|
This makes it possible to create a custom integration with a
key-value store for example. The key would then point to the
actual address. You would have to write your own epmd module
to make use of that feature.
|
|
|
|
|
|
* richcarl/eliminate_lib_module/PR-1786/OTP-15072:
Fix minor issues
Eliminate call to ct:get_progname() in ts_erl_config
Use \n escape instead of integer 10
Move error formatting to erl_error.erl and delete lib.erl
Move extended parse functions in lib.erl to erl_eval.erl
Move lib:eval_str/1 into mod_esi.erl
Remove lib:progname/0
Eliminate call to lib:progname/1 in slave.erl
Add ct:get_progname/0
Remove lib:error_message/2
Remove lib:flush_receive/0
Remove lib:send/2 and lib:sendw/2
Move lib:nonl/1 into yecc.erl
|
|
The Key Usage extension is described in section 4.2.1.3 of X.509, with the following possible flags:
KeyUsage ::= BIT STRING {
digitalSignature (0),
nonRepudiation (1), -- recent editions of X.509 have
-- renamed this bit to contentCommitment
keyEncipherment (2),
dataEncipherment (3),
keyAgreement (4),
keyCertSign (5),
cRLSign (6),
encipherOnly (7),
decipherOnly (8) }
In SSL/TLS, when the server certificate contains a RSA key, then:
either a DHE or ECDHE cipher suite is used, in which case the RSA key
is used for a signature (see section 7.4.3 of RFC 5246: the "Server
Key Exchange" message); this exercises the digitalSignature key usage;
or "plain RSA" is used, with a random value (the 48-byte pre-master
secret) being encrypted by the client with the server's public key
(see section 7.4.7.1 of RFC 5246); this is right in the definition of
the keyEncipherment key usage flag.
dataEncipherment does not apply, because what is encrypted is not
directly meaningful data, but a value which is mostly generated
randomly and used to derive symmetric keys. keyAgreement does not
apply either, because that one is for key agreement algorithms which
are not a case of asymmetric encryption (e.g. Diffie-Hellman). The
keyAgreement usage flag would appear in a certificate which contains a
DH key, not a RSA key. nonRepudiation is not used, because whatever is
signed as part of a SSL/TLS key exchange cannot be used as proof for a
third party (there is nothing in a SSL/TLS tunnel that the client
could record and then use to convince a judge when tring to sue the
server itself; the data which is exchanged within the tunnel is not
signed by the server).
When a ECDSA key is used then "keyAgreement" flag is needed for beeing
ECDH "capable" (as opposed to ephemeral ECDHE)
|
|
If we don't use per thread the value becomes completely
nonsensical on systems with more than one scheduler.
We keep the old solaris behaviour in order to support the
option, but it only really works when using a single
scheduler.
|
|
* lukas/erts/otp-21-misc:
erts: Fix unused variable warning in unix prim file
erts: Fix erts_os_times warning
kernel: Fix comment in kernel_config
kernel: Refactor erl_signal_handler startup
kernel: Remove doc for unused browser_cmd variable
|
|
The error_logger is no longer added here.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* hasse/tools/xref_fix:
tools: Handle fast restarts of Xref server
|
|
* hans/ssh/rekey_limit/OTP-15069:
ssh: Test the infinity rekey_limit option
ssh: Add infinity as values to rekey_limit
|
|
Warnings are not generated for funs residing in dead code.
In particular, warnings like "The created fun has no local return" are
no longer generated for funs declared in clauses or functions that
cannot be run.
|
|
|
|
Zero is removed from the Minutes in the new tuple value to remove a loop possibility. The zero is kept for bytes since that is not dangerous and a removal would be an unnecssary incompatibility.
|
|
|
|
* siri/logger-fix:
Update reference manuals for logger
Update some specs in logger
|
|
|
|
* maint:
Updated OTP version
Prepare release
ssh: Renegotiation -> renegotiate
ssh: Fix DH group exchange server bug for PuTTY and others following draft-draft-00 from 2001 and not the rfc4419
ssh: Fix server crashes for exit-normal signals
|
|
* maint-19:
Updated OTP version
Prepare release
ssh: Renegotiation -> renegotiate
ssh: Fix DH group exchange server bug for PuTTY and others following draft-draft-00 from 2001 and not the rfc4419
ssh: Fix server crashes for exit-normal signals
Conflicts:
OTP_VERSION
lib/ssh/doc/src/notes.xml
lib/ssh/src/ssh_connection_handler.erl
lib/ssh/src/ssh_transport.erl
lib/ssh/vsn.mk
otp_versions.table
|
|
During cross compilation, the ct module is not available.
|
|
|
|
|
|
Libraries or applications that support more than one major
release of OTP may need to use conditional compilation of
Erlang source code. Here are few examples where it would be
necessary or desirable:
* To support a new data type or language feature only available
in the latest major release (real-world examples: maps and the
stacktrace syntax).
* To avoid warnings for deprecated functions.
* To avoid dialyzer warnings.
Previously, to do conditional compilation, one would have to
use a parse transform or some external tool such as 'autoconf'.
To simplify conditional compilation, introduce the -if and -elif
preprocessor directives, to allow code like this to be written:
-if(?OTP_RELEASE =:= 21).
%% Code that will only work in OTP 21.
-else.
%% Fallback code.
-endif.
What kind of expressions should be allowed after an -if?
We certainly don't want to allow anything with a side effect,
such as a '!' or a 'receive'. We also don't want it to be
possible to call erlang:system_info/1, as that could make the
code depedent on features of the run-time system that could
change very easily (such as the number of schedulers).
Requiring the expression to be a guard expression makes most
sense. It is to explain in the documentation and easy for users
to understand. For simplicity of implementation, only a single
guard expression will be supported; that is, the ',' and ';' syntax
for guards is not supported.
To allow some useful conditions to be written, there is a special
built-in function:
defined(Symbol) tests whether the preprocessor symbol is defined,
just like -ifdef. The reason for having this defined/1 is that
the defined test can be combined with other tests, for example:
'defined(SOME_NAME) andalso ?OTP_RELEASE > 21'.
|
|
by using a cooperative strategy that will make
any process accessing the table execute delelete_all_objects_continue
until the table is empty.
This is not an optimal solution as concurrent threads will still
block on the table lock, but at least thread progress is made.
|