| Age | Commit message (Collapse) | Author |
|---|
|
* hb/doc_fixes/OTP-9616:
Correct the docs
|
|
|
|
The indentation of the <d> tag has been corrected, as has the
corresponding tag used for Erlang specs.
The contents of the <v> was not properly processed.
|
|
The two noncharacter code points 16#FFFE and 16#FFFF were not
allowed to be encoded or decoded using the unicode module or
bit syntax. That causes an inconsistency, since the noncharacters
16#FDD0 to 16#FDEF could be encoded/decoded.
There is two ways to fix that inconsistency.
We have chosen to allow 16#FFFE and 16#FFFF to be encoded and
decoded, because the noncharacters could be useful internally
within an application and it will make encoding and decoding
slightly faster.
Reported-by: Alisdair Sullivan
|
|
|
|
* hb/stdlib/dets_repair/OTP-9622:
Fix a minor bug in Dets
|
|
* ia/ssl-peername-one-should-not-be-removed:
Put back ssl:peercert/1
|
|
Incorrect use of ets:match changed to ets:match_object.
|
|
The IDL-GENERATED files must be removed too; otherwise the target
files will not be made the next time 'make' is invoked.
|
|
I accidentally removed a little too much, only peercert/2 was deprecated.
|
|
|
|
Now, in child specification, the shutdown value can also be set to infinity
for worker children. This restriction was removed because this is not always
possible to predict the shutdown time for a worker. This is highly
application-dependent.
|
|
* hb/kernel/fix_disk_log/OTP-9508:
Fix two minor disk_log bugs
|
|
If a Dets table had been properly closed but the space management data
could not been read, it was not possible to repair the file.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* anders/diameter/tls_over_tcp/OTP-9605:
Move init/end_per_suite into testcases
Skip tls testsuite if there's no openssl
Clarify that ssl must be started for TLS support
Add tls support at connection establishment
Add tls testsuite
Documentation updates
Close transport if tls is requested over sctp
Handle tls notification for tcp
Lift recursion in tcp message reception up the call chain
Add tls support to capabilities exchange
|
|
* anders/diameter/testsuite_robustness/OTP-9619:
Make testsuites more robust in case of init failure
|
|
* anders/diameter/eprotonosupport/OTP-9615:
gen_sctp:open/0-2 might return {error, eprotonosupport}
|
|
* anders/diameter/doc_dependencies/OTP-9612:
Simplify depend.sed for better compatibility
|
|
See ac2810603b7aaad24129fadf887d9e8deff31d2f.
|
|
Previously error:badarg was raise if there was no underlying support
for SCTP. Handle both new and old failure until OTP-9239 is merged.
|
|
In particular, move code out of init_per_suite since failure
causes end_per_suite to be skipped. Cleanup is simpler if both
init and cleanup happen as testcases.
|
|
|
|
|
|
comments
|
|
Replace the behaviour_info(callbacks) export in stdlib's behaviours with
-callback' attributes for all the callbacks.
|
|
'behaviour_info(callbacks)' is a special function that is defined in a module
which describes a behaviour and returns a list of its callbacks.
This function is now automatically generated using the '-callback' specs. An
error is returned by lint if user defines both '-callback' attributes and the
behaviour_info/1 function. If no type info is needed for a callback use a
generic spec for it.
|
|
Behaviours may define specs for their callbacks using the familiar spec syntax,
replacing the '-spec' keyword with '-callback'. Simple lint checks are performed
to ensure that no callbacks are defined twice and all types referred are
declared.
These attributes can be then used by tools to provide documentation to the
behaviour or find discrepancies in the callback definitions in the callback
module.
|
|
|
|
Sed on Solaris doesn't remember matches after branching.
|
|
Also update app testsuite to allow for "undefined" calls
from diameter_tcp to ssl.
|
|
This is the method added in draft-ietf-dime-rfc3588bis, whereby
a TLS handshake immediately follows connection establishment and
CER/CEA is sent over the secured connection.
|
|
|
|
|
|
RFC 3588 requires that a Diameter server support TLS but in
practise this seems to mean TLS over SCTP since there are limitations
with running over SCTP: see RFC 6083 (DTLS over SCTP), which is a
response to RFC 3436 (TLS over SCTP). The current RFC 3588 draft
acknowledges this by equating the Inband-Security-Id value TLS
with TLS/TCP and DTLS/SCTP but underlying support for DTLS is
still thin on the ground.
|
|
If TLS has been configured on Inband-Security-Id then the transport
process receives a message from the peer_fsm process indicating
whether or not to upgrade to TLS.
The current draft of RFC 3588 deprecates (but retains for backwards
compatibility) the use of Inband-Security-Id for negotiating TLS,
adding the possibility of TLS having be negotiated before capabilities
exchange. This commit handles the deprecated case.
|
|
When an initial message is received and TLS is a possibility, must
wait for a message from the peer process before either commencing
a handshake or receiving more messages.
|
|
To upgrade a connection to TLS or not, that is the question. It
is possible for us to send a CER offering both NO_INBAND_SECURITY
and TLS and for the peer to answer likewise: RFC 3588 doesn't make
clear that a CEA should be unambiguous about the choice of security.
Thus, if TLS is offered then assume the server is prepared to
for a handshake. Similarly, when receiving a CER, choose TLS if
it's offered and be unambiguous about our choice in CEA. There is
no ssl:maybe_accept that would let us receive a handshake if it
comes or another message if it doesn't.
The choice of TLS should probably be made into a callback so that
an application can decide based on the peer's Origin-Realm for
example. Such a callback could also be used to reject a CER/CEA.
Handle Inband-Security-Id values other than NO_INBAND_SECURITY and
TLS by assuming that they require no intervention by the transport
module, treating them like NO_INBAND_SECURITY. Whether or not this
is reasonable (or useful) is unclear. There may be a need for more
sychronization than we have on offer. (Having to do something before
taking the connection up for example.)
Note that diameter_peer_fsm must be upgraded before diameter_capx
because of the new return value from diameter_capx:recv_CEA/2.
|
|
Multiple instances of javadoc would be started at once, which is
unnecessary work and could cause one or more instances to fail
while creating directories. Use a stand-in file (JAVADOC-GENERATED)
to ensure that only one instance of javadoc is started.
Since javadoc creates directories itself, there is no need to
explicitly create the $(JAVA_OUT_DIR) directory.
|
|
This reverts commit d9ec7c91ca6ae019ad80b03fb184924bad8d6bc8.
The commit did not fix the real problem.
|
|
* ia/ssl/remove-old-ssl/OTP-7048:
Remove old ssl implementation and deprecated function ssl:peercert/1
Conflicts:
lib/ssl/test/Makefile
|
|
* ia/ssl/dist-more-tests:
Better option handling
Improve code structure
Remove ssl_prim calls that are remains from the old ssl distribution
Add payload test
|
|
|
