aboutsummaryrefslogtreecommitdiffstats
path: root/lib
AgeCommit message (Collapse)Author
2018-05-15ssl: Correct key_usage checkIngela Anderton Andin
The Key Usage extension is described in section 4.2.1.3 of X.509, with the following possible flags: KeyUsage ::= BIT STRING { digitalSignature (0), nonRepudiation (1), -- recent editions of X.509 have -- renamed this bit to contentCommitment keyEncipherment (2), dataEncipherment (3), keyAgreement (4), keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) } In SSL/TLS, when the server certificate contains a RSA key, then: either a DHE or ECDHE cipher suite is used, in which case the RSA key is used for a signature (see section 7.4.3 of RFC 5246: the "Server Key Exchange" message); this exercises the digitalSignature key usage; or "plain RSA" is used, with a random value (the 48-byte pre-master secret) being encrypted by the client with the server's public key (see section 7.4.7.1 of RFC 5246); this is right in the definition of the keyEncipherment key usage flag. dataEncipherment does not apply, because what is encrypted is not directly meaningful data, but a value which is mostly generated randomly and used to derive symmetric keys. keyAgreement does not apply either, because that one is for key agreement algorithms which are not a case of asymmetric encryption (e.g. Diffie-Hellman). The keyAgreement usage flag would appear in a certificate which contains a DH key, not a RSA key. nonRepudiation is not used, because whatever is signed as part of a SSL/TLS key exchange cannot be used as proof for a third party (there is nothing in a SSL/TLS tunnel that the client could record and then use to convince a judge when tring to sue the server itself; the data which is exchanged within the tunnel is not signed by the server). When a ECDSA key is used then "keyAgreement" flag is needed for beeing ECDH "capable" (as opposed to ephemeral ECDHE)
2018-05-03Merge branch 'ingela/ssl/testcuddling'Ingela Anderton Andin
* ingela/ssl/testcuddling: ssl: Exclude DTLS tests for one more OpenSSL version for now ssl: Use sane input data ssl: Make sure help function works from all parts of test suite
2018-05-03Merge branch 'lukas/kernel/logger-docs'Lukas Larsson
* lukas/kernel/logger-docs: Add xmllint to travis build kernel: Use formatter in simple logger example
2018-05-03Merge branch 'maint'John Högberg
* maint: Updated OTP version Update release notes Update version numbers ssl: Prepare for release ssl: Proper handling of clients that choose to send an empty answer to a certificate request heart: Use ntohs instead of manual conversion
2018-05-03Merge branch 'maint-20' into maintJohn Högberg
* maint-20: Updated OTP version Update release notes Update version numbers ssl: Prepare for release ssl: Proper handling of clients that choose to send an empty answer to a certificate request heart: Use ntohs instead of manual conversion
2018-05-02kernel: Use formatter in simple logger exampleLukas Larsson
2018-05-02ssl: Exclude DTLS tests for one more OpenSSL version for nowIngela Anderton Andin
2018-05-02ssl: Use sane input dataIngela Anderton Andin
2018-05-02Update release notesErlang/OTP
2018-05-02Merge branch 'ingela/ssl/client-has-no-cert/ERL-599/OTP-15050' into maint-20Erlang/OTP
* ingela/ssl/client-has-no-cert/ERL-599/OTP-15050: ssl: Prepare for release ssl: Proper handling of clients that choose to send an empty answer to a certificate request
2018-05-02Merge branch 'john/erts/fix-heart-command-overflow/OTP-15034/ERIERL-166' ↵Erlang/OTP
into maint-20 * john/erts/fix-heart-command-overflow/OTP-15034/ERIERL-166: heart: Use ntohs instead of manual conversion # Conflicts: # lib/kernel/test/heart_SUITE.erl
2018-05-02ssl: Make sure help function works from all parts of test suiteIngela Anderton Andin
Depending on context trap_exit flag may be set or not. So always set trap_exit and consume the EXIT signal and then set it back.
2018-05-02Revert "Update release notes"Henrik
This reverts commit 202bb737e3deabfebee683266f4b7c42781eb521.
2018-05-02Revert "Update version numbers"Henrik
This reverts commit 345f7f527a4c26ef49cef0d81e2c8b71bf01ebc3.
2018-04-30Update release notesErlang/OTP
2018-04-30Update version numbersErlang/OTP
2018-04-30ssl: Fix ECDSA key decode clauseIngela Anderton Andin
2018-04-30ssl: Avoid hardcoding of cipher suites and fix ECDH suite handlingIngela Anderton Andin
ECDH suite handling did not use the EC parameters form the certs as expected.
2018-04-30ssl: Run all test case combinationsIngela Anderton Andin
Fix test case code to use keyAgreement for ECDH_ECDSA
2018-04-28ssl: Update tests to reflect sslv3 is not supported by defaultIngela Anderton Andin
2018-04-27inets: Correct runtime_dependencies before releasePéter Dimitrov
Change-Id: Ia53fb6bbf0822608ce9f7afe9b905d3bb1ce0b11
2018-04-27Merge branch 'ingela/dtls/abbreviated'Ingela Anderton Andin
* ingela/dtls/abbreviated: dtls: Trigger resend in abbreviated handshake if change_cipher_spec is received to early.
2018-04-27dtls: Trigger resend in abbreviated handshake if change_cipher_specIngela Anderton Andin
is received to early.
2018-04-27Merge branch 'bjorn/compiler/yreg-init'Björn Gustavsson
* bjorn/compiler/yreg-init: beam_validator: Verify Y registers in exception-causing instructions Correct beam_utils:is_killed/3 (again)
2018-04-27[crypto] Skip test cases for specific ssl version on old machineLars Thorsen
Skip the test cases in the engine_SUITE on a specific ssl version used on one test machine.
2018-04-27Move the corba applcations to separate repositoryLars Thorsen
All corba applications are moved to a separate repository. E.g. orber, ic, cosEvent, cosEventDomain, cosNotifications cosTime, cosTransactions, cosProperty and cosFileTransfer.
2018-04-27Merge branch 'raimo/better-TLS-distribution/OTP-14969'Raimo Niskanen
* raimo/better-TLS-distribution/OTP-14969: Fix distro CRL test cases short vs long names Allow check for node name Move check ip to before SSL handshake Check client IP from server Parse cert primarily for host names Open for host and node allow list Create plug-in for distro cert nodes Rewrite TLS dist to handle node names in certs Improve node allowed check
2018-04-27inets: Fix better test case data generationIngela Anderton Andin
Inets generated test data that not conform to valid TLS cipher suites
2018-04-27Merge branch 'ingela/ssl/test-cuddle'Ingela Anderton Andin
* ingela/ssl/test-cuddle: ssl: Handle EXIT messages from test code correctly
2018-04-27Fix distro CRL test cases short vs long namesRaimo Niskanen
2018-04-27Merge branch 'ingela/inets/httpc-error-handling/ERL-605/OTP-15042'Ingela Anderton Andin
* ingela/inets/httpc-error-handling/ERL-605/OTP-15042: inets: Improve httpc gracefulness
2018-04-27ssl: Prepare for releaseIngela Anderton Andin
2018-04-27ssl: Proper handling of clients that choose to send an emptyIngela Anderton Andin
answer to a certificate request Solves ERL-599
2018-04-27ssh: ssh_channel replaced by ssh_client_channelHans Nilsson
2018-04-27ssh: ssh_daemon_channel replaced by ssh_server_channelHans Nilsson
2018-04-27ssh: Use ssh_daemon_channel_sup and ssh_damon_channelHans Nilsson
2018-04-27ssh: Create doc for the ssh_daemon_channel behaviourHans Nilsson
2018-04-27beam_validator: Verify Y registers in exception-causing instructionsBjörn Gustavsson
When an exception is handled, the stack will be scanned. Therefore all Y registers must be initialized.
2018-04-27Correct beam_utils:is_killed/3 (again)Björn Gustavsson
beam_utils:is_killed/3 could incorrectly indicate that a register was killed. The previous fix is 5da6b91ecab6c.
2018-04-27Merge branch 'siri/kernel/logger/OTP-13295'Siri Hansen
* siri/kernel/logger/OTP-13295: Add documentation of the built-in logger handlers Catch badarg in logger:get_format_depth/0 Add chars_limit option to logger_formatter Don't kill logger process until all other processes are dead Set call timeout for logger_server to infinity Update primary bootstrap Test cuddle for logger Update cth_log_redirect to a logger handler Start using logger internally in kernel and stdlib Remove error_logger process and add logger process Add logger
2018-04-27Add a bit of documentation about restart_application (#1582)David N. Welton
It is now explicitly stated that if the application type is `load`, the application will not actually be restarted by the `restart_application` instruction in relup, even if it is currently running. It will only be stopped and re-loaded.
2018-04-27Merge branch 'anders/diameter/21.0/OTP-15045'Anders Svensson
* anders/diameter/21.0/OTP-15045: vsn -> 2.1.5 Update appup for 21.0 Fix release note typo Fix documentation typos
2018-04-27inets: Improve httpc gracefulnessIngela Anderton Andin
This commit will make the close down sequence work as intended, and no crash report will be generated. Alas such error corner cases are hard to write automated test for.
2018-04-27Merge branch 'hans/ssh/cuddle_tests'Hans Nilsson
* hans/ssh/cuddle_tests: ssh: Test case fix The daemon kill is now so fast that the clients does not react fast enough in ssh_sup_SUITE:killed_acceptor_restarts/1
2018-04-27Merge branch 'hans/ssh/dbg/OTP-14896'Hans Nilsson
* hans/ssh/dbg/OTP-14896: ssh: Correct a call that re-appeared by misstake
2018-04-27Merge pull request #1799 from ↵Ingela Andin
IngelaAndin/ingela/ssl/client-has-no-cert/ERL-599/OTP-15050 ssl: Proper handling of clients that choose to send an empty answer to a certificate request
2018-04-27Merge branch 'hasse/stdlib/rfc3339_datetime/OTP-14764'Hans Bolinder
* hasse/stdlib/rfc3339_datetime/OTP-14764: stdlib: Add RFC 3339 functions to module calendar
2018-04-26ssl: Proper handling of clients that choose to send an emptyIngela Anderton Andin
answer to a certificate request Solves ERL-599
2018-04-26Update appups in kernel, stdlib and sasl for OTP-21.0Siri Hansen
2018-04-26Add documentation of the built-in logger handlersPeter Andersson