PORT: Fixed compilation on Windows
ADDED: Enable printing a backtrace by default on uncaught exceptions.
ENHANCED: library(prolog_stack). Prepare to include by default.
ADDED: term_size/2 as discussed on the mailinglist.
SECURITY: possible buffer overflow in '$def_modules'/2
FIXED: Possible exception in colouring.
ENHANCED: error handling for cross-referencer
ADDED: sandbox declarations for library(lazy_lists).
FIXED: lazy_list_materialize/1 and lazy_list_length/2.
ADDED: close list if iterator fails.
ADDED: library(lazy_lists).
FIXED: library(prolog_xref): handle xpce new arguments.
ADDED: library(prolog_source): hook prolog:xref_close_source/2. Also documented the open/close hooks.
FIXED: tmp_file_stream/3: if encoding is octet, switch to binary.
FIXED: character code errors and tests. Paulo Moura.
FIXED: Issue#178: be more consistent on Unicode character overflow. Jan Burse.
ADDED: library(sandbox): declare term_string/3 safe. Issue#179
ENHANCED: library(pce_colour): avoid loading xpce, but do support it if it is loaded anyway.
FIXED: xref_source/2: only continue reading on syntax errors; stop on e.g., I/O and other errors.
FIXED: Remove effective depth-limit while executing a signal callback. This causes thread_signal/2, call_with_time_limit/2 and other signal based thread interaction to fail.
Package clib:
SECURITY: possible overflow of in_addr struct
Package http:
ADDED: library(html_write): html_root_attribute//2. Wouter Beek.
CLEANUP: Remove non-functional JavaScript parser, only leaving the tokenizer.
Package pengines:
ENHANCED: /pengine/abort interrupts ongoing output for a concurrently running request.
ENHANCED: /pengine/abort empties the waiting queue before sending the abort message.
ENHANCED: Pengine.abort() cancels a possibly running request using .abort() on the jqXHR object.
Package ssl:
PORT: EOF when writing is now correctly handled also in OpenSSL 1.1.0c. This has become necessary because in OpenSSL 1.1.0c, SSL_write() returns -1 on EOF whereas it previously returned 0.
In later OpenSSL versions, the previous behaviour is restored, see:
https://github.com/openssl/openssl/issues/1903This commit makes the code work in 1.1.0c as well as earlier and later versions.
Example (client.pl, server.pl closed connection) with 1.1.0c, previously:
Client accepts the server certificate
ERROR: Prolog initialisation failed:
ERROR: read_util:read_line_to_codes/2: I/O error in read on stream
Now:
Client accepts the server certificate
Foreign predicate system:close/1 did not clear exception:
error(io_error(write,(0x828b08)),context(close/1,Broken pipe))
PORT: Handle EOF portably, making copy_stream_data/2 etc. work in OpenSSL 1.1.0c. This is necessary due to a change in behaviour of OpenSSL 1.1.0c: When encountering EOF, SSL_read() now returns -1 instead of 0 (as it did previously).
Note that this behaviour may change again in future versions, since it is currently subject to debate:
However, 1.1.0c is already published and must be accommodated, and further, this change will remain valid even if the return value of SSL_read() changes again, since we now explicitly check for EOF.
FIXED: Correct call of server_loop/2 in test cases.
PORT: Use compatibility functions to simplify BIO creation.
FIXED: Configuration of const qualifier with OpenSSL versions that do not provide X509_CRL_get0_signature (< 1.0.2).
FIXED: Detect 'const' qualifier of X509_get0_signature in OpenSSL >= 1.1.0.
PORT: Issue#51: reenable host checking on OpenSSL 1.1.0. Hacky.
We should dealy libressl issues until the openssl 1.0/1.1 issues are resolved.
PORT: Autoconf for changed 509_get0_signature() signature.
PORT: Test presence of X509_CRL_get0_signature and X509_get0_signature. Necessary for compilation with OpenSSL 1.0.2.
PORT: Use compatibility macros to reduce the difference between OpenSSL versions.
ENHANCED: Register SSL context before configuring various settings. This makes the context amenable to garbage collection also if errors arise during initialization (such as certificate/key mismatch etc.), fixing several memory leaks.
FIXED: Memory leak when private key does not match certificate.
PORT: OPENSSL_zalloc is a macro
PORT: Configure script now also recognizes OpenSSL >= 1.1.0.
FIXED: CRYPTO_THREADID type relies on openssl/ssl.h header file
PORT: LibreSSL X509_VERIFY_PARAM does not have an ID member
PORT: const is also ok for the old version
PORT: test using autoconf
CLEANUP: Simplify conditional compilation with old OpenSSL versions.
PORT: library(ssl) now also compiles with OpenSSL version 1.1.0, which is needed for ChaCha20-Poly1305 and other recent ciphers. Status:
*) library(ssl) compiles and works for most use cases with OpenSSL 1.1.0. *) 47 tests pass. *) 2 tests fail. In both cases, certificate verification fails as expected, but for a different reason than expected.
Conditional compilation is used to retain backwards compatibility. Therefore, this is ready for merging any time, to give users a chance to compile with OpenSSL 1.1.0, run most applications, and help with testing.
ENHANCED: Consistent error term on private key decryption failure. Example, previously:
ENHANCED: Consistent error when a certificate, but no key is specified. Previously:
CLEANUP: Use BIO_new_mem_buf() to simplify the code. Also, free the private key BIO sooner.
TEST: Add tests for missing certificate and key options, with and without SNI. Here is a test case that currently leads to different error messages on repeated invocations:
Ideally, the error would consistently state 'no private key assigned'!
Note also that the ssllib.c leaks memory in such cases!
FIXED: Reject (again) cases where a private key file and SNI hook are specified, but the certificate is omitted. db2131e49d7ee28c1bcaaf0eb3b22d3fd87aadb6 inadvertently relaxed the check to cases where the private key was specified via key/1. However, we want to raise this error also when key_file/1 is used instead.
