In House Erlang Patch

[zkessin]

The package for erlang is not using the ESL or OTP repo, but to the branch new_crypto_dtls on @RoadRunnr 's repo. This branch patches a bunch of SSL code, in ways that I am not qualified to evaluate.

1. The development runtime and the production runtime are not the same, which can cause bugs that are not reproducible
2. Crypto code is very hard to get right, and I for one do not have the know how to evaluate this

[RoadRunnr]

The change has been submitted upstream and upstream is in the process of integrating it. Until that
time this is a required product feature with ZERO alternatives.

1. The development runtime and the production runtime are not the same, which can cause bugs that are not reproducible

wrong, the Erlang runtime in question is only used in SCG builds, the development runtime for the SCG is exactly the same, otherwise the development would not work

2. Crypto code is very hard to get right, and I for one do not have the know how to evaluate this

First, this does not touch crypto code, it only touches the state machine that feeds the crypto code.

When you can't evaluate this code and see this as a problem, why are you trusting the Erlang SSL App in the first place which you can't evaluate either?

[zkessin]

Ok, first of all it is tplino-core, if it is only needed for SCG then put it there.