aboutsummaryrefslogtreecommitdiffstats
path: root/lib/diameter
AgeCommit message (Collapse)Author
2011-10-10Merge branch 'anders/diameter/tls_over_tcp/OTP-9605'Anders Svensson
* anders/diameter/tls_over_tcp/OTP-9605: Move init/end_per_suite into testcases Skip tls testsuite if there's no openssl Clarify that ssl must be started for TLS support Add tls support at connection establishment Add tls testsuite Documentation updates Close transport if tls is requested over sctp Handle tls notification for tcp Lift recursion in tcp message reception up the call chain Add tls support to capabilities exchange
2011-10-10Merge branch 'anders/diameter/testsuite_robustness/OTP-9619'Anders Svensson
* anders/diameter/testsuite_robustness/OTP-9619: Make testsuites more robust in case of init failure
2011-10-10Merge branch 'anders/diameter/eprotonosupport/OTP-9615'Anders Svensson
* anders/diameter/eprotonosupport/OTP-9615: gen_sctp:open/0-2 might return {error, eprotonosupport}
2011-10-10Move init/end_per_suite into testcasesAnders Svensson
See ac2810603b7aaad24129fadf887d9e8deff31d2f.
2011-10-10gen_sctp:open/0-2 might return {error, eprotonosupport}Anders Svensson
Previously error:badarg was raise if there was no underlying support for SCTP. Handle both new and old failure until OTP-9239 is merged.
2011-10-07Make testsuites more robust in case of init failureAnders Svensson
In particular, move code out of init_per_suite since failure causes end_per_suite to be skipped. Cleanup is simpler if both init and cleanup happen as testcases.
2011-10-07Skip tls testsuite if there's no opensslAnders Svensson
2011-10-07Simplify depend.sed for better compatibilityAnders Svensson
Sed on Solaris doesn't remember matches after branching.
2011-10-06Clarify that ssl must be started for TLS supportAnders Svensson
Also update app testsuite to allow for "undefined" calls from diameter_tcp to ssl.
2011-10-06Add tls support at connection establishmentAnders Svensson
This is the method added in draft-ietf-dime-rfc3588bis, whereby a TLS handshake immediately follows connection establishment and CER/CEA is sent over the secured connection.
2011-10-06Add tls testsuiteAnders Svensson
2011-10-06Documentation updatesAnders Svensson
2011-10-06Close transport if tls is requested over sctpAnders Svensson
RFC 3588 requires that a Diameter server support TLS but in practise this seems to mean TLS over SCTP since there are limitations with running over SCTP: see RFC 6083 (DTLS over SCTP), which is a response to RFC 3436 (TLS over SCTP). The current RFC 3588 draft acknowledges this by equating the Inband-Security-Id value TLS with TLS/TCP and DTLS/SCTP but underlying support for DTLS is still thin on the ground.
2011-10-06Handle tls notification for tcpAnders Svensson
If TLS has been configured on Inband-Security-Id then the transport process receives a message from the peer_fsm process indicating whether or not to upgrade to TLS. The current draft of RFC 3588 deprecates (but retains for backwards compatibility) the use of Inband-Security-Id for negotiating TLS, adding the possibility of TLS having be negotiated before capabilities exchange. This commit handles the deprecated case.
2011-10-06Lift recursion in tcp message reception up the call chainAnders Svensson
When an initial message is received and TLS is a possibility, must wait for a message from the peer process before either commencing a handshake or receiving more messages.
2011-10-06Add tls support to capabilities exchangeAnders Svensson
To upgrade a connection to TLS or not, that is the question. It is possible for us to send a CER offering both NO_INBAND_SECURITY and TLS and for the peer to answer likewise: RFC 3588 doesn't make clear that a CEA should be unambiguous about the choice of security. Thus, if TLS is offered then assume the server is prepared to for a handshake. Similarly, when receiving a CER, choose TLS if it's offered and be unambiguous about our choice in CEA. There is no ssl:maybe_accept that would let us receive a handshake if it comes or another message if it doesn't. The choice of TLS should probably be made into a callback so that an application can decide based on the peer's Origin-Realm for example. Such a callback could also be used to reject a CER/CEA. Handle Inband-Security-Id values other than NO_INBAND_SECURITY and TLS by assuming that they require no intervention by the transport module, treating them like NO_INBAND_SECURITY. Whether or not this is reasonable (or useful) is unclear. There may be a need for more sychronization than we have on offer. (Having to do something before taking the connection up for example.) Note that diameter_peer_fsm must be upgraded before diameter_capx because of the new return value from diameter_capx:recv_CEA/2.
2011-10-04Merge branch 'dev' into majorBjörn-Egil Dahlberg
2011-10-04Prepare releaseOTP_R14B04Erlang/OTP
2011-09-29Merge branch 'dev' into majorAnders Svensson
2011-09-29Merge branch 'anders/diameter/testsuites/OTP-9553' into devAnders Svensson
* anders/diameter/testsuites/OTP-9553: Remove forgotten dbg
2011-09-29Remove forgotten dbgAnders Svensson
2011-09-28Merge branch 'dev' into majorAnders Svensson
2011-09-28Merge branch 'anders/diameter/testsuites/OTP-9553' into devAnders Svensson
* anders/diameter/testsuites/OTP-9553: Don't install Emakefile at release_tests
2011-09-28Don't install Emakefile at release_testsAnders Svensson
Emakefile contained compile flags that caused compilation of suites to fail in some cases. common_test will generate an Emakefile and diameter has no need for one of its own.
2011-09-28Fix make dependency blunderAnders Svensson
Missed the dependency of dictionary beams on diameter_exprecs when removing compiler modules from app file. The changed build order then caused the build to fail.
2011-09-27Merge branch 'dev' into majorAnders Svensson
Conflicts: lib/diameter/src/app/Makefile
2011-09-27Example/dbg/comment fixesAnders Svensson
2011-09-27Don't include compiler/help modules in appAnders Svensson
2011-09-27Set version to 0.10 and update appupAnders Svensson
2011-09-27Merge branch 'dev' into majorAnders Svensson
2011-09-27Merge branch 'anders/diameter/testsuites/OTP-9553' into devAnders Svensson
* anders/diameter/testsuites/OTP-9553: (23 commits) Explicit {init,end}_per_group/2 to work around ct bug Add relay suite More traffic cases Add traffic suite Use groups for parallel testcase execution Remove gen_sctp suite since it's not diameter-specific Minor macro cleanup Minor diameter_ct simplification Improve xref testcase Don't require GNU sed to fail testsuite targets Generate dependencies makefile Makefile/spec cleanup Remove old test framework Add transport and gen_sctp suites Add watchdog suite Add stats suite Add sync suite Add reg suite Add dict suite, remove session suite Move appup tests into app suite and use systools for both ...
2011-09-27Merge branch 'anders/diameter/send_anything/OTP-9581' into devAnders Svensson
* anders/diameter/send_anything/OTP-9581: Fix sending of messages of arbitrary form
2011-09-27Merge branch 'anders/diameter/relay_behaviour/OTP-9583' into devAnders Svensson
* anders/diameter/relay_behaviour/OTP-9583: Fix and clarify relay behaviour
2011-09-27Merge branch 'anders/diameter/peer_filters/OTP-9580' into devAnders Svensson
* anders/diameter/peer_filters/OTP-9580: Fix and clarify semantics of peer filters
2011-09-27Merge branch 'anders/diameter/logging/OTP-9579' into devAnders Svensson
* anders/diameter/logging/OTP-9579: Makefile dependency fix Remove duplicate info from error report at encode failure Use single format for error_logger reports Fix improper use of error_logger:info_report/2
2011-09-27Merge branch 'anders/diameter/header_folding_error/OTP-9577' into devAnders Svensson
* anders/diameter/header_folding_error/OTP-9577: Fix header folding bug
2011-09-27Merge branch 'anders/diameter/documentation/OTP-9582' into devAnders Svensson
* anders/diameter/documentation/OTP-9582: Minor documentation fixes
2011-09-27Explicit {init,end}_per_group/2 to work around ct bugAnders Svensson
Without these functions the result pages are currently mangled. The overview page shows that no suites have run, even though all in fact are, and diameter-specific page is truncated after the dict suite, which is the first suite that relied on an implicit {init,end}_per_group/2. This is apparently the result of a recent common_test commit.
2011-09-27Add relay suiteAnders Svensson
2011-09-26Fix bugs in sending of answer-message repliesAnders Svensson
3001 (DIAMETER_COMMAND_UNSUPPORTED) was not sent since the decode placed the AVP list in the errors field rather than the avps field of the diameter_packet, causing the subsequent encode to fail. Session-Id was also set improperly, causing encode to fail even in this case.
2011-09-26Fix and clarify relay behaviourAnders Svensson
Leave it up to a handle_request callback to decide whether or not to filter the peer from which the incoming request was sent. Reply with 3002 (DIAMETER_UNABLE_TO_DELIVER) on anything but an answer from the peer.
2011-09-26Makefile dependency fixAnders Svensson
Dependency of generated dictionary modules on diameter.hrl and diameter_gen.hrl was missed.
2011-09-26Remove duplicate info from error report at encode failureAnders Svensson
The message being encoded and dictionary module are included by diameter_codec.erl so diameter_gen.hrl doing so was overkill.
2011-09-26Use single format for error_logger reportsAnders Svensson
2011-09-26More traffic casesAnders Svensson
2011-09-26Add traffic suiteAnders Svensson
2011-09-26Use groups for parallel testcase executionAnders Svensson
2011-09-26Remove gen_sctp suite since it's not diameter-specificAnders Svensson
2011-09-26Minor macro cleanupAnders Svensson
2011-09-26Minor diameter_ct simplificationAnders Svensson