aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/test/make_certs.erl
AgeCommit message (Collapse)Author
2018-04-27Fix distro CRL test cases short vs long namesRaimo Niskanen
2017-06-14Update copyright yearHans Nilsson
2017-05-06ssl: Add hostname check of server certificateIngela Anderton Andin
When the server_name_indication is sent automatize the clients check of that the hostname is present in the servers certificate. Currently server_name_indication shall be on the dns_id format. If server_name_indication is disabled it is up to the user to do its own check in the verify_fun.
2017-01-12ssl: Make crls valid for a week instead of 24 hoursIngela Anderton Andin
With the 24 option we might be unlucky and get failing tests just because cert expired before the test is run.
2016-12-07Update copyright-yearErlang/OTP
2016-05-19Skip crl_hash_dir_expired test for LibreSSLMagnus Henoch
LibreSSL doesn't like it when we pass a negative number for the -crlhours argument. I'm not sure if there is another way to make it generate a CRL with expiry date in the past, so let's skip that test in this case.
2016-04-05Add ssl_crl_hash_dir moduleMagnus Henoch
This module is an implementation of the ssl_crl_cache_api behaviour. It can be used when there is a directory containing CRLs for all relevant CAs, in the form used by e.g. Apache. The module assumes that the directory is being updated through an external process.
2015-12-14ssl: Do not use environment variables in openSSL config fileIngela Anderton Andin
LibreSSL does not allow it.
2015-06-18Change license text to APLv2Bruce Yinhe
2015-05-12ssl: add tests for SNI server supportQijiang Fan
This commit adds tests for SNI server support in: * ssl_sni_SUITE.erl * ssl_to_openssl_SUITE.erl And some more modifications: * make_certs also makes two certs for SNI, and adds extra options for SNI.
2015-03-09ssl: Integrate public_key CRL verification with the ssl applicationIngela Anderton Andin
2014-04-23ssl: Fixes ssl_crl_SUITE errors on mixed ipv6-v4 interfacesHans Nilsson
2014-03-28ssl: Testing - sha256 digest not supported on all platformsBjörn-Egil Dahlberg
Certificates uses: default_md = sha256 This is not supported on all test platforms, use md5 instead for testing.
2014-03-26Rework IDP validation according to the RFC, fix public_key testsAndrew Thompson
2014-03-26Various improvements to CRL handlingAndrew Thompson
* Handle v1 CRLs, with no extensions. * Compare the IDP on a CRL correctly, if present * Don't try to double-decode altnames Tests are also included, and the make_certs testing tool in the SSL application has been greatly extended.
2012-09-20ssl: Support for SSL Next Protocol NegotiationBen Murphy
* http://technotes.googlecode.com/git/nextprotoneg.html
2011-02-17Update all fin_per_testcase to end_per_testcase.Lukas Larsson
2010-08-18Fix bug in ssl handshake protocol related to the choice of cipher suitesPaul Guyot
in client hello message when a client certificate is used The client hello message now always include ALL available cipher suites (or those specified by the ciphers option). Previous implementation would filter them based on the client certificate key usage extension (such filtering only makes sense for the server certificate).
2010-01-13Add test suite for the ssl applicationDan Gudmundsson