Age | Commit message (Collapse) | Author |
|
When the server_name_indication is sent automatize the
clients check of that the hostname is present in the
servers certificate. Currently server_name_indication shall
be on the dns_id format. If server_name_indication is disabled
it is up to the user to do its own check in the verify_fun.
|
|
With the 24 option we might be unlucky and get failing tests just because
cert expired before the test is run.
|
|
|
|
LibreSSL doesn't like it when we pass a negative number for the
-crlhours argument. I'm not sure if there is another way to make it
generate a CRL with expiry date in the past, so let's skip that test
in this case.
|
|
This module is an implementation of the ssl_crl_cache_api behaviour.
It can be used when there is a directory containing CRLs for all
relevant CAs, in the form used by e.g. Apache. The module assumes
that the directory is being updated through an external process.
|
|
LibreSSL does not allow it.
|
|
|
|
This commit adds tests for SNI server support in:
* ssl_sni_SUITE.erl
* ssl_to_openssl_SUITE.erl
And some more modifications:
* make_certs also makes two certs for SNI, and adds
extra options for SNI.
|
|
|
|
|
|
Certificates uses: default_md = sha256
This is not supported on all test platforms, use md5 instead for testing.
|
|
|
|
* Handle v1 CRLs, with no extensions.
* Compare the IDP on a CRL correctly, if present
* Don't try to double-decode altnames
Tests are also included, and the make_certs testing tool in the SSL
application has been greatly extended.
|
|
* http://technotes.googlecode.com/git/nextprotoneg.html
|
|
|
|
in client hello message when a client certificate is used
The client hello message now always include ALL available cipher suites
(or those specified by the ciphers option). Previous implementation would
filter them based on the client certificate key usage extension (such
filtering only makes sense for the server certificate).
|
|
|