aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/test/ssl_basic_SUITE.erl
AgeCommit message (Collapse)Author
2017-09-30dtls: Compleate DTLS renegotiate implementationIngela Anderton Andin
2017-09-07ssl: Make sure test initilization is cleanIngela Anderton Andin
Otherwhise test can be wrongly initialized and will fail as they try to run with a broken setup. This is an addition to b3ca5727169deaa38917edca8288dcaff9a36800 that accidently was the wrong version of that branch.
2017-09-01ssl: Make sure test initilization is cleanIngela Anderton Andin
Otherwhise test can be wrongly initialized and will fail as they try to run with a broken setup.
2017-08-24Merge branch 'ingela/ssl/dtls-alert-handling/OTP-14078' into maintIngela Anderton Andin
* ingela/ssl/dtls-alert-handling/OTP-14078: dtls: Customize alert handling for DTLS over UDP
2017-08-23ssl: Enable more DTLS testsIngela Anderton Andin
Problems with failure of ssl_certificate_verify_SUITE when enabling DTLS-1 tests in ssl_basic_SUITE was a combination of the bug fixed by the previous commit and missing clean up code for dtls_protocol_versions application environment variable
2017-08-14Merge branch 'ingela/ssl/timeout-cuddle' into maintIngela Anderton Andin
* ingela/ssl/timeout-cuddle: ssl: Longer timeouts for test cases that do many handshakes
2017-08-14dtls: Customize alert handling for DTLS over UDPIngela Anderton Andin
From RFC 6347: 4.1.2.7. Handling Invalid Records Unlike TLS, DTLS is resilient in the face of invalid records (e.g., invalid formatting, length, MAC, etc.). In general, invalid records SHOULD be silently discarded, thus preserving the association; however, an error MAY be logged for diagnostic purposes. Implementations which choose to generate an alert instead, MUST generate fatal level alerts to avoid attacks where the attacker repeatedly probes the implementation to see how it responds to various types of error. Note that if DTLS is run over UDP, then any implementation which does this will be extremely susceptible to denial-of-service (DoS) attacks because UDP forgery is so easy. Thus, this practice is NOT RECOMMENDED for such transports.
2017-08-10ssl: Longer timeouts for test cases that do many handshakesIngela Anderton Andin
2017-08-10ssl: Correct cipher suite handlingIngela Anderton Andin
This is mainly fixing the test suites so that they test the intended cipher suites, issue reported in ERL-460. Also ssl_cipher:anonymous_suites was corrected for DTLS.
2017-08-09ssl: Modernize DSA cert chain generationIngela Anderton Andin
2017-08-08ssl: CleanIngela Anderton Andin
This code was not used and we already have mixed chains ECDH_RSA tests
2017-06-29ssl: Set rizzo* test timeout high enough for our slowest test machineIngela Anderton Andin
2017-06-26ssl: Increase timeout for testcase testing ECDH keyexchange withIngela Anderton Andin
RSA signed certs
2017-06-10dtls: Handle getopts and setopts for DTLSIngela Anderton Andin
2017-05-25Fix non-delivery of ssl_closed message in active onceJohannes Weißl
The commit 8b10920 (OTP 19.3.1) fixed the non-delivery of final TLS record in {active, once}, but this causes the ssl_closed message to be lost when the TCP connection closes before ssl:close/1. The patch restores the behavior of OTP 18. This is the second part to fix https://bugs.erlang.org/browse/ERL-420
2017-05-06ssl: Add hostname check of server certificateIngela Anderton Andin
When the server_name_indication is sent automatize the clients check of that the hostname is present in the servers certificate. Currently server_name_indication shall be on the dns_id format. If server_name_indication is disabled it is up to the user to do its own check in the verify_fun.
2017-05-04Update copyright yearRaimo Niskanen
2017-03-21ssl: Add connection information itemsIngela Anderton Andin
Add session_id and remove undocumented ssl:session_info/1 Add client_random, server_random and master_secret, they will not be included in ssl:connection_information/1 as they may affect the connections security if used recklessly.
2017-03-10dtls: Test case fixesIngela Anderton Andin
2017-03-08dtls: Only test this for TLS for nowIngela Anderton Andin
We want to avoid failing test cases but still be able to merge DTLS progress for 19.3
2017-03-06dtls: Correct dialyzer spec and postpone inclusion of testIngela Anderton Andin
The new_options_in_accept test is not working yet, however DTLS is still work in progress and we want to make a progress merge to avoid merge conflicts with other progress of the ssl application.
2017-03-06dtls: Enable DTLS test in ssl_certificate_verify_SUITEIngela Anderton Andin
2017-03-06dtls: Hibernation and retransmit timersIngela Anderton Andin
Change retransmissions timers to use gen_statem state timeouts. We do not need a retransmission timer in the state connection as data traffic in DTLS over UDP is not retransmitted. If the last flight before transitioning into connection is lost, it will be resent when the peer resends its last flight. This will also make hibernation testing more straight forward. We need more adjustments later to handle a reliable DTLS transport such as SCTP.
2017-03-06dtls: DTLS specific handling of socket and ciphersIngela Anderton Andin
DTLS does not support stream ciphers and needs diffrent handling of the "#ssl_socket{}" handle .
2017-01-19ssl: Move PEM cache to a dedicated processIngela Anderton Andin
The PEM cache handling has proven to be too disruptive of the manager process.
2017-01-17ssl: Handle really big handshake packagesIngela Anderton Andin
If a handshake message is really big it could happen that the ssl process would hang due to failing of requesting more data from the socket. This has been fixed. Also added option to limit max handshake size. It has a default value that should be big enough to handle normal usage and small enough to mitigate DoS attacks.
2016-12-05ssl: Implement DTLS state machineIngela Anderton Andin
Beta DTLS, not production ready. Only very basically tested, and not everything in the SPEC is implemented and some things are hard coded that should not be, so this implementation can not be consider secure. Refactor "TLS connection state" and socket handling, to facilitate DTLS implementation. Create dtls "listner" (multiplexor) process that spawns DTLS connection process handlers. Handle DTLS fragmentation. Framework for handling retransmissions. Replay Detection is not implemented yet. Alerts currently always handled as in TLS.
2016-11-10ssl: Use SHA2 for signing ECC certs if possibleIngela Anderton Andin
ECC certs should preferably use SHA2, this is what we want to be testing. Also assembling of all available test suites must consider TLS version.
2016-11-02Add ECC curve selection order config in TLS serverFred Hebert
As per RFC 4492 Sec 5.1, the preferred order of selection of named curves is based on client preferences. Currently, the SSL application only picks entries according to the absolute order of entries as tracked in a hardcoded list in code. This patch changes things so that the client-specified order is preferred. It also allows a mode where the server can be configured to override the client's preferred order with its own, although the chosen ECC must still be within both lists. The configuration is done through the following options: - `eccs`, shared by clients and servers alike, allows the specification of the supported named curves, in their preferred order, and may eventually support more values for explicit primes and so on. - `honor_ecc_order`, a server-only option, is similar to `honor_cipher_order` and will, by default let the server pick the client-preferred ECC, and otherwise pick the server-preferred one. The default value for `eccs` is the same as before, although the server-chosen ECC now defaults to the client rather than previous choice. A function `ssl:eccs()` has been added that returns the highest supported ECCs for the library.
2016-10-14ssl: Tune timeout for old solaris machineIngela Anderton Andin
2016-09-30ssl: Correct anonymous suite handlingIngela Anderton Andin
Test suite did not take TLS-version in to account. Also some anonymous suites where included incorrectly in some TLS versions.
2016-09-07ssl: Make sure tests get a clean startIngela Anderton Andin
2016-09-07ssl: Tune timeoutIngela Anderton Andin
2016-09-07ssl: Consistent timeout handlingIngela Anderton Andin
init_per_testcase timeout for renegotiation tests would be overridden by local timeout in test case help function.
2016-08-30ssl: Timeout tuningIngela Anderton Andin
Skip some test on really slow solaris machines
2016-07-08ssl: Simplify and refactor testsIngela Anderton Andin
Tests in ECC_SUITE did not always use the certs implied by the name. Variable naming also confused the intent. ssl_certificate_verify_SUITE did not clean up properly and tests could fail due to cache problems.
2016-06-14Merge branch 'ingela/ssl/ssl_basic_SUITE-timeouts'Ingela Anderton Andin
* ingela/ssl/ssl_basic_SUITE-timeouts: ssl: Tune timeouts
2016-06-09Add ssl:getstat/1 and ssl:getstat/2Loïc Hoguin
These functions call getstat on the underlying TCP socket. The only way to do this before now was to use a hack, either by looking inside the #sslsocket{} record directly, or by not using the SSL listen/accept functions and upgrading from a TCP socket that is kept around for the purpose of calling getstat later on.
2016-06-07ssl: Tune timeoutsIngela Anderton Andin
2016-06-03ssl: Add option to phase out support for sslv2 client helloIngela Anderton Andin
ssl servers can recognize sslv2 client hellos to interop with clients that support higher version of SSL/TLS but also offers sslv2 Conflicts: lib/ssl/src/tls_connection.erl
2016-06-01ssl: Avoid two renegotiatesIngela Anderton Andin
2016-05-31ssl:recv timeout() can be 0Joe DeVivo
gen_tcp:recv allows this, and if you're doing something like Transport:recv(Socket, 0, 0), TCP will work and SSL will exit with function_clause There were other cases of this throughout the module. This PR cleans them all up.
2016-05-31Improve SSL diagnosticsAlexey Lebedeff
There are a lot of cases where `ssl` application just returns unhelpful `handshake failure` or `internal error`. This patch tries to provide better diagnostics so operator can debug his SSL misconfiguration without doing hardcore erlang debugging. Here is an example escript that incorrectly uses server certificate as a client one: https://gist.github.com/binarin/35c34c2df7556bf04c8a878682ef3d67 With the patch it is properly reported as an error in "extended key usage".
2016-05-27ssl: Fix TLS version handling in dtls adepted testsIngela Anderton Andin
2016-05-26ssl: Add BEAST mitigation selection optionKenneth Lakin
Some legacy TLS 1.0 software does not tolerate the 1/n-1 content split BEAST mitigation technique. This commit adds a beast_mitigation SSL option (defaulting to one_n_minus_one) to select or disable the BEAST mitigation technique. Valid option values are (one_n_minus_one | zero_n | disabled).
2016-05-20ssl: Remove use of test_server config macroIngela Anderton Andin
2016-05-20ssl: Disable DTLS test for nowIngela Anderton Andin
We are working on including DTLS support. And we want to include the contributed tests now before making planned enhancements to the test suits.
2016-05-20ssl: move TLS/DTLS version logging into helperAndreas Schultz
Consolidate code that logs TLS/DTLS version during testing into ssl_test_lib.
2016-05-20ssl: tests for DTLSAndreas Schultz
2016-05-05ssl: Use cipher suite's PRF in prf/5Kenneth Lakin
Use the negotiated cipher suite's PRF algorithm in calls to ssl:prf/5, rather than a hard-coded one. For TLS 1.0 the PRF algorithm was hard-coded to MD5/SHA1. This was correct 100% of the time. For TLS 1.1 and 1.2 the PRF algorithm was hard-coded to SHA256. This was correct only some of the time for TLS 1.2 and none of the time for TLS 1.1. Because the TLS handshake code calls tls_v1:prf/5 through another path, the handshaking process used the negotiated PRF and did not encounter this bug. A new test (prf) has been added to ssl_basic_SUITE to guard against future breakage.