aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/test/ssl_test_lib.erl
AgeCommit message (Collapse)Author
2018-08-06ssl: Make sure that a correct cipher suite is selectedIngela Anderton Andin
The keyexchange ECDHE-RSA requires an RSA-keyed server cert (corresponding for ECDHE-ECDSA), the code did not assert this resulting in that a incorrect cipher suite could be selected. Alas test code was also wrong hiding the error.
2018-07-10ssl: No cipher suite sign restriction in TLS-1.2Ingela Anderton Andin
Conflicts: lib/ssl/test/ssl_ECC_SUITE.erl
2018-07-10ssl: anon test should use dh or ecdh anon keyexchangeIngela Anderton Andin
2018-07-10ssl: Avoid hardcoding of cipher suites and fix ECDH suite handlingIngela Anderton Andin
ECDH suite handling did not use the EC parameters form the certs as expected. Conflicts: lib/ssl/src/ssl_cipher.erl
2018-07-10ssl: Run all test case combinationsIngela Anderton Andin
Fix test case code to use keyAgreement for ECDH_ECDSA Conflicts: lib/ssl/test/ssl_ECC.erl lib/ssl/test/ssl_ECC_openssl_SUITE.erl lib/ssl/test/ssl_to_openssl_SUITE.erl
2018-07-10ssl: Correct ECC suite and DTLS ECC handlingIngela Anderton Andin
When test handling was corrected it was obvious that DTLS ECC handling was not compleated. Conflicts: lib/ssl/src/ssl.erl lib/ssl/test/Makefile lib/ssl/test/ssl_ECC.erl lib/ssl/test/ssl_ECC_SUITE.erl lib/ssl/test/ssl_ECC_openssl_SUITE.erl
2018-02-07ssl: Make sure anonymous suites are handled separatelyIngela Anderton Andin
Preferably customized cipher suites will be based on the default value. But all may be used as base and hence it will be good to handle anonymous suites separately as they are intended for testing purposes.
2018-01-25ssl: Check OpenSSL version for DSS (DSA) supportIngela Anderton Andin
LibreSSL-2.6.3 dropped DSS (DSA) support
2018-01-07dtls: Filter out rc4 for DTLS psk suitesIngela Anderton Andin
Stream ciphers are not valid fro DTLS
2018-01-06dtls: We do not need to wait for DTLS over UDP serverIngela Anderton Andin
Client will retransmit until server becomes responsive
2017-12-05ssl: Use maps for cipher suites internallyIngela Anderton Andin
This is a preparation for improvements to come in option handling and support for TLS-1.3
2017-09-20public_key, ssl: Provide certitifate test data generation function in public_keyIngela Anderton Andin
The ssl application uses the new function in many of its test cases.
2017-09-11ssl: OpenSSL-1.0.0 is really brokenIngela Anderton Andin
Add exception for DTLS (not only TLS) against this broken version. Make sure configuration is clean for default test group.
2017-09-01ssl: Make sure test initilization is cleanIngela Anderton Andin
Otherwhise test can be wrongly initialized and will fail as they try to run with a broken setup.
2017-08-23ssl: Enable more DTLS testsIngela Anderton Andin
Problems with failure of ssl_certificate_verify_SUITE when enabling DTLS-1 tests in ssl_basic_SUITE was a combination of the bug fixed by the previous commit and missing clean up code for dtls_protocol_versions application environment variable
2017-08-15Merge pull request #1532 from ↵Ingela Andin
angelhof/public_key/generate_key-rsa-inconsistency-fix public_key:generate_key/1 RSA key generation inconsistency OTP-14534
2017-08-11Merge branch 'ingela/ssl/cert-handling' into maintIngela Anderton Andin
* ingela/ssl/cert-handling: ssl: Correct cipher suite handling ssl: Modernize DSA cert chain generation ssl: Clean ssl: Remove test of OpenSSL ssl: Use new cert generation
2017-08-10Merge branch 'ingela/dtls/cuddle' into maintIngela Anderton Andin
* ingela/dtls/cuddle: ssl: Handle OpenSSL output correctly
2017-08-10ssl: Correct cipher suite handlingIngela Anderton Andin
This is mainly fixing the test suites so that they test the intended cipher suites, issue reported in ERL-460. Also ssl_cipher:anonymous_suites was corrected for DTLS.
2017-08-09ssl: Modernize DSA cert chain generationIngela Anderton Andin
2017-08-08ssl: Handle OpenSSL output correctlyIngela Anderton Andin
Adjust to handle output from OpenSSL in a more general way, so that "unknown option" should be caught for all cases and the test case skipped if that is the case and other data form OpenSSL should be ignored.
2017-08-08ssl: CleanIngela Anderton Andin
This code was not used and we already have mixed chains ECDH_RSA tests
2017-08-08ssl: Use new cert generationIngela Anderton Andin
2017-07-28Change version of hardcoded RSA test recordsKonstantinos Kallas
2017-06-29ssl: Move clause so that it will matchIngela Anderton Andin
2017-06-27ssl: Skip sslv2 hello compatible tests on OpenSSL-0.9.8oIngela Anderton Andin
The -ssl2 option to s_client appears to be broken on this release. This is a legacy option anyway that is still tested on other old version of OpenSSL so skip this.
2017-06-26ssl: Skip sslv3 interop with newer OpenSSLIngela Anderton Andin
2017-05-19ssl: Improve testsIngela Anderton Andin
Test should check that we get the expected key exchange algorithm for the provided server cert. We do not want to test OpenSSL s_server. Do not try to test cipher suites against OpenSSL that it does not support.
2017-05-11Merge branch 'ingela/ssl/windows-cuddle'Ingela Anderton Andin
* ingela/ssl/windows-cuddle: ssl: Only run sslv2 reject tests on old OpenSSL version ssl: Try to workaround OpenSSL windows obscurities
2017-05-09ssl: Only run sslv2 reject tests on old OpenSSL versionIngela Anderton Andin
2017-05-08ssl: Try to workaround OpenSSL windows obscuritiesIngela Anderton Andin
2017-05-06ssl: Add hostname check of server certificateIngela Anderton Andin
When the server_name_indication is sent automatize the clients check of that the hostname is present in the servers certificate. Currently server_name_indication shall be on the dns_id format. If server_name_indication is disabled it is up to the user to do its own check in the verify_fun.
2017-05-04Update copyright yearRaimo Niskanen
2017-04-21ssl: Rewrite test data generationIngela Anderton Andin
With the new help functions for creating test data we can simplify the code. And sometimes corrections have been made so that the test actually perform the test intended.
2017-04-12ssl: Generate correct certificate chains for the ECC testsIngela Anderton Andin
The certificate chain handling had become quite entangled and was not correct.
2017-03-23Merge branch 'ingela/ssl/make-cert-test-data/OTP-14294'Ingela Anderton Andin
* ingela/ssl/make-cert-test-data/OTP-14294: ssl, public_key: Add functionality for generating X509 cert test data
2017-03-23ssl, public_key: Add functionality for generating X509 cert test dataIngela Anderton Andin
For now this functionality is located in ssl. And existing public_key function is extended. However some of the functionality may be moved to public_key in a later stage.
2017-03-21ssl: Add connection information itemsIngela Anderton Andin
Add session_id and remove undocumented ssl:session_info/1 Add client_random, server_random and master_secret, they will not be included in ssl:connection_information/1 as they may affect the connections security if used recklessly.
2017-03-10dtls: Test case fixesIngela Anderton Andin
2017-03-07dtls: Avoid mixup of protocol to testIngela Anderton Andin
2017-03-06dtls: Enable some DTLS tests in ssl_to_openssl_SUITEIngela Anderton Andin
We need to figure out a good way of knowing if the OpenSSL-"DTLS server" is up. Some of the code in this commit is attempting this, but it is not really working yet, and hence only tests where OpenSSL is client are enabled.
2017-03-06dtls: Enable DTLS test in ssl_certificate_verify_SUITEIngela Anderton Andin
2017-03-06dtls: DTLS specific handling of socket and ciphersIngela Anderton Andin
DTLS does not support stream ciphers and needs diffrent handling of the "#ssl_socket{}" handle .
2017-02-13ssl: Test case robustnessIngela Anderton Andin
2016-11-10ssl: Use SHA2 for signing ECC certs if possibleIngela Anderton Andin
ECC certs should preferably use SHA2, this is what we want to be testing. Also assembling of all available test suites must consider TLS version.
2016-09-30ssl: Correct anonymous suite handlingIngela Anderton Andin
Test suite did not take TLS-version in to account. Also some anonymous suites where included incorrectly in some TLS versions.
2016-09-07ssl: Make sure tests get a clean startIngela Anderton Andin
2016-09-02ssl: Add check in test framework for crypto supportIngela Anderton Andin
Avoid to run tests of algorithms not supported by crypto.
2016-07-08ssl: Simplify and refactor testsIngela Anderton Andin
Tests in ECC_SUITE did not always use the certs implied by the name. Variable naming also confused the intent. ssl_certificate_verify_SUITE did not clean up properly and tests could fail due to cache problems.
2016-05-27ssl: Fix TLS version handling in dtls adepted testsIngela Anderton Andin