Age | Commit message (Collapse) | Author |
|
|
|
Depending on context trap_exit flag may be set or not.
So always set trap_exit and consume the EXIT signal and then set it back.
|
|
ECDH suite handling did not use the EC parameters form the certs
as expected.
|
|
Fix test case code to use keyAgreement for ECDH_ECDSA
|
|
* ingela/ssl/test-cuddle:
ssl: Handle EXIT messages from test code correctly
|
|
|
|
When test handling was corrected it was obvious that DTLS ECC handling
was not compleated.
|
|
|
|
Conflicts:
lib/ssl/doc/src/ssl.xml
lib/ssl/src/ssl.erl
lib/ssl/src/ssl_cipher.erl
lib/ssl/test/ssl_basic_SUITE.erl
lib/ssl/test/ssl_test_lib.erl
|
|
Preferably customized cipher suites will be based on the default value.
But all may be used as base and hence it will be good to
handle anonymous suites separately as they are intended for testing purposes.
|
|
|
|
LibreSSL-2.6.3 dropped DSS (DSA) support
|
|
We have discovered interoperability problems, ERL-538, that we
believe needs to be solved in crypto.
|
|
|
|
Stream ciphers are not valid fro DTLS
|
|
Client will retransmit until server becomes responsive
|
|
Conflicts:
lib/ssl/src/ssl_cipher.erl
lib/ssl/src/ssl_handshake.erl
|
|
This is a preparation for improvements to come in option handling and
support for TLS-1.3
|
|
|
|
The ssl application uses the new function in many of its test cases.
|
|
|
|
Add exception for DTLS (not only TLS) against this broken version.
Make sure configuration is clean for default test group.
|
|
|
|
Otherwhise test can be wrongly initialized and will fail as they try to run
with a broken setup.
|
|
|
|
Problems with failure of ssl_certificate_verify_SUITE when enabling DTLS-1
tests in ssl_basic_SUITE was a combination of the bug fixed by the
previous commit and missing clean up code for dtls_protocol_versions
application environment variable
|
|
RFC: ecdhe_psk cipher suites
OTP-14547
|
|
angelhof/public_key/generate_key-rsa-inconsistency-fix
public_key:generate_key/1 RSA key generation inconsistency
OTP-14534
|
|
* ingela/ssl/cert-handling:
ssl: Correct cipher suite handling
ssl: Modernize DSA cert chain generation
ssl: Clean
ssl: Remove test of OpenSSL
ssl: Use new cert generation
|
|
* ingela/dtls/cuddle:
ssl: Handle OpenSSL output correctly
|
|
This is mainly fixing the test suites so that they test the intended cipher
suites, issue reported in ERL-460.
Also ssl_cipher:anonymous_suites was corrected for DTLS.
|
|
|
|
Adjust to handle output from OpenSSL in a more general way, so that
"unknown option" should be caught for all cases and the test case
skipped if that is the case and other data form OpenSSL should be
ignored.
|
|
This code was not used and we already have mixed chains ECDH_RSA tests
|
|
|
|
|
|
|
|
|
|
The -ssl2 option to s_client appears to be broken on this release.
This is a legacy option anyway that is still tested on other old
version of OpenSSL so skip this.
|
|
|
|
Test should check that we get the expected key exchange algorithm
for the provided server cert. We do not want to test OpenSSL s_server.
Do not try to test cipher suites against OpenSSL that it does not
support.
|
|
* ingela/ssl/windows-cuddle:
ssl: Only run sslv2 reject tests on old OpenSSL version
ssl: Try to workaround OpenSSL windows obscurities
|
|
|
|
|
|
When the server_name_indication is sent automatize the
clients check of that the hostname is present in the
servers certificate. Currently server_name_indication shall
be on the dns_id format. If server_name_indication is disabled
it is up to the user to do its own check in the verify_fun.
|
|
|
|
With the new help functions for creating test data we can simplify the
code. And sometimes corrections have been made so that the test actually
perform the test intended.
|
|
The certificate chain handling had become quite entangled and
was not correct.
|
|
* ingela/ssl/make-cert-test-data/OTP-14294:
ssl, public_key: Add functionality for generating X509 cert test data
|
|
For now this functionality is located in ssl. And existing
public_key function is extended. However some of the functionality may
be moved to public_key in a later stage.
|