Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
All these test work fine with current OpenSSL master
|
|
|
|
Do not test TLS 1.0 with these old versions as we do send hello extensions
for those implementations that will use them, and trailing unknown data
should be ignored by RFC complient implementations.
|
|
Extention handling need some fixes to work
correctly for ALPN and SSL-3.0 only client/servers
do not support extensions
|
|
Regroup testes after functionality making it easier to
test all variants (all protocols, all cert types etc).
Also extend OpenSSL interop
|
|
* ingela/ssl/kill-openssl-zombie:
ssl: Kill OpenSSL processes that survived test run
|
|
Should be zero such processes in the normal case
|
|
* peterdmv/ssl/fix-peername-sockname:
ssl: Update ssl_test_lib
|
|
On some configurations the inet:peername/1 and inet:getaddr/2
functions return different loopback addresses, leading to
testcase failures in the ssl_basic_SUITE (peername, sockname).
This commit updates the node_to_hostip and check_result functions
to tolerate different loopback addresses.
|
|
Fix run_client_error/1 to properly propagate errors from the
test client.
|
|
* peterdmv/ssl/fix-testcases:
ssl: Fix run_client_error/1 in ssl_test_lib
|
|
Fix run_client_error/1 to properly propagate errors from the
test client.
|
|
* peterdmv/ssl/dtls-test-fix:
ssl: Fix ssl_packet_SUITE
|
|
* peterdmv/ssl/dtls-test-fix:
ssl: Fix ssl_packet_SUITE
|
|
* ingela/ssl/ret-ext/ERL-951/OTP-15862:
ssl: Fix broken return value
|
|
Unset internal_active_n when cleaning FT environment.
|
|
Server and client use different secrets when sending certificate related
alerts. This is due to a change to the TLS protocol where clients send
their 'certificate' message after they have received the server's 'finished'
message.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Remove test form "ECC suites" that are covered by the new interop
suite or by the fairly new ssl_cipher_suite_SUITE.
|
|
Change-Id: Ic4895195569073916f158a06b95061939f15cfc0
Conflicts:
lib/ssl/doc/src/ssl.xml
lib/ssl/src/ssl.erl
|
|
* peterdmv/ssl/doc-types-and-specs/OTP-15746:
ssl: Add type specs for http_packet()
ssl: Fix type specs of ssl_internal.hrl
ssl: Fix type specs of internal handshake functions
ssl: Fix dialyzer warnings
eldap: Fix dialyzer warnings
ssl: Fix missing anchor warning
public_key: Accept digest types 'sha1' and 'sha'
inet: Document type inet:stat_option()
ssl: Changed function specs and ssl.xml
ssl: Update standards_compliance.xml
OTP-15775
OTP-15776
OTP-15777
Change-Id: Ibe8e8263d6557eaa40cc0681a7ce3fcb373a4120
|
|
Change-Id: Ic4895195569073916f158a06b95061939f15cfc0
|
|
|
|
Also remove dead code
|
|
Use of rpc:call could hide the real crash reason
|
|
We do not want to test OpenSSL default values as the may not agree
with our defaults.
|
|
Optimization to concatenate small user data packages recived
closely after each other has invalidated assumptions in the test case.
|
|
|
|
Change-Id: I6504d99a96ed6fc75dbdff78a6148ed39d3776c9
|
|
Test client authentication when client responds with empty
Certificate.
Change-Id: I725ae60c6d097ca13c5f4354e35377ecacf98dea
|
|
Change-Id: I0e4a9337d5d52a0e39ccc16d2d2e2b123ea2f9b5
|
|
* peterdmv/ssl/server-process-client-finished:
ssl: Test TLS 1.3 connectivity
ssl: Fix crash when sending Alerts
ssl: Fix dialyzer warning
ssl: Improve TLS 1.3 statem
Change-Id: I258e0309ba3a132d5ab2056151935a3df8646344
|
|
* maint:
ssl: Fix renegotiation testcases
ssl: Fix failing rizzo testcases
ssl: Use IPv4 addresses with openssl s_client
ssl: Use sha256 in test certificates if supported
Change-Id: I8a604d607333d029b170e3d3ad31ea01890202ea
|
|
* peterdmv/ssl/fix-failing-testcases:
ssl: Fix renegotiation testcases
ssl: Fix failing rizzo testcases
ssl: Use IPv4 addresses with openssl s_client
ssl: Use sha256 in test certificates if supported
Change-Id: I11a326be027545e20fbef6f90996b0c8be8c3e50
|
|
This commit fixes failing testcases on OpenBSD 12.0 systems. It
forces openssl s_client to use an IPv4 address if openssl supports
IPv6.
When s_client is called with the argument "localhost" it binds
to the first address returned by getaddrinfo. As the first address
is an IPv6 address on OpenBSD 12.0, the client fails to send
UDP packets to the ssl server that is listening on an IPv4 address.
Change-Id: Ie662d10f4f0d9c803f7a341c9ea7dbe2ac80b556
|
|
This commit fixes ssl_test_lib:appropriate_sha/1 that returns sha256
if it is supported by crypto. It returns sha1 otherwise.
Change-Id: I0bfa4d50bbe3c788551a81d418db2cabc36a4344
|
|
Test TLS 1.3 connectivity between ssl server and
openssl s_client.
Change-Id: I926229d6bc9e6670ebe0190b491257876845b570
|
|
Conflicts:
lib/ssl/doc/src/ssl.xml
lib/ssl/src/ssl.erl
lib/ssl/src/ssl_cipher_format.erl
lib/ssl/src/tls_handshake.erl
|
|
|
|
* maint:
ssl: Improve openssl interop tests
Change-Id: I5eec73687e9693ab5b08953c5e3db0d09cfd1690
|
|
* peterdmv/ssl/improve_openssl_interop_tests:
ssl: Improve openssl interop tests
Change-Id: I65b63ddb8c8948d246e341f8c821b3b499507cb6
|
|
openssl 1.1.x changed the default ECC curves that made testcases
fail in the ECC suite. openssl s_server and s_client sent
'Illegal Parameter' alert when the CertificateVerify (client) or
ServerKeyExchange (server) message was signed with a curve that
was not present in openssl's default ECC curve list (x25519,
secp256r1, secp521r1, secp384r1, brainpoolP256r1, brainpoolP384r1,
brainpool512r1).
This commit changes the default curve of make_ec_cert_chains to
'secp256r1' and explicitly configures the default curve in
those testcases where the default curve of the ssl application
is expected.
Change-Id: I81ebe1a30b8f863b0e2836b1dad3d8bc767cc47e
|