aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/test/ssl_test_lib.erl
AgeCommit message (Collapse)Author
2019-08-21ssl: Robustify test caseIngela Anderton Andin
2019-08-19ssl: Add OpenSSL renegotiate sanity checkIngela Anderton Andin
2019-07-31ssl: Fix better OpenSSL support in test frameworkIngela Anderton Andin
2019-07-31ssl: Avoid broken ALPN/NPN renegotiation in OpenSSLIngela Anderton Andin
All these test work fine with current OpenSSL master
2019-07-26ssl: Enable TLS 1.3 test groups in FTPéter Dimitrov
2019-07-24ssl: Old OpenSSL implementation does not ignore trailing client hello dataIngela Anderton Andin
Do not test TLS 1.0 with these old versions as we do send hello extensions for those implementations that will use them, and trailing unknown data should be ignored by RFC complient implementations.
2019-07-18ssl: Correct RSP/PSK and ALPN handlingIngela Anderton Andin
Extention handling need some fixes to work correctly for ALPN and SSL-3.0 only client/servers do not support extensions
2019-07-18ssl: Better grouping of testIngela Anderton Andin
Regroup testes after functionality making it easier to test all variants (all protocols, all cert types etc). Also extend OpenSSL interop
2019-07-02Merge branch 'ingela/ssl/kill-openssl-zombie' into maintIngela Anderton Andin
* ingela/ssl/kill-openssl-zombie: ssl: Kill OpenSSL processes that survived test run
2019-07-01ssl: Kill OpenSSL processes that survived test runIngela Anderton Andin
Should be zero such processes in the normal case
2019-06-28Merge branch 'peterdmv/ssl/fix-peername-sockname' into maintPéter Dimitrov
* peterdmv/ssl/fix-peername-sockname: ssl: Update ssl_test_lib
2019-06-26ssl: Update ssl_test_libPéter Dimitrov
On some configurations the inet:peername/1 and inet:getaddr/2 functions return different loopback addresses, leading to testcase failures in the ssl_basic_SUITE (peername, sockname). This commit updates the node_to_hostip and check_result functions to tolerate different loopback addresses.
2019-06-17ssl: Fix run_client_error/1 in ssl_test_libPéter Dimitrov
Fix run_client_error/1 to properly propagate errors from the test client.
2019-06-13Merge branch 'peterdmv/ssl/fix-testcases' into maintPéter Dimitrov
* peterdmv/ssl/fix-testcases: ssl: Fix run_client_error/1 in ssl_test_lib
2019-06-12ssl: Fix run_client_error/1 in ssl_test_libPéter Dimitrov
Fix run_client_error/1 to properly propagate errors from the test client.
2019-06-12Merge branch 'peterdmv/ssl/dtls-test-fix' into maintPéter Dimitrov
* peterdmv/ssl/dtls-test-fix: ssl: Fix ssl_packet_SUITE
2019-06-12Merge branch 'peterdmv/ssl/dtls-test-fix' into maint-22Erlang/OTP
* peterdmv/ssl/dtls-test-fix: ssl: Fix ssl_packet_SUITE
2019-06-12Merge branch 'ingela/ssl/ret-ext/ERL-951/OTP-15862' into maint-22Erlang/OTP
* ingela/ssl/ret-ext/ERL-951/OTP-15862: ssl: Fix broken return value
2019-06-12ssl: Fix ssl_packet_SUITEPéter Dimitrov
Unset internal_active_n when cleaning FT environment.
2019-06-07ssl: Fix alert handling (TLS 1.3)Péter Dimitrov
Server and client use different secrets when sending certificate related alerts. This is due to a change to the TLS protocol where clients send their 'certificate' message after they have received the server's 'finished' message.
2019-06-07ssl: Add TLS 1.3 test group to ssl_certificate_verify_SUITEPéter Dimitrov
2019-06-05ssl: Fix broken return valueIngela Anderton Andin
2019-06-04ssl: Returned "alert error string" should be same as logged alert stringIngela Anderton Andin
2019-05-31ssl: Fix broken return valueIngela Anderton Andin
2019-05-28Merge branch 'ingela/ssl/alert-strings/OTP-15844' into maintIngela Anderton Andin
2019-05-28ssl: Returned "alert error string" should be same as logged alert stringIngela Anderton Andin
2019-05-03ssl: Add new interop test suiteIngela Anderton Andin
Remove test form "ECC suites" that are covered by the new interop suite or by the fairly new ssl_cipher_suite_SUITE.
2019-04-30ssl: Fix dialyzer warningsPéter Dimitrov
Change-Id: Ic4895195569073916f158a06b95061939f15cfc0 Conflicts: lib/ssl/doc/src/ssl.xml lib/ssl/src/ssl.erl
2019-04-23Merge branch 'peterdmv/ssl/doc-types-and-specs/OTP-15746'Péter Dimitrov
* peterdmv/ssl/doc-types-and-specs/OTP-15746: ssl: Add type specs for http_packet() ssl: Fix type specs of ssl_internal.hrl ssl: Fix type specs of internal handshake functions ssl: Fix dialyzer warnings eldap: Fix dialyzer warnings ssl: Fix missing anchor warning public_key: Accept digest types 'sha1' and 'sha' inet: Document type inet:stat_option() ssl: Changed function specs and ssl.xml ssl: Update standards_compliance.xml OTP-15775 OTP-15776 OTP-15777 Change-Id: Ibe8e8263d6557eaa40cc0681a7ce3fcb373a4120
2019-04-18ssl: Fix dialyzer warningsPéter Dimitrov
Change-Id: Ic4895195569073916f158a06b95061939f15cfc0
2019-04-12ssl: Add functions to convert between diffrent cipher suite formatsIngela Anderton Andin
2019-04-05ssl: Do not use broken OpenSSL clientsIngela Anderton Andin
Also remove dead code
2019-04-05ssl: Avoid hiding fault reason as timeoutIngela Anderton Andin
Use of rpc:call could hide the real crash reason
2019-04-03ssl: Run SNI test on specific TLS versionsIngela Anderton Andin
We do not want to test OpenSSL default values as the may not agree with our defaults.
2019-03-29ssl: Correct test caseIngela Anderton Andin
Optimization to concatenate small user data packages recived closely after each other has invalidated assumptions in the test case.
2019-03-24ssl: Enhance testingIngela Anderton Andin
2019-03-07ssl: Test HelloRetryRequest with client authPéter Dimitrov
Change-Id: I6504d99a96ed6fc75dbdff78a6148ed39d3776c9
2019-03-04ssl: Test client authentication (empty cert)Péter Dimitrov
Test client authentication when client responds with empty Certificate. Change-Id: I725ae60c6d097ca13c5f4354e35377ecacf98dea
2019-02-25ssl: Add tests for hello_retry_request and groupsPéter Dimitrov
Change-Id: I0e4a9337d5d52a0e39ccc16d2d2e2b123ea2f9b5
2019-02-14Merge branch 'peterdmv/ssl/server-process-client-finished'Péter Dimitrov
* peterdmv/ssl/server-process-client-finished: ssl: Test TLS 1.3 connectivity ssl: Fix crash when sending Alerts ssl: Fix dialyzer warning ssl: Improve TLS 1.3 statem Change-Id: I258e0309ba3a132d5ab2056151935a3df8646344
2019-02-14Merge branch 'maint'Péter Dimitrov
* maint: ssl: Fix renegotiation testcases ssl: Fix failing rizzo testcases ssl: Use IPv4 addresses with openssl s_client ssl: Use sha256 in test certificates if supported Change-Id: I8a604d607333d029b170e3d3ad31ea01890202ea
2019-02-14Merge branch 'peterdmv/ssl/fix-failing-testcases' into maintPéter Dimitrov
* peterdmv/ssl/fix-failing-testcases: ssl: Fix renegotiation testcases ssl: Fix failing rizzo testcases ssl: Use IPv4 addresses with openssl s_client ssl: Use sha256 in test certificates if supported Change-Id: I11a326be027545e20fbef6f90996b0c8be8c3e50
2019-02-13ssl: Use IPv4 addresses with openssl s_clientPéter Dimitrov
This commit fixes failing testcases on OpenBSD 12.0 systems. It forces openssl s_client to use an IPv4 address if openssl supports IPv6. When s_client is called with the argument "localhost" it binds to the first address returned by getaddrinfo. As the first address is an IPv6 address on OpenBSD 12.0, the client fails to send UDP packets to the ssl server that is listening on an IPv4 address. Change-Id: Ie662d10f4f0d9c803f7a341c9ea7dbe2ac80b556
2019-02-11ssl: Use sha256 in test certificates if supportedPéter Dimitrov
This commit fixes ssl_test_lib:appropriate_sha/1 that returns sha256 if it is supported by crypto. It returns sha1 otherwise. Change-Id: I0bfa4d50bbe3c788551a81d418db2cabc36a4344
2019-02-11ssl: Test TLS 1.3 connectivityPéter Dimitrov
Test TLS 1.3 connectivity between ssl server and openssl s_client. Change-Id: I926229d6bc9e6670ebe0190b491257876845b570
2019-02-05Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/doc/src/ssl.xml lib/ssl/src/ssl.erl lib/ssl/src/ssl_cipher_format.erl lib/ssl/src/tls_handshake.erl
2019-02-04ssl: Enhance error handlingIngela Anderton Andin
2019-01-30Merge branch 'maint'Péter Dimitrov
* maint: ssl: Improve openssl interop tests Change-Id: I5eec73687e9693ab5b08953c5e3db0d09cfd1690
2019-01-30Merge branch 'peterdmv/ssl/improve_openssl_interop_tests' into maintPéter Dimitrov
* peterdmv/ssl/improve_openssl_interop_tests: ssl: Improve openssl interop tests Change-Id: I65b63ddb8c8948d246e341f8c821b3b499507cb6
2019-01-29ssl: Improve openssl interop testsPéter Dimitrov
openssl 1.1.x changed the default ECC curves that made testcases fail in the ECC suite. openssl s_server and s_client sent 'Illegal Parameter' alert when the CertificateVerify (client) or ServerKeyExchange (server) message was signed with a curve that was not present in openssl's default ECC curve list (x25519, secp256r1, secp521r1, secp384r1, brainpoolP256r1, brainpoolP384r1, brainpool512r1). This commit changes the default curve of make_ec_cert_chains to 'secp256r1' and explicitly configures the default curve in those testcases where the default curve of the ssl application is expected. Change-Id: I81ebe1a30b8f863b0e2836b1dad3d8bc767cc47e