aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/test/ssl_test_lib.erl
AgeCommit message (Collapse)Author
2019-01-11ssl: Skip TLS 1.3 suites if crypto lacks supportPéter Dimitrov
TLS 1.3 test suites requires TLS 1.3 support in crypto that is openssl 1.1.1 or later shall be available. This commit tests support for RSASSA-PSS signature algorithm and x448 Diffie-Hellman key agreement. Change-Id: I003ab376339b003fbbd3d0a66e10c368a16023ad
2019-01-10ssl: Better stream handlingIngela Anderton Andin
Remove rizzo rests that made incorrect assumptions
2018-12-19ssl: Cuddle test casesIngela Anderton Andin
Cipher test case also needed updating to handle streams correctly We should not rizzo test chacha20_poly1305 Conflicts: lib/ssl/test/ssl_basic_SUITE.erl
2018-11-30Fix compiler warningsRaimo Niskanen
2018-11-05ssl: controlling_process should be allowed on transpor_accept sockets alongIngela Anderton Andin
with handshake Fix of commit 68d9244ae33e5eea36250c3bb9ffe046a4db5647
2018-11-02ssl: Correct filter functionIngela Anderton Andin
2018-11-01ssl: Return error to user that tries to use a "transport accepted" socket forIngela Anderton Andin
other purposes than handshaking
2018-10-08ssl: ERL-738 - Correct alert handling with new TLS sender processIngela Anderton Andin
With the new TLS sender process, solving ERL-622, TLS ALERTs sent in the connection state must be encrypted and sent by the TLS sender process. This to make sure that the correct encryption state is used to encode the ALERTS. Care must also be taken to ensure a graceful close down behavior both for normal shutdown and downgrading from TLS to TCP. The original TR ERL-738 is verified by cowboy tests, and close down behavior by our tests. However we alas have not been able to yet create a minimal test case for the originating problem. Also it seems it has become less likely that we run in to the TCP delivery problem, that is the guarantee is only on transport level, not application level. Keep work around function in ssl_test_lib but we can have better test as long as we do not get to much wobbling tests.
2018-09-20ssl: Improve interop checksIngela Anderton Andin
2018-09-11ssl: Correct handling of all PSK cipher suitesIngela Anderton Andin
Before only some PSK suites would be correctly negotiated and most PSK ciphers suites would fail the connection. PSK cipher suites are anonymous in the sense that they do not use certificates except for rsa_psk.
2018-08-21ssl: Move formatting code to own moduleIngela Anderton Andin
The conversion code for different representations of cipher suites is long an repetitive. We want to hide it in a module that does not have other functions that we like to look at.
2018-08-07ssl: Make sure that a correct cipher suite is selectedIngela Anderton Andin
The keyexchange ECDHE-RSA requires an RSA-keyed server cert (corresponding for ECDHE-ECDSA), the code did not assert this resulting in that a incorrect cipher suite could be selected. Alas test code was also wrong hiding the error.
2018-07-05ssl: Correct connection_information on ECC-curvesIngela Anderton Andin
2018-07-05ssl: No cipher suite sign restriction in TLS-1.2Ingela Anderton Andin
2018-07-04ssl: Add connection information on new cipher_suite formatIngela Anderton Andin
2018-06-18Update copyright yearHenrik Nord
2018-06-14Merge branch 'ingela/ssl/21-enhanchment'Ingela Anderton Andin
* ingela/ssl/21-enhanchment: ssl: Add handle_continue/2 and document enhancements
2018-06-14ssl: Add handle_continue/2 and document enhancementsIngela Anderton Andin
* deprecation of ssl:ssl_accept/[1,2,3] * deprecation of ssl:cipher_suites/[0,1] * More consistent naming
2018-06-13ssl: Update interop conditionsIngela Anderton Andin
2018-05-21ssl: anon test should use dh or ecdh anon keyexchangeIngela Anderton Andin
2018-05-02ssl: Exclude DTLS tests for one more OpenSSL version for nowIngela Anderton Andin
2018-05-02ssl: Make sure help function works from all parts of test suiteIngela Anderton Andin
Depending on context trap_exit flag may be set or not. So always set trap_exit and consume the EXIT signal and then set it back.
2018-04-30ssl: Avoid hardcoding of cipher suites and fix ECDH suite handlingIngela Anderton Andin
ECDH suite handling did not use the EC parameters form the certs as expected.
2018-04-30ssl: Run all test case combinationsIngela Anderton Andin
Fix test case code to use keyAgreement for ECDH_ECDSA
2018-04-27Merge branch 'ingela/ssl/test-cuddle'Ingela Anderton Andin
* ingela/ssl/test-cuddle: ssl: Handle EXIT messages from test code correctly
2018-04-24ssl: Add new API functionsIngela Anderton Andin
2018-03-27ssl: Correct ECC suite and DTLS ECC handlingIngela Anderton Andin
When test handling was corrected it was obvious that DTLS ECC handling was not compleated.
2018-03-16ssl: Handle EXIT messages from test code correctlyIngela Anderton Andin
2018-02-07Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/doc/src/ssl.xml lib/ssl/src/ssl.erl lib/ssl/src/ssl_cipher.erl lib/ssl/test/ssl_basic_SUITE.erl lib/ssl/test/ssl_test_lib.erl
2018-02-07ssl: Make sure anonymous suites are handled separatelyIngela Anderton Andin
Preferably customized cipher suites will be based on the default value. But all may be used as base and hence it will be good to handle anonymous suites separately as they are intended for testing purposes.
2018-01-26Merge branch 'maint'Ingela Anderton Andin
2018-01-25ssl: Check OpenSSL version for DSS (DSA) supportIngela Anderton Andin
LibreSSL-2.6.3 dropped DSS (DSA) support
2018-01-22ssl: Remove chacha ciphers form default for nowIngela Anderton Andin
We have discovered interoperability problems, ERL-538, that we believe needs to be solved in crypto.
2018-01-09Merge branch 'maint'Ingela Anderton Andin
2018-01-07dtls: Filter out rc4 for DTLS psk suitesIngela Anderton Andin
Stream ciphers are not valid fro DTLS
2018-01-06dtls: We do not need to wait for DTLS over UDP serverIngela Anderton Andin
Client will retransmit until server becomes responsive
2017-12-05Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/ssl_cipher.erl lib/ssl/src/ssl_handshake.erl
2017-12-05ssl: Use maps for cipher suites internallyIngela Anderton Andin
This is a preparation for improvements to come in option handling and support for TLS-1.3
2017-09-20Merge branch 'maint'Ingela Anderton Andin
2017-09-20public_key, ssl: Provide certitifate test data generation function in public_keyIngela Anderton Andin
The ssl application uses the new function in many of its test cases.
2017-09-11Merge branch 'maint'Ingela Anderton Andin
2017-09-11ssl: OpenSSL-1.0.0 is really brokenIngela Anderton Andin
Add exception for DTLS (not only TLS) against this broken version. Make sure configuration is clean for default test group.
2017-09-06Merge branch 'maint'Lukas Larsson
2017-09-01ssl: Make sure test initilization is cleanIngela Anderton Andin
Otherwhise test can be wrongly initialized and will fail as they try to run with a broken setup.
2017-08-24Merge branch 'maint'Ingela Anderton Andin
2017-08-23ssl: Enable more DTLS testsIngela Anderton Andin
Problems with failure of ssl_certificate_verify_SUITE when enabling DTLS-1 tests in ssl_basic_SUITE was a combination of the bug fixed by the previous commit and missing clean up code for dtls_protocol_versions application environment variable
2017-08-22Merge pull request #1518 from RoadRunnr/R20/ssl_anon_certsIngela Andin
RFC: ecdhe_psk cipher suites OTP-14547
2017-08-15Merge pull request #1532 from ↵Ingela Andin
angelhof/public_key/generate_key-rsa-inconsistency-fix public_key:generate_key/1 RSA key generation inconsistency OTP-14534
2017-08-11Merge branch 'ingela/ssl/cert-handling' into maintIngela Anderton Andin
* ingela/ssl/cert-handling: ssl: Correct cipher suite handling ssl: Modernize DSA cert chain generation ssl: Clean ssl: Remove test of OpenSSL ssl: Use new cert generation
2017-08-10Merge branch 'ingela/dtls/cuddle' into maintIngela Anderton Andin
* ingela/dtls/cuddle: ssl: Handle OpenSSL output correctly
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-18 01:53:00 +0000