| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Add exception for DTLS (not only TLS) against this broken version.
Make sure configuration is clean for default test group.
|
|
Otherwhise test can be wrongly initialized and will fail as they try to run
with a broken setup.
|
|
Problems with failure of ssl_certificate_verify_SUITE when enabling DTLS-1
tests in ssl_basic_SUITE was a combination of the bug fixed by the
previous commit and missing clean up code for dtls_protocol_versions
application environment variable
|
|
* ingela/ssl/timeout-cuddle:
ssl: Longer timeouts for test cases that do many handshakes
|
|
|
|
We are not testing OpenSSL. We want to test interoperability with OpenSSL
|
|
|
|
If net_adm:localhost() returns a FQDN we want to use it otherwise
we want to use localhost.
|
|
|
|
The certificate chain handling had become quite entangled and
was not correct.
|
|
|
|
We want to avoid failing test cases but still be able to merge
DTLS progress for 19.3
|
|
We need to figure out a good way of knowing if the OpenSSL-"DTLS server" is up.
Some of the code in this commit is attempting this, but it is not really working
yet, and hence only tests where OpenSSL is client are enabled.
|
|
ECC certs should preferably use SHA2, this is what we want to be
testing. Also assembling of all available test suites must consider TLS version.
|
|
|
|
|
|
Even though v2 is never supported v2 hellos can be.
No support for v2 client hellos gives "handshake failiure" alert.
Support for v2 hello but no higher SSL/TLS version offered
gives "protocol version" alert.
|
|
* ingela/ssl/cuddle:
ssl: Test and test suites shall be independent of each other
|
|
Skip some test on really slow solaris machines
|
|
Make sure ssl application has a fresh start, so that test do
not fail due to that other tests did not clean up properly.
|
|
This should only be used in legacy test case not in test cases
testing other functionality.
|
|
* ingela/ssl_to_openssl_SUITE-timeouts:
ssl: Timeout tuning
|
|
ssl servers can recognize sslv2 client hellos to interop with clients
that support higher version of SSL/TLS but also offers sslv2
Conflicts:
lib/ssl/src/tls_connection.erl
|
|
|
|
|
|
|
|
|
|
Make sure that options only relevant for one role (client|server) is set
to undefined when the other role is invoked. As there are many options to
ssl, and many are optional, we choose to filter out all undefined options
to avoid overwhelming the user with not relevant information.
This way there is no need for any special handling of the role specific options
which is also nice.
|
|
|
|
As sslv3 is being faced out we need to test for old version support as well as
newer versions.
|
|
* ia/libressl:
ssl: Print openssl version string
ssl: Do not use environment variables in openSSL config file
|
|
|
|
|
|
* ia/ssl/windows-tests:
ssl: Use test case time out instead
ssl: Use spawn_executable
|
|
|
|
|
|
|
|
* ia/ssl/modern-timetrap:
ssl: Make init functions fail if make_certs:all fails
ssl: Avoid sleep
ssl: modernize timetrap handling
|
|
|
|
When possible avoid sleep in test cases.
|
|
Watchdog is legacy test_server use only ct:timetrap/1
|
|
|
|
The test cases does not use any hooks and including the ts_install_cth
trips up the test case setup on some platforms cuasing the test cases
to fail with {error, enoent}
|
|
|
|
Refactored the code and moved client_check before call to
ssl_test_lib:check_result(Server, ExpectedSNIHostname) as this
call may consume client messages ( which is intentional) but was
missed by the test case writer.
|
|
connection_info -> connection_information
|
|
The newly added function sni_fun allows dynamic update of SSL options
like keys and certificates depending on different SNI hostname, rather
than a predefined rules of SSL options.
|
|
This commit adds tests for SNI server support in:
* ssl_sni_SUITE.erl
* ssl_to_openssl_SUITE.erl
And some more modifications:
* make_certs also makes two certs for SNI, and adds
extra options for SNI.
|
|
This reverts commit a3cf4eb4cdd2ce178d81b62faa9f47485fd82331.
This workaround is no longer needed as the, TLS-1.2 extension,
signature_algorithm is now correctly ignored by previous TLS versions.
|
