aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/test
AgeCommit message (Collapse)Author
2015-12-11Merge branch 'maint'Ingela Anderton Andin
2015-12-11ssl: Fix typosIngela Anderton Andin
2015-12-11Merge branch 'maint'Ingela Anderton Andin
2015-12-11Merge branch 'ia/ssl/windows-tests' into maintIngela Anderton Andin
* ia/ssl/windows-tests: ssl: Use test case time out instead ssl: Use spawn_executable
2015-12-09ssl: Use test case time out insteadIngela Anderton Andin
2015-12-09ssl: Use spawn_executableIngela Anderton Andin
2015-12-09ssl: Add renegotiation exceptionIngela Anderton Andin
2015-12-07Merge branch 'maint'Henrik Nord
2015-12-07Merge branch 'rlipscombe/rl-ssl-options' into maintHenrik Nord
* rlipscombe/rl-ssl-options: Ensure single 'raw' option is handled correctly Pass 'raw' options through OTP-13166
2015-12-07Merge branch 'maint'Ingela Anderton Andin
2015-12-03ssl: Add upper limit for session cacheIngela Anderton Andin
If upper limit is reached invalidate the current cache entries, e.i the session lifetime is the max time a session will be keept, but it may be invalidated earlier if the max limit for the table is reached. This will keep the ssl manager process well behaved, not exhusting memeory. Invalidating the entries will incrementally empty the cache to make room for fresh sessions entries.
2015-12-01Merge branch 'maint'Zandra
2015-12-01Merge branch 'legoscia/tls_dist_options' into maintZandra
* legoscia/tls_dist_options: Test interface listen option for TLS distribution Test socket listen options for TLS distribution Test port options for TLS distribution TLS Dist: Use inet_dist_ options Conflicts: lib/ssl/src/ssl_tls_dist_proxy.erl lib/ssl/test/ssl_dist_SUITE.erl OTP-12838
2015-11-26Merge branch 'maint'Zandra
2015-11-26Merge branch 'legoscia/tls_dist_nodelay' into maintZandra
* legoscia/tls_dist_nodelay: Add test for dist_nodelay option Honour dist_nodelay socket option in tls_dist proxy OTP-13143
2015-11-26Merge branch 'maint'Zandra
2015-11-25Ensure single 'raw' option is handled correctlyRoger Lipscombe
Add a test to ensure that a single 'raw' option can be passed to ssl:listen correctly. Note: multiple raw options are (incorrectly) handled by inet:listen_options. See http://erlang.org/pipermail/erlang-questions/2014-March/078371.html
2015-11-24Test interface listen option for TLS distributionMagnus Henoch
Add test that checks that the option inet_dist_use_interface is used when starting a node with TLS distribution.
2015-11-24Test socket listen options for TLS distributionMagnus Henoch
Add test that checks that the option inet_dist_listen_options is used when starting a node with TLS distribution. This test was adapted from inet_dist_options_options in erl_distribution_SUITE.
2015-11-24Test port options for TLS distributionMagnus Henoch
Add test that checks that the options inet_dist_listen_min and inet_dist_listen_max are used when starting a node with TLS distribution.
2015-11-16fix 24h macro in test suiteZandra
Needed after the fix in 120975c4fcb57ecd14031ac046f483e56a3daa4d.
2015-11-13Add test for dist_nodelay optionMagnus Henoch
Run the 'basic' test with dist_nodelay set to false.
2015-09-23Merge branch 'maint'Ingela Anderton Andin
2015-09-23ssl: Retry ssl connections on econnreset errorsIngela Anderton Andin
To avoid test case failure due to test case setup timing issues. Suspected problem is that the listen queue builds up to quickly in client_unique_session test when running on slow computers.
2015-09-21Merge branch 'maint'Anders Svensson
2015-09-21ssl: listen socket should be set to active falseIngela Anderton Andin
2015-09-20Merge branch 'maint'Ingela Anderton Andin
2015-09-18ssl: Correct soft upgrade testIngela Anderton Andin
Soft upgrade test did not work as expected due to that the upgrade frame work keeps the control of the test case process to itself, so we need a proxy process to receive messages from ssl test framework.
2015-09-18Merge branch 'maint'Ingela Anderton Andin
2015-09-17ssl: Timeout tuningIngela Anderton Andin
2015-09-16Merge branch 'maint'Ingela Anderton Andin
2015-09-16Merge branch 'ia/ssl/register-unique-session/OTP-12980' into maintIngela Anderton Andin
* ia/ssl/register-unique-session/OTP-12980: ssl: Correct return value of default session callback module
2015-09-16ssl: Improve shutdown logicIngela Anderton Andin
Add possibility to downgrade an SSL/TLS connection to a tcp connection, and give back the socket control to a user process. Add application setting to be able to change fatal alert shutdown timeout, also shorten the default timeout. The fatal alert timeout is the number of milliseconds between sending of a fatal alert and closing the connection. Waiting a little while improves the peers chances to properly receiving the alert so it may shutdown gracefully.
2015-09-15ssl: Correct return value of default session callback moduleIngela Anderton Andin
ssl_session_cache:select_session/2 returned [sesionid(), #session{}] instead of #session{} as the API demands. This was wrongly compensated for in the code in one place making it look like everything was good. But the client check for unique session would always fail, potentially making the client session table grow a lot and causing long setup times.
2015-09-10Merge branch 'maint'Ingela Anderton Andin
2015-09-08Accept 'ECPrivateKey' as a ssl key optionYuki Ito
2015-07-03Merge branch 'maint'Ingela Anderton Andin
2015-07-02ssl: Exclude broken OpenSSL version from ECC testIngela Anderton Andin
2015-07-02ssl: Tune timeoutsIngela Anderton Andin
2015-06-24erts: Remove halfword specific testsBjörn-Egil Dahlberg
2015-06-23Merge branch 'ia/ssl/modern-timetrap'Ingela Anderton Andin
* ia/ssl/modern-timetrap: ssl: Make init functions fail if make_certs:all fails ssl: Avoid sleep ssl: modernize timetrap handling
2015-06-22ssl: Make init functions fail if make_certs:all failsIngela Anderton Andin
2015-06-22ssl: Avoid sleepIngela Anderton Andin
When possible avoid sleep in test cases.
2015-06-22ssl: modernize timetrap handlingIngela Anderton Andin
Watchdog is legacy test_server use only ct:timetrap/1
2015-06-18Change license text to APLv2Bruce Yinhe
2015-06-15ssl: Remove unnecessary suite callbackIngela Anderton Andin
The test cases does not use any hooks and including the ts_install_cth trips up the test case setup on some platforms cuasing the test cases to fail with {error, enoent}
2015-06-15Merge branch 'ia/ssl/test-fips'Ingela Anderton Andin
* ia/ssl/test-fips: ssl: Filter suites for openssl FIPS if necessary
2015-06-10ssl: Filter suites for openssl FIPS if necessaryIngela Anderton Andin
2015-06-10Merge branch 'ferd/deny-client-renegotiation'Henrik Nord
* ferd/deny-client-renegotiation: Add disable client-initiated renegotiation option Conflicts: lib/ssl/doc/src/ssl.xml lib/ssl/src/ssl.erl OTP-12815
2015-06-03Add disable client-initiated renegotiation optionFred Hebert
Client-initiated renegotiation is more costly for the server than the client, and this feature can be abused in denial of service attempts. Although the ssl application already takes counter-measure for these (via cooldown periods between renegotiations), it can be useful to disable the feature entirely. This patch adds the `{client_renegotiation, boolean()}' option to the server-side of the SSL application (defaulting to `true' to be compatible with the current behaviour). The option disables the ability to do any renegotiation at all in the protocol's state, reusing the existing denial code, but without opening the code path that sets up a timed message to eventually reopen it up.