aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/test
AgeCommit message (Collapse)Author
2018-07-10ssl: Run all test case combinationsIngela Anderton Andin
Fix test case code to use keyAgreement for ECDH_ECDSA Conflicts: lib/ssl/test/ssl_ECC.erl lib/ssl/test/ssl_ECC_openssl_SUITE.erl lib/ssl/test/ssl_to_openssl_SUITE.erl
2018-07-10ssl: Correct ECC suite and DTLS ECC handlingIngela Anderton Andin
When test handling was corrected it was obvious that DTLS ECC handling was not compleated. Conflicts: lib/ssl/src/ssl.erl lib/ssl/test/Makefile lib/ssl/test/ssl_ECC.erl lib/ssl/test/ssl_ECC_SUITE.erl lib/ssl/test/ssl_ECC_openssl_SUITE.erl
2018-04-27ssl: Proper handling of clients that choose to send an emptyIngela Anderton Andin
answer to a certificate request Solves ERL-599
2018-03-06ssl: Fix anonymous suites regression and protocol errorBram Verburg
Anonymous cipher suites were broken altogether, and there was an earlier issue where the server would send a signature in the server key exchange if a certificate was configured, even if an anonymous suite was actually negotiated. Backport of PR-1729
2018-03-05[ssl] Fix hanging test case on outdated lab machineLars Thorsen
2018-02-07ssl: Make sure anonymous suites are handled separatelyIngela Anderton Andin
Preferably customized cipher suites will be based on the default value. But all may be used as base and hence it will be good to handle anonymous suites separately as they are intended for testing purposes.
2018-02-05ssl: Add new API functions for cipher suite handlingIngela Anderton Andin
2018-01-25ssl: Check OpenSSL version for DSS (DSA) supportIngela Anderton Andin
LibreSSL-2.6.3 dropped DSS (DSA) support
2018-01-23ssl: Add record version sanity checkIngela Anderton Andin
2018-01-15ssl: Call clean version functionIngela Anderton Andin
Make sure tests are run with intended version settings.
2018-01-11Merge branch 'ingela/ssl/timeout-cuddle' into maintIngela Anderton Andin
* ingela/ssl/timeout-cuddle: ssl: Tune timeouts
2018-01-11ssl: Tune timeoutsIngela Anderton Andin
2018-01-07dtls: Filter out rc4 for DTLS psk suitesIngela Anderton Andin
Stream ciphers are not valid fro DTLS
2018-01-06dtls: We do not need to wait for DTLS over UDP serverIngela Anderton Andin
Client will retransmit until server becomes responsive
2017-12-05ssl: Use maps for cipher suites internallyIngela Anderton Andin
This is a preparation for improvements to come in option handling and support for TLS-1.3
2017-11-08ssl: Add private key configuration for crypto engineIngela Anderton Andin
2017-10-18Merge branch 'ingela/dtls/no-packet-upd/OTP-14664' into maintIngela Anderton Andin
* ingela/dtls/no-packet-upd/OTP-14664: ssl: No support for packet option over unreliable transport
2017-10-17ssl: No support for packet option over unreliable transportIngela Anderton Andin
2017-10-16ssl: Fix test cases to work on all test platformsIngela Anderton Andin
Use hradcoded rsa keys as this will work on all legacy platforms. In test case dns_name_reuse only do the relevant client check in the final test.
2017-10-13ssl: Sessions must be registered with SNI if existsIngela Anderton Andin
2017-10-13ssl: Extend hostname check to fallback to checking IP-addressIngela Anderton Andin
If no SNI is available and the hostname is an IP-address also check for IP-address match. This check is not as good as a DNS hostname check and certificates using IP-address are not recommended.
2017-10-12public_key, ssl: Handles keys so that APIs are preserved correctlyIngela Anderton Andin
2017-09-30dtls: Compleate DTLS renegotiate implementationIngela Anderton Andin
2017-09-20public_key, ssl: Provide certitifate test data generation function in public_keyIngela Anderton Andin
The ssl application uses the new function in many of its test cases.
2017-09-11ssl: OpenSSL-1.0.0 is really brokenIngela Anderton Andin
Add exception for DTLS (not only TLS) against this broken version. Make sure configuration is clean for default test group.
2017-09-07ssl: Make sure test initilization is cleanIngela Anderton Andin
Otherwhise test can be wrongly initialized and will fail as they try to run with a broken setup. This is an addition to b3ca5727169deaa38917edca8288dcaff9a36800 that accidently was the wrong version of that branch.
2017-09-01ssl: Make sure test initilization is cleanIngela Anderton Andin
Otherwhise test can be wrongly initialized and will fail as they try to run with a broken setup.
2017-08-24Merge branch 'ingela/ssl/dtls-alert-handling/OTP-14078' into maintIngela Anderton Andin
* ingela/ssl/dtls-alert-handling/OTP-14078: dtls: Customize alert handling for DTLS over UDP
2017-08-24ssl: DTLS packet supportIngela Anderton Andin
Test that DTLS handles "high" level packet types as http-packet types. Low level packet type as {packet, 2} we will consider later if they should be relevant to support or not.
2017-08-23ssl: Enable dtls testsIngela Anderton Andin
Also run this suit on all TLS versions
2017-08-23ssl: Adjust ALPN and next protocol to work with DTLSIngela Anderton Andin
2017-08-23ssl: Enable more DTLS testsIngela Anderton Andin
Problems with failure of ssl_certificate_verify_SUITE when enabling DTLS-1 tests in ssl_basic_SUITE was a combination of the bug fixed by the previous commit and missing clean up code for dtls_protocol_versions application environment variable
2017-08-15Merge pull request #1532 from ↵Ingela Andin
angelhof/public_key/generate_key-rsa-inconsistency-fix public_key:generate_key/1 RSA key generation inconsistency OTP-14534
2017-08-14Merge branch 'ingela/ssl/timeout-cuddle' into maintIngela Anderton Andin
* ingela/ssl/timeout-cuddle: ssl: Longer timeouts for test cases that do many handshakes
2017-08-14dtls: Customize alert handling for DTLS over UDPIngela Anderton Andin
From RFC 6347: 4.1.2.7. Handling Invalid Records Unlike TLS, DTLS is resilient in the face of invalid records (e.g., invalid formatting, length, MAC, etc.). In general, invalid records SHOULD be silently discarded, thus preserving the association; however, an error MAY be logged for diagnostic purposes. Implementations which choose to generate an alert instead, MUST generate fatal level alerts to avoid attacks where the attacker repeatedly probes the implementation to see how it responds to various types of error. Note that if DTLS is run over UDP, then any implementation which does this will be extremely susceptible to denial-of-service (DoS) attacks because UDP forgery is so easy. Thus, this practice is NOT RECOMMENDED for such transports.
2017-08-11Merge branch 'ingela/ssl/cert-handling' into maintIngela Anderton Andin
* ingela/ssl/cert-handling: ssl: Correct cipher suite handling ssl: Modernize DSA cert chain generation ssl: Clean ssl: Remove test of OpenSSL ssl: Use new cert generation
2017-08-10ssl: Longer timeouts for test cases that do many handshakesIngela Anderton Andin
2017-08-10Merge branch 'ingela/dtls/cuddle' into maintIngela Anderton Andin
* ingela/dtls/cuddle: ssl: Handle OpenSSL output correctly
2017-08-10ssl: Correct cipher suite handlingIngela Anderton Andin
This is mainly fixing the test suites so that they test the intended cipher suites, issue reported in ERL-460. Also ssl_cipher:anonymous_suites was corrected for DTLS.
2017-08-09ssl: Modernize DSA cert chain generationIngela Anderton Andin
2017-08-08ssl: Handle OpenSSL output correctlyIngela Anderton Andin
Adjust to handle output from OpenSSL in a more general way, so that "unknown option" should be caught for all cases and the test case skipped if that is the case and other data form OpenSSL should be ignored.
2017-08-08ssl: CleanIngela Anderton Andin
This code was not used and we already have mixed chains ECDH_RSA tests
2017-08-08ssl: Remove test of OpenSSLIngela Anderton Andin
We are not testing OpenSSL. We want to test interoperability with OpenSSL
2017-08-08ssl: Use new cert generationIngela Anderton Andin
2017-07-28Change version of hardcoded RSA test recordsKonstantinos Kallas
2017-06-30ssl: Workaround localhost problemsIngela Anderton Andin
If net_adm:localhost() returns a FQDN we want to use it otherwise we want to use localhost.
2017-06-29ssl: Move clause so that it will matchIngela Anderton Andin
2017-06-29ssl: Skip test if OpenSSL has problems generating CRLIngela Anderton Andin
2017-06-29ssl: Set rizzo* test timeout high enough for our slowest test machineIngela Anderton Andin
2017-06-27ssl: Skip sslv2 hello compatible tests on OpenSSL-0.9.8oIngela Anderton Andin
The -ssl2 option to s_client appears to be broken on this release. This is a legacy option anyway that is still tested on other old version of OpenSSL so skip this.