aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/test
AgeCommit message (Collapse)Author
2019-04-30ssl: Update function ssl:eccs/1Péter Dimitrov
Remove support of version tuples (e.g. {3,3}) from API function ssl:eccs/1. Update function spec and documentation. Change-Id: I891e42a2ca31c3e06b4edeeb866c0df874f2035b Conflicts: lib/ssl/doc/src/ssl.xml lib/ssl/src/ssl.erl
2019-04-30ssl: Fix dialyzer warningsPéter Dimitrov
Change-Id: Ic4895195569073916f158a06b95061939f15cfc0 Conflicts: lib/ssl/doc/src/ssl.xml lib/ssl/src/ssl.erl
2019-03-11ssl: Fix transport transparancyIngela Anderton Andin
2019-02-22Merge branch ssl-active-n of essen:erlang/otp into essen/ssl-active-nRaimo Niskanen
* essen:erlang/otp: fixup! ssl: Add support for {active,N} ssl: Use common fonction to update {active,N} ssl: Document {active,N} ssl: Add support for {active,N} Conflicts: lib/ssl/src/ssl_connection.erl
2019-02-21Merge branch 'raimo/ssl/tls-optimization/OTP-15529' into maintRaimo Niskanen
* raimo/ssl/tls-optimization/OTP-15529: Inline local function Optimize binary matching Clean up module boundaries Remove redundant return of CipherState Use iovec() internally in send path Small binary handling optimizations Optimize read_application_data with Okasaki queue Try to optimize decode_cipher_text/3 Optimize application data aggregation Optimize TLS record parsing with Okasaki queue Cache strong_random_bytes for IV Optimize padding Produce less garbage in encrypt loop Reorganize #data{} Tidy up state machine Add server GC info to bench results
2019-02-19ssl: Add support for {active,N}Loïc Hoguin
2019-02-18Merge branch 'ingela/ssl/shrink-state' into maintIngela Anderton Andin
* ingela/ssl/shrink-state: ssl: Remove duplicate record_cb handling ssl: Add test case for continued handshake with a timeout ssl: Use gen_statem named timers to handle connection and recv timeouts ssl: Move and rename diffie_hellman_keys and srp_keys to kex_keys ssl: Move key_algorithm to handshake_env ssl: srp ssl: Rename ssl: Move diffie_hellman_params to handshake_env ssl: Move and rename psk_identity state record field ssl: Move premaster_secret to handshake_env ssl: Make flight_state DTLS specific ssl: Add private_key to connection_env ssl: Remove unused record field ssl: Add erl_dist_handle to connection_env ssl: Add negotiated_version to connection_env ssl: Add key exchange items to handshake_env ssl: Add hashsign_algorithm and cert_hashsign_algorithm to handshake_env ssl: Add downgrade handling to connection_env ssl: Create connection_env ssl: Handle renegotiation and extensions in handshake_env
2019-02-14ssl: Add test case for continued handshake with a timeoutdimadio
2019-02-14Merge branch 'peterdmv/ssl/fix-failing-testcases' into maintPéter Dimitrov
* peterdmv/ssl/fix-failing-testcases: ssl: Fix renegotiation testcases ssl: Fix failing rizzo testcases ssl: Use IPv4 addresses with openssl s_client ssl: Use sha256 in test certificates if supported Change-Id: I11a326be027545e20fbef6f90996b0c8be8c3e50
2019-02-13ssl: Fix renegotiation testcasesPéter Dimitrov
Fix failing renegotiation testcases with openssl-1.1.1a. openssl s_client sends the renegotiation "R\n" connected command to the server side causing testcase failure. This commit updates ssl_to_openssl_SUITE:erlang_ssl_receive to swallow the unexpected packet. Change-Id: I1f5d040ac65c25652f7101ddf109fc84acc4c915
2019-02-13Optimize TLS record parsing with Okasaki queueRaimo Niskanen
2019-02-13Add server GC info to bench resultsRaimo Niskanen
2019-02-13ssl: Fix failing rizzo testcasesPéter Dimitrov
Filter out the cipher 'chacha20_poly1305' when running the testcase 'rizzo_one_n_minus_one'. Change-Id: If3a18b0782b747b91155553e0659faebd7c5dd05
2019-02-13ssl: Use IPv4 addresses with openssl s_clientPéter Dimitrov
This commit fixes failing testcases on OpenBSD 12.0 systems. It forces openssl s_client to use an IPv4 address if openssl supports IPv6. When s_client is called with the argument "localhost" it binds to the first address returned by getaddrinfo. As the first address is an IPv6 address on OpenBSD 12.0, the client fails to send UDP packets to the ssl server that is listening on an IPv4 address. Change-Id: Ie662d10f4f0d9c803f7a341c9ea7dbe2ac80b556
2019-02-11ssl: Use sha256 in test certificates if supportedPéter Dimitrov
This commit fixes ssl_test_lib:appropriate_sha/1 that returns sha256 if it is supported by crypto. It returns sha1 otherwise. Change-Id: I0bfa4d50bbe3c788551a81d418db2cabc36a4344
2019-02-05ssl: Use specs to generate type documentationIngela Anderton Andin
2019-02-04ssl: Enhance error handlingIngela Anderton Andin
2019-01-30Merge branch 'peterdmv/ssl/improve_openssl_interop_tests' into maintPéter Dimitrov
* peterdmv/ssl/improve_openssl_interop_tests: ssl: Improve openssl interop tests Change-Id: I65b63ddb8c8948d246e341f8c821b3b499507cb6
2019-01-29ssl: Improve openssl interop testsPéter Dimitrov
openssl 1.1.x changed the default ECC curves that made testcases fail in the ECC suite. openssl s_server and s_client sent 'Illegal Parameter' alert when the CertificateVerify (client) or ServerKeyExchange (server) message was signed with a curve that was not present in openssl's default ECC curve list (x25519, secp256r1, secp521r1, secp384r1, brainpoolP256r1, brainpoolP384r1, brainpool512r1). This commit changes the default curve of make_ec_cert_chains to 'secp256r1' and explicitly configures the default curve in those testcases where the default curve of the ssl application is expected. Change-Id: I81ebe1a30b8f863b0e2836b1dad3d8bc767cc47e
2019-01-21ssl: Correct test inputIngela Anderton Andin
2019-01-16ssl: Cuddle testsIngela Anderton Andin
2019-01-15Merge branch 'peterdmv/ssl/fix-srp-encode-decode/ERL-790/OTP-15477' into ↵Erlang/OTP
maint-21 * peterdmv/ssl/fix-srp-encode-decode/ERL-790/OTP-15477: ssl: Fix encoding/decoding of the SRP extension
2019-01-15Merge branch 'ingela/ssl/enhance-error-handling/OTP-15505' into maint-21Erlang/OTP
* ingela/ssl/enhance-error-handling/OTP-15505: ssl: Cuddle test cases ssl: Fix test case ssl: Fix two invalid gen_statem returns
2019-01-14ssl: Add value 'save' to reuse_sessions and reuse_session client optionIngela Anderton Andin
We want to be able to save a specific session to reuse, and make sure it is reusable immediatly when the connection has been established. Add client option {reuse_session, SessionID::binary()} We also do not want clients to save sessions that it did not verify. Additionaly change behaviour of the client and server to not save sessions if reuse_session is set to false.
2019-01-14ssl: Client shall only save verified sessionsIngela Anderton Andin
Modernize test case option handling
2019-01-14ssl: Uncomplicate test codeIngela Anderton Andin
No need for this test case to set a specific cipher suite. An appropriate cipher suite will be negotiated and it will of course be the same for clients with the same configuration.
2019-01-14ssl: Modernize test suiteIngela Anderton Andin
2019-01-10Merge branch 'peterdmv/ssl/fix-crl-suite' into maintPéter Dimitrov
* peterdmv/ssl/fix-crl-suite: ssl: Fix CRL suite with openssl-1.1.1a Change-Id: I2847107b6cf0210c3002c016a6ba49288505d06f
2019-01-10ssl: Add renegotiation test case to OpenSSL sanity checkIngela Anderton Andin
2019-01-10ssl: Better stream handlingIngela Anderton Andin
Remove rizzo rests that made incorrect assumptions
2019-01-09ssl: Fix CRL suite with openssl-1.1.1aPéter Dimitrov
Later versions of openssl do not support negative integers for CRL due time (used for negative testing). As a workaround this commit implements a function that can set CRL due time in seconds and makes the testcase 'crl_hash_dir_expired' sleep for one second. Change-Id: I2ef8b3c6ee545bd09170fa6027cb9ca38cfb42c0
2019-01-08ssl: Cuddle test casesIngela Anderton Andin
Cipher test case also needed updating to handle streams correctly We should not rizzo test chacha20_poly1305 Conflicts: lib/ssl/test/ssl_basic_SUITE.erl
2019-01-08ssl: Fix test caseIngela Anderton Andin
packet raw is a stream, test code manged it packet oriented in the function active_raw.
2019-01-08Merge branch 'peterdmv/ssl/fix-srp-encode-decode/ERL-790/OTP-15477' into maintPéter Dimitrov
* peterdmv/ssl/fix-srp-encode-decode/ERL-790/OTP-15477: ssl: Fix encoding/decoding of the SRP extension Change-Id: Iee3276a60041a2c04c89385b2de2edb1cd81babd
2019-01-08ssl: Fix encoding/decoding of the SRP extensionPéter Dimitrov
The encoded value of the SRP extension length was bigger than the actual length of the extension. This could cause interoperability problems with third party SSL implementations. This commit corrects the encoding and decoding of the SRP extension length. Change-Id: I78d118faab7f5d02b755a7d1e2e8561b86f5a15c
2019-01-08ssl: Guarantee active once data deliveryIngela Anderton Andin
New internal active N changed timing, and new check is needed.
2018-12-27ssl: Gurantee active once data deliveryIngela Anderton Andin
New internal active N changed timing, and new check is needed.
2018-12-20ssl: Add renegotiate test caseIngela Anderton Andin
2018-12-20ssl: Fix downgradeIngela Anderton Andin
Both test case and code needed updates to work as intended. Code needed update due to new tls_sender process and the test case gave false positive reusult erarlier probably due to beeing to sloopy in order to avoid timeouts.
2018-12-20ssl: Add static_env recordIngela Anderton Andin
State values created at init
2018-12-19ssl: Add renegotiate test caseIngela Anderton Andin
2018-12-19ssl: Cuddle test casesIngela Anderton Andin
Cipher test case also needed updating to handle streams correctly We should not rizzo test chacha20_poly1305 Conflicts: lib/ssl/test/ssl_basic_SUITE.erl
2018-12-14ssl: Fix test caseIngela Anderton Andin
packet raw is a stream, test code manged it packet oriented in the function active_raw.
2018-12-13ssl: Fix downgradeIngela Anderton Andin
Both test case and code needed updates to work as intended. Code needed update due to new tls_sender process and the test case gave false positive reusult erarlier probably due to beeing to sloopy in order to avoid timeouts.
2018-12-12ssl: Add static_env recordIngela Anderton Andin
State values created at init
2018-12-05Rewrite to work for stream connectionRaimo Niskanen
2018-12-04Merge branch 'raimo/ssl/tls_dist-profiling' into maintRaimo Niskanen
* raimo/ssl/tls_dist-profiling: Improve benchmark Implement print on other node Fix compiler warnings
2018-12-04Merge branch 'ingela/ssl/test-cuddle-ssl_basic_SUITE' into maintIngela Anderton Andin
* ingela/ssl/test-cuddle-ssl_basic_SUITE: ssl: Correct test case
2018-12-03ssl: Correct ssl:shutdownIngela Anderton Andin
When internaly using active N, bugs in shutdown implementation where reveled.
2018-12-03ssl: Internaly use {active, N}Ingela Anderton Andin
Make next_record an internal help function to next_event and avoid duplicate calls to tls_socket:setopts for setting the active option.