aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/test
AgeCommit message (Collapse)Author
2016-11-10ssl: Use SHA2 for signing ECC certs if possibleIngela Anderton Andin
ECC certs should preferably use SHA2, this is what we want to be testing. Also assembling of all available test suites must consider TLS version.
2016-11-09Merge branch 'ingela/ssl/tune-timeouts-packet_SUITE' into maintIngela Anderton Andin
* ingela/ssl/tune-timeouts-packet_SUITE: ssl: Change to more modest timeouts
2016-11-09ssl: Remove faulty workaroundIngela Anderton Andin
We where never really satisfied with this workaround it was a bit far fetched, so we are pleased to be able to remove it.
2016-11-02Add ECC curve selection order config in TLS serverFred Hebert
As per RFC 4492 Sec 5.1, the preferred order of selection of named curves is based on client preferences. Currently, the SSL application only picks entries according to the absolute order of entries as tracked in a hardcoded list in code. This patch changes things so that the client-specified order is preferred. It also allows a mode where the server can be configured to override the client's preferred order with its own, although the chosen ECC must still be within both lists. The configuration is done through the following options: - `eccs`, shared by clients and servers alike, allows the specification of the supported named curves, in their preferred order, and may eventually support more values for explicit primes and so on. - `honor_ecc_order`, a server-only option, is similar to `honor_cipher_order` and will, by default let the server pick the client-preferred ECC, and otherwise pick the server-preferred one. The default value for `eccs` is the same as before, although the server-chosen ECC now defaults to the client rather than previous choice. A function `ssl:eccs()` has been added that returns the highest supported ECCs for the library.
2016-10-21ssl: Change to more modest timeoutsIngela Anderton Andin
This should be fine as timeout problem was due to test case bug that treated a stream as if it was packet oriented.
2016-10-14ssl: Tune timeout for old solaris machineIngela Anderton Andin
2016-10-11Merge branch 'ingela/ssl/crl_SUITE' into maintIngela Anderton Andin
* ingela/ssl/crl_SUITE: ssl: Make sure test has correct input
2016-10-04ssl: Correct tests tcp stream handlingIngela Anderton Andin
Data collection function active_once_raw/4 did not handle streamed data correctly (it assumed the stream was "packet oriented"), which could result in that the test case perceived that it did not receive all data even though it did.
2016-09-30ssl: Correct anonymous suite handlingIngela Anderton Andin
Test suite did not take TLS-version in to account. Also some anonymous suites where included incorrectly in some TLS versions.
2016-09-21ssl: Make sure test has correct inputIngela Anderton Andin
2016-09-14Merge branch 'ingela/ssl/packet-tests' into maintIngela Anderton Andin
* ingela/ssl/packet-tests: ssl: Add timetrap scale calls ssl: Add nodelay to packet=0|raw tests
2016-09-13ssl: Add timetrap scale callsIngela Anderton Andin
2016-09-12Merge branch 'ferd/bypass-pem-cache/PR-1143/OTP-13883' into maintIngela Anderton Andin
* ferd/bypass-pem-cache/PR-1143/OTP-13883: ssl: Add documentation of bypass_pem_cache application environment configuration ssl: Add new benchmarks to skip file for normal testing Adding PEM cache bypass benchmark entries Fixing CRL searching in cache bypass Add option to bypass SSL PEM cache
2016-09-07ssl: Make sure tests get a clean startIngela Anderton Andin
2016-09-07ssl: Tune timeoutIngela Anderton Andin
2016-09-07ssl: Consistent timeout handlingIngela Anderton Andin
init_per_testcase timeout for renegotiation tests would be overridden by local timeout in test case help function.
2016-09-06Merge branch 'ingela/ssl/dtls-progress/connection-states-as-maps' into maintIngela Anderton Andin
* ingela/ssl/dtls-progress/connection-states-as-maps: dtls: fix encoding of client hello cookie dtls: Prepare start of DTLS connection manager with SSL app ssl: Refactor to use maps for the connection states ssl, dtls: Refactor sni handling dtls: Add close/5 dtls: Add renegotiate/2 dtls: Add protocol event handling ssl: Refactor code so that tls and dtls can share more code ssl, dtls: Disable V2 compatibility clause from ssl_handshake:update_handshake_history ssl: Make sure common code for TLS and DTLS uses the TLS Version ssl: remove unused RecordCB argument from master_secret dtls: Add reinit_handshake_data/1 to dtls dtls: replace tls_record with RecordCB in connection_info Fix version numbers and dependencies
2016-09-05ssl: Refactor to use maps for the connection statesIngela Anderton Andin
2016-09-05ssl: Make sure to have correct defaultIngela Anderton Andin
2016-09-05ssl: Add nodelay to packet=0|raw testsIngela Anderton Andin
2016-09-02ssl: Test ssl v2 clients rejection depending on configurationIngela Anderton Andin
Even though v2 is never supported v2 hellos can be. No support for v2 client hellos gives "handshake failiure" alert. Support for v2 hello but no higher SSL/TLS version offered gives "protocol version" alert.
2016-09-02ssl: Add new benchmarks to skip file for normal testingIngela Anderton Andin
2016-09-02ssl: Add check in test framework for crypto supportIngela Anderton Andin
Avoid to run tests of algorithms not supported by crypto.
2016-08-31Adding PEM cache bypass benchmark entriesFred Hebert
The benchmarks run through the local node only, as an attempt to show more potential contention on certificate usage.
2016-08-31Merge branch 'raimo/gen_statem-callback_mode/OTP-13752' into maintRaimo Niskanen
* raimo/gen_statem-callback_mode/OTP-13752: ssl: Upgrade suite testing skipped if stdlib upgrade is required Fix version numbers and dependencies Conflicts: lib/ssl/src/ssl.appup.src lib/ssl/vsn.mk
2016-08-31Merge branch 'ingela/ssl/cuddle' into maintIngela Anderton Andin
* ingela/ssl/cuddle: ssl: Test and test suites shall be independent of each other
2016-08-30ssl: Timeout tuningIngela Anderton Andin
Skip some test on really slow solaris machines
2016-08-25ssl: Upgrade suite testing skipped if stdlib upgrade is requiredIngela Anderton Andin
2016-08-18ssl: Check precondition for ssl_npn_hello_SUITEIngela Anderton Andin
2016-07-08ssl: Test and test suites shall be independent of each otherIngela Anderton Andin
Make sure ssl application has a fresh start, so that test do not fail due to that other tests did not clean up properly.
2016-07-08ssl: Simplify and refactor testsIngela Anderton Andin
Tests in ECC_SUITE did not always use the certs implied by the name. Variable naming also confused the intent. ssl_certificate_verify_SUITE did not clean up properly and tests could fail due to cache problems.
2016-06-28ssl: All started test nodes must be cleaned upIngela Anderton Andin
Function to stop SSL/TLS node may not exit as a test case will start more than one node and all nodes must be stopped.
2016-06-22ssl: Do not leave zoombie nodes if tests failIngela Anderton Andin
2016-06-15ssl: Make sure openssl client does not use sslv2 helloIngela Anderton Andin
This should only be used in legacy test case not in test cases testing other functionality.
2016-06-15Merge branch 'ingela/ssl/packet_SUITE/test-timeouts'Ingela Anderton Andin
* ingela/ssl/packet_SUITE/test-timeouts: ssl: Make diffrent timeouts
2016-06-15ssl: Make diffrent timeoutsIngela Anderton Andin
Some test cases takes really long time on old machines. But normaly all tests are under 15 seconds. Try to avoid long timeouts for all test cases. Although we like to find a better tuning, set timeouts high for now to avoid tests cases failing with timeout.
2016-06-14Merge branch 'ingela/ssl_to_openssl_SUITE-timeouts'Ingela Anderton Andin
* ingela/ssl_to_openssl_SUITE-timeouts: ssl: Timeout tuning
2016-06-14Merge branch 'ingela/ssl/ssl_basic_SUITE-timeouts'Ingela Anderton Andin
* ingela/ssl/ssl_basic_SUITE-timeouts: ssl: Tune timeouts
2016-06-14Merge branch 'legoscia/ssl_crl_hash_dir-bis/PR-982/OTP-13530'Ingela Anderton Andin
* legoscia/ssl_crl_hash_dir-bis/PR-982/OTP-13530: Skip crl_hash_dir_expired test for LibreSSL Add ssl_crl_hash_dir module Function for generating OpenSSL-style name hashes Add public_key:pkix_match_dist_point Improve formatting for crl_{check,cache} options Add issuer arg to ssl_crl_cache_api lookup callback Conflicts: lib/public_key/test/public_key_SUITE.erl
2016-06-14Merge branch 'lukas/erts/testfixes-19'Lukas Larsson
* lukas/erts/testfixes-19: erts: Increase bif and nif call_time trace test erts: Fix distribution_SUITE:bulk_send_bigbig on windows erts: Ensure bs_add_overflow test has enough memory kernel: Better explain controlling_process' tcp behaviour kernel: Fix t_recv_delim on bsd os_mon: Make sure to start/stop os_mon in tests correctly ssl: Fix use_interface dist_SSL test erl_interface: Fix signed int overflow tc bug erts: fix atom_roundtrip_r15b tc erts: Require more memory for debug tests
2016-06-14ssl: Fix use_interface dist_SSL testLukas Larsson
Doing inet:port will cause an port_control to be sent to the port, and not all ports in the vm can handle having arbitrary data sent to them.
2016-06-09Add ssl:getstat/1 and ssl:getstat/2Loïc Hoguin
These functions call getstat on the underlying TCP socket. The only way to do this before now was to use a hack, either by looking inside the #sslsocket{} record directly, or by not using the SSL listen/accept functions and upgrading from a TCP socket that is kept around for the purpose of calling getstat later on.
2016-06-07ssl: Tune timeoutsIngela Anderton Andin
2016-06-03ssl: Add option to phase out support for sslv2 client helloIngela Anderton Andin
ssl servers can recognize sslv2 client hellos to interop with clients that support higher version of SSL/TLS but also offers sslv2 Conflicts: lib/ssl/src/tls_connection.erl
2016-06-02ssl: Timeout tuningIngela Anderton Andin
2016-06-01Merge branch 'legoscia/ssl/tls-dist-more-opts/PR-956/OTP-13429'Raimo Niskanen
* legoscia/ssl/tls-dist-more-opts/PR-956/OTP-13429: Quote curly brackets in command line options Avoid disappearing ETS tables in ssl_dist_SUITE Fix db handle for TLS distribution crl_cache opts Fix ssl_dist_SUITE logging on Windows More logging in ssl_dist_SUITE TLS distribution: crl_check and crl_cache options Allow passing verify_fun for TLS distribution More informative malformed_ssl_dist_opt error
2016-06-01ssl: Avoid two renegotiatesIngela Anderton Andin
2016-06-01ssl: Handle freebsd OpenSSL flavourIngela Anderton Andin
The selection of CA cert files in ssl_ECC_SUITE and ssl_test_lib ought to be refactored, it is quite confusing. But use this workaround until we get time to make a refactor.
2016-06-01Merge branch 'joedevivo/ssl/PR-1063/OTP-13635'Ingela Anderton Andin
* joedevivo/ssl/PR-1063/OTP-13635: ssl:recv timeout() can be 0
2016-06-01Quote curly brackets in command line optionsRaimo Niskanen
Some shells i.e the bash emulating sh regard curly brackets as special characters so e.g {a,b,{}} is expanded to a b {} which is by erlang regarded as 3 arguments instead of a 3-tuple. Other shells e.g Bourne classic /bin/sh, the ash/dash variants and public domain Korn shell all avoid this surprise.