| Age | Commit message (Collapse) | Author |
|---|
|
|
|
* essen:erlang/otp:
fixup! ssl: Add support for {active,N}
ssl: Use common fonction to update {active,N}
ssl: Document {active,N}
ssl: Add support for {active,N}
Conflicts:
lib/ssl/src/ssl_connection.erl
|
|
* raimo/ssl/tls-optimization/OTP-15529:
Inline local function
Optimize binary matching
Clean up module boundaries
Remove redundant return of CipherState
Use iovec() internally in send path
Small binary handling optimizations
Optimize read_application_data with Okasaki queue
Try to optimize decode_cipher_text/3
Optimize application data aggregation
Optimize TLS record parsing with Okasaki queue
Cache strong_random_bytes for IV
Optimize padding
Produce less garbage in encrypt loop
Reorganize #data{}
Tidy up state machine
Add server GC info to bench results
|
|
|
|
* ingela/ssl/shrink-state:
ssl: Remove duplicate record_cb handling
ssl: Add test case for continued handshake with a timeout
ssl: Use gen_statem named timers to handle connection and recv timeouts
ssl: Move and rename diffie_hellman_keys and srp_keys to kex_keys
ssl: Move key_algorithm to handshake_env
ssl: srp
ssl: Rename
ssl: Move diffie_hellman_params to handshake_env
ssl: Move and rename psk_identity state record field
ssl: Move premaster_secret to handshake_env
ssl: Make flight_state DTLS specific
ssl: Add private_key to connection_env
ssl: Remove unused record field
ssl: Add erl_dist_handle to connection_env
ssl: Add negotiated_version to connection_env
ssl: Add key exchange items to handshake_env
ssl: Add hashsign_algorithm and cert_hashsign_algorithm to handshake_env
ssl: Add downgrade handling to connection_env
ssl: Create connection_env
ssl: Handle renegotiation and extensions in handshake_env
|
|
|
|
* peterdmv/ssl/fix-failing-testcases:
ssl: Fix renegotiation testcases
ssl: Fix failing rizzo testcases
ssl: Use IPv4 addresses with openssl s_client
ssl: Use sha256 in test certificates if supported
Change-Id: I11a326be027545e20fbef6f90996b0c8be8c3e50
|
|
Fix failing renegotiation testcases with openssl-1.1.1a.
openssl s_client sends the renegotiation "R\n" connected command
to the server side causing testcase failure.
This commit updates ssl_to_openssl_SUITE:erlang_ssl_receive to
swallow the unexpected packet.
Change-Id: I1f5d040ac65c25652f7101ddf109fc84acc4c915
|
|
|
|
|
|
Filter out the cipher 'chacha20_poly1305' when running the
testcase 'rizzo_one_n_minus_one'.
Change-Id: If3a18b0782b747b91155553e0659faebd7c5dd05
|
|
This commit fixes failing testcases on OpenBSD 12.0 systems. It
forces openssl s_client to use an IPv4 address if openssl supports
IPv6.
When s_client is called with the argument "localhost" it binds
to the first address returned by getaddrinfo. As the first address
is an IPv6 address on OpenBSD 12.0, the client fails to send
UDP packets to the ssl server that is listening on an IPv4 address.
Change-Id: Ie662d10f4f0d9c803f7a341c9ea7dbe2ac80b556
|
|
This commit fixes ssl_test_lib:appropriate_sha/1 that returns sha256
if it is supported by crypto. It returns sha1 otherwise.
Change-Id: I0bfa4d50bbe3c788551a81d418db2cabc36a4344
|
|
|
|
|
|
* peterdmv/ssl/improve_openssl_interop_tests:
ssl: Improve openssl interop tests
Change-Id: I65b63ddb8c8948d246e341f8c821b3b499507cb6
|
|
openssl 1.1.x changed the default ECC curves that made testcases
fail in the ECC suite. openssl s_server and s_client sent
'Illegal Parameter' alert when the CertificateVerify (client) or
ServerKeyExchange (server) message was signed with a curve that
was not present in openssl's default ECC curve list (x25519,
secp256r1, secp521r1, secp384r1, brainpoolP256r1, brainpoolP384r1,
brainpool512r1).
This commit changes the default curve of make_ec_cert_chains to
'secp256r1' and explicitly configures the default curve in
those testcases where the default curve of the ssl application
is expected.
Change-Id: I81ebe1a30b8f863b0e2836b1dad3d8bc767cc47e
|
|
|
|
|
|
maint-21
* peterdmv/ssl/fix-srp-encode-decode/ERL-790/OTP-15477:
ssl: Fix encoding/decoding of the SRP extension
|
|
* ingela/ssl/enhance-error-handling/OTP-15505:
ssl: Cuddle test cases
ssl: Fix test case
ssl: Fix two invalid gen_statem returns
|
|
We want to be able to save a specific session to reuse, and make sure
it is reusable immediatly when the connection has been established.
Add client option {reuse_session, SessionID::binary()}
We also do not want clients to save sessions that it did not verify.
Additionaly change behaviour of the client and server to not save sessions
if reuse_session is set to false.
|
|
Modernize test case option handling
|
|
No need for this test case to set a specific cipher suite. An appropriate cipher suite
will be negotiated and it will of course be the same for clients with the same configuration.
|
|
|
|
* peterdmv/ssl/fix-crl-suite:
ssl: Fix CRL suite with openssl-1.1.1a
Change-Id: I2847107b6cf0210c3002c016a6ba49288505d06f
|
|
|
|
Remove rizzo rests that made incorrect assumptions
|
|
Later versions of openssl do not support negative integers for
CRL due time (used for negative testing).
As a workaround this commit implements a function that can set
CRL due time in seconds and makes the testcase
'crl_hash_dir_expired' sleep for one second.
Change-Id: I2ef8b3c6ee545bd09170fa6027cb9ca38cfb42c0
|
|
Cipher test case also needed updating to handle streams correctly
We should not rizzo test chacha20_poly1305
Conflicts:
lib/ssl/test/ssl_basic_SUITE.erl
|
|
packet raw is a stream, test code manged it packet oriented in
the function active_raw.
|
|
* peterdmv/ssl/fix-srp-encode-decode/ERL-790/OTP-15477:
ssl: Fix encoding/decoding of the SRP extension
Change-Id: Iee3276a60041a2c04c89385b2de2edb1cd81babd
|
|
The encoded value of the SRP extension length was bigger than the
actual length of the extension. This could cause interoperability
problems with third party SSL implementations.
This commit corrects the encoding and decoding of the SRP extension
length.
Change-Id: I78d118faab7f5d02b755a7d1e2e8561b86f5a15c
|
|
New internal active N changed timing, and
new check is needed.
|
|
New internal active N changed timing, and
new check is needed.
|
|
|
|
Both test case and code needed updates to work as intended. Code needed update due to
new tls_sender process and the test case gave false positive reusult erarlier probably
due to beeing to sloopy in order to avoid timeouts.
|
|
State values created at init
|
|
|
|
Cipher test case also needed updating to handle streams correctly
We should not rizzo test chacha20_poly1305
Conflicts:
lib/ssl/test/ssl_basic_SUITE.erl
|
|
packet raw is a stream, test code manged it packet oriented in
the function active_raw.
|
|
Both test case and code needed updates to work as intended. Code needed update due to
new tls_sender process and the test case gave false positive reusult erarlier probably
due to beeing to sloopy in order to avoid timeouts.
|
|
State values created at init
|
|
|
|
* raimo/ssl/tls_dist-profiling:
Improve benchmark
Implement print on other node
Fix compiler warnings
|
|
* ingela/ssl/test-cuddle-ssl_basic_SUITE:
ssl: Correct test case
|
|
When internaly using active N, bugs in shutdown implementation where reveled.
|
|
Make next_record an internal help function to next_event and avoid
duplicate calls to tls_socket:setopts for setting the active option.
|
|
|
|
|
