aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/test
AgeCommit message (Collapse)Author
2016-06-13Merge branch 'joedevivo/maint/ssl/PR-1063/OTP-13635' into maint-18Erlang/OTP
* joedevivo/maint/ssl/PR-1063/OTP-13635: ssl:recv timeout() can be 0
2016-06-09ssl: Use cipher suite's PRF in prf/5Kenneth Lakin
Use the negotiated cipher suite's PRF algorithm in calls to ssl:prf/5, rather than a hard-coded one. For TLS 1.0 the PRF algorithm was hard-coded to MD5/SHA1. This was correct 100% of the time. For TLS 1.1 and 1.2 the PRF algorithm was hard-coded to SHA256. This was correct only some of the time for TLS 1.2 and none of the time for TLS 1.1. Because the TLS handshake code calls tls_v1:prf/5 through another path, the handshaking process used the negotiated PRF and did not encounter this bug. A new test (prf) has been added to ssl_basic_SUITE to guard against future breakage.
2016-06-09ssl:recv timeout() can be 0Joe DeVivo
gen_tcp:recv allows this, and if you're doing something like Transport:recv(Socket, 0, 0), TCP will work and SSL will exit with function_clause There were other cases of this throughout the module. This PR cleans them all up.
2016-04-29ssl: Correct cipher suites conversionIngela Anderton Andin
Correct conversion errors form commit d2381e1a8d7cd54f7dc0a5105d172460b005a8fb Please enter the commit message for your changes. Lines starting
2016-04-26Merge branch 'ingela/ssl/config-signature-algs/OTP-13261' into maint-18Erlang/OTP
* ingela/ssl/config-signature-algs/OTP-13261: ssl: Prepare for release ssl: Add option signature_algs
2016-04-22ssl: Corrections to cipher suite handlingIngela Anderton Andin
It was not possible to mix ssl 3 and 4 tuple cipher suites in the ciphers option. Some ssl_cipher:suite/1 clauses wrongly returned 3-tuples that should have been 4 tuples
2016-04-06ssl: Add option signature_algsIngela Anderton Andin
In TLS-1.2 The signature algorithm and the hash function algorithm used to produce the digest that is used when creating the digital signature may be negotiated through the signature algorithm extension RFC 5246. We want to make these algorithm pairs configurable. In connections using lower versions of TLS these algorithms are implicit defined and can not be negotiated or configured. DTLS is updated to not cause dialyzer errors, but needs to get a real implementation later.
2016-02-25Merge branch 'legoscia/crl-check-without-dp' into maintHenrik Nord
* legoscia/crl-check-without-dp: Be suspicious of certificates without CRL DPs Refactor ssl_crl_SUITE: extract crl_verify_error/6 OTP-13378
2016-02-25Merge branch 'legoscia/critical-extension-verify-none' into maintHenrik Nord
* legoscia/critical-extension-verify-none: ssl: with verify_none, accept critical extensions OTP-13377
2016-02-22ssl: Newer cipher suites now presented correctlyIngela Anderton Andin
Older SSL/TLS versions have cipher suites that look like {key_exchange(), cipher(), MAC::hash()} and the hash function used by the PRF (Pseudo Random function) is implicit and always the same for that protocol version. In TLS 1.2 a cipher suite is {key_exchange(), cipher(), MAC::hash(), PRF::hash()}. Internally a cipher suite is always a four tuple but for backwards compatibility older cipher suites will be presented as a three tuples, however new cipher suites should be presented as four tuples.
2016-02-22ssl: Include options form connect/listen/accept in connection_information/[1,2]Ingela Anderton Andin
Make sure that options only relevant for one role (client|server) is set to undefined when the other role is invoked. As there are many options to ssl, and many are optional, we choose to filter out all undefined options to avoid overwhelming the user with not relevant information. This way there is no need for any special handling of the role specific options which is also nice.
2016-02-17Be suspicious of certificates without CRL DPsMagnus Henoch
Previously, if certificate revocation checking was turned on, and a certificate didn't contain a CRL Distribution Points extension, and there was no relevant CRL in the cache, then ssl_handshake:crl_check would accept the certificate even if the crl_check option was set to reject certificates for which the revocation status could not be determined. With this change, such certificates will only be accepted if the crl_check option was set to best_effort. The process for CRL validation is described in section 6.3 of RFC 5280. The text doesn't mention any special treatment to be given to certificates without distribution points: it just says "For each distribution point..." (section 6.3.3), which would leave the revocation status undetermined, unless there were "any available CRLs not specified in a distribution point but issued by the certificate issuer". Thus the result of this algorithm should be UNDETERMINED in this case, not UNREVOKED, and the crl_check option should govern how the implementation reacts to this result.
2016-02-17ssl: with verify_none, accept critical extensionsMagnus Henoch
When establishing a TLS connection with {verify, verify_none}, if the server has a certificate with a critical extension, for example a "Netscape Cert Type" extension, certificate verification would fail, which is surprising given that the name of the option suggests that no verification would be performed. With this change, certificate extensions marked as critical are ignored when using verify_none.
2016-02-16Merge branch 'ia/pr/958/OTP-13334' into maintIngela Anderton Andin
* ia/pr/958/OTP-13334: ssl: verify cert signature against original cert binary
2016-02-08Merge branch 'sverk/ecc-fixes' into maintSverker Eriksson
OTP-13311 * sverk/ecc-fixes: Ensure testing ssl with supported ciphers only Only use supported EC curves in crypto tests Check the result of EC_GROUP_new_curve_* calls
2016-02-08ssl: verify cert signature against original cert binaryMatt Campbell
When searching for a certificate's issuer in the `CertDB`, verify the signature against the original DER certificate from the handshake instead of a re-encoding of the parsed certificate. This avoids false negatives due to differences between DER encoding implementations of OTP and other platforms.
2016-02-02Merge branch 'legoscia/tls-dist-connect-options' into maintZandra
* legoscia/tls-dist-connect-options: ssl_dist_SUITE: don't use deprecated functions TLS distribution: support inet_dist_connect_options OTP-13285
2016-01-28Ensure testing ssl with supported ciphers onlyDániel Szoboszlay
There are two problematic areas: EC curve selection and interoperability tests with OpenSSL. The tests shouldn't assume any particular EC curve is available, but should always check the list of curves reported by tls_v1:ecc_curves/1. And during interoperability tests the tests shouldn't assume that any cipher suite supported by Erlang is also supported by OpenSSL. There are OpenSSL packages where the command line openssl tool only supports a subset of the ciphers available in libcrypto. The actual list of supported cipher suites thus shall be queried from OpenSSL.
2016-01-27Refactor ssl_crl_SUITE: extract crl_verify_error/6Magnus Henoch
Just like crl_verify_valid/5 checks for a positive result given certain options, crl_verify_error/6 checks for a negative result.
2016-01-21ssl: Fix typos that broke alpn testsIngela Anderton Andin
2016-01-21ssl: In interop tests always check if SSL/TLS version is supported by OpenSSLIngela Anderton Andin
As sslv3 is being faced out we need to test for old version support as well as newer versions.
2016-01-12ssl_dist_SUITE: don't use deprecated functionsMagnus Henoch
Use erlang:unique_integer/1 instead of erlang:now/0 to generate a unique node name. Use rand:uniform/1 instead of random:uniform/1, so we don't need to generate a seed ourselves.
2016-01-12TLS distribution: support inet_dist_connect_optionsMagnus Henoch
Allow adding extra options for outgoing TLS distribution connnections, as supported for plain TCP connections.
2015-12-15Merge branch 'ia/libressl' into maintIngela Anderton Andin
* ia/libressl: ssl: Print openssl version string ssl: Do not use environment variables in openSSL config file
2015-12-15ssl: Convert all test to use "ssl_test_lib:portable_open_port"Ingela Anderton Andin
2015-12-14ssl: Print openssl version stringIngela Anderton Andin
2015-12-14ssl: Do not use environment variables in openSSL config fileIngela Anderton Andin
LibreSSL does not allow it.
2015-12-11ssl: fix hibernate_after with instant or near instant timeoutsAndrey Mayorov
2015-12-11ssl: Fix typosIngela Anderton Andin
2015-12-11Merge branch 'ia/ssl/windows-tests' into maintIngela Anderton Andin
* ia/ssl/windows-tests: ssl: Use test case time out instead ssl: Use spawn_executable
2015-12-09ssl: Use test case time out insteadIngela Anderton Andin
2015-12-09ssl: Use spawn_executableIngela Anderton Andin
2015-12-09ssl: Add renegotiation exceptionIngela Anderton Andin
2015-12-07Merge branch 'rlipscombe/rl-ssl-options' into maintHenrik Nord
* rlipscombe/rl-ssl-options: Ensure single 'raw' option is handled correctly Pass 'raw' options through OTP-13166
2015-12-03ssl: Add upper limit for session cacheIngela Anderton Andin
If upper limit is reached invalidate the current cache entries, e.i the session lifetime is the max time a session will be keept, but it may be invalidated earlier if the max limit for the table is reached. This will keep the ssl manager process well behaved, not exhusting memeory. Invalidating the entries will incrementally empty the cache to make room for fresh sessions entries.
2015-12-01Merge branch 'legoscia/tls_dist_options' into maintZandra
* legoscia/tls_dist_options: Test interface listen option for TLS distribution Test socket listen options for TLS distribution Test port options for TLS distribution TLS Dist: Use inet_dist_ options Conflicts: lib/ssl/src/ssl_tls_dist_proxy.erl lib/ssl/test/ssl_dist_SUITE.erl OTP-12838
2015-11-26Merge branch 'legoscia/tls_dist_nodelay' into maintZandra
* legoscia/tls_dist_nodelay: Add test for dist_nodelay option Honour dist_nodelay socket option in tls_dist proxy OTP-13143
2015-11-25Ensure single 'raw' option is handled correctlyRoger Lipscombe
Add a test to ensure that a single 'raw' option can be passed to ssl:listen correctly. Note: multiple raw options are (incorrectly) handled by inet:listen_options. See http://erlang.org/pipermail/erlang-questions/2014-March/078371.html
2015-11-24Test interface listen option for TLS distributionMagnus Henoch
Add test that checks that the option inet_dist_use_interface is used when starting a node with TLS distribution.
2015-11-24Test socket listen options for TLS distributionMagnus Henoch
Add test that checks that the option inet_dist_listen_options is used when starting a node with TLS distribution. This test was adapted from inet_dist_options_options in erl_distribution_SUITE.
2015-11-24Test port options for TLS distributionMagnus Henoch
Add test that checks that the options inet_dist_listen_min and inet_dist_listen_max are used when starting a node with TLS distribution.
2015-11-16fix 24h macro in test suiteZandra
Needed after the fix in 120975c4fcb57ecd14031ac046f483e56a3daa4d.
2015-11-13Add test for dist_nodelay optionMagnus Henoch
Run the 'basic' test with dist_nodelay set to false.
2015-09-23ssl: Retry ssl connections on econnreset errorsIngela Anderton Andin
To avoid test case failure due to test case setup timing issues. Suspected problem is that the listen queue builds up to quickly in client_unique_session test when running on slow computers.
2015-09-21ssl: listen socket should be set to active falseIngela Anderton Andin
2015-09-18ssl: Correct soft upgrade testIngela Anderton Andin
Soft upgrade test did not work as expected due to that the upgrade frame work keeps the control of the test case process to itself, so we need a proxy process to receive messages from ssl test framework.
2015-09-17ssl: Timeout tuningIngela Anderton Andin
2015-09-16Merge branch 'ia/ssl/register-unique-session/OTP-12980' into maintIngela Anderton Andin
* ia/ssl/register-unique-session/OTP-12980: ssl: Correct return value of default session callback module
2015-09-16ssl: Improve shutdown logicIngela Anderton Andin
Add possibility to downgrade an SSL/TLS connection to a tcp connection, and give back the socket control to a user process. Add application setting to be able to change fatal alert shutdown timeout, also shorten the default timeout. The fatal alert timeout is the number of milliseconds between sending of a fatal alert and closing the connection. Waiting a little while improves the peers chances to properly receiving the alert so it may shutdown gracefully.
2015-09-15ssl: Correct return value of default session callback moduleIngela Anderton Andin
ssl_session_cache:select_session/2 returned [sesionid(), #session{}] instead of #session{} as the API demands. This was wrongly compensated for in the code in one place making it look like everything was good. But the client check for unique session would always fail, potentially making the client session table grow a lot and causing long setup times.