Age | Commit message (Collapse) | Author | |
---|---|---|---|
2018-01-17 | dtls: Add DTLS handling to utility functions | Ingela Anderton Andin | |
2017-12-05 | Merge branch 'maint' | Ingela Anderton Andin | |
Conflicts: lib/ssl/src/ssl_cipher.erl lib/ssl/src/ssl_handshake.erl | |||
2017-12-05 | ssl: Use maps for cipher suites internally | Ingela Anderton Andin | |
This is a preparation for improvements to come in option handling and support for TLS-1.3 | |||
2017-12-04 | Write SSL distribution benchmarks | Raimo Niskanen | |
2017-11-10 | Merge branch 'maint' | Ingela Anderton Andin | |
2017-11-08 | ssl: Add private key configuration for crypto engine | Ingela Anderton Andin | |
2017-10-18 | Merge branch 'maint' | Ingela Anderton Andin | |
2017-10-18 | Merge branch 'ingela/dtls/no-packet-upd/OTP-14664' into maint | Ingela Anderton Andin | |
* ingela/dtls/no-packet-upd/OTP-14664: ssl: No support for packet option over unreliable transport | |||
2017-10-17 | Merge branch 'maint' | Ingela Anderton Andin | |
2017-10-17 | ssl: No support for packet option over unreliable transport | Ingela Anderton Andin | |
2017-10-16 | ssl: Fix test cases to work on all test platforms | Ingela Anderton Andin | |
Use hradcoded rsa keys as this will work on all legacy platforms. In test case dns_name_reuse only do the relevant client check in the final test. | |||
2017-10-13 | ssl: Sessions must be registered with SNI if exists | Ingela Anderton Andin | |
2017-10-13 | ssl: Extend hostname check to fallback to checking IP-address | Ingela Anderton Andin | |
If no SNI is available and the hostname is an IP-address also check for IP-address match. This check is not as good as a DNS hostname check and certificates using IP-address are not recommended. | |||
2017-10-12 | public_key, ssl: Handles keys so that APIs are preserved correctly | Ingela Anderton Andin | |
2017-10-02 | Merge branch 'maint' | Ingela Anderton Andin | |
2017-09-30 | dtls: Compleate DTLS renegotiate implementation | Ingela Anderton Andin | |
2017-09-20 | Merge branch 'maint' | Ingela Anderton Andin | |
2017-09-20 | public_key, ssl: Provide certitifate test data generation function in public_key | Ingela Anderton Andin | |
The ssl application uses the new function in many of its test cases. | |||
2017-09-11 | Merge branch 'maint' | Ingela Anderton Andin | |
2017-09-11 | ssl: OpenSSL-1.0.0 is really broken | Ingela Anderton Andin | |
Add exception for DTLS (not only TLS) against this broken version. Make sure configuration is clean for default test group. | |||
2017-09-07 | Merge branch 'maint' | Ingela Anderton Andin | |
2017-09-07 | ssl: Make sure test initilization is clean | Ingela Anderton Andin | |
Otherwhise test can be wrongly initialized and will fail as they try to run with a broken setup. This is an addition to b3ca5727169deaa38917edca8288dcaff9a36800 that accidently was the wrong version of that branch. | |||
2017-09-06 | Merge branch 'maint' | Lukas Larsson | |
2017-09-01 | ssl: Make sure test initilization is clean | Ingela Anderton Andin | |
Otherwhise test can be wrongly initialized and will fail as they try to run with a broken setup. | |||
2017-08-24 | Merge branch 'maint' | Ingela Anderton Andin | |
2017-08-24 | Merge branch 'ingela/ssl/dtls-alert-handling/OTP-14078' into maint | Ingela Anderton Andin | |
* ingela/ssl/dtls-alert-handling/OTP-14078: dtls: Customize alert handling for DTLS over UDP | |||
2017-08-24 | Merge branch 'maint' | Ingela Anderton Andin | |
2017-08-24 | ssl: DTLS packet support | Ingela Anderton Andin | |
Test that DTLS handles "high" level packet types as http-packet types. Low level packet type as {packet, 2} we will consider later if they should be relevant to support or not. | |||
2017-08-23 | ssl: Enable dtls tests | Ingela Anderton Andin | |
Also run this suit on all TLS versions | |||
2017-08-23 | ssl: Adjust ALPN and next protocol to work with DTLS | Ingela Anderton Andin | |
2017-08-23 | ssl: Enable more DTLS tests | Ingela Anderton Andin | |
Problems with failure of ssl_certificate_verify_SUITE when enabling DTLS-1 tests in ssl_basic_SUITE was a combination of the bug fixed by the previous commit and missing clean up code for dtls_protocol_versions application environment variable | |||
2017-08-22 | Merge pull request #1518 from RoadRunnr/R20/ssl_anon_certs | Ingela Andin | |
RFC: ecdhe_psk cipher suites OTP-14547 | |||
2017-08-15 | Merge pull request #1532 from ↵ | Ingela Andin | |
angelhof/public_key/generate_key-rsa-inconsistency-fix public_key:generate_key/1 RSA key generation inconsistency OTP-14534 | |||
2017-08-14 | Merge branch 'ingela/ssl/timeout-cuddle' into maint | Ingela Anderton Andin | |
* ingela/ssl/timeout-cuddle: ssl: Longer timeouts for test cases that do many handshakes | |||
2017-08-14 | dtls: Customize alert handling for DTLS over UDP | Ingela Anderton Andin | |
From RFC 6347: 4.1.2.7. Handling Invalid Records Unlike TLS, DTLS is resilient in the face of invalid records (e.g., invalid formatting, length, MAC, etc.). In general, invalid records SHOULD be silently discarded, thus preserving the association; however, an error MAY be logged for diagnostic purposes. Implementations which choose to generate an alert instead, MUST generate fatal level alerts to avoid attacks where the attacker repeatedly probes the implementation to see how it responds to various types of error. Note that if DTLS is run over UDP, then any implementation which does this will be extremely susceptible to denial-of-service (DoS) attacks because UDP forgery is so easy. Thus, this practice is NOT RECOMMENDED for such transports. | |||
2017-08-11 | Merge branch 'ingela/ssl/cert-handling' into maint | Ingela Anderton Andin | |
* ingela/ssl/cert-handling: ssl: Correct cipher suite handling ssl: Modernize DSA cert chain generation ssl: Clean ssl: Remove test of OpenSSL ssl: Use new cert generation | |||
2017-08-10 | ssl: Longer timeouts for test cases that do many handshakes | Ingela Anderton Andin | |
2017-08-10 | Merge branch 'ingela/dtls/cuddle' into maint | Ingela Anderton Andin | |
* ingela/dtls/cuddle: ssl: Handle OpenSSL output correctly | |||
2017-08-10 | ssl: Correct cipher suite handling | Ingela Anderton Andin | |
This is mainly fixing the test suites so that they test the intended cipher suites, issue reported in ERL-460. Also ssl_cipher:anonymous_suites was corrected for DTLS. | |||
2017-08-09 | ssl: Modernize DSA cert chain generation | Ingela Anderton Andin | |
2017-08-08 | ssl: Handle OpenSSL output correctly | Ingela Anderton Andin | |
Adjust to handle output from OpenSSL in a more general way, so that "unknown option" should be caught for all cases and the test case skipped if that is the case and other data form OpenSSL should be ignored. | |||
2017-08-08 | ssl: Clean | Ingela Anderton Andin | |
This code was not used and we already have mixed chains ECDH_RSA tests | |||
2017-08-08 | ssl: Remove test of OpenSSL | Ingela Anderton Andin | |
We are not testing OpenSSL. We want to test interoperability with OpenSSL | |||
2017-08-08 | ssl: Use new cert generation | Ingela Anderton Andin | |
2017-07-28 | Change version of hardcoded RSA test records | Konstantinos Kallas | |
2017-07-21 | ssl: add ECDHE_PSK cipher suites | Andreas Schultz | |
2017-06-30 | ssl: Workaround localhost problems | Ingela Anderton Andin | |
If net_adm:localhost() returns a FQDN we want to use it otherwise we want to use localhost. | |||
2017-06-29 | ssl: Move clause so that it will match | Ingela Anderton Andin | |
2017-06-29 | ssl: Skip test if OpenSSL has problems generating CRL | Ingela Anderton Andin | |
2017-06-29 | ssl: Set rizzo* test timeout high enough for our slowest test machine | Ingela Anderton Andin | |