aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/test
AgeCommit message (Collapse)Author
2011-03-11Update copyright yearsBjörn-Egil Dahlberg
2011-03-07Add the option { hibernate_after, int() } to ssl:connect and ssl:listenJeroen Koops
When making an SSL connection (either as client or as server), the process implementing the connection may use as much as hundreds of kilobytes of memory, even when idle. This is problematic for any application maintaining more than just a few SSL connections. This patch introduces the option { hibernate_after, int() } to the ssl:connect and ssl:listen functions, making the SSL connection process go into hibernation after the specified number of milliseconds of inactivity. This will reduce the memory used by the process to just a few hundred bytes, making applications with thousands or more SSL connections feasible, as long as most of the connections are idle for most of the time (which is typically the case). The approach of making the process go into hibernation only after some time of inactivity was chosen because hibernation incurs some CPU usage, and it is therefore not desirable for a process to hibernate after each call.
2011-03-07Workaround for application:start(crypto) inconsistencyIngela Anderton Andin
2011-02-17Rename Suite Callback to Common Test HookLukas Larsson
2011-02-17Update init_per_suite to skip all tests if crypto does not existLukas Larsson
2011-02-17Update and add cover spec files to work with common_testLukas Larsson
2011-02-17Update all test specsLukas Larsson
2011-02-17Fix formatting for sslLukas Larsson
2011-02-17Add init_per_suite and end_per_suiteLukas Larsson
2011-02-17Add ts_install_scb to suite/0Lukas Larsson
2011-02-17Update ssl tests to conform with common_test standardLukas Larsson
2011-02-17Update all fin_per_testcase to end_per_testcase.Lukas Larsson
2011-01-24Changed crypto start test so that it works as intendedIngela Anderton Andin
2011-01-20Skip ssl and public key tests if crypto fails to startIngela Anderton Andin
2011-01-17Verification of a critical extended_key_usage-extension correctedIngela Anderton Andin
When a verify fun is supplied, it should not be called to verify the extended_key_usage-extension when it is already verified by the ssl_certificate:validate_extension/2
2010-12-16Cache invalidation and consistent user closingIngela Anderton Andin
Added cache invalidation control of ssl certificates so that sessions will not be reused if file content is changed. There was a glitch in ssl:close that made it possible to to get eaddrinuse even though reuseadder-option was used. Also improved tests for better user-close handling.
2010-12-16Cache invaldation first version does not break old test casesIngela Anderton Andin
2010-11-30Updated tests to avoid test case failure for non interesting reasonsIngela Anderton Andin
Such reason is that pulic key generation or mnesia:stop might occasionally take very long time.
2010-10-07Anonymous cipher suitesIngela Anderton Andin
For testing purposes ssl now also support some anonymous cipher suites when explicitly configured to do so. Also moved session cache tests to its own suite, so that timeout of end_per_testcase when the mnesia is used as session cache will not affect other test cases.
2010-10-01Merge branch 'maint-r14' into devIngela Anderton Andin
Conflicts: lib/public_key/src/pubkey_cert.erl
2010-09-29Peer awarnessIngela Anderton Andin
Changed the verify fun so that it differentiate between the peer certificate and CA certificates by using valid_peer or valid as the second argument to the verify fun. It may not always be trivial or even possible to know when the peer certificate is reached otherwise.
2010-09-21Handling of DSA key parametersIngela Anderton Andin
DSS-Params may be null in a certificate as it can inherit the parameters. Also ignore CA-certs that do not follow ASN-1 spec in RFC 5280.
2010-09-10Improved certificate extension handlingIngela Anderton Andin
Added the functionality so that the verification fun will be called when a certificate is considered valid by the path validation to allow access to eachs certificate in the path to the user application. Removed clause that only check that a extension is not critical, it does alter the verification rusult only withholds information from the application. Try to verify subject-AltName, if unable to verify it let application try.
2010-09-09Merge branch 'ia/ssl-http-error-test' into devIngela Anderton Andin
* ia/ssl-http-error-test: Add test suite for packet http_error.
2010-09-07Add test suite for packet http_error.Ingela Anderton Andin
2010-09-07Add missed DER dh option.Ingela Anderton Andin
2010-09-06Handling of path validation errors by the applicationIngela Anderton Andin
Changed the behavior of the verify_fun option so that the application can be responsible for handling path validation errors even on the server side. Also replaced the not yet documented validate_extensions_fun to be handled by the verify_fun instead. If the verify callback fun returns {fail, Reason}, the verification process is immediately stopped and an alert is sent to the peer and the TLS/SSL handshake is terminated. If the verify callback fun returns {valid, UserState}, the verification process is continued. If the verify callback fun always returns {valid, UserState}, the TLS/SSL handshake will not be terminated with respect to verification failures and the connection will be established. The verify callback fun will also be able to verify application specific extensions.
2010-09-03DER format in APIIngela Anderton Andin
Added support for inputing certificates and keys directly in DER format these options will override the pem-file options if specified.
2010-09-01Empty certificate chainIngela Anderton Andin
Handling of unkown CA certificats was changed in ssl and public_key to work as intended. In the process of doing this some test cases has been corrected as they where wrong but happened to work together with the incorrect unknown CA handling.
2010-08-31Add tests for crypto RC4 bugIngela Anderton Andin
Changed test so that the test cases testing all different ciphers also sends data so that that the calls to crypto cipher functions are also tested.
2010-08-27Fix receiving empty packets.Dan Gudmundsson
Empty packets where not delivered from ssl, it incorrectly assumed there was no data.
2010-08-24Handling of {mode, list}Ingela Anderton Andin
Fixed handling of the option {mode, list} that was broken for some packet types for instance line.
2010-08-24Change packet_line_decode/1 to not only check binary modeThomas Lachmann
2010-08-24Merge branch 'ia/public_key_api/OTP-8722' into devIngela Anderton Andin
* ia/public_key_api/OTP-8722: Revise the public_key API Resolved, version is now 0.8. Conflicts: lib/public_key/vsn.mk
2010-08-23Revise the public_key APIIngela Anderton Andin
Cleaned up and documented the public_key API to make it useful for general use.
2010-08-18Fix bug in ssl handshake protocol related to the choice of cipher suitesPaul Guyot
in client hello message when a client certificate is used The client hello message now always include ALL available cipher suites (or those specified by the ciphers option). Previous implementation would filter them based on the client certificate key usage extension (such filtering only makes sense for the server certificate).
2010-06-29The server now verifies the client certificate verify message correctly, ↵Ingela Anderton Andin
instead of causing a case-clause.
2010-06-11OTP-8695 New ssl defaultIngela Anderton Andin
Ssl has now switched default implementation and removed deprecated certificate handling. All certificate handling is done by the public_key application.
2010-06-08Move dsa ticket to r14a releaseIngela Anderton Andin
(This is the merge of r13 version to r14_dev)
2010-06-07OTP-8587 DSA key supportIngela Anderton Andin
New ssl now support client/server-certificates signed by dsa keys.
2010-06-01Added workaround for tcp delivery problemIngela Anderton Andin
2010-05-28Cleaned codeIngela Anderton Andin
2010-05-26OTP-8649 change in public_key apiIngela Anderton Andin
2010-05-26Test ssl_session_cache_api.Ingela Anderton Andin
2010-05-26Avoid apparently timing issus when closing down opensslIngela Anderton Andin
2010-05-25Better coverage.Ingela Anderton Andin
2010-05-25Better coverageIngela Anderton Andin
2010-05-21Worked on getting better code coverage.Ingela Anderton Andin
2010-05-18Fixed extended_key_usage test so that it really tests what we want it to test.Ingela Anderton Andin
2010-05-11OTP-8568 RFC -5746Ingela Anderton Andin
New ssl now supports secure renegotiation as described by RFC 5746.