aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/test
AgeCommit message (Collapse)Author
2019-02-13ssl: Fix failing rizzo testcasesPéter Dimitrov
Filter out the cipher 'chacha20_poly1305' when running the testcase 'rizzo_one_n_minus_one'. Change-Id: If3a18b0782b747b91155553e0659faebd7c5dd05
2019-02-13ssl: Use IPv4 addresses with openssl s_clientPéter Dimitrov
This commit fixes failing testcases on OpenBSD 12.0 systems. It forces openssl s_client to use an IPv4 address if openssl supports IPv6. When s_client is called with the argument "localhost" it binds to the first address returned by getaddrinfo. As the first address is an IPv6 address on OpenBSD 12.0, the client fails to send UDP packets to the ssl server that is listening on an IPv4 address. Change-Id: Ie662d10f4f0d9c803f7a341c9ea7dbe2ac80b556
2019-02-11ssl: Use sha256 in test certificates if supportedPéter Dimitrov
This commit fixes ssl_test_lib:appropriate_sha/1 that returns sha256 if it is supported by crypto. It returns sha1 otherwise. Change-Id: I0bfa4d50bbe3c788551a81d418db2cabc36a4344
2019-02-11ssl: Test TLS 1.3 connectivityPéter Dimitrov
Test TLS 1.3 connectivity between ssl server and openssl s_client. Change-Id: I926229d6bc9e6670ebe0190b491257876845b570
2019-02-08ssl: Improve TLS 1.3 statemPéter Dimitrov
- Store FinishedKey in cipher_state. - Implement state 'wait_finished'. - Calculate traffic secrets in 'wait_finished' after Finished received from client and go to state 'Connection'. - Drop 'change_cipher_spec' messages (middlebox compatibility mode). - Extend tests of 1-RTT. Change-Id: Id69619ec5da053ffaaef75378678a27afeef6916
2019-02-05Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/doc/src/ssl.xml lib/ssl/src/ssl.erl lib/ssl/src/ssl_cipher_format.erl lib/ssl/src/tls_handshake.erl
2019-02-05ssl: Use specs to generate type documentationIngela Anderton Andin
2019-02-04ssl: Enhance error handlingIngela Anderton Andin
2019-01-30Merge branch 'peterdmv/ssl/server-send-finished'Péter Dimitrov
* peterdmv/ssl/server-send-finished: ssl: Fix dialyzer warnings ssl: Add 'Finished' ssl: Use HKDF hash function in Transcript-Hash ssl: Improve test of 1-RTT handshake ssl: Update certificate_verify ssl: Update function build_content ssl: Fix encoding of the Certificate message ssl: Add EncryptedExtensions ssl: Fix encoding of empty extensions ssl: Fix key schedule and traffic keys ssl: Encode/decode CertificateVerify Change-Id: Ie525de276ca4ebd9f9fb0fbdc9dc3822f91834e0
2019-01-30Merge branch 'maint'Péter Dimitrov
* maint: ssl: Improve openssl interop tests Change-Id: I5eec73687e9693ab5b08953c5e3db0d09cfd1690
2019-01-30Merge branch 'peterdmv/ssl/improve_openssl_interop_tests' into maintPéter Dimitrov
* peterdmv/ssl/improve_openssl_interop_tests: ssl: Improve openssl interop tests Change-Id: I65b63ddb8c8948d246e341f8c821b3b499507cb6
2019-01-29ssl: Improve openssl interop testsPéter Dimitrov
openssl 1.1.x changed the default ECC curves that made testcases fail in the ECC suite. openssl s_server and s_client sent 'Illegal Parameter' alert when the CertificateVerify (client) or ServerKeyExchange (server) message was signed with a curve that was not present in openssl's default ECC curve list (x25519, secp256r1, secp521r1, secp384r1, brainpoolP256r1, brainpoolP384r1, brainpool512r1). This commit changes the default curve of make_ec_cert_chains to 'secp256r1' and explicitly configures the default curve in those testcases where the default curve of the ssl application is expected. Change-Id: I81ebe1a30b8f863b0e2836b1dad3d8bc767cc47e
2019-01-28ssl: Add 'Finished'Péter Dimitrov
Implement Finished message on the server side. Change-Id: Ie0d054ac80f7eb47797273e1878990335112e923
2019-01-28ssl: Improve test of 1-RTT handshakePéter Dimitrov
Change-Id: Iaffe5d6e402448f1da5e37b0e55829fa72af310d
2019-01-28ssl: Fix key schedule and traffic keysPéter Dimitrov
Fix key schedule and traffic key calculation. Add test for the server side calculation of shared secrets and traffic keys. Change-Id: Ia955e5e8787f3851bdb3170723e6586bdf4548ca
2019-01-28ssl: Encode/decode CertificateVerifyPéter Dimitrov
Implement encoding/decoding of CertificateVerify. Update property tests with CertificateVerify. Refactor state handling function: 'do_negotiated'. Change-Id: Ifa066076960120717ddb472dc45fcc7a16a517d0
2019-01-22Merge branch 'maint'Ingela Anderton Andin
2019-01-21ssl: Correct test inputIngela Anderton Andin
2019-01-16Merge branch 'maint'Ingela Anderton Andin
2019-01-16ssl: Cuddle testsIngela Anderton Andin
2019-01-15Merge branch 'peterdmv/ssl/fix-srp-encode-decode/ERL-790/OTP-15477' into ↵Erlang/OTP
maint-21 * peterdmv/ssl/fix-srp-encode-decode/ERL-790/OTP-15477: ssl: Fix encoding/decoding of the SRP extension
2019-01-15Merge branch 'ingela/ssl/enhance-error-handling/OTP-15505' into maint-21Erlang/OTP
* ingela/ssl/enhance-error-handling/OTP-15505: ssl: Cuddle test cases ssl: Fix test case ssl: Fix two invalid gen_statem returns
2019-01-15Merge branch 'lukas/ssl/benchmark_basic_test'Lukas Larsson
* lukas/ssl/benchmark_basic_test: inets: Decrease benchmark TC timeout inets: Fix crypto:rand_bytes usage in benchmarks ssl: Only run a basic fast test in test cycle
2019-01-15ssl: Only run a basic fast test in test cycleLukas Larsson
Some of the slower machines takes 20-30 minutes to run one iteration of the payload test.
2019-01-15Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/ssl.erl
2019-01-14ssl: Add value 'save' to reuse_sessions and reuse_session client optionIngela Anderton Andin
We want to be able to save a specific session to reuse, and make sure it is reusable immediatly when the connection has been established. Add client option {reuse_session, SessionID::binary()} We also do not want clients to save sessions that it did not verify. Additionaly change behaviour of the client and server to not save sessions if reuse_session is set to false.
2019-01-14ssl: Client shall only save verified sessionsIngela Anderton Andin
Modernize test case option handling
2019-01-14ssl: Uncomplicate test codeIngela Anderton Andin
No need for this test case to set a specific cipher suite. An appropriate cipher suite will be negotiated and it will of course be the same for clients with the same configuration.
2019-01-14ssl: Modernize test suiteIngela Anderton Andin
2019-01-11ssl: Skip TLS 1.3 suites if crypto lacks supportPéter Dimitrov
TLS 1.3 test suites requires TLS 1.3 support in crypto that is openssl 1.1.1 or later shall be available. This commit tests support for RSASSA-PSS signature algorithm and x448 Diffie-Hellman key agreement. Change-Id: I003ab376339b003fbbd3d0a66e10c368a16023ad
2019-01-11ssl: Update testcase 'encode_decode_srp'Péter Dimitrov
Change-Id: I16dccce4a0a8980fe0f888969945aef8ed38a9bc
2019-01-11ssl: Improve AEAD encode/decodePéter Dimitrov
- Update calculation of nonce and additional data - Update cipher_aead, decipher_aead - Add test for TLS 1.3 encode/decode Change-Id: Id0a5cc68d8746079fb42c0192c0c64405f6d7a72
2019-01-11ssl: Create server 'Certificate' messagePéter Dimitrov
Create a TLS 1.3 'Certificate' message in the 'negotiated' state. Change-Id: I03115de2353324f8533146ba19809064da6b0866
2019-01-11ssl: Add tests for TLS 1.3Péter Dimitrov
Change-Id: I23a2faa5f07836333c9b50af388162d2bbb9a246
2019-01-11ssl: Process "supported_versions" before decodingPéter Dimitrov
Change-Id: I465760b7001692367c68839219745e40abafdfa8
2019-01-11Merge branch 'peterdmv/ssl/fix-failing-srp-tc'Péter Dimitrov
* peterdmv/ssl/fix-failing-srp-tc: ssl: Fix srp testcase fault Change-Id: I0d7bf24e16bec0b61d385a6cd2ef81f334b9e397
2019-01-10Merge branch 'maint'Péter Dimitrov
* maint: ssl: Fix CRL suite with openssl-1.1.1a Change-Id: I18ffe894158e8881af20bba6f6a60b85063b937c
2019-01-10Merge branch 'peterdmv/ssl/fix-crl-suite' into maintPéter Dimitrov
* peterdmv/ssl/fix-crl-suite: ssl: Fix CRL suite with openssl-1.1.1a Change-Id: I2847107b6cf0210c3002c016a6ba49288505d06f
2019-01-10Merge branch 'maint'Ingela Anderton Andin
2019-01-10ssl: Add renegotiation test case to OpenSSL sanity checkIngela Anderton Andin
2019-01-10ssl: Better stream handlingIngela Anderton Andin
Remove rizzo rests that made incorrect assumptions
2019-01-09ssl: Fix CRL suite with openssl-1.1.1aPéter Dimitrov
Later versions of openssl do not support negative integers for CRL due time (used for negative testing). As a workaround this commit implements a function that can set CRL due time in seconds and makes the testcase 'crl_hash_dir_expired' sleep for one second. Change-Id: I2ef8b3c6ee545bd09170fa6027cb9ca38cfb42c0
2019-01-09ssl: Fix srp testcase faultPéter Dimitrov
Fix testcase fault introduced by the forward merge of peterdmv/ssl/fix-srp-encode-decode/ERL-790/OTP-15477. Change-Id: Ia4290265d5c59b6d50f4e5b60b41d5f05fd14278
2019-01-08Merge branch 'maint'Péter Dimitrov
* maint: ssl: Fix encoding/decoding of the SRP extension Change-Id: I3b5887cf01b1a538c65d0c66da4d4ccf7793478d
2019-01-08ssl: Cuddle test casesIngela Anderton Andin
Cipher test case also needed updating to handle streams correctly We should not rizzo test chacha20_poly1305 Conflicts: lib/ssl/test/ssl_basic_SUITE.erl
2019-01-08ssl: Fix test caseIngela Anderton Andin
packet raw is a stream, test code manged it packet oriented in the function active_raw.
2019-01-08Merge branch 'peterdmv/ssl/fix-srp-encode-decode/ERL-790/OTP-15477' into maintPéter Dimitrov
* peterdmv/ssl/fix-srp-encode-decode/ERL-790/OTP-15477: ssl: Fix encoding/decoding of the SRP extension Change-Id: Iee3276a60041a2c04c89385b2de2edb1cd81babd
2019-01-08ssl: Fix encoding/decoding of the SRP extensionPéter Dimitrov
The encoded value of the SRP extension length was bigger than the actual length of the extension. This could cause interoperability problems with third party SSL implementations. This commit corrects the encoding and decoding of the SRP extension length. Change-Id: I78d118faab7f5d02b755a7d1e2e8561b86f5a15c
2019-01-08ssl: Guarantee active once data deliveryIngela Anderton Andin
New internal active N changed timing, and new check is needed.
2019-01-08Merge branch 'maint'Ingela Anderton Andin
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-20 04:20:12 +0000