aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/test
AgeCommit message (Collapse)Author
2011-10-24fix handling of block_decipher/5 failureAndreas Schultz
A wrong decryption key would cause a badmatch in generic_block_cipher_from_bin/2. The try in block_decipher/5 was probably intendend to deal with that, but was misplace for this. Additionaly, generating a failure alert erly, without computing the record MAC, creates vector for a timing attack on CBC padding (for details check TLS 1.2 RFC 5246, Sect. 6.2.3.2.). This attach vector and the counter meassure applies to all SSL/TLS versions. As a counter messure, compute the MAC even when decryption or padding checks fail. A invalid padding will force a MAC failure by intentionaly invalidating the content.
2011-10-11Put back ssl:peercert/1Ingela Anderton Andin
I accidentally removed a little too much, only peercert/2 was deprecated.
2011-10-06Merge branch 'ia/ssl/remove-old-ssl/OTP-7048'Ingela Anderton Andin
* ia/ssl/remove-old-ssl/OTP-7048: Remove old ssl implementation and deprecated function ssl:peercert/1 Conflicts: lib/ssl/test/Makefile
2011-10-04Better option handlingIngela Anderton Andin
Also cleaned up old gaurds.
2011-10-03Add payload testIngela Anderton Andin
2011-09-28Merge remote branch 'upstream/dev' into majorIngela Anderton Andin
* upstream/dev: Both the SSLv3 and TLS 1.0/TLS 1.1 specifications require implementations to ignore data following the ClientHello (i.e., extensions) if they do not understand them. fix unknown ssl extension parsing by changing length from bits to bytes Temporary disable tests on MAC due to issus with the MAC ODBC drivers
2011-09-27fix unknown ssl extension parsing by changing length from bits to bytesBen Murphy
2011-09-20Merge branch 'dev' into majorHenrik Nord
Conflicts: erts/aclocal.m4 erts/include/internal/ethread_header_config.h.in
2011-09-20Merge branch 'ta/docs-fixes' into devHenrik Nord
* ta/docs-fixes: Fix misspelling of intermediate Fix typos in erts/preloaded/src Fix more misspellings of compatibility Fix misspelling of kept Fix misspelling of compatibility in ssl_basic_SUITE Fix misspelling of compatibility Fix misspelling of accommodate Fix misspelling of exceed Fix misspelling of accidentally Fix misspelling of erroneous in xmerl_xsd Fix misspelling of erroneous Fix misspelling of successful Fix typos in instrument(3) Fix typos in dbg(3) dialyzer: fix a small typo in list_to_bitstring test Fix typos in cover.erl Fix typos (variable name) in erl_nif(3) Fix typos in mod_esi(3) Fix trivial typos in erlang(3) OTP-9555
2011-09-16Remove old ssl implementation and deprecated function ssl:peercert/1Ingela Anderton Andin
2011-09-16Merge remote branch 'upstream/dev' into majorIngela Anderton Andin
* upstream/dev: Support explicit use of packet option httph and httph_bin
2011-09-16Support explicit use of packet option httph and httph_binIngela Anderton Andin
2011-09-15Fix misspelling of compatibility in ssl_basic_SUITETuncer Ayaz
2011-09-09First fully working versionIngela Anderton Andin
2011-07-06Merge branch 'ia/ssl/connect-twice' into devIngela Anderton Andin
* ia/ssl/connect-twice: Added test case
2011-07-04Added test caseIngela Anderton Andin
2011-06-30Improved test case so that it will not fail due to last_delay_timer = undefinedIngela Anderton Andin
2011-06-28Merge branch 'ia/ssl/use-erlang-send-after-instead-of-timer-send-after' into devIngela Anderton Andin
* ia/ssl/use-erlang-send-after-instead-of-timer-send-after: Use erlang:send_after instead of timer:send_after Conflicts: lib/ssl/test/ssl_session_cache_SUITE.erl
2011-06-27Use erlang:send_after instead of timer:send_afterIngela Anderton Andin
Also save latest delay cleanup timer ref so that we can use erlang:read_timer to write a more reliable test case.
2011-06-27Handle inet:getopts/2 and inet:setopts/2 crashesIngela Anderton Andin
2011-06-16Merge branch 'ia/ssl/longer-timeout-in-testcase' into devIngela Anderton Andin
* ia/ssl/longer-timeout-in-testcase: Time out in test case needs to be longer to make sure clean up is properly executed
2011-06-14Changed test case so that we do not have to make ets-table namedIngela Anderton Andin
2011-06-13Time out in test case needs to be longer to make sure clean up isIngela Anderton Andin
properly executed
2011-06-07Prevention of denial of service attackIngela Anderton Andin
2011-06-01The clean up of the session table now works as intended.Ingela Anderton Andin
In ssl-4.1.5 temporary clean-up processes would crash resulting in that the session table would not be cleaned up (e.i. using more and more memory) and error reports would be printed, but connections would not be affected.
2011-03-30Merge branch 'hw/call-chmod-without-f' into devHenrik Nord
* hw/call-chmod-without-f: Call chmod without the "-f" flag Conflicts: erts/emulator/test/Makefile lib/asn1/test/Makefile lib/crypto/test/Makefile lib/debugger/test/Makefile lib/docbuilder/test/Makefile lib/edoc/test/Makefile lib/erl_interface/test/Makefile lib/inviso/test/Makefile lib/parsetools/test/Makefile lib/percept/test/Makefile lib/ssl/test/Makefile lib/syntax_tools/test/Makefile lib/test_server/test/Makefile lib/tools/test/Makefile OTP-9170
2011-03-11Update copyright yearsBjörn-Egil Dahlberg
2011-03-07Add the option { hibernate_after, int() } to ssl:connect and ssl:listenJeroen Koops
When making an SSL connection (either as client or as server), the process implementing the connection may use as much as hundreds of kilobytes of memory, even when idle. This is problematic for any application maintaining more than just a few SSL connections. This patch introduces the option { hibernate_after, int() } to the ssl:connect and ssl:listen functions, making the SSL connection process go into hibernation after the specified number of milliseconds of inactivity. This will reduce the memory used by the process to just a few hundred bytes, making applications with thousands or more SSL connections feasible, as long as most of the connections are idle for most of the time (which is typically the case). The approach of making the process go into hibernation only after some time of inactivity was chosen because hibernation incurs some CPU usage, and it is therefore not desirable for a process to hibernate after each call.
2011-03-07Workaround for application:start(crypto) inconsistencyIngela Anderton Andin
2011-02-17Rename Suite Callback to Common Test HookLukas Larsson
2011-02-17Update init_per_suite to skip all tests if crypto does not existLukas Larsson
2011-02-17Update and add cover spec files to work with common_testLukas Larsson
2011-02-17Update all test specsLukas Larsson
2011-02-17Fix formatting for sslLukas Larsson
2011-02-17Add init_per_suite and end_per_suiteLukas Larsson
2011-02-17Add ts_install_scb to suite/0Lukas Larsson
2011-02-17Update ssl tests to conform with common_test standardLukas Larsson
2011-02-17Update all fin_per_testcase to end_per_testcase.Lukas Larsson
2011-01-24Changed crypto start test so that it works as intendedIngela Anderton Andin
2011-01-20Skip ssl and public key tests if crypto fails to startIngela Anderton Andin
2011-01-17Verification of a critical extended_key_usage-extension correctedIngela Anderton Andin
When a verify fun is supplied, it should not be called to verify the extended_key_usage-extension when it is already verified by the ssl_certificate:validate_extension/2
2010-12-16Cache invalidation and consistent user closingIngela Anderton Andin
Added cache invalidation control of ssl certificates so that sessions will not be reused if file content is changed. There was a glitch in ssl:close that made it possible to to get eaddrinuse even though reuseadder-option was used. Also improved tests for better user-close handling.
2010-12-16Cache invaldation first version does not break old test casesIngela Anderton Andin
2010-11-30Updated tests to avoid test case failure for non interesting reasonsIngela Anderton Andin
Such reason is that pulic key generation or mnesia:stop might occasionally take very long time.
2010-11-15Call chmod without the "-f" flagHolger Weiß
"-f" is a non-standard chmod option which at least SGI IRIX and HP UX do not support. As the only effect of the "-f" flag is to suppress warning messages, it can be safely omitted.
2010-10-07Anonymous cipher suitesIngela Anderton Andin
For testing purposes ssl now also support some anonymous cipher suites when explicitly configured to do so. Also moved session cache tests to its own suite, so that timeout of end_per_testcase when the mnesia is used as session cache will not affect other test cases.
2010-10-01Merge branch 'maint-r14' into devIngela Anderton Andin
Conflicts: lib/public_key/src/pubkey_cert.erl
2010-09-29Peer awarnessIngela Anderton Andin
Changed the verify fun so that it differentiate between the peer certificate and CA certificates by using valid_peer or valid as the second argument to the verify fun. It may not always be trivial or even possible to know when the peer certificate is reached otherwise.
2010-09-21Handling of DSA key parametersIngela Anderton Andin
DSS-Params may be null in a certificate as it can inherit the parameters. Also ignore CA-certs that do not follow ASN-1 spec in RFC 5280.
2010-09-10Improved certificate extension handlingIngela Anderton Andin
Added the functionality so that the verification fun will be called when a certificate is considered valid by the path validation to allow access to eachs certificate in the path to the user application. Removed clause that only check that a extension is not critical, it does alter the verification rusult only withholds information from the application. Try to verify subject-AltName, if unable to verify it let application try.