aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/test
AgeCommit message (Collapse)Author
2018-09-12ssl: Handle incomplete and unorded chainsIngela Anderton Andin
If the peer sends an incomplete chain that we can reconstruct with our known CA-certs it will be accepted. We will assume that the peer honors the protocol and sends an orded chain, however if validation fails we will try to order the chain in case it was unorded. Will also handle that extraneous cert where present. See Note form RFC 8446 Note: Prior to TLS 1.3, "certificate_list" ordering required each certificate to certify the one immediately preceding it; however, some implementations allowed some flexibility. Servers sometimes send both a current and deprecated intermediate for transitional purposes, and others are simply configured incorrectly, but these cases can nonetheless be validated properly. For maximum compatibility, all implementations SHOULD be prepared to handle potentially extraneous certificates and arbitrary orderings from any TLS version, with the exception of the end-entity certificate which MUST be first.
2018-09-11ssl: Correct handling of all PSK cipher suitesIngela Anderton Andin
Before only some PSK suites would be correctly negotiated and most PSK ciphers suites would fail the connection. PSK cipher suites are anonymous in the sense that they do not use certificates except for rsa_psk.
2018-08-27ssl: Add new sender process for TLS state machineIngela Anderton Andin
Separate sending and receiving when using TCP as transport as prim_inet:send may block which in turn may result in a deadlock between two Erlang processes communicating over TLS, this is especially likely to happen when running Erlang distribution over TLS.
2018-08-21ssl: Move formatting code to own moduleIngela Anderton Andin
The conversion code for different representations of cipher suites is long an repetitive. We want to hide it in a module that does not have other functions that we like to look at.
2018-08-14Merge branch 'ingela/ssl/ERL-686/OTP-15224' into maintIngela Anderton Andin
* ingela/ssl/ERL-686/OTP-15224: ssl: Error handling improvment
2018-08-10Merge branch 'maint-20' into maintRickard Green
* maint-20: Updated OTP version Update release notes Update version numbers crypto: Fix crash in compute_key(ecdh, ...) on badarg Relax add_table_copy restriction Fixed #Ref ordering bug Test #Ref ordering in lists and ets Do NOT disc_load from ram_copies when master_node is set ssl: Make sure that a correct cipher suite is selected ssl: Correct handling of empty server SNI extension
2018-08-09Merge branch 'ingela/ssl/empty-sni/OTP-15168' into maint-20Erlang/OTP
* ingela/ssl/empty-sni/OTP-15168: ssl: Correct handling of empty server SNI extension
2018-08-09Merge branch 'ingela/maint/ssl/ECC/ERIERL-210/OTP-15203' into maintIngela Anderton Andin
* ingela/maint/ssl/ECC/ERIERL-210/OTP-15203: ssl: Make sure that a correct cipher suite is selected
2018-08-09ssl: Error handling improvmentIngela Anderton Andin
2018-08-07ssl: Make sure that a correct cipher suite is selectedIngela Anderton Andin
The keyexchange ECDHE-RSA requires an RSA-keyed server cert (corresponding for ECDHE-ECDSA), the code did not assert this resulting in that a incorrect cipher suite could be selected. Alas test code was also wrong hiding the error.
2018-08-07ssl: Correct close handlingIngela Anderton Andin
Transport accepted sockets that are in the error state, was not closed properly.
2018-08-06ssl: Make sure that a correct cipher suite is selectedIngela Anderton Andin
The keyexchange ECDHE-RSA requires an RSA-keyed server cert (corresponding for ECDHE-ECDSA), the code did not assert this resulting in that a incorrect cipher suite could be selected. Alas test code was also wrong hiding the error.
2018-07-24Merge branch 'maint-20' into maintJohn Högberg
* maint-20: Updated OTP version Prepare release ssl: Engine key trumps certfile option inets: Prepare for release inets: Improve error handling
2018-07-20Merge branch 'ingela/ssl/engine-vs-certfile/ERLERL-211/OTP-15193' into maint-20Erlang/OTP
* ingela/ssl/engine-vs-certfile/ERLERL-211/OTP-15193: ssl: Engine key trumps certfile option
2018-07-17ssl: Engine key trumps certfile optionIngela Anderton Andin
2018-07-11Merge pull request #1869 from ↵Ingela Andin
IngelaAndin/ingela/ssl/unexpected-call/ERL-664/OTP-15174 ssl: Improve error handling
2018-07-10ssl: Make sure tls_ssl_accept_timeout has a clean startIngela Anderton Andin
2018-07-10ssl: Fix test case to only check relevant info for the testIngela Anderton Andin
Conflicts: lib/ssl/test/ssl_basic_SUITE.erl
2018-07-10ssl: No cipher suite sign restriction in TLS-1.2Ingela Anderton Andin
Conflicts: lib/ssl/test/ssl_ECC_SUITE.erl
2018-07-10ssl: Add psk as anonymous key exchange in ssl_handshake:select_hashsign/5Ingela Anderton Andin
Failing to recognize psk as an anonymous key exchange would fail the connection when trying to decode an undefined certificate.
2018-07-10ssl: anon test should use dh or ecdh anon keyexchangeIngela Anderton Andin
2018-07-10ssl: Correct key_usage checkIngela Anderton Andin
The Key Usage extension is described in section 4.2.1.3 of X.509, with the following possible flags: KeyUsage ::= BIT STRING { digitalSignature (0), nonRepudiation (1), -- recent editions of X.509 have -- renamed this bit to contentCommitment keyEncipherment (2), dataEncipherment (3), keyAgreement (4), keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) } In SSL/TLS, when the server certificate contains a RSA key, then: either a DHE or ECDHE cipher suite is used, in which case the RSA key is used for a signature (see section 7.4.3 of RFC 5246: the "Server Key Exchange" message); this exercises the digitalSignature key usage; or "plain RSA" is used, with a random value (the 48-byte pre-master secret) being encrypted by the client with the server's public key (see section 7.4.7.1 of RFC 5246); this is right in the definition of the keyEncipherment key usage flag. dataEncipherment does not apply, because what is encrypted is not directly meaningful data, but a value which is mostly generated randomly and used to derive symmetric keys. keyAgreement does not apply either, because that one is for key agreement algorithms which are not a case of asymmetric encryption (e.g. Diffie-Hellman). The keyAgreement usage flag would appear in a certificate which contains a DH key, not a RSA key. nonRepudiation is not used, because whatever is signed as part of a SSL/TLS key exchange cannot be used as proof for a third party (there is nothing in a SSL/TLS tunnel that the client could record and then use to convince a judge when tring to sue the server itself; the data which is exchanged within the tunnel is not signed by the server). When a ECDSA key is used then "keyAgreement" flag is needed for beeing ECDH "capable" (as opposed to ephemeral ECDHE)
2018-07-10ssl: Avoid hardcoding of cipher suites and fix ECDH suite handlingIngela Anderton Andin
ECDH suite handling did not use the EC parameters form the certs as expected. Conflicts: lib/ssl/src/ssl_cipher.erl
2018-07-10ssl: Run all test case combinationsIngela Anderton Andin
Fix test case code to use keyAgreement for ECDH_ECDSA Conflicts: lib/ssl/test/ssl_ECC.erl lib/ssl/test/ssl_ECC_openssl_SUITE.erl lib/ssl/test/ssl_to_openssl_SUITE.erl
2018-07-10ssl: Correct ECC suite and DTLS ECC handlingIngela Anderton Andin
When test handling was corrected it was obvious that DTLS ECC handling was not compleated. Conflicts: lib/ssl/src/ssl.erl lib/ssl/test/Makefile lib/ssl/test/ssl_ECC.erl lib/ssl/test/ssl_ECC_SUITE.erl lib/ssl/test/ssl_ECC_openssl_SUITE.erl
2018-07-09ssl: Improve error handlingIngela Anderton Andin
When doing ssl:controlling_process on a ssl socket that has not performed the TLS/DTLS handshake that call will succeed even though the documentation stated otherwise. However if some other ssl option was incorrect the call would hang. Now {error, closed} will be returned in the latter case, which is logical independent on if it should succeed or not in the former case. The former case will continue to succeed, as it is not dependent of the TLS/DTLS connection being established, and the documentation is altered slightly to not explicitly disallow it. If the TLS/DTLS connection later fails and the socket mode is active, the new controlling process will be notified as expected.
2018-07-06Merge pull request #1867 from ↵Ingela Andin
IngelaAndin/ingela/ssl/no-ca-sign-restriction-TLS-1.2/ERL-381/OTP-15173 Ingela/ssl/no ca sign restriction tls 1.2/erl 381/otp 15173
2018-07-05ssl: Fix test case to only check relevant info for the testIngela Anderton Andin
2018-07-05ssl: Correct connection_information on ECC-curvesIngela Anderton Andin
2018-07-05ssl: No cipher suite sign restriction in TLS-1.2Ingela Anderton Andin
2018-07-04ssl: Add connection information on new cipher_suite formatIngela Anderton Andin
2018-07-02ssl: Correct handling of empty server SNI extensionIngela Anderton Andin
2018-06-18Update copyright yearHenrik Nord
2018-06-14Merge branch 'ingela/ssl/21-enhanchment'Ingela Anderton Andin
* ingela/ssl/21-enhanchment: ssl: Add handle_continue/2 and document enhancements
2018-06-14ssl: Add handle_continue/2 and document enhancementsIngela Anderton Andin
* deprecation of ssl:ssl_accept/[1,2,3] * deprecation of ssl:cipher_suites/[0,1] * More consistent naming
2018-06-14Merge branch 'ingela/ssl/test-ecdh-check'Ingela Anderton Andin
* ingela/ssl/test-ecdh-check: ssl: Update interop conditions
2018-06-13ssl: Update interop conditionsIngela Anderton Andin
2018-06-12Merge branch 'peterdmv/ssl/suite_to_str/ERL-600/OTP-15106'Péter Dimitrov
* peterdmv/ssl/suite_to_str/ERL-600/OTP-15106: ssl: Add new API function suite_to_str/1 Change-Id: Icf214ece4e1d281da12b02dadc63d4a2ca346563
2018-06-11ssl: Add new API function suite_to_str/1Péter Dimitrov
Add new API function for converting cipher suite maps to their textual representation. Change-Id: I43681930b38e0f3bdb4dfccbf9e8895aa2d6a281
2018-06-11Merge branch 'raimo/better-TLS-distribution/OTP-15058'Raimo Niskanen
* raimo/better-TLS-distribution/OTP-15058: Test nodename whitelist Use public_key to verify client hostname
2018-06-08Test nodename whitelistRaimo Niskanen
2018-06-08Use public_key to verify client hostnameRaimo Niskanen
2018-06-08ssl: Add option customize_hostname_checkIngela Anderton Andin
2018-05-21ssl: anon test should use dh or ecdh anon keyexchangeIngela Anderton Andin
2018-05-21ssl: Cuddle no delivery guarantee at application levelIngela Anderton Andin
2018-05-21ssl: Cuddle timeoutIngela Anderton Andin
2018-05-21ssl: Correct option handling to OpenSSLIngela Anderton Andin
2018-05-15ssl: Correct key_usage checkIngela Anderton Andin
The Key Usage extension is described in section 4.2.1.3 of X.509, with the following possible flags: KeyUsage ::= BIT STRING { digitalSignature (0), nonRepudiation (1), -- recent editions of X.509 have -- renamed this bit to contentCommitment keyEncipherment (2), dataEncipherment (3), keyAgreement (4), keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) } In SSL/TLS, when the server certificate contains a RSA key, then: either a DHE or ECDHE cipher suite is used, in which case the RSA key is used for a signature (see section 7.4.3 of RFC 5246: the "Server Key Exchange" message); this exercises the digitalSignature key usage; or "plain RSA" is used, with a random value (the 48-byte pre-master secret) being encrypted by the client with the server's public key (see section 7.4.7.1 of RFC 5246); this is right in the definition of the keyEncipherment key usage flag. dataEncipherment does not apply, because what is encrypted is not directly meaningful data, but a value which is mostly generated randomly and used to derive symmetric keys. keyAgreement does not apply either, because that one is for key agreement algorithms which are not a case of asymmetric encryption (e.g. Diffie-Hellman). The keyAgreement usage flag would appear in a certificate which contains a DH key, not a RSA key. nonRepudiation is not used, because whatever is signed as part of a SSL/TLS key exchange cannot be used as proof for a third party (there is nothing in a SSL/TLS tunnel that the client could record and then use to convince a judge when tring to sue the server itself; the data which is exchanged within the tunnel is not signed by the server). When a ECDSA key is used then "keyAgreement" flag is needed for beeing ECDH "capable" (as opposed to ephemeral ECDHE)
2018-05-02ssl: Exclude DTLS tests for one more OpenSSL version for nowIngela Anderton Andin
2018-05-02ssl: Use sane input dataIngela Anderton Andin