aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/test
AgeCommit message (Collapse)Author
2012-08-22ssl: Test suite adjustmentsIngela Anderton Andin
2012-08-22ssl: Fix inet header option to behave as in inetIngela Anderton Andin
This options is useless and should be deprecated. But we behave as inet does for now!
2012-08-22ssl: TLS 1.2: fix Certificate Request list of Accepted Signatur/Hash ↵Andreas Schultz
combinations
2012-08-22ssl: Add Signature Algorithms hello extension from TLS 1.2Andreas Schultz
This is also avoids triggering some bugs in OpenSSL.
2012-08-22ssl: Fix rizzo tests to run as intendedIngela Anderton Andin
The Rizzo tests ran both SSL 3.0 and TLS 1.0 tests in the same test case but the new group structure that run all relevant test for all relevant SSL/TLS versions we need to change that to run the protocol version of the group the we are currently running.
2012-08-22ssl: Add crypto support check (TLS 1.2 require sha256 support)Ingela Anderton Andin
2012-08-22ssl: Run relevant tests for all SSL/TLS versionsIngela Anderton Andin
2012-08-22ssl: Add TLS version switches to openssl testsAndreas Schultz
2012-08-22ssl: make PRF function selectableAndreas Schultz
TLS 1.2 allows to negotiate the used PRF, additional the default PRF uses a different hash. This change make the PRF selectable and hardwires the PRF for TLS < 1.2
2012-08-22ssl: Add TLS version to dec_hs/2Andreas Schultz
TLS 1.2 changes the layout of several handshake records. This adds the TLS version to dec_hs/2 so it can decode those.
2012-08-22ssl: Update ssl_cipher_SUITE for TLS 1.1 and TLS 1.2Andreas Schultz
now that we handle TLS 1.1+ records correctly, the test suite have to take that into account.
2012-06-15ssl: Fix bug in the handling of remote connection closure of {active,false} ↵Ingela Anderton Andin
ssl sockets.
2012-06-13Merge branch 'ia/ssl/bottlenecks/OTP-10113' into maintIngela Anderton Andin
* ia/ssl/bottlenecks/OTP-10113: ssl: Test case fixes ssl: Avoid second bottleneck in supervisor ssl: File handling optimization ssl: Simpler PEM cache ssl: Refactored for readability ssl: Use md5 as file ref id instead of filenames ssl: Move ets:select bottleneck in server ssl: Renegotiate updates session id in gen_fsm state ssl: Use ordered_set in cache ssl: Move and avoid ets:select bottleneck in client ssl: Reuse session check optimization ssl: Avoid supervior bottleneck
2012-06-12ssl: Test case fixesIngela Anderton Andin
2012-06-08ssl: File handling optimizationIngela Anderton Andin
Avoid cach validation with file:file_info/2 as this i too expensive and causes a bottleneck in the file server. Instead we expose a new API function ssl:clear_pem_cache/0 to deal with the problem. As we think it will be of occasional use and the normal case is that the cache will be valid we think it is the right thing to do. Convert file paths to binary representation in the ssl API module to avoid uncessarry calls in file later on. Also add sanity checks for openssl versions in testsuite due to new openssl bugs.
2012-06-05Update to work with whitespace in exec pathLukas Larsson
OTP-10106 OTP-10107
2012-03-30Update copyright yearsBjörn-Egil Dahlberg
2012-02-16Merge branch 'rc/spell-registered' into maintHenrik Nord
* rc/spell-registered: Correct spelling of "registered" in various places in the source code OTP-9925
2012-02-14Merge branch 'pg/ssl_dist-fixes' into maintHenrik Nord
* pg/ssl_dist-fixes: Robustness and improvement to distribution over SSL
2012-02-14Robustness and improvement to distribution over SSLPaul Guyot
Fix a bug where the caller would timeout and ssl_tls_dist_proxy would crash. Fix a bug where a timeout from the SSL layer would block the distribution forever (typically when a non-SSL node tries to connect to an SSL node). Add this very case as a test (test_server tries to connect to SSL nodes). Run the proxy exclusively on the loopback interface.
2012-02-09Merge branch 'ia/ssl/test-maint/reject-sslv2-test' into maintIngela Anderton Andin
* ia/ssl/test-maint/reject-sslv2-test: Do not test sslv2 rejection with openssl-1.*
2012-02-08User defined verify_fun is now called correctlyIngela Anderton Andin
Background from erlang-questions: > We use this test suite to verify our PKIX-path-validation code, > granted we do not yet support CRL-handling but that is on its > way. Our verify_fun will let you work around the problem that it > is not yet supported. (Not so fun for you perhaps but a possible > solution for now). this is unfortunately not the case since for versions that contain commit 4dbf3c9e4ae7cfd19b247353369166d31b8f15e5 (it is in R14B04 and R15B) the documented behaviour (verify_fun will be called for every certificate) is broken: the verify_fun will only be called, if the certificate contains unknown extensions. it is therefore not useful as a CRL workaround (anymore). best regards Stefan Grundmann
2012-02-03Do not test sslv2 rejection with openssl-1.*Ingela Anderton Andin
Reason sslv2 support seems to be by default turned of.
2012-01-03Correct spelling of "registered" in various places in the source codeRichard Carlsson
2011-12-07Merge branch 'ia/ssl/tcp-delivery-problem-may-cause-econnaborted'Ingela Anderton Andin
* ia/ssl/tcp-delivery-problem-may-cause-econnaborted: If if TLS/SSL-close-notify message is not delivered you can get econnaborted error.
2011-12-07Merge branch 'ia/ssl/public_key/test-maint'Ingela Anderton Andin
* ia/ssl/public_key/test-maint: Add default value for "user" if os:getenv("USER") returns false
2011-12-07Add default value for "user" if os:getenv("USER") returns falseIngela Anderton Andin
2011-12-06If if TLS/SSL-close-notify message is not delivered you can get econnabortedIngela Anderton Andin
error.
2011-12-06Improve ssl session cleanup testIngela Anderton Andin
Check last delay timer for both client and server side to avoide timing issues.
2011-12-05Added tcp_delivery_workaround to the test case invalid_signature_serverIngela Anderton Andin
The workaround ought to have been added to this case when it was added to the test case invalid_signature_client
2011-12-05Do not do the 1/n-1 split for RC4 as it is not vulnerable to the ↵Ingela Anderton Andin
Rizzo/Duong-Beast attack.
2011-12-02Missed two places in previous fixIngela Anderton Andin
2011-11-30Test cases where failing due to timing issues in test case codeIngela Anderton Andin
2011-11-28If a passive receive was ongoing during a renegotiation the processIngela Anderton Andin
evaluating ssl:recv could be left hanging for ever.
2011-11-28Send ssl_closed notification to active ssl user when a tcp error occursIngela Anderton Andin
2011-11-28Send ssl_closed notification to active ssl user when a tcp error occursIngela Anderton Andin
2011-11-23Implementation of 1/n-1 splitting countermeasure Rizzo/Duong-BeastIngela Anderton Andin
The code is refactored and improved to make it easier to insert the 1/n-1 splitting countermeasure Rizzo/Duong-Beast that is really done in one function clause in ssl:record_split_bin/3
2011-11-21Mitigate Computational DoS attackIngela Anderton Andin
2011-11-15Removed compiler warningsIngela Anderton Andin
2011-11-15Work around bug in openss-1.0.0eIngela Anderton Andin
2011-11-15Use ERL_FLAGS in plain_verify_options testIngela Anderton Andin
Windows do not handle long commands and would crash if many ssl arguments are passed on the command prompt
2011-11-15Adjustment to work with hipeIngela Anderton Andin
process_info(Pid, current_function) may return {current_function, undefined} in some cases but will not in the importante one!
2011-11-15Avoid openssl processes surviving after test case has finishedIngela Anderton Andin
If the server process is always closed first shutdown of the openssl process will be gracious
2011-11-15Add better error messageIngela Anderton Andin
2011-11-15Skip ssl_dist_SUITE if cover run, as the test server node can not ↵Ingela Anderton Andin
communicate with the ssl nodes with erlang distribution
2011-11-15Fine tuning of test suitesIngela Anderton Andin
2011-11-15Merge branch 'ia/public_key/ssl/crypto/PKCS-8/OTP-9312'Ingela Anderton Andin
* ia/public_key/ssl/crypto/PKCS-8/OTP-9312: Add clause for expected input to pubkey:pseudo_random_function/2 when ASN-1 compiler is fixed. Clean up of public_key code adding specs and documentation Added PKCS-8 support in ssl Additions to crypto and public_key needed for full PKCS-8 support Add PKCS-8 support to public_key
2011-11-01Added PKCS-8 support in sslIngela Anderton Andin
2011-10-24fix handling of block_decipher/5 failureAndreas Schultz
A wrong decryption key would cause a badmatch in generic_block_cipher_from_bin/2. The try in block_decipher/5 was probably intendend to deal with that, but was misplace for this. Additionaly, generating a failure alert erly, without computing the record MAC, creates vector for a timing attack on CBC padding (for details check TLS 1.2 RFC 5246, Sect. 6.2.3.2.). This attach vector and the counter meassure applies to all SSL/TLS versions. As a counter messure, compute the MAC even when decryption or padding checks fail. A invalid padding will force a MAC failure by intentionaly invalidating the content.
2011-10-11Put back ssl:peercert/1Ingela Anderton Andin
I accidentally removed a little too much, only peercert/2 was deprecated.