aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/test
AgeCommit message (Collapse)Author
2014-05-28SSL: in tests, filter ssl client ciphers for version compatibilityAndreas Schultz
Some psk and some not yet supported anonymous suites are only supported with TLS version >= 1.2. This adds them to the tests and makes sure that they are not tested on TLS versions that do not support them.
2014-05-12Merge branch 'ia/ssl/inherit/OTP-11897' into maintIngela Anderton Andin
* ia/ssl/inherit/OTP-11897: ssl: Handle socket option inheritance when pooling of accept sockets is used
2014-05-09ssl: Handle socket option inheritance when pooling of accept sockets is usedIngela Anderton Andin
Implement a listen socket tracker process that holds the emulated socket options so that it is possible to implement a destructive ssl:setopts on SSL/TLS listen sockets without changing the options of the internal socket as we want that socket to have the internal socket option values.
2014-05-07ssl: SSL/TLS version input list shall not be order dependentIngela Anderton Andin
2014-04-24ssl: Fixes ssl_crl_SUITE errors on mixed ipv6-v4 interfacesHans Nilsson
2014-04-23ssl: Fix crash on garbage during handshakeDanil Zagoskin
If a client sends some garbage in ssl record instead of valid fragment, server crashes with function_clause while receiving next record from client. This patch makes server raise handshake failure instead of crashing and exposing internal state to user code.
2014-04-23ssl: Refactor so that there is only one source for the default hashsign valuesIngela Anderton Andin
Also fix DTLS call to supply its corresponding TLS version
2014-04-23ssl: always pass negotiated version when selecting hashsignDanil Zagoskin
Negotiated version is now always passed to ssl_handshake:select_hashsign because ssl_handshake:select_cert_hashsign has different rsa defaults on tlsv1.2 and older versions.
2014-04-23ssl: TLSv1.2: proper default sign algo for RSADanil Zagoskin
2014-04-22Merge branch 'ia/ssl/recv/OTP-11878' into maintIngela Anderton Andin
* ia/ssl/recv/OTP-11878: ssl: recv shall ruturn {error, einval} on active socket
2014-04-17ssl: recv shall ruturn {error, einval} on active socketIngela Anderton Andin
2014-04-16ssl: Select supported cipher suites for the negotiated SSL/TLS-versionIngela Anderton Andin
When selecting the available cipher suites for the server all cipher suites for the highest supported SSL/TLS-version would be selected, and not all supported for the negotiated SSL/TLS-version. This could lead to that faulty clients could negotiate cipher suites that they can not support. This change will enable the faulty client to negotiate another cipher suite that it can support.
2014-03-31Merge branch 'ia/ssl/accept-with-options'Ingela Anderton Andin
* ia/ssl/accept-with-options: ssl: Add possibility to specify ssl options when calling ssl:ssl_accept
2014-03-31ssl: Add possibility to specify ssl options when calling ssl:ssl_acceptIngela Anderton Andin
2014-03-28ssl: Testing - sha256 digest not supported on all platformsBjörn-Egil Dahlberg
Certificates uses: default_md = sha256 This is not supported on all test platforms, use md5 instead for testing.
2014-03-28ssl: fix crl test suite error with unexpected web server responseHans Nilsson
2014-03-26ssl, pubkey: Code and test adjustmentsHans Nilsson
2014-03-26Rework IDP validation according to the RFC, fix public_key testsAndrew Thompson
2014-03-26Various improvements to CRL handlingAndrew Thompson
* Handle v1 CRLs, with no extensions. * Compare the IDP on a CRL correctly, if present * Don't try to double-decode altnames Tests are also included, and the make_certs testing tool in the SSL application has been greatly extended.
2014-03-25ssl: Handle SNI alert unrecognized_name and gracefully deal withIngela Anderton Andin
unexpected alerts. Add recognitions of RFC 4366 alerts and handle possible unimplementd alerts in a gracefully way.
2014-03-14Add test for unknown elliptic curve supported by clientDanil Zagoskin
When TLS client sends a Supported Elliptic Curves Client Hello Extension containing an unknown curve enum value, a server crashes with a function_clause instead of just ignoring specified unknown curve.
2014-03-04ssl: Add input sanity checkIngela Anderton Andin
Avoid puzzling behavior due to options being disregarded if they are not key value tuples.
2014-02-24Merge branch 'schlagert/fix_basic_appups'Siri Hansen
* schlagert/fix_basic_appups: Dynamically configure typer_SUITE according to environment Disable hipe_SUITE when environment doesn't support it Make hipe non-upgradable by setting appup file empty Fix missing module on hipe app file template Add test suites performing app and appup file checks Introduce appup test utility Fix library application appup files Fix non-library appup files according to issue #240 OTP-11744
2014-02-24Add test suites performing app and appup file checksTobias Schlager
Add the mentioned test suites for *all* library and touched non-library applications.
2014-02-21ssl: Add test that memory is not leekedIngela Anderton Andin
2014-02-14ssl: Add test for avoiding a version and chipher suite missmatchIngela Anderton Andin
2014-01-29ssl: Add workaround in test code for openssl s_client bugIngela Anderton Andin
2014-01-28Merge branch 'ia/ssl/tests'Ingela Anderton Andin
* ia/ssl/tests: ssl: Avoid test case timing issues
2014-01-28Merge branch 'ia/Vagabond/adt-honor-cipher-order/OTP-11621'Ingela Anderton Andin
* ia/Vagabond/adt-honor-cipher-order/OTP-11621: Implement 'honor_cipher_order' SSL server-side option
2014-01-27ssl: Avoid test case timing issuesIngela Anderton Andin
2014-01-24Merge branch 'maint'Ingela Anderton Andin
Conflicts: otp_build
2014-01-22ssl: Incorrect inputed cipherlist lead server to think that the clientIngela Anderton Andin
did not support secure renegotiation
2014-01-22Merge branch 'dgud/test_unicode/OTP-10877'Dan Gudmundsson
* dgud/test_unicode/OTP-10877: sasl test: Quote executable paths (can contain spaces) rt_tools: Handle unicode chars in printouts kernel: code_SUITE fix unicode option Fix (unicode) debug info in test cases stdlib: Fix format if module resides in a unicode directory Fix testing with unicode paths test_server: Fix ts write unicode in config files
2014-01-21Implement 'honor_cipher_order' SSL server-side optionAndrew Thompson
HonorCipherOrder as implemented in Apache, nginx, lighttpd, etc. This instructs the server to prefer its own cipher ordering rather than the client's and can help protect against things like BEAST while maintaining compatability with clients which only support older ciphers. This code is mostly written by Andrew Thompson, only the test case was added by Andreas Schultz.
2014-01-21Merge branch 'ia/ssl/openssl-reneogtiation-bug'Ingela Anderton Andin
* ia/ssl/openssl-reneogtiation-bug: ssl: Add versions to check for sane OpenSSL version for renegotiation
2014-01-21Fix (unicode) debug info in test casesDan Gudmundsson
2014-01-14ssl: Add missing options validation of server_name_indicationIngela Anderton Andin
2014-01-14ssl: Add versions to check for sane OpenSSL version for renegotiationIngela Anderton Andin
2013-12-02ssl: Refactor connetion handlingIngela Anderton Andin
2013-12-02ssl: Test case enhancementIngela Anderton Andin
Make sure that test cases does not fail due to timing circumstances, use selective receive even if it means we can not use test library functions in some cases. TCP does not have delivery guarantee to application layer, so sometimes a error message {error, Msg} or {error, closed} can be acceptable.
2013-12-02ssl: Refactor APIIngela Anderton Andin
New design : ssl - Main tls - Reflect tls specific semantics dtls - Reflect dtls specific semantics
2013-12-02ssl: Refactor connection and handshake handlingIngela Anderton Andin
2013-11-06Add SSL Server Name Indication (SNI) client supportJulien Barbot
See RFC 6066 section 3
2013-09-10ssl: Refactor to provide common handshake functions for TLS/DTLSIngela Anderton Andin
Common functions will be located in ssl_handshake.erl while specific functions will be located in tls_handshake.erl and dtls_handshake.erl
2013-09-02ssl: Handle signature_algorithm field in digitally_signed properlyIngela Anderton Andin
with proper defaults Added ssl_ECC_SUITE
2013-08-08ssl: Revert faulty header option fixIngela Anderton Andin
The code was changed in the belife that it made it inet compatible. However the testing is a bit hairy as the inet option is acctualy broken, now the tests are corrected and the header option should work in the same broken way as inet again, preferably use the bitsyntax instead.
2013-06-07public_key & ssl: Add ASN-1 dependencyIngela Anderton Andin
As the ASN-1 application relies on a nif in R16 for decodeing (that was not the case in R15), public_key currently has a runtime dependency on ASN-1. Hopefully we will be able to remove this dependency again in the future.
2013-06-04ssl: Structural perarparation to support DTLSIngela Anderton Andin
Also phase in tls module as main API instead of ssl. To make API clearer. As TLS is the new protocol name. Maybe keep some API functions in ssl
2013-05-28ssl: Do not advertise EC ciphers if crypto support is insufficientIngela Anderton Andin
2013-05-24crypto, public_key & ssl: Make more functions accept integer keysSverker Eriksson