aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
AgeCommit message (Collapse)Author
2017-08-23ssl: negotiated_hashsign/4 expects TLS version to function correctlyIngela Anderton Andin
Only DTLS specific code deals with DTLS version, when common code is used the DTLS version should be converted to the corresponding TLS version.
2017-08-15Merge pull request #1532 from ↵Ingela Andin
angelhof/public_key/generate_key-rsa-inconsistency-fix public_key:generate_key/1 RSA key generation inconsistency OTP-14534
2017-08-14Merge branch 'ingela/ssl/timeout-cuddle' into maintIngela Anderton Andin
* ingela/ssl/timeout-cuddle: ssl: Longer timeouts for test cases that do many handshakes
2017-08-11Merge branch 'ingela/ssl/cert-handling' into maintIngela Anderton Andin
* ingela/ssl/cert-handling: ssl: Correct cipher suite handling ssl: Modernize DSA cert chain generation ssl: Clean ssl: Remove test of OpenSSL ssl: Use new cert generation
2017-08-10Merge pull request #1507 from vances/issue-erl-442Ingela Andin
Correct type specification in ssl:prf/5
2017-08-10ssl: Longer timeouts for test cases that do many handshakesIngela Anderton Andin
2017-08-10Merge branch 'ingela/dtls/cuddle' into maintIngela Anderton Andin
* ingela/dtls/cuddle: ssl: Handle OpenSSL output correctly
2017-08-10ssl: Correct cipher suite handlingIngela Anderton Andin
This is mainly fixing the test suites so that they test the intended cipher suites, issue reported in ERL-460. Also ssl_cipher:anonymous_suites was corrected for DTLS.
2017-08-09ssl: Modernize DSA cert chain generationIngela Anderton Andin
2017-08-08ssl: Handle OpenSSL output correctlyIngela Anderton Andin
Adjust to handle output from OpenSSL in a more general way, so that "unknown option" should be caught for all cases and the test case skipped if that is the case and other data form OpenSSL should be ignored.
2017-08-08ssl: CleanIngela Anderton Andin
This code was not used and we already have mixed chains ECDH_RSA tests
2017-08-08ssl: Remove test of OpenSSLIngela Anderton Andin
We are not testing OpenSSL. We want to test interoperability with OpenSSL
2017-08-08ssl: Use new cert generationIngela Anderton Andin
2017-07-28Change version of hardcoded RSA test recordsKonstantinos Kallas
2017-07-10Correct type specification in ssl:prf/5Vance Shipley
Current implementation expects Seed to be a list. Correct type specification to match.
2017-07-07ssl: Try to make asn1 decode errors of certificates as specific as possibleIngela Anderton Andin
2017-07-07ssl,public_key: Provide details for CRL check failiures when revokation ↵Ingela Anderton Andin
state can not be determined
2017-07-07ssl: Enhance error loggingIngela Anderton Andin
2017-06-30ssl: Workaround localhost problemsIngela Anderton Andin
If net_adm:localhost() returns a FQDN we want to use it otherwise we want to use localhost.
2017-06-29ssl: Move clause so that it will matchIngela Anderton Andin
2017-06-29ssl: Skip test if OpenSSL has problems generating CRLIngela Anderton Andin
2017-06-29ssl: Set rizzo* test timeout high enough for our slowest test machineIngela Anderton Andin
2017-06-27ssl: Skip sslv2 hello compatible tests on OpenSSL-0.9.8oIngela Anderton Andin
The -ssl2 option to s_client appears to be broken on this release. This is a legacy option anyway that is still tested on other old version of OpenSSL so skip this.
2017-06-26ssl: Skip sslv3 interop with newer OpenSSLIngela Anderton Andin
2017-06-26ssl: Increase timeout for testcase testing ECDH keyexchange withIngela Anderton Andin
RSA signed certs
2017-06-21Prepare releaseErlang/OTP
2017-06-19Update copyright yearHans Nilsson
2017-06-15Merge branch 'hans/otp/update_copyright'Hans Nilsson
2017-06-14Update copyright yearHans Nilsson
2017-06-14Merge remote-tracking branch 'ingela/ingela/dtls/client-hello-verify/ERL-434'Hans Nilsson
2017-06-13dtls: Make HelloVerifyRequest version adhere to RFCIngela Anderton Andin
ERL-434 RFC6347 says about hello_verify_request version field as follow https://tools.ietf.org/html/rfc6347#page-16 The server_version field has the same syntax as in TLS. However, in order to avoid the requirement to do version negotiation in the initial handshake, DTLS 1.2 server implementations SHOULD use DTLS version 1.0 regardless of the version of TLS that is expected to be negotiated. But current DTLS server responses DTLS1.2 instead of DTLS1.0.
2017-06-13ssl: Correct epoch handlingIngela Anderton Andin
Consideration of which Epoch a message belongs to is needed in the dtls_connection:next_record function too.
2017-06-13Merge branch 'ingela/ssl/dtls-doc'Ingela Anderton Andin
* ingela/ssl/dtls-doc: ssl: Document DTLS
2017-06-10dtls: Handle getopts and setopts for DTLSIngela Anderton Andin
2017-06-07ssl: Document DTLSIngela Anderton Andin
2017-06-07dtls: Fetch next DTLS record when dropping resent handshake dataIngela Anderton Andin
2017-06-07dtls: Use enter actionsIngela Anderton Andin
Using enter actions for retransmission timers makes the code easier to understand. Previously the retransmission timer was incorrectly started in the connection state. Using enter actions feels like a cleaner approach than bloating the state with more flags.
2017-06-02Merge pull request #1479 from weisslj/fix-missing-ssl-closeIngela Andin
Correct close semantics for active once connections. This was a timing dependent bug the resulted in the close message not always reaching the ssl user process. OTP-14443
2017-05-31Revert "Prepare release"Hans Nilsson
This reverts commit eaf8ca41dfa4850437ad270d3897399c9358ced0.
2017-05-30Better fix for non-delivery of ssl_closed message in active onceIngela Andin
This is taken from https://github.com/erlang/otp/pull/1479#issuecomment-304667528 with permission from Ingela Andin and improves commit 8abe16c22d.
2017-05-30Prepare releaseErlang/OTP
2017-05-25Fix non-delivery of ssl_closed message in active onceJohannes Weißl
The commit 8b10920 (OTP 19.3.1) fixed the non-delivery of final TLS record in {active, once}, but this causes the ssl_closed message to be lost when the TCP connection closes before ssl:close/1. The patch restores the behavior of OTP 18. This is the second part to fix https://bugs.erlang.org/browse/ERL-420
2017-05-23dtls: Check for retransmitted changes_cipher_spec messagesIngela Anderton Andin
Make sure to use current epoch as input to send_handshake_flight.
2017-05-23dtls: Ask for next DTLS record when disregarding future packetIngela Anderton Andin
2017-05-22ssl: Handle econnreset windows obscuritiesIngela Anderton Andin
An UDP socket does note have a connection and should not recive econnreset, however this happens on on some windows versions. Just ignoring it appears to make things work as expected!
2017-05-19ssl: Improve testsIngela Anderton Andin
Test should check that we get the expected key exchange algorithm for the provided server cert. We do not want to test OpenSSL s_server. Do not try to test cipher suites against OpenSSL that it does not support.
2017-05-19ssl: Add missing algorithm ecdh_ecdsaIngela Anderton Andin
2017-05-16Merge branch 'ingela/dtls/opts'Ingela Anderton Andin
* ingela/dtls/opts: ssl: Adopt setopts and getopts for DTLS
2017-05-16ssl: Adopt setopts and getopts for DTLSIngela Anderton Andin
2017-05-16ssl: Remove debug printoutIngela Anderton Andin