| Age | Commit message (Collapse) | Author |
|---|
|
Filter out the cipher 'chacha20_poly1305' when running the
testcase 'rizzo_one_n_minus_one'.
Change-Id: If3a18b0782b747b91155553e0659faebd7c5dd05
|
|
This commit fixes failing testcases on OpenBSD 12.0 systems. It
forces openssl s_client to use an IPv4 address if openssl supports
IPv6.
When s_client is called with the argument "localhost" it binds
to the first address returned by getaddrinfo. As the first address
is an IPv6 address on OpenBSD 12.0, the client fails to send
UDP packets to the ssl server that is listening on an IPv4 address.
Change-Id: Ie662d10f4f0d9c803f7a341c9ea7dbe2ac80b556
|
|
This commit fixes ssl_test_lib:appropriate_sha/1 that returns sha256
if it is supported by crypto. It returns sha1 otherwise.
Change-Id: I0bfa4d50bbe3c788551a81d418db2cabc36a4344
|
|
Test TLS 1.3 connectivity between ssl server and
openssl s_client.
Change-Id: I926229d6bc9e6670ebe0190b491257876845b570
|
|
|
|
|
|
|
|
|
|
Change-Id: Ia84c71214b5379baec3455f0e416a9ea73584750
|
|
Change-Id: I87f2111cd557a0000cfd8ab4d50f4e58787bf104
|
|
- Store FinishedKey in cipher_state.
- Implement state 'wait_finished'.
- Calculate traffic secrets in 'wait_finished' after Finished
received from client and go to state 'Connection'.
- Drop 'change_cipher_spec' messages (middlebox compatibility mode).
- Extend tests of 1-RTT.
Change-Id: Id69619ec5da053ffaaef75378678a27afeef6916
|
|
|
|
|
|
|
|
flight_state is used to handle retransmission timers for DTLS over udp
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Remove duplicate handsake history handling form
ssl_config function. Later we might refactor to avoid
duplication in TLS and DTLS code, but handshake history
does not belong in ssl_config function.
|
|
|
|
|
|
Conflicts:
lib/ssl/doc/src/ssl.xml
lib/ssl/src/ssl.erl
lib/ssl/src/ssl_cipher_format.erl
lib/ssl/src/tls_handshake.erl
|
|
* ingela/ssl/alert-return/OTP-15423:
ssl: Use specs to generate type documentation
ssl: Enhance error handling
|
|
|
|
|
|
|
|
|
|
* peterdmv/ssl/improve-logging:
ssl: Improve ssl_logger
Change-Id: I3b181ed527ce210af6c4a7576576fa522fb20767
|
|
* peterdmv/ssl/server-send-finished:
ssl: Fix dialyzer warnings
ssl: Add 'Finished'
ssl: Use HKDF hash function in Transcript-Hash
ssl: Improve test of 1-RTT handshake
ssl: Update certificate_verify
ssl: Update function build_content
ssl: Fix encoding of the Certificate message
ssl: Add EncryptedExtensions
ssl: Fix encoding of empty extensions
ssl: Fix key schedule and traffic keys
ssl: Encode/decode CertificateVerify
Change-Id: Ie525de276ca4ebd9f9fb0fbdc9dc3822f91834e0
|
|
|
|
ssl: Correct check for delayed close due to undliverd data
|
|
* maint:
ssl: Improve openssl interop tests
Change-Id: I5eec73687e9693ab5b08953c5e3db0d09cfd1690
|
|
* peterdmv/ssl/improve_openssl_interop_tests:
ssl: Improve openssl interop tests
Change-Id: I65b63ddb8c8948d246e341f8c821b3b499507cb6
|
|
Improve API and delay creation of map arguments for ?LOG_DEBUG
macro.
Change-Id: I6956112fe64e599d33d83dfdd710cad53b8449e1
|
|
openssl 1.1.x changed the default ECC curves that made testcases
fail in the ECC suite. openssl s_server and s_client sent
'Illegal Parameter' alert when the CertificateVerify (client) or
ServerKeyExchange (server) message was signed with a curve that
was not present in openssl's default ECC curve list (x25519,
secp256r1, secp521r1, secp384r1, brainpoolP256r1, brainpoolP384r1,
brainpool512r1).
This commit changes the default curve of make_ec_cert_chains to
'secp256r1' and explicitly configures the default curve in
those testcases where the default curve of the ssl application
is expected.
Change-Id: I81ebe1a30b8f863b0e2836b1dad3d8bc767cc47e
|
|
Change-Id: Icc6c1433dba8d35f81162ef8100292bf2ba53c71
|
|
Implement Finished message on the server side.
Change-Id: Ie0d054ac80f7eb47797273e1878990335112e923
|
|
Two hash functions needed to create the CertificateVerify message.
One for creating the Transcript-Hash and another for the digital
signature. Transcript-Hash uses the HKDF hash of the
selected cipher suite, the digital signature uses the hash
defined by the selected signature scheme.
Change-Id: Ife68ec123682d9aaf42c6b46cc2608e1df8be8d6
|
|
Change-Id: Iaffe5d6e402448f1da5e37b0e55829fa72af310d
|
|
Change-Id: I6adacc846f938d1ca1eb1a798780cc804b501a71
|
|
Change-Id: I91c5866f1400c3ad9c7eab1292c3ceb32a482c70
|
|
Fix encoding of extensions in CertificateEntries.
Change-Id: I776a2210d2aa51cde3be5e0bc87d9beb8d63825c
|
|
Send empty EncryptedExtensions after ServerHello.
Update ssl logger.
Change-Id: Id57fdb52c360a1125ac1a735ee37c433bfb69a0a
|
|
Change-Id: Ia18cda4e2b43dc863a24ac4838718adc788b08b1
|
|
Fix key schedule and traffic key calculation.
Add test for the server side calculation of shared secrets and
traffic keys.
Change-Id: Ia955e5e8787f3851bdb3170723e6586bdf4548ca
|
|
Implement encoding/decoding of CertificateVerify.
Update property tests with CertificateVerify.
Refactor state handling function: 'do_negotiated'.
Change-Id: Ifa066076960120717ddb472dc45fcc7a16a517d0
|
|
Could cause connection processes not terminate when they should
|
