Age | Commit message (Collapse) | Author |
|
* peterdmv/ssl/server-process-client-finished:
ssl: Test TLS 1.3 connectivity
ssl: Fix crash when sending Alerts
ssl: Fix dialyzer warning
ssl: Improve TLS 1.3 statem
Change-Id: I258e0309ba3a132d5ab2056151935a3df8646344
|
|
* maint:
ssl: Fix renegotiation testcases
ssl: Fix failing rizzo testcases
ssl: Use IPv4 addresses with openssl s_client
ssl: Use sha256 in test certificates if supported
Change-Id: I8a604d607333d029b170e3d3ad31ea01890202ea
|
|
* peterdmv/ssl/fix-failing-testcases:
ssl: Fix renegotiation testcases
ssl: Fix failing rizzo testcases
ssl: Use IPv4 addresses with openssl s_client
ssl: Use sha256 in test certificates if supported
Change-Id: I11a326be027545e20fbef6f90996b0c8be8c3e50
|
|
Fix failing renegotiation testcases with openssl-1.1.1a.
openssl s_client sends the renegotiation "R\n" connected command
to the server side causing testcase failure.
This commit updates ssl_to_openssl_SUITE:erlang_ssl_receive to
swallow the unexpected packet.
Change-Id: I1f5d040ac65c25652f7101ddf109fc84acc4c915
|
|
Filter out the cipher 'chacha20_poly1305' when running the
testcase 'rizzo_one_n_minus_one'.
Change-Id: If3a18b0782b747b91155553e0659faebd7c5dd05
|
|
This commit fixes failing testcases on OpenBSD 12.0 systems. It
forces openssl s_client to use an IPv4 address if openssl supports
IPv6.
When s_client is called with the argument "localhost" it binds
to the first address returned by getaddrinfo. As the first address
is an IPv6 address on OpenBSD 12.0, the client fails to send
UDP packets to the ssl server that is listening on an IPv4 address.
Change-Id: Ie662d10f4f0d9c803f7a341c9ea7dbe2ac80b556
|
|
This commit fixes ssl_test_lib:appropriate_sha/1 that returns sha256
if it is supported by crypto. It returns sha1 otherwise.
Change-Id: I0bfa4d50bbe3c788551a81d418db2cabc36a4344
|
|
Test TLS 1.3 connectivity between ssl server and
openssl s_client.
Change-Id: I926229d6bc9e6670ebe0190b491257876845b570
|
|
Change-Id: Ia84c71214b5379baec3455f0e416a9ea73584750
|
|
Change-Id: I87f2111cd557a0000cfd8ab4d50f4e58787bf104
|
|
- Store FinishedKey in cipher_state.
- Implement state 'wait_finished'.
- Calculate traffic secrets in 'wait_finished' after Finished
received from client and go to state 'Connection'.
- Drop 'change_cipher_spec' messages (middlebox compatibility mode).
- Extend tests of 1-RTT.
Change-Id: Id69619ec5da053ffaaef75378678a27afeef6916
|
|
Conflicts:
lib/ssl/doc/src/ssl.xml
lib/ssl/src/ssl.erl
lib/ssl/src/ssl_cipher_format.erl
lib/ssl/src/tls_handshake.erl
|
|
* ingela/ssl/alert-return/OTP-15423:
ssl: Use specs to generate type documentation
ssl: Enhance error handling
|
|
|
|
|
|
|
|
|
|
* peterdmv/ssl/improve-logging:
ssl: Improve ssl_logger
Change-Id: I3b181ed527ce210af6c4a7576576fa522fb20767
|
|
* peterdmv/ssl/server-send-finished:
ssl: Fix dialyzer warnings
ssl: Add 'Finished'
ssl: Use HKDF hash function in Transcript-Hash
ssl: Improve test of 1-RTT handshake
ssl: Update certificate_verify
ssl: Update function build_content
ssl: Fix encoding of the Certificate message
ssl: Add EncryptedExtensions
ssl: Fix encoding of empty extensions
ssl: Fix key schedule and traffic keys
ssl: Encode/decode CertificateVerify
Change-Id: Ie525de276ca4ebd9f9fb0fbdc9dc3822f91834e0
|
|
|
|
ssl: Correct check for delayed close due to undliverd data
|
|
* maint:
ssl: Improve openssl interop tests
Change-Id: I5eec73687e9693ab5b08953c5e3db0d09cfd1690
|
|
* peterdmv/ssl/improve_openssl_interop_tests:
ssl: Improve openssl interop tests
Change-Id: I65b63ddb8c8948d246e341f8c821b3b499507cb6
|
|
Improve API and delay creation of map arguments for ?LOG_DEBUG
macro.
Change-Id: I6956112fe64e599d33d83dfdd710cad53b8449e1
|
|
openssl 1.1.x changed the default ECC curves that made testcases
fail in the ECC suite. openssl s_server and s_client sent
'Illegal Parameter' alert when the CertificateVerify (client) or
ServerKeyExchange (server) message was signed with a curve that
was not present in openssl's default ECC curve list (x25519,
secp256r1, secp521r1, secp384r1, brainpoolP256r1, brainpoolP384r1,
brainpool512r1).
This commit changes the default curve of make_ec_cert_chains to
'secp256r1' and explicitly configures the default curve in
those testcases where the default curve of the ssl application
is expected.
Change-Id: I81ebe1a30b8f863b0e2836b1dad3d8bc767cc47e
|
|
Change-Id: Icc6c1433dba8d35f81162ef8100292bf2ba53c71
|
|
Implement Finished message on the server side.
Change-Id: Ie0d054ac80f7eb47797273e1878990335112e923
|
|
Two hash functions needed to create the CertificateVerify message.
One for creating the Transcript-Hash and another for the digital
signature. Transcript-Hash uses the HKDF hash of the
selected cipher suite, the digital signature uses the hash
defined by the selected signature scheme.
Change-Id: Ife68ec123682d9aaf42c6b46cc2608e1df8be8d6
|
|
Change-Id: Iaffe5d6e402448f1da5e37b0e55829fa72af310d
|
|
Change-Id: I6adacc846f938d1ca1eb1a798780cc804b501a71
|
|
Change-Id: I91c5866f1400c3ad9c7eab1292c3ceb32a482c70
|
|
Fix encoding of extensions in CertificateEntries.
Change-Id: I776a2210d2aa51cde3be5e0bc87d9beb8d63825c
|
|
Send empty EncryptedExtensions after ServerHello.
Update ssl logger.
Change-Id: Id57fdb52c360a1125ac1a735ee37c433bfb69a0a
|
|
Change-Id: Ia18cda4e2b43dc863a24ac4838718adc788b08b1
|
|
Fix key schedule and traffic key calculation.
Add test for the server side calculation of shared secrets and
traffic keys.
Change-Id: Ia955e5e8787f3851bdb3170723e6586bdf4548ca
|
|
Implement encoding/decoding of CertificateVerify.
Update property tests with CertificateVerify.
Refactor state handling function: 'do_negotiated'.
Change-Id: Ifa066076960120717ddb472dc45fcc7a16a517d0
|
|
Could cause connection processes not terminate when they should
|
|
Conflicts:
lib/ssl/src/tls_connection.erl
|
|
* ingela/ssl/continue-optimize/OTP-15445:
ssl: If possible assemble several received application data records
|
|
|
|
Conflicts:
lib/ssl/src/ssl_connection.erl
lib/ssl/src/ssl_connection.hrl
lib/ssl/src/tls_connection.erl
|
|
We want to decrease the size of the outer state tuple, and gain
ease of understanding by better grouping. This is the first step
of creating a hs_env (handshake environment) part of the state.
This change will be performed gradually to reduce merge conflicts
complexity and risk of introducing errors.
|
|
|
|
|
|
* ingela/ssl/test-cuddle:
ssl: Correct test input
|
|
|
|
|
|
* ingela/ssl/DES-EDE/OTP-15539:
ssl: Correct 3des_ede_cbc check
|
|
Could cause ssl to claim to support 3des_ede_cbc when cryptolib does not
|
|
* maint:
Updated OTP version
Prepare release
|