aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
AgeCommit message (Collapse)Author
2019-02-14ssl: Remove duplicate record_cb handlingIngela Anderton Andin
2019-02-14ssl: Add test case for continued handshake with a timeoutdimadio
2019-02-13ssl: Use gen_statem named timers to handle connection and recv timeoutsIngela Anderton Andin
2019-02-08ssl: Move and rename diffie_hellman_keys and srp_keys to kex_keysIngela Anderton Andin
2019-02-08ssl: Move key_algorithm to handshake_envIngela Anderton Andin
2019-02-08ssl: srpIngela Anderton Andin
2019-02-08ssl: RenameIngela Anderton Andin
2019-02-08ssl: Move diffie_hellman_params to handshake_envIngela Anderton Andin
2019-02-08ssl: Move and rename psk_identity state record fieldIngela Anderton Andin
2019-02-08ssl: Move premaster_secret to handshake_envIngela Anderton Andin
2019-02-08ssl: Make flight_state DTLS specificIngela Anderton Andin
flight_state is used to handle retransmission timers for DTLS over udp
2019-02-08ssl: Add private_key to connection_envIngela Anderton Andin
2019-02-08ssl: Remove unused record fieldIngela Anderton Andin
2019-02-08ssl: Add erl_dist_handle to connection_envIngela Anderton Andin
2019-02-08ssl: Add negotiated_version to connection_envIngela Anderton Andin
2019-02-08ssl: Add key exchange items to handshake_envIngela Anderton Andin
2019-02-08ssl: Add hashsign_algorithm and cert_hashsign_algorithm to handshake_envIngela Anderton Andin
2019-02-08ssl: Add downgrade handling to connection_envIngela Anderton Andin
Remove duplicate handsake history handling form ssl_config function. Later we might refactor to avoid duplication in TLS and DTLS code, but handshake history does not belong in ssl_config function.
2019-02-08ssl: Create connection_envIngela Anderton Andin
2019-02-08ssl: Handle renegotiation and extensions in handshake_envIngela Anderton Andin
2019-02-05Merge branch 'ingela/ssl/alert-return/OTP-15423' into maintIngela Anderton Andin
* ingela/ssl/alert-return/OTP-15423: ssl: Use specs to generate type documentation ssl: Enhance error handling
2019-02-05ssl: Use specs to generate type documentationIngela Anderton Andin
2019-02-04ssl: Enhance error handlingIngela Anderton Andin
2019-02-01ssl: Remove unintended matchIngela Anderton Andin
2019-01-30Merge pull request #2109 from IngelaAndin/ingela/ssl/active-checkIngela Andin
ssl: Correct check for delayed close due to undliverd data
2019-01-30Merge branch 'peterdmv/ssl/improve_openssl_interop_tests' into maintPéter Dimitrov
* peterdmv/ssl/improve_openssl_interop_tests: ssl: Improve openssl interop tests Change-Id: I65b63ddb8c8948d246e341f8c821b3b499507cb6
2019-01-29ssl: Improve openssl interop testsPéter Dimitrov
openssl 1.1.x changed the default ECC curves that made testcases fail in the ECC suite. openssl s_server and s_client sent 'Illegal Parameter' alert when the CertificateVerify (client) or ServerKeyExchange (server) message was signed with a curve that was not present in openssl's default ECC curve list (x25519, secp256r1, secp521r1, secp384r1, brainpoolP256r1, brainpoolP384r1, brainpool512r1). This commit changes the default curve of make_ec_cert_chains to 'secp256r1' and explicitly configures the default curve in those testcases where the default curve of the ssl application is expected. Change-Id: I81ebe1a30b8f863b0e2836b1dad3d8bc767cc47e
2019-01-24ssl: Correct check for delayed close due to undliverd dataIngela Anderton Andin
Could cause connection processes not terminate when they should
2019-01-23Merge branch 'ingela/ssl/continue-optimize/OTP-15445' into maintIngela Anderton Andin
* ingela/ssl/continue-optimize/OTP-15445: ssl: If possible assemble several received application data records
2019-01-22ssl: If possible assemble several received application data recordsIngela Anderton Andin
2019-01-22ssl: Create hs_envIngela Anderton Andin
We want to decrease the size of the outer state tuple, and gain ease of understanding by better grouping. This is the first step of creating a hs_env (handshake environment) part of the state. This change will be performed gradually to reduce merge conflicts complexity and risk of introducing errors.
2019-01-22ssl: Remove unnecessary iolist_to_binaryIngela Anderton Andin
2019-01-22Merge branch 'ingela/ssl/test-cuddle' into maintIngela Anderton Andin
* ingela/ssl/test-cuddle: ssl: Correct test input
2019-01-21ssl: Correct test inputIngela Anderton Andin
2019-01-21Merge branch 'ingela/ssl/DES-EDE/OTP-15539' into maintIngela Anderton Andin
* ingela/ssl/DES-EDE/OTP-15539: ssl: Correct 3des_ede_cbc check
2019-01-17ssl: Correct 3des_ede_cbc checkIngela Anderton Andin
Could cause ssl to claim to support 3des_ede_cbc when cryptolib does not
2019-01-16Merge branch 'maint-21' into maintRickard Green
* maint-21: Updated OTP version Prepare release
2019-01-16ssl: Cuddle testsIngela Anderton Andin
2019-01-15Prepare releaseErlang/OTP
2019-01-15Merge branch 'peterdmv/ssl/fix-srp-encode-decode/ERL-790/OTP-15477' into ↵Erlang/OTP
maint-21 * peterdmv/ssl/fix-srp-encode-decode/ERL-790/OTP-15477: ssl: Fix encoding/decoding of the SRP extension
2019-01-15Merge branch 'ingela/ssl/enhance-error-handling/OTP-15505' into maint-21Erlang/OTP
* ingela/ssl/enhance-error-handling/OTP-15505: ssl: Cuddle test cases ssl: Fix test case ssl: Fix two invalid gen_statem returns
2019-01-14ssl: Add value 'save' to reuse_sessions and reuse_session client optionIngela Anderton Andin
We want to be able to save a specific session to reuse, and make sure it is reusable immediatly when the connection has been established. Add client option {reuse_session, SessionID::binary()} We also do not want clients to save sessions that it did not verify. Additionaly change behaviour of the client and server to not save sessions if reuse_session is set to false.
2019-01-14ssl: Client shall only save verified sessionsIngela Anderton Andin
Modernize test case option handling
2019-01-14ssl: Uncomplicate test codeIngela Anderton Andin
No need for this test case to set a specific cipher suite. An appropriate cipher suite will be negotiated and it will of course be the same for clients with the same configuration.
2019-01-14ssl: Modernize test suiteIngela Anderton Andin
2019-01-10Merge branch 'peterdmv/ssl/fix-crl-suite' into maintPéter Dimitrov
* peterdmv/ssl/fix-crl-suite: ssl: Fix CRL suite with openssl-1.1.1a Change-Id: I2847107b6cf0210c3002c016a6ba49288505d06f
2019-01-10ssl: Add renegotiation test case to OpenSSL sanity checkIngela Anderton Andin
2019-01-10ssl: Better stream handlingIngela Anderton Andin
Remove rizzo rests that made incorrect assumptions
2019-01-09ssl: Fix CRL suite with openssl-1.1.1aPéter Dimitrov
Later versions of openssl do not support negative integers for CRL due time (used for negative testing). As a workaround this commit implements a function that can set CRL due time in seconds and makes the testcase 'crl_hash_dir_expired' sleep for one second. Change-Id: I2ef8b3c6ee545bd09170fa6027cb9ca38cfb42c0
2019-01-08ssl: Cuddle test casesIngela Anderton Andin
Cipher test case also needed updating to handle streams correctly We should not rizzo test chacha20_poly1305 Conflicts: lib/ssl/test/ssl_basic_SUITE.erl