| Age | Commit message (Collapse) | Author |
|---|
|
ssl: Correct check for delayed close due to undliverd data
|
|
* peterdmv/ssl/improve_openssl_interop_tests:
ssl: Improve openssl interop tests
Change-Id: I65b63ddb8c8948d246e341f8c821b3b499507cb6
|
|
openssl 1.1.x changed the default ECC curves that made testcases
fail in the ECC suite. openssl s_server and s_client sent
'Illegal Parameter' alert when the CertificateVerify (client) or
ServerKeyExchange (server) message was signed with a curve that
was not present in openssl's default ECC curve list (x25519,
secp256r1, secp521r1, secp384r1, brainpoolP256r1, brainpoolP384r1,
brainpool512r1).
This commit changes the default curve of make_ec_cert_chains to
'secp256r1' and explicitly configures the default curve in
those testcases where the default curve of the ssl application
is expected.
Change-Id: I81ebe1a30b8f863b0e2836b1dad3d8bc767cc47e
|
|
Could cause connection processes not terminate when they should
|
|
* ingela/ssl/continue-optimize/OTP-15445:
ssl: If possible assemble several received application data records
|
|
|
|
We want to decrease the size of the outer state tuple, and gain
ease of understanding by better grouping. This is the first step
of creating a hs_env (handshake environment) part of the state.
This change will be performed gradually to reduce merge conflicts
complexity and risk of introducing errors.
|
|
|
|
* ingela/ssl/test-cuddle:
ssl: Correct test input
|
|
|
|
* ingela/ssl/DES-EDE/OTP-15539:
ssl: Correct 3des_ede_cbc check
|
|
Could cause ssl to claim to support 3des_ede_cbc when cryptolib does not
|
|
* maint-21:
Updated OTP version
Prepare release
|
|
|
|
|
|
maint-21
* peterdmv/ssl/fix-srp-encode-decode/ERL-790/OTP-15477:
ssl: Fix encoding/decoding of the SRP extension
|
|
* ingela/ssl/enhance-error-handling/OTP-15505:
ssl: Cuddle test cases
ssl: Fix test case
ssl: Fix two invalid gen_statem returns
|
|
We want to be able to save a specific session to reuse, and make sure
it is reusable immediatly when the connection has been established.
Add client option {reuse_session, SessionID::binary()}
We also do not want clients to save sessions that it did not verify.
Additionaly change behaviour of the client and server to not save sessions
if reuse_session is set to false.
|
|
Modernize test case option handling
|
|
No need for this test case to set a specific cipher suite. An appropriate cipher suite
will be negotiated and it will of course be the same for clients with the same configuration.
|
|
|
|
* peterdmv/ssl/fix-crl-suite:
ssl: Fix CRL suite with openssl-1.1.1a
Change-Id: I2847107b6cf0210c3002c016a6ba49288505d06f
|
|
|
|
Remove rizzo rests that made incorrect assumptions
|
|
Later versions of openssl do not support negative integers for
CRL due time (used for negative testing).
As a workaround this commit implements a function that can set
CRL due time in seconds and makes the testcase
'crl_hash_dir_expired' sleep for one second.
Change-Id: I2ef8b3c6ee545bd09170fa6027cb9ca38cfb42c0
|
|
Cipher test case also needed updating to handle streams correctly
We should not rizzo test chacha20_poly1305
Conflicts:
lib/ssl/test/ssl_basic_SUITE.erl
|
|
packet raw is a stream, test code manged it packet oriented in
the function active_raw.
|
|
* peterdmv/ssl/fix-srp-encode-decode/ERL-790/OTP-15477:
ssl: Fix encoding/decoding of the SRP extension
Change-Id: Iee3276a60041a2c04c89385b2de2edb1cd81babd
|
|
|
|
ssl: Fix two invalid gen_statem returns
OTP-15505
|
|
The encoded value of the SRP extension length was bigger than the
actual length of the extension. This could cause interoperability
problems with third party SSL implementations.
This commit corrects the encoding and decoding of the SRP extension
length.
Change-Id: I78d118faab7f5d02b755a7d1e2e8561b86f5a15c
|
|
New internal active N changed timing, and
new check is needed.
|
|
ssl: Guarantee active once data delivery
OTP-15504
|
|
* ingela/ssl/error-handling-should-be-throw/OTP-15502:
ssl: Clean up extension handling
|
|
New internal active N changed timing, and
new check is needed.
|
|
|
|
Use throw stratgy for erro handling in extension handling. Makes code consistent and easier to refactor.
Also fixes bug that an incorrect return value for gen_statem could be created when alert was a result
of handling renegotiation info extension.
|
|
* maint-21:
Updated OTP version
Prepare release
|
|
|
|
Wtite connection state was not synchronized when peer initiated renegotiation
|
|
|
|
As the stop wrapper functions are no longer needed after tls_sender
that altered the behaviour of the TLS distribution code.
|
|
Both test case and code needed updates to work as intended. Code needed update due to
new tls_sender process and the test case gave false positive reusult erarlier probably
due to beeing to sloopy in order to avoid timeouts.
|
|
|
|
|
|
|
|
Rename Connection:handle_common_event Connection:handle_protocol_record
removing use of unnecessary argument and making code easier to understand.
|
|
State values created at init
|
|
Wtite connection state was not synchronized when peer initiated renegotiation
|
|
|
