A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_6 2024-03-20T10:38:05+00:00 2024-03-20T10:38:05+00:00 jsing 2024-03-20T10:38:05+00:00 urn:sha1:0d9d9a5d218e051c66bca6e7d844cd95b2ede626 The new certificates are more representative of the real world. The old certificates use weak algorithms and expire in the very near future. Most of our regress has already been switched over, this changes the remainder. Thanks to Bernhard M. Wiedemann for reminding us of the upcoming expiry. ok tb@ 2024-01-30T14:46:46+00:00 jsing 2024-01-30T14:46:46+00:00 urn:sha1:58b71efb8cd73a807ec46c267e6e92a1f728420c Some software relies on SSL_shutdown() returning 0 (indicating close-notify sent) before returning 1 on a subsequent call (indicating close-notify sent and received). It is worth noting that there is no guarantee that this will occur in normal operation, as the peer could send a close-notify prior to SSL_shutdown() being called. This is currently failing for TLSv1.3. 2024-01-27T14:35:13+00:00 jsing 2024-01-27T14:35:13+00:00 urn:sha1:c8d20b6287dfe3ed671896311b9b2372794b52d3 2024-01-19T08:29:08+00:00 jsing 2024-01-19T08:29:08+00:00 urn:sha1:3d9800133cfe170c9c442d27469ee41fbc756d0f This tests and codifies the behaviour of SSL_shutdown() with respect to SSL_quiet_shutdown() and SSL_set_shutdown(). For now, only the legacy stack (TLSv1.2) is tested, as there are currently some subtle differences with the TLSv1.3 stack.