openbsd/src/regress/lib/libssl/tlsext/tlsexttest.c, branch OPENBSD_7

openbsd/src/regress/lib/libssl/tlsext/tlsexttest.c, branch OPENBSD_7_8 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_8 2025-05-03T08:37:28+00:00 Verify that the selected key share is indeed group 29 2025-05-03T08:37:28+00:00 tb 2025-05-03T08:37:28+00:00 urn:sha1:fcc4c7b50e2b86b55823dda5fe0622d8fe00bf31 From Kenjiro Nakayama tlsexttest: remove check that clients receive SNI before ALPN 2025-04-30T13:44:54+00:00 tb 2025-04-30T13:44:54+00:00 urn:sha1:aab757a17fa1f081f77bddc901e6d39f0b245803 The next commit will remove the kludge for compatibility of Apache with older libressl, so remove the corresponding regress coverage and only check that PSK is the last extension. parametes -> parameters 2024-09-11T15:04:16+00:00 tb 2024-09-11T15:04:16+00:00 urn:sha1:09903e44fed5f689c935935b95c447ccb1465128 Revise regress to match cipher suite values change. 2024-07-22T14:50:45+00:00 jsing 2024-07-22T14:50:45+00:00 urn:sha1:ee47b67deae4b8751972f7fc4a0b821ffc61bb86 Initialize quic_method in tlsexttest 2024-03-30T09:53:41+00:00 tb 2024-03-30T09:53:41+00:00 urn:sha1:3247516c5c49295dd4e217b38e6a58c72595e142 This is only there to pretend a quic method was set on the SSL, but apparently some compilers warn about an uninitialized variable. from Christian Andersen Fix coverity complaints. 2024-03-28T01:45:18+00:00 beck 2024-03-28T01:45:18+00:00 urn:sha1:45f98f789c6ef09f937c978393d67f6741b3fe1f fix leaks in the horrible ssl whackery necessary for this test. 2024-03-27T23:56:34+00:00 beck 2024-03-27T23:56:34+00:00 urn:sha1:4dc7c1da04b000cd1c9039034bbfa79d816568ca ok tb@ Fix up server processing of key shares. 2024-03-27T22:27:09+00:00 beck 2024-03-27T22:27:09+00:00 urn:sha1:f5455377d8db89c93a97bd92588ba5a5e5f169b3 Ensure that the client can not provide a duplicate key share for any group, or send more key shares than groups they support. Ensure that the key shares must be provided in the same order as the client preference order specified in supported_groups. Ensure we only will choose to use a key share that is for the most preferred group by the client that we also support, to avoid the client being downgraded by sending a less preferred key share. If we do not end up with a key share for the most preferred mutually supported group, will then do a hello retry request selecting that group. Add regress for this to regress/tlsext/tlsexttest.c ok jsing@ Fix expected client hello value to allow for supported_groups change. 2024-03-26T02:43:56+00:00 beck 2024-03-26T02:43:56+00:00 urn:sha1:d59fda04e61e4b842e5dda7c6e18fd1e7da2d3cc ok jsing@ Revise for TLS extension parsing/processing changes. 2024-03-25T10:19:14+00:00 jsing 2024-03-25T10:19:14+00:00 urn:sha1:b8b0472b3410017959236110dc2a665e360fc10c