openbsd/src/regress/lib/libtls/tls, branch master

openbsd/src/regress/lib/libtls/tls, branch master A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=master 2025-06-04T10:28:00+00:00 libtls: add basic regress for ALPN 2025-06-04T10:28:00+00:00 tb 2025-06-04T10:28:00+00:00 urn:sha1:e097fbd764cb1d90eaf6cbc82042adf7c812e984 This currently only tests the behavior for successful protocol negotiations since the test expects all handshakes to complete. Adjust tls regress for protocol parsing fixes 2024-08-02T15:02:22+00:00 tb 2024-08-02T15:02:22+00:00 urn:sha1:5b0ba3dd881b60a691a93fccbc6a02076410d007 This mostly reverts what was done by beck in Tallinn and adjust tlstest to add new test cases and now failing connection tests. Use the new certificates/chains in regress. 2024-03-20T10:38:05+00:00 jsing 2024-03-20T10:38:05+00:00 urn:sha1:0d9d9a5d218e051c66bca6e7d844cd95b2ede626 The new certificates are more representative of the real world. The old certificates use weak algorithms and expire in the very near future. Most of our regress has already been switched over, this changes the remainder. Thanks to Bernhard M. Wiedemann for reminding us of the upcoming expiry. ok tb@ Revert previous. The added includes were already there. Duh. 2022-07-16T07:46:08+00:00 tb 2022-07-16T07:46:08+00:00 urn:sha1:3c1c496acf7e8e6ce51359141b796f01cdcba141 Explicitly include fcntl.h and unistd.h for pipe2 2022-06-22T10:01:17+00:00 tb 2022-06-22T10:01:17+00:00 urn:sha1:24b3af508c9815e55da5d06366808dad8d65efa4 Clean up client and server tls{,_config} contexts in tls_test(). 2021-04-04T16:19:47+00:00 tb 2021-04-04T16:19:47+00:00 urn:sha1:b43b86edcadc304cea86df85028fed0ef466d05f Leaks reported by Ilya Shipitsin. Add a missing circular_init() call in the TLS ordering test. 2020-07-04T09:07:02+00:00 jsing 2020-07-04T09:07:02+00:00 urn:sha1:ca98cbb7c336fac18fa8a53f4f555ccf440e5838 This makes the regress work correctly again - this was previously masked by the fact that tls_close() (and hence SSL_shutdown()) was draining the circular buffer, whereas now we're leaving data behind from a previous test, resulting in the ordering test failing. Add TLS versioning tests. 2020-05-13T17:57:27+00:00 jsing 2020-05-13T17:57:27+00:00 urn:sha1:85564cbdaaead9999e493a60665d8f6a911aeb69 This ensures that a TLSv1.0, TLSv1.1, TLSv1.2 or TLSv1.3 client can talk with an appropriately configured server and vice versa. Remove the now unnecessary tls_init() call. 2018-03-19T16:36:12+00:00 jsing 2018-03-19T16:36:12+00:00 urn:sha1:7404a498429b2296b52ce77d887b7040276e03a3 Add a (currently failing) call to tls_handshake() on a client context that 2017-05-07T03:25:26+00:00 jsing 2017-05-07T03:25:26+00:00 urn:sha1:d56eda508144f700fc0f99d91c964ffebbbd1ae4 has not yet been connected. We expect this to fail, but it should fail gracefully.