summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* revert previous. some of the keyupdate tests still fail occasionallytb2021-04-141-2/+11
|
* Enable test-tls13-keyupdate.pytb2021-04-141-9/+2
|
* move test-record-size-limit.py to unsupportedtb2021-04-141-4/+3
|
* enable test-record-layer-fragmentation.pytb2021-04-141-7/+2
|
* factor argument to catch an alert mismatch into a helper functiontb2021-04-141-7/+8
|
* enable test-tlsfuzzer-invalid-compression-methods.pytb2021-04-131-5/+10
|
* enable test-large-hello.py as a slow testtb2021-04-131-3/+2
|
* with new defaults, test-fuzzed-plaintext.py is no longer slowtb2021-04-131-3/+2
|
* move a few tests to the unsupported group and fix two commentstb2021-04-131-15/+15
|
* annotate test-ecdhe-rsa-key-exchange-with-bad-messages.py with expectedtb2021-04-131-2/+3
| | | | alerts and where to add them.
* Update a stale comment and fix a typo.tb2021-04-111-3/+3
|
* An extra internal consistency check and a missing stats adjustment. ok tb@otto2021-04-091-1/+4
|
* Cache implementation has changed, we do not hold on to an exact numberotto2021-04-091-3/+4
| | | | of pages anymore, but also cache larger regions; ok tb@
* Enable test-cve-2016-6309.pytb2021-04-081-3/+2
|
* Avoid clobbering the error code when sending an alerttb2021-04-071-2/+3
| | | | | | | | | | | | In order to fail gracefully on encountering a self-signed cert, curl looks at the top-most error on the stack and needs specific SSL_R_ error codes. This mechanism was broken when the tls13_alert_sent_cb() was added after people complained about unhelpful unknown errors. Fix this by only setting the error code from a fatal alert if no error has been set previously. Issue reported by Christopher Reid ok jsing
* Use ERR_print_error_fp() to avoid leaking a BIO in fatal()tb2021-04-071-2/+2
|
* Check function return value in openssl(1) x509.cinoguchi2021-04-071-24/+71
| | | | input from bcook@, ok and comments from tb@
* Avoid leak in error pathinoguchi2021-04-071-3/+7
| | | | ok and input from tb@
* use errx() instead of err()tb2021-04-061-8/+8
|
* spaces -> tabstb2021-04-061-5/+5
|
* minor style tweakstb2021-04-061-5/+6
|
* Don't leak param->name in x509_verify_param_zero()tb2021-04-051-1/+2
| | | | | | | | | For dynamically allocated verify parameters, param->name is only ever set in X509_VERIFY_set1_name() where the old one is freed and the new one is assigned via strdup(). Setting it to NULL without freeing it beforehand is a leak. looks correct to millert, ok inoguchi
* Add missing error check for AES_unwrap_key().tb2021-04-041-1/+3
|
* Fix two copy paste errors in error messagestb2021-04-041-3/+3
|
* Add tests for DTLSv1_2{,_client,_server}_method()tb2021-04-041-1/+20
|
* Use correct type for tmp in test_write_bytes()tb2021-04-041-2/+2
|
* Explicitly NULL pointers to avoid a double free.tb2021-04-041-1/+3
|
* Don't leak key and dh in the error path.tb2021-04-041-4/+7
|
* Clean up client and server tls{,_config} contexts in tls_test().tb2021-04-041-2/+11
| | | | Leaks reported by Ilya Shipitsin.
* Run the CMAC tests through EVP_PKEY_new_CMAC_key().tb2021-04-031-10/+22
|
* Two cases of BRE involving counts and backrefs that go wrong andotto2021-04-021-1/+16
| | | | | similar that have no isssues. Reported by Michael Paoli. Failing cases commented out for now.
* Show DTLS1.2 message with openssl(1) s_server and s_clientinoguchi2021-04-021-2/+6
| | | | ok jsing@ tb@
* Compare the pointer variable explicitly with NULL in if conditioninoguchi2021-04-011-18/+17
|
* one of the examples needs an -N (and explanation);jmc2021-03-311-4/+7
| | | | | | diff from robert scheck discussed with and tweaked by sthen
* Update for DTLSv1.2 support.tb2021-03-311-2/+4
|
* Remove workarounds for SSL_is_dtls()tb2021-03-312-11/+2
| | | | Reminded by inoguchi jsing
* Remove workaround for missing d2i_DSAPrivateKey_fp prototypetb2021-03-311-5/+1
|
* Bump minors after symbol additiontb2021-03-313-3/+3
|
* Expose various DTLSv1.2 specific functions and definestb2021-03-315-27/+8
| | | | ok bcook inoguchi jsing
* Document SSL_set_hostflags(3) and SSL_get0_peername(3)tb2021-03-311-18/+4
| | | | ok bcook inoguchi jsing
* Expose SSL_set_hostflags(3) and SSL_get0_peername(3)tb2021-03-312-3/+3
| | | | ok bcook inoguchi jsing
* Document SSL_use_certificate_chain_file(3)tb2021-03-311-11/+3
| | | | ok bcook inoguchi jsing
* Expose SSL_use_certificate_chain_file(3)tb2021-03-312-3/+2
| | | | ok bcook inoguchi jsing
* Provide missing prototype for d2i_DSAPrivateKey_fp(3)tb2021-03-311-1/+2
| | | | ok bcook inoguchi jsing
* Document EVP_PKEY_new_CMAC_key(3)tb2021-03-311-16/+4
| | | | ok bcook inoguchi jsing
* Provide EVP_PKEY_new_CMAC_key(3)tb2021-03-312-5/+2
| | | | ok bcook inoguchi jsing
* whitespace nitstb2021-03-291-4/+4
|
* Prepare documenting EVP_PKEY_new_CMAC_key(3)tb2021-03-291-2/+54
| | | | Based on some text in OpenSSL 1.1.1's EVP_PKEY_new.pod.
* Remove pointless assignment in SSL_get0_alpn_selected().jsing2021-03-291-4/+1
| | | | ok tb@
* Avoid transcript initialisation when sending a TLS HelloRequest.jsing2021-03-291-4/+6
| | | | | | | | | | When server side renegotiation is triggered, the TLSv1.2 state machine sends a HelloRequest before going to ST_SW_FLUSH and ST_OK. In this case we do not need the transcript and currently hit the sanity check in ST_OK that ensures the transcript has been freed, breaking server initiated renegotiation. We do however need the transcript in the DTLS case. ok tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-07 20:32:45 +0000