| Commit message (Collapse) | Author | Files | Lines |
|---|
|
OK tb@
|
|
OK tb@
|
|
OK beck@ tb@
|
|
OK tb@
|
|
OK tb@
|
|
OK jsing@
|
|
|
|
Feedback from tb@
OK tb@
|
|
OK tb@
|
|
exec/exit with vfork.
OK bluhm@
|
|
here or we break the handshake with BAD_MESSAGE
ok tb@
|
|
OK tb@
|
|
OK jsing@
|
|
OK jsing@
|
|
OK tb@ jsing@
|
|
Identifiers
These extensions are defined in RFC 3779 and used in the RPKI (RFC 6482, RFC 8360).
Imported from OpenSSL 1.1.1j (aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf)
This changeset is a no-op, as there are 10+ issues and at least 2 security issues.
Work will continue in-tree.
OK tb@, discussed with beck@
|
|
OK bluhm@
|
|
succeeding unconditionally. Makes muststaple work with tls1.3 in nc
ok tb@
|
|
|
|
|
|
ok tb@
|
|
Referred to OpenSSL commit 2cedf794 and arranged for our codebase.
ok tb@
|
|
spotted by anton
|
|
message, even if it has received a "status_request" extension in the client
hello message and has sent a "status_request" extention in the server hello
message. Genua found a site that is this broken. This makes it work.
ok jsing@
|
|
to the list. While here remove some of the headers from inet_net_ntop(3)
for balance.
|
|
leaving only the basic description in the RETURN VALUES section;
tb@ pointed out LibreSSL does not currently provide all those guarantees,
and he also OK'ed this diff
|
|
ok tb@
|
|
these options should be set globally (sysctl) when running regress as opposed to having
individual tests set it, barring a few specific exceptions.
ok bluhm@
|
|
order on success for both the legacy and the new verifier, This avoids
problems as seen in perl's regression tests for some of the crazy things
net:ssleay does.
This is currently marked as expected to fail, it will be expected to
succeed after a forthcoming commit from me.
|
|
fix a stale comment.
Found by mortimer with clang 13's -Wunused-but-set-variable.
ok beck
|
|
In normal TLS, it is possible for record fragments to be sent that contain
one byte of alert or handshake message payload. In this case we have to
read and collate multiple message fragments before we can decide what to
do with the record.
However, in the case of DTLS, one record is effectively one packet and
while it is possible to send handshake messages across multiple
records/packets, the minimum payload is the DTLS handshake message header
(plus one byte of data if the handshake message has a payload) - without
this, there is insufficient information available to be able to reassemble
the handshake message. Likewise, splitting an alert across multiple DTLS
records simply does not work, as we have no way of knowing if we're
collating the same alert or two different alerts that we lost half of each
from (unfortunately, these details are not really specified in the DTLS
RFC).
This means that for DTLS we can expect to receive a full alert message
(a whole two bytes) or a handshake record with at least the handshake
message header (12 bytes). If we receive messages with less than these
lengths we discard them and carry on (which is what the DTLS code already
does).
Remove all of the pointless fragment handling code from DTLS, while also
fixing an issue where one case used rr->data instead of the handshake
fragment.
ok inoguchi@ tb@
|
|
ok inoguchi@ tb@ (as part of a larger diff)
|
|
|
|
|
|
prompted by the bug krw@ fixed yesterday in uuid_from_string()
|
|
The info and msg callbacks result in duplication - both for code that
refers to the function pointers and for the call sites. Avoid this by
providing typedefs for the function pointers and pulling the calling
sequences into their own functions.
ok inoguchi@ tb@
|
|
ok inoguchi@ tb@
|
|
There is little to gain by mallocing and freeing the AEAD nonce for each
record - move to an AEAD nonce allocated for the record layer, which
matches what we do for TLSv1.3.
ok inoguchi@ tb@
|
|
in particular, this includes new text by Matt Caswell
from OpenSSL commit 721eb8f6 Nov 28 12:03:00 2019 +0000
and corrects a wrong argument type that i introduced into the SYNOPSIS;
requested by tb@
|
|
|
|
|
|
|
|
|
|
Instead of using s_client and s_server and complicated shell scripts,
we can reuse the framework from the ssl_get_shared_cipher() regress
test and inspect the verify return value directly.
Discussed with beck jan jsing
|
|
If a servername callback returns SSL_TLSEXT_ERR_ALERT_WARNING, this
results in a fatal error in TLSv1.3 since alert levels are implicit
in the alert type and neither close_notify nor user_canceled make
sense in this context. OpenSSL chose to ignore this, so we need to
follow suit.
Found via a broken servername callback in p5-IO-Socket-SSL which
returns a Boolean instead of SSL_TLSEXT_ERR_*. This happened to
have worked before TLSv1.3 since warning alerts are often ignored.
This "fixes" sni.t and sni-verify.t in p5-IO-Socket-SSL.
ok beck jsing
|
|
suggested from tb@
|
|
ok tb@
|
|
our verifier to return 21 results in other regress failures in
ruby and perl.
|
|
find leaf cert issuers. This breaks perl and ruby regress, as noticed
by tb that "we tried this before".
Jan's regress that cares about 21 vs 20 needs to change
ok tb@
|
|
then fix the only thing it still has complaints about which
is that we don't return the leaf version of the error code
when we can't verify the leaf (as opposed to the rest of the chain)
ok jan@ tb@
|
