| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Call the callback on success in new verifier in a compatible way | beck | 2021-09-03 | 1 | -3/+1 |
| | | | | | | | | | | | | | | when we succeed with a chain, and ensure we do not call the callback twice when the caller doesn't expect it. A refactor of the end of the legacy verify code in x509_vfy is probably overdue, but this should be done based on a piece that works. the important bit here is this allows the perl regression tests in tree to pass. Changes the previously committed regress tests to test the success case callbacks to be known to pass. ok bluhm@ tb@ | ||||
| * | Add a regression test to verify that we call the callback in the same | beck | 2021-09-01 | 3 | -4/+551 |
| | | | | | | | | | | order on success for both the legacy and the new verifier, This avoids problems as seen in perl's regression tests for some of the crazy things net:ssleay does. This is currently marked as expected to fail, it will be expected to succeed after a forthcoming commit from me. | ||||
| * | Only remove the directories if there's an obj/ or obj@ | tb | 2021-08-28 | 1 | -2/+4 |
| | | |||||
| * | Add a pass using the modern vfy with by_dir roots, code by me, script to | beck | 2021-08-28 | 3 | -15/+106 |
| | | | | | | | generate certdirs by jsing, and make chicken sacrifies by tb. ok tb@ jsing@ | ||||
| * | Add case 2c to the go side. Don't tell jsing I touched go. | beck | 2021-08-28 | 1 | -0/+1 |
| | | |||||
| * | Add regress test testing having the root cert in the intermediate bundle | beck | 2021-08-27 | 5 | -1/+96 |
| | | |||||
| * | Import regress tests for SM2. Not yet linked to the build. | tb | 2021-08-18 | 4 | -0/+640 |
| | | | | | Part of Github PR #105 | ||||
| * | It's no longer necessary to link ecdhtest statically. | tb | 2021-05-10 | 1 | -2/+2 |
| | | |||||
| * | tweak one description to make it unique | tb | 2021-05-03 | 1 | -2/+3 |
| | | |||||
| * | Prefix the hybrid_corner_case test with test_ for consistency. | tb | 2021-05-03 | 1 | -3/+3 |
| | | |||||
| * | Exercise the point conversion bit for octet string representations | tb | 2021-05-03 | 1 | -1/+279 |
| | | | | | of points on secp256r1. | ||||
| * | Add a test that exercises the point conversion bit of the octet | tb | 2021-05-03 | 1 | -1/+362 |
| | | | | | string representations of points on the binary curve sect571k1. | ||||
| * | Relax SAN DNSname validation and constraints to permit non leading * | beck | 2021-04-27 | 1 | -8/+4 |
| | | | | | | | | | | | | wildcards. While we may choose not to support them the standards appear to permit them optionally so we can't declare a certificate containing them invalid. Noticed by jeremy@, and Steffan Ulrich and others. Modify the regression tests to test these cases and not check the SAN DNSnames as "hostnames" anymore (which don't support wildcards). ok jsing@, tb@ | ||||
| * | Add a test that roundtrips a bunch of points on all builtin curves | tb | 2021-04-21 | 2 | -6/+268 |
| | | | | | | via point2oct and oct2point and that checks the corner case in hybrid encoding that was fixed in ec2_oct.c r1.13. | ||||
| * | Adjust ectest.c for set_compressed_coordinates | tb | 2021-04-20 | 1 | -9/+9 |
| | | |||||
| * | Adjust ectest.c for get_Jprojective coordinate change | tb | 2021-04-20 | 1 | -2/+2 |
| | | |||||
| * | Adjust ecdhtest.c for affine_coordinates change | tb | 2021-04-20 | 2 | -7/+7 |
| | | |||||
| * | Adjust ectest.c for affine_coordinates change | tb | 2021-04-20 | 1 | -17/+17 |
| | | |||||
| * | Adjust ectest.c for EC_GROUP_{g,s}et_curve change | tb | 2021-04-20 | 2 | -15/+15 |
| | | |||||
| * | Use ERR_print_error_fp() to avoid leaking a BIO in fatal() | tb | 2021-04-07 | 1 | -2/+2 |
| | | |||||
| * | use errx() instead of err() | tb | 2021-04-06 | 1 | -8/+8 |
| | | |||||
| * | spaces -> tabs | tb | 2021-04-06 | 1 | -5/+5 |
| | | |||||
| * | minor style tweaks | tb | 2021-04-06 | 1 | -5/+6 |
| | | |||||
| * | Add missing error check for AES_unwrap_key(). | tb | 2021-04-04 | 1 | -1/+3 |
| | | |||||
| * | Explicitly NULL pointers to avoid a double free. | tb | 2021-04-04 | 1 | -1/+3 |
| | | |||||
| * | Don't leak key and dh in the error path. | tb | 2021-04-04 | 1 | -4/+7 |
| | | |||||
| * | Run the CMAC tests through EVP_PKEY_new_CMAC_key(). | tb | 2021-04-03 | 1 | -10/+22 |
| | | |||||
| * | Remove workaround for missing d2i_DSAPrivateKey_fp prototype | tb | 2021-03-31 | 1 | -5/+1 |
| | | |||||
| * | Don't leak ca in test_cms_sign_verify(). | tb | 2021-03-22 | 1 | -1/+2 |
| | | | | | Reported by Ilya Shipitsin | ||||
| * | Plug memory leak reported by Ilya Shipitsin | tb | 2021-03-21 | 1 | -3/+2 |
| | | | | | | Since r1.7, input in base64_decoding_test() is allocated unconditionally, so free it unconditionally. | ||||
| * | Make this test module aware so it passes with Go 1.16 | tb | 2021-02-23 | 1 | -0/+4 |
| | | |||||
| * | Start each regress run from scratch with new keys and CA database. | bluhm | 2020-12-26 | 1 | -12/+17 |
| | | |||||
| * | Convert CA regress implementation from shell script to make file. | bluhm | 2020-12-26 | 5 | -141/+100 |
| | | | | | Ensure that it works with obj directory and link regress to build. | ||||
| * | Remove echo headlines. | bluhm | 2020-12-17 | 2 | -6/+2 |
| | | |||||
| * | Don't leak verify and store contexts. | tb | 2020-11-18 | 1 | -1/+3 |
| | | |||||
| * | Skip test if web server cannot be pinged. | bluhm | 2020-11-05 | 1 | -6/+14 |
| | | |||||
| * | catch unset error when validation fails. | beck | 2020-10-26 | 2 | -2/+16 |
| | | |||||
| * | avoid two overlong lines and drop an unused printf argument | tb | 2020-10-12 | 1 | -4/+4 |
| | | |||||
| * | Don't leak bundle_file and cert_file paths at the end. | tb | 2020-10-10 | 1 | -1/+3 |
| | | |||||
| * | Read cert.pem once and reuse it instead of reading it twice per test cert | tb | 2020-10-08 | 1 | -18/+10 |
| | | | | | | | | | chain. It only takes a few dozens of ms to read it, but doing this 7290 times adds up to a few minutes run time. This way, the test completes in a handful of seconds. Diagnosed by jsing, ok beck | ||||
| * | KNF | tb | 2020-10-03 | 1 | -12/+11 |
| | | |||||
| * | typo | tb | 2020-10-03 | 1 | -1/+1 |
| | | |||||
| * | spelling, punctuation, whitespace | tb | 2020-10-02 | 2 | -6/+6 |
| | | |||||
| * | Add possibility to link and run this test against the OpenSSL 1.1.1 package | tb | 2020-10-02 | 1 | -1/+7 |
| | | | | | | | using the make variable EOPENSSL11. Suggested by jsing | ||||
| * | Use += and ?= and tidy up whitespace | tb | 2020-10-02 | 1 | -8/+8 |
| | | |||||
| * | Tidy up: no need to link statically against libcrypto and no need | tb | 2020-10-02 | 1 | -4/+4 |
| | | | | | to look at its private headers either. | ||||
| * | Make this test compile against OpenSSL 1.1 | tb | 2020-10-02 | 1 | -11/+21 |
| | | | | | | | | The X509_STORE_CTX struct is opaque in OpenSSL 1.1. To avoid reaching inside it, reuse the trusted certificate store that was just assigned to it and use X509_STORE_CTX_get0_param(3) to access the verification parameters. | ||||
| * | move a misplaced 'goto done;' so that all invalid uris are tested | tb | 2020-09-21 | 1 | -1/+1 |
| | | |||||
| * | add a few short invalid URIs in test_constraints1() that cause early | tb | 2020-09-21 | 1 | -0/+4 |
| | | | | | failure of x509_constraints_uri_host() in x509_constraints_uri() | ||||
| * | Correct a 1 byte read overflow in x509_contraints_uri and add | beck | 2020-09-20 | 1 | -0/+4 |
| | | | | | | | | | regress to catch it in the future. found by Guido Vranken's cryptofuzzer ok tb@ | ||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |