openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	Use the new certificates/chains in regress.	jsing	2024-03-20	1	-4/+4
\| \| \| \| \| \| \| \| \| \|	The new certificates are more representative of the real world. The old certificates use weak algorithms and expire in the very near future. Most of our regress has already been switched over, this changes the remainder. Thanks to Bernhard M. Wiedemann for reminding us of the upcoming expiry. ok tb@
*	Add a shutdown sequence regress test.	jsing	2024-01-30	1	-3/+133
\| \| \| \| \| \| \| \| \| \|	Some software relies on SSL_shutdown() returning 0 (indicating close-notify sent) before returning 1 on a subsequent call (indicating close-notify sent and received). It is worth noting that there is no guarantee that this will occur in normal operation, as the peer could send a close-notify prior to SSL_shutdown() being called. This is currently failing for TLSv1.3.
*	Enable for TLSv1.3 now that shutdown behaviour matches the legacy stack.	jsing	2024-01-27	1	-3/+1
\|
*	Add regress test coverage for SSL_shutdown().	jsing	2024-01-19	2	-0/+546
	This tests and codifies the behaviour of SSL_shutdown() with respect to SSL_quiet_shutdown() and SSL_set_shutdown(). For now, only the legacy stack (TLSv1.2) is tested, as there are currently some subtle differences with the TLSv1.3 stack.