| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Update golden values to match P-521 being enabled by default in the client. | jsing | 2020-08-09 | 1 | -10/+11 |
| | | |||||
| * | tlsexttest: pass message type to the extension functions | tb | 2020-07-03 | 1 | -144/+144 |
| | | | | | ok beck jsing | ||||
| * | adjust tlsexttest to new argument order | tb | 2020-07-03 | 1 | -5/+5 |
| | | |||||
| * | Previous commit caught a few errx() cases by accident. undo them. | tb | 2020-05-24 | 1 | -25/+25 |
| | | |||||
| * | include newlines in FAIL messages | tb | 2020-05-24 | 1 | -108/+108 |
| | | |||||
| * | address some nits from jsing | tb | 2020-05-24 | 1 | -7/+11 |
| | | |||||
| * | Enforce that SNI hostnames be correct as per rfc 6066 and 5980. | beck | 2020-05-23 | 1 | -1/+79 |
| | | | | | | | | Correct SNI alerts to differentiate between illegal parameter and an unknown name. ok tb@` | ||||
| * | Revise regress for TLSv1.3 server being enabled. | jsing | 2020-05-11 | 1 | -5/+8 |
| | | |||||
| * | Update key share regress to match previous change. | jsing | 2020-04-17 | 1 | -4/+4 |
| | | |||||
| * | Reset the key share so that we do not have an existing peer public key. | jsing | 2020-02-05 | 1 | -1/+7 |
| | | |||||
| * | Tweak regress to match change made to tls13_key_share_peer_public(). | jsing | 2020-02-01 | 1 | -2/+1 |
| | | |||||
| * | Revise for TLSv1.3 key share changes. | jsing | 2020-01-30 | 1 | -8/+27 |
| | | |||||
| * | server sigalgs test is now bogus, disable for now | beck | 2020-01-26 | 1 | -2/+3 |
| | | |||||
| * | It has been called to my attention that the cookie monster ascii art | beck | 2019-11-10 | 1 | -17/+7 |
| | | | | | | | | | | in this test which I had obtained from a site purporting it to be free for use with artist attribtion might not be. After looking at at some other muppett ascii art for inspiration I am replacing this with my own ascii art muppet to replace the previously used cookie monster. The copyright for the art is the same as my code. | ||||
| * | Update regress following sigalgs changes. | jsing | 2019-03-25 | 1 | -17/+1 |
| | | |||||
| * | Use malloc() and memcpy() the test X25519 x25519_peer_public value. | jsing | 2019-02-03 | 1 | -3/+6 |
| | | | | | | | | Otherwise, if tlsext_keyshare_server_build() fails we call free with a pointer to static memory and bad things happen. Reported by bcook@ | ||||
| * | Add server side of versions, keyshare, and client and server of cookie | beck | 2019-01-24 | 1 | -6/+435 |
| | | | | | | | | | extensions for tls1.3. versions is currently defanged to ignore its result until tls13 server side wired in full, so that server side code still works today when we only support tls 1.2 ok bcook@ tb@ jsing@ | ||||
| * | Remove SHA224 based sigalgs from use in TLS 1.2 as SHA224 is deprecated. | beck | 2019-01-24 | 1 | -18/+10 |
| | | | | | | Remove GOST based sigalgs from TLS 1.2 since they don't work with TLS 1.2. ok jsing@ | ||||
| * | Modify sigalgs extension processing to accomodate TLS 1.3. | beck | 2019-01-23 | 1 | -10/+12 |
| | | | | | | | | | | | - Make a separate sigalgs list for TLS 1.3 including only modern algorithm choices which we use when the handshake will not negotiate TLS 1.2. - Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2 from a 1.3 handshake. ok jsing@ tb@ | ||||
| * | revert previous, accidentally contained another diff in addition | beck | 2019-01-23 | 1 | -12/+10 |
| | | | | | to the one I intended to commit | ||||
| * | Modify sigalgs extension processing for TLS 1.3. | beck | 2019-01-23 | 1 | -10/+12 |
| | | | | | | | | | | - Make a separate sigalgs list for TLS 1.3 including only modern algorithm choices which we use when the handshake will not negotiate TLS 1.2 - Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2 ok jsing@ tb@ | ||||
| * | Add client side of supported versions and keyshare extensions with basic regress | beck | 2019-01-18 | 1 | -1/+192 |
| | | | | | ok jsing@ | ||||
| * | Update regress following TLS extension renaming. | jsing | 2019-01-18 | 1 | -376/+375 |
| | | |||||
| * | Make sure the interop test happen last (since they take a long time) | beck | 2018-11-10 | 1 | -6/+6 |
| | | |||||
| * | Unbreak regress following Supported Elliptic Curve extension rename. | jsing | 2018-11-06 | 1 | -49/+49 |
| | | |||||
| * | Initialise new_cipher in the serverhello TLS extensions test, to avoid a | jsing | 2017-12-28 | 1 | -3/+14 |
| | | | | | | | | | | | NULL pointer dereference in ssl_using_ecc_cipher(). Some compilers avoid triggering this, likely due to the EC formats list also being NULL. While here, setup the EC formats list so that we actually include the EC points format extension in the server hello extensions. Found the hard way by bcook@ | ||||
| * | Add regress test coverage for building clienthello and serverhello | jsing | 2017-11-28 | 1 | -4/+201 |
| | | | | | | extensions, both with extensions being present and not present. The not present case currently fails. | ||||
| * | When parsing extensions by calling the parse functions directly, ensure | jsing | 2017-08-29 | 1 | -2/+82 |
| | | | | | | that we have consumed all of the extension data. This catches the ALPN extension handling issue that was just fixed. | ||||
| * | Rewrite SRTP extension using CBB/CBS and the new extension framework. | doug | 2017-08-27 | 1 | -1/+402 |
| | | | | | input + ok beck@, jsing@ | ||||
| * | check return value from CBB_init | beck | 2017-08-27 | 1 | -2/+3 |
| | | |||||
| * | Rewrite ALPN extension using CBB/CBS and the new extension framework. | doug | 2017-08-26 | 1 | -1/+381 |
| | | | | | | ok bcook@ beck@ input + ok jsing@ | ||||
| * | Rewrite the TLS status request extension to use the new TLS extension framework. | beck | 2017-08-12 | 1 | -1/+128 |
| | | | | | ok jsing@ | ||||
| * | Add regress coverage for the TLS signature algorithms extension. | jsing | 2017-08-12 | 1 | -1/+163 |
| | | |||||
| * | Rewrite session ticket TLS extension handling using CBB/CBS and the new | doug | 2017-08-12 | 1 | -1/+302 |
| | | | | | | | extension framework. ok jsing@ beck@ | ||||
| * | errant whitespace | beck | 2017-08-12 | 1 | -3/+3 |
| | | |||||
| * | Be consistent with goto labels, failure flag and use of FAIL macro. | jsing | 2017-08-11 | 1 | -128/+105 |
| | | |||||
| * | doug@ added code in here as well. | jsing | 2017-08-11 | 1 | -1/+2 |
| | | |||||
| * | Sort by extension/function name. | jsing | 2017-08-11 | 1 | -577/+576 |
| | | |||||
| * | Rewrite EllipticCurves TLS extension handling using CBB/CBS and the new | doug | 2017-08-11 | 1 | -1/+337 |
| | | | | | | | extension framework. input + ok jsing@ | ||||
| * | Rewrite the ECPointFormats TLS extension handling using CBB/CBS and the | doug | 2017-08-11 | 1 | -1/+470 |
| | | | | | | | new extension framework. input + ok jsing@ | ||||
| * | Extend the SNI tests to ensure that we have a hostname in the session | jsing | 2017-07-24 | 1 | -2/+31 |
| | | | | | | | after a successful tlsext_sni_serverhello_parse() and that tlsext_sni_clienthello_parse() fails if we have an existing session and the SNI is mismatched. | ||||
| * | Add regress coverage for the TLS Renegotiation Indication extension. | jsing | 2017-07-24 | 1 | -1/+266 |
| | | |||||
| * | Provide a new regress test for TLS extension handlers, currently covering | jsing | 2017-07-16 | 2 | -0/+254 |
| the newly converted SNI code. | |||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |