summaryrefslogtreecommitdiff
path: root/src/regress/lib/libssl/unit (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Use the new certificates/chains in regress.jsing2024-03-201-2/+2
| | | | | | | | | | The new certificates are more representative of the real world. The old certificates use weak algorithms and expire in the very near future. Most of our regress has already been switched over, this changes the remainder. Thanks to Bernhard M. Wiedemann for reminding us of the upcoming expiry. ok tb@
* Remove GOST and STREEBOG support from libssl.beck2024-02-031-47/+1
| | | | | | | | | | | | | | | | | | This version of GOST is old and not anywhere close to compliant with modern GOST standards. It is also very intrusive in libssl and makes a mess everywhere. Efforts to entice a suitably minded anyone to care about it have been unsuccessful. At this point it is probably best to remove this, and if someone ever showed up who truly needed a working version, it should be a clean implementation from scratch, and have it use something closer to the typical API in libcrypto so it would integrate less painfully here. This removes it from libssl in preparation for it's removal from libcrypto with a future major bump ok tb@
* Disable TLS 1.0 and TLS 1.1 in libsslbeck2023-07-021-34/+34
| | | | | | | | | | | | Their time has long since past, and they should not be used. This change restricts ssl to versions 1.2 and 1.3, and changes the regression tests to understand we no longer speak the legacy protocols. For the moment the magical "golden" byte for byte comparison tests of raw handshake values are disabled util jsing fixes them. ok jsing@ tb@
* Copy the verify param hostflags independently of the host listtb2023-05-241-3/+1
| | | | | | | | | | | | | | | | Without this, hostflags set on the SSL_CTX would not propagate to newly created SSL. This is surprising behavior that was changed in OpenSSL 1.1 by Christian Heimes after the issue was flagged by Quentin Pradet: https://bugs.python.org/issue43522 This is a version of the fix that landed in OpenSSL. There used to be a workaround in place in urllib3, but that was removed at some point. We haven't fixed this earlier since it wasn't reported. It only showed up after recent fallout of extraordinarily strict library checking in urllib3 coming from their own interpretation of the implications of PEP 644. ok jsing
* Add a test to verify that an SSL inherits the hostflags from the SSL_CTXtb2023-05-242-1/+105
| | | | This is currently an expected failure that will be fixed shortly.
* Revise cipher list regress coverage of SSL_set_security_level().jsing2022-12-171-21/+43
| | | | | | | A SSL_set_security_level() call was added to the cipher list regress, which expects a failure - however, it should succeed and fails for a completely unrelated reason. Rework this regress so that it actually passes and tests for the expected behaviour.
* regres/libssl/unit: simplify Makefiletb2022-12-021-20/+10
|
* Make internal header file names consistenttb2022-11-264-8/+8
| | | | | | | | | | | | | | | | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
* Revise for SSL_CTX_INTERNAL and SSL_INTERNAL removal.jsing2022-10-023-12/+12
|
* Make test table based, extend it a littletb2022-07-211-69/+117
|
* link ssl_set_alpn_protos to regresstb2022-07-201-1/+2
|
* Add a quick and dirty regress for SSL{_CTX,}_set_alpn_protos()tb2022-07-201-0/+156
|
* Add some minimal regress coverage for the security level.tb2022-07-071-1/+6
| | | | From beck
* More %i vs %d cleanuptb2022-06-101-4/+4
|
* Plug leaks reported by Ilya Shipitsintb2022-02-081-1/+5
|
* cope with recent S3I removal; ok tb@anton2022-02-061-2/+2
|
* Adjust the ssl_get_shared_ciphers to the new names.tb2022-02-051-23/+23
|
* Plug memleakstb2021-12-291-3/+11
| | | | CID 345150
* Improve test coverage for SSL_OP_NO_DTLSv1.jsing2021-06-271-1/+9
|
* Rename shutdown_all() to shutdown_peers() for consistency.tb2021-05-041-3/+3
|
* Modify regress ssl_get_shared_ciphers for portableinoguchi2021-05-032-6/+6
| | | | | | | - Split out the intermediate path (../certs/) to Makefile - Change 'shutdown' to 'shutdown_all' ok tb@
* Fix two copy paste errors in error messagestb2021-04-041-3/+3
|
* Add tests for DTLSv1_2{,_client,_server}_method()tb2021-04-041-1/+20
|
* Update regress for new_cipher rename.jsing2021-03-241-2/+2
|
* Update for DTLSv1.2 being enabled.jsing2021-03-171-4/+4
|
* Update for DTLSv1.2 version handling.jsing2021-03-171-6/+90
|
* Update regress to match TLS versions change.jsing2021-02-251-6/+6
|
* Revise regress to match change in SSL{_CTX,}_get_{min,max}_proto_version().jsing2021-02-201-34/+45
|
* don't set AUTO_RETRY. it's a remnant of an experiment.tb2021-01-211-3/+1
|
* A few minor tweaks to make my OCD happy.tb2021-01-121-12/+9
| | | | | Sort headers, unwrap a line, fix grammar in spelling and simplify the check for test failure.
* Print error if SSL_{connect,accept,shutdown}(3) don't run to completion.tb2021-01-111-3/+13
|
* Shut down the TLS connections properly.tb2021-01-111-3/+28
|
* Include headers used instead of relying on ssl.h pulling in the world.tb2021-01-111-1/+7
|
* Merge handshake_loop() into handshake(). There's no benefit in havingtb2021-01-101-18/+7
| | | | this factored into a separate function.
* tweak a commenttb2021-01-101-2/+2
|
* Link shared ciphers test to buildtb2021-01-101-1/+3
|
* Add a regress for SSL_get_shared_ciphers() for the change of returnedtb2021-01-101-0/+457
| | | | | | ciphers in ssl_lib.c r1.240 and TLSv1.3 support in tls13_server.c r1.69. requested by jsing
* whitespacetb2021-01-092-7/+7
|
* Extend the methods test to cover dtls methods as welltb2020-12-011-1/+57
|
* Enable ssl_methods unit test.tb2020-12-011-1/+2
|
* Add an ssl_methods() unit test that currently only covers thetb2020-12-011-0/+192
| | | | | behavior of SSL_is_server(). This would have caught the regression introduced in the method unification.
* Update TLS versions to match TLSv1.3 being enabled for TLS_method().jsing2020-08-091-8/+8
|
* Fix regress test so that it exits non-zero for failure cases.jsing2020-08-091-1/+11
|
* adjust alpn extension test to new argument ordertb2020-07-031-3/+3
|
* Use correct define.jsing2019-04-041-2/+2
|
* Update regress following TLS extension renaming.jsing2019-01-181-3/+3
|
* Add TLSv1.3 to version regress tests.jsing2018-11-061-4/+80
|
* Update regress for DES cipher suite removal.jsing2018-06-021-3/+1
|
* Provide SSL_CTX_get_min_proto_version and SSL_CTX_get_max_proto_versionjca2018-03-151-13/+13
| | | | | | | | | We already provided the setters, so also provide the getters like OpenSSL does. Addition prompted by the use of those functions in recent openvpn releases. manpage diff from schwarze@ (thanks!) with input from jsing@, ok tb@ jsing@
* Update regress to use tlsext_serverhello_parse().jsing2018-02-081-5/+3
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-22 18:17:18 +0000