summaryrefslogtreecommitdiff
path: root/src/regress/lib/libssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* add arguments to skip a bunch of x448 teststb2020-10-071-3/+18
|
* Hook up tlslegacy regress.jsing2020-10-071-1/+2
|
* Add regress tests for switching from the new TLS stack to the legacy stack.jsing2020-10-072-0/+642
| | | | | | This includes a test where the server response includes multiple handhshake messages in the single TLS plaintext record (which would have caught the bug just fixed in tls13_legacy.c).
* move test-tls13-finished.py from slow tests to normal tests.tb2020-09-251-27/+26
|
* test-tls13-finished.py has 70 failing tests that expect a "decode_error"tb2020-09-251-6/+94
| | | | | | instead of the "decrypt_error" sent by tls13_server_finished_recv(). Both alerts appear to be reasonable in this context, so enable the tests while working around this.
* delete a stale commenttb2020-09-251-5/+1
|
* 1) Move the interop tests to the end so we see tlsfuzzer firstbeck2020-09-215-9/+35
| | | | | | | | | | 2) Reorder the interop tests so the really slow "cert" test is at the end 3) Change the cert tests to use REGRESS_SLOW_TARGETS when testing combination of client and server that does not involve libressl. This way we can skip testing openssl to openssl11 when running these manually by setting REGRESS_SKIP_SLOW to "yet" in mk.conf ok jsing@
* Add cipher set tests with empty SSL_set_ciphersuites().jsing2020-09-161-0/+22
|
* Correct cipher_set_test() when run on a machine without AES acceleration.jsing2020-09-161-1/+19
| | | | Noted by bcook@ and inoguchi@ while working on portable.
* Make cipher_set_test() log failures and continue, rather than aborting.jsing2020-09-161-11/+3
|
* Test botan TLS client with libressl, openssl, openssl11 server.bluhm2020-09-154-6/+305
|
* Connect a client to a server. Both can be current libressl, orbluhm2020-09-145-10/+193
| | | | | | | openssl 1.0.2, or openssl 1.1. Pin client or server to a fixed TLS version number. Incompatible versions must fail. Check that client and server have used correct version by grepping in their session print out.
* Add regress for SSL_{CTX_,}set_ciphersuites().jsing2020-09-132-7/+318
|
* If CPU does not support AES-NI, LibreSSL TLS 1.3 client prefersbluhm2020-09-121-9/+18
| | | | chacha-poly over aes-gcm. Expect both fallbacks for non 1.3 ciphers.
* Enable cert and cipher interop tests. cert just works. cipher hasbluhm2020-09-113-55/+35
| | | | | | | | been fixed to work with libressl TLS 1.3. Both libressl and openssl11 replace obsolete TLS 1.2 ciphers with AEAD-AES256-GCM-SHA384 or TLS_AES_256_GCM_SHA384 in TLS 1.3 respectively. The test expects that now. Currently GOST does not work with libressl and TLS 1.3 and is disabled.
* Enable test-tls13-large-number-of-extensions.pytb2020-09-101-2/+7
| | | | | | Skip sending an empty ECPF extension for now: we don't accept it since according to RFC 4492 and 8422 it needs to advertise uncompressed point formats.
* Also print a list of missing scripts in summarytb2020-08-171-5/+10
|
* Avoid test failures due to outdated packagestb2020-08-171-1/+6
| | | | | Indicate missing test scripts prominently in the result but do not count them as an error.
* enable jsing's zero content type testtb2020-08-151-1/+2
|
* I accidentally zeored out a few bytes of the TLSv1.0 session ID.tb2020-08-111-1/+1
| | | | Restore them to their previous values.
* Update TLS versions to match TLSv1.3 being enabled for TLS_method().jsing2020-08-091-8/+8
|
* Fix regress test so that it exits non-zero for failure cases.jsing2020-08-091-1/+11
|
* Update golden values to match P-521 being enabled by default in the client.jsing2020-08-091-20/+21
| | | | Diff from tb@
* Update golden values to match P-521 being enabled by default in the client.jsing2020-08-091-10/+11
|
* Session resumption is not currently supported for TLSv1.3.tb2020-08-081-4/+4
|
* Enable P-521 and run the tests that use it.tb2020-08-081-5/+3
|
* Force TLSv1.2 when testing SSLv3/TLSv1.2 cipher suites.jsing2020-07-141-1/+1
| | | | Otherwise we end up switching to TLSv1.3 and using a TLSv1.3 cipher suite.
* Add a -tls1_2 option so we can force TLSv1.2 for testing.jsing2020-07-141-5/+9
|
* Remove temporary RSA keys/callbacks code.jsing2020-07-071-43/+0
| | | | This was removed from libssl a very long time ago...
* Test TLSv1.3 ciphersuites now that TLS_method() supports TLSv1.3.jsing2020-07-071-0/+12
|
* tlsexttest: pass message type to the extension functionstb2020-07-031-144/+144
| | | | ok beck jsing
* adjust alpn extension test to new argument ordertb2020-07-031-3/+3
|
* adjust tlsexttest to new argument ordertb2020-07-031-5/+5
|
* enable test-tls13-keyshare-omitted.pytb2020-06-241-5/+2
|
* Add test-ffdhe-expected-params.pytb2020-06-241-1/+2
|
* Enable lucky 13 test.tb2020-06-191-5/+2
|
* Add lucky13 and bleichenbacher-timing teststb2020-06-101-1/+7
|
* Implement a rolling hash of the ClientHello message, Enforce RFC 8446beck2020-06-061-2/+2
| | | | | | | | section 4.1.2 to ensure subsequent ClientHello messages after a HelloRetryRequest messages must be unchanged from the initial ClientHello. ok tb@ jsing@
* Enable the record layer limits test and mark two finished test cases astb2020-06-031-5/+8
| | | | | xfail for now. Arguably, the expected decode_error is more appropriate than the decrypt_error that we send at the moment.
* Enable the test-tls13-zero-length-data.py test, skipping thetb2020-06-011-8/+10
| | | | three tests that fail due to a BIO_gets() bug.
* Enable test-dhe-rsa-key-exchange-with-bad-messages.pytb2020-06-011-4/+2
|
* Previous commit caught a few errx() cases by accident. undo them.tb2020-05-241-25/+25
|
* include newlines in FAIL messagestb2020-05-241-108/+108
|
* address some nits from jsingtb2020-05-241-7/+11
|
* The version detection doesn't work on bluhm's test machine, causingtb2020-05-241-3/+3
| | | | | | | the test to fail. Neuter it for now and just assume we do TLSv1.3. I have been intending to purge this version detection hack once I'm sure we can leave the 1.3 server enabled but I'll leave it here for now.
* Define REGRESS_TARGETS explicitly.tb2020-05-231-2/+4
|
* Enforce that SNI hostnames be correct as per rfc 6066 and 5980.beck2020-05-231-1/+79
| | | | | | | Correct SNI alerts to differentiate between illegal parameter and an unknown name. ok tb@`
* beck fixed most of the keyupdate tests. update annotationtb2020-05-211-3/+8
|
* hook tlsfuzzer to regresstb2020-05-211-1/+2
|
* Add a harness that runs tests from tlsfuzzertb2020-05-212-0/+781
| | | | | | | | | | | | | This currently runs 54 tests from the tlsfuzzer suite against the TLSv1.3 server which exercise a large portion of the code. They already found a number of bugs and misbehaviors and also inspired a few diffs currently in the pipeline. This regress requires the py3-tlsfuzzer package to be installed, otherwise the tests are skipped. Many thanks to kmos for helping with the ports side and to beck for his positive feedback. ok beck
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-23 11:15:24 +0000