| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Some more c99 initializers for consistency and readability | tb | 2022-03-08 | 1 | -23/+62 |
| | | |||||
| * | Plug leaks reported by Ilya Shipitsin | tb | 2022-02-08 | 1 | -1/+5 |
| | | |||||
| * | Plug a number of leaks reported by Ilya Shipitsin | tb | 2022-02-08 | 1 | -2/+9 |
| | | |||||
| * | cope with recent S3I removal; ok tb@ | anton | 2022-02-06 | 1 | -2/+2 |
| | | |||||
| * | Add a workaround due to OpenSSL's limitation of SSL_CTX_set_cipher_list | tb | 2022-02-05 | 1 | -1/+5 |
| | | | | | | | | | | | | | | | | | SSL_CTX_set_cipher_list() in OpenSSL 1.1 does not accept TLSv1.3 ciphers. This wasn't a problem until now since the AEAD- ciphers were counted as distinct from TLS_ ciphers by the regress test, so they were never used in the {run,check}-cipher-${cipher}-client-${clib}-server-${slib} tests With the renaming, the TLSv1.3 ciphers are now considered as common ciphers, so they're tested. With openssl11 this results in 0:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl/ssl_lib.c:2573: The design of these tests doesn't allow easily adding a call to SSL_CTX_set_ciphersuites (since they also need to work with openssl 1.0.2) so skip the TLS_* ciphers for the time being. | ||||
| * | Mechanically adjust from AEAD- to TLS_ to adjust to the new cipher names. | tb | 2022-02-05 | 1 | -10/+5 |
| | | |||||
| * | Adjust the ssl_get_shared_ciphers to the new names. | tb | 2022-02-05 | 1 | -23/+23 |
| | | |||||
| * | Revise for S3I removal. | jsing | 2022-02-05 | 1 | -81/+81 |
| | | |||||
| * | Revise for peer_cert. | jsing | 2022-01-11 | 1 | -6/+6 |
| | | |||||
| * | Revise for changes to tls_key_share_peer_public() | jsing | 2022-01-11 | 1 | -2/+4 |
| | | |||||
| * | Let dtlstest peek into bio_local.h | tb | 2022-01-07 | 2 | -2/+4 |
| | | |||||
| * | Revise for change to tls_key_share_peer_public() | jsing | 2022-01-06 | 1 | -3/+2 |
| | | |||||
| * | Test CBB_add_u64() | jsing | 2022-01-06 | 1 | -2/+6 |
| | | |||||
| * | With openssl-ruby-tests 20220105, test_post_connection_check_wildcard_san | tb | 2022-01-06 | 1 | -2/+2 |
| | | | | | is now an unexpected pass, so remove it from the expected failures. | ||||
| * | Revise for tls13_key_share rename. | jsing | 2022-01-05 | 1 | -11/+11 |
| | | |||||
| * | Provide regress for SSL public APIs. | jsing | 2022-01-05 | 3 | -1/+387 |
| | | | | | | | This will largely test curly and inconsistent APIs that are not covered by other regress tests. Currently, this tests the wonder that is SSL_get_peer_cert_chain(). | ||||
| * | Plug memleaks | tb | 2021-12-29 | 1 | -3/+11 |
| | | | | | CID 345150 | ||||
| * | One more leak of the same kind | tb | 2021-12-29 | 1 | -2/+2 |
| | | |||||
| * | Plug memleak | tb | 2021-12-29 | 1 | -3/+3 |
| | | | | | CID 345160 | ||||
| * | Provide a set of RSA and ECDSA test certificates/keys. | jsing | 2021-12-27 | 30 | -0/+919 |
| | | | | | These are generated using the make-certs.sh script. | ||||
| * | Provide a script to generate test certificates/keys. | jsing | 2021-12-27 | 1 | -0/+263 |
| | | | | | | | | This will allow us to generate a variety of client and server certificates, including expired and revoked certificates, using both RSA and ECDSA. Discussed with tb@ | ||||
| * | Add coverage for CBS additions. | jsing | 2021-12-15 | 1 | -2/+50 |
| | | |||||
| * | Tell testers which packages to install right away (and why) | kn | 2021-12-02 | 3 | -3/+7 |
| | | | | | | | | Other regress tests do it differently; just fix/thouch those that did not mention any package name at all. This helps grepping logs for SKIPPED to find instructions for the next run. | ||||
| * | Prepare ssltest for opaque DH | tb | 2021-11-21 | 1 | -18/+39 |
| | | |||||
| * | Switch to BIO_up_ref() instead of adjusting references manually. | tb | 2021-11-20 | 2 | -16/+6 |
| | | |||||
| * | Use BIO_up_ref() instead of adjusting refcounts manually | tb | 2021-11-20 | 1 | -9/+3 |
| | | |||||
| * | Fix ssltest to work with opaque EVP_PKEY. | tb | 2021-11-18 | 1 | -22/+33 |
| | | |||||
| * | Add regress that calls SSL_set_tlsext_host_name() with a NULL host name. | jsing | 2021-11-02 | 1 | -1/+15 |
| | | |||||
| * | Rework SNI hostname regress to be table driven. | jsing | 2021-11-01 | 1 | -62/+147 |
| | | | | | | | | Also adjust for the changes to tlsext_sni_is_valid_hostname() and include tests for IPv4 and IPv6 literals. ok beck@ | ||||
| * | Make this test compile again after the damage done in libcrypto | tb | 2021-10-31 | 1 | -19/+20 |
| | | |||||
| * | openssl-ruby tests: rework for x509_alt.c r1.3 and r1.5. | tb | 2021-10-28 | 1 | -6/+9 |
| | | | | | | | | ruby can no longer generate certs with bogus wildcards in it to check that they will fail to verify when creating TLS connections. It will throw an error. This change needs openssl-ruby-tests-20211024p0 or later to work. | ||||
| * | Free memory on text exit to make asan quieter | beck | 2021-10-26 | 1 | -53/+83 |
| | | | | | ok tb@ | ||||
| * | Revise regress for removal of SSL_SESSION_INTERNAL. | jsing | 2021-10-26 | 1 | -27/+27 |
| | | |||||
| * | Add a regress test for TLS client/server. | jsing | 2021-10-23 | 3 | -1/+496 |
| | | | | | | | | | | This currently exercises various combinations of TLS versions and their associated key exchange mechanisms. Note that this currently fails for TLSv1.0/TLSv1.1 with RSA KEX (to be fixed shortly). Over time all of the ssl regress should be moved into the dtls and tls regress tests. | ||||
| * | Revise regress test for tls13_buffer rename. | jsing | 2021-10-23 | 1 | -14/+16 |
| | | |||||
| * | Revise regress for tlsext_tick_lifetime_hint changing type. | jsing | 2021-10-23 | 1 | -2/+2 |
| | | |||||
| * | Pull in ssl_locl.h so that we can keep reaching into libssl internals. | jsing | 2021-10-15 | 2 | -1/+4 |
| | | |||||
| * | ssltest.c does not need param.h | tb | 2021-10-13 | 1 | -1/+0 |
| | | | | | From Jonas Termansen | ||||
| * | Remove __dead from usage() to reduce the diff needed to build LibreSSL | tb | 2021-10-13 | 1 | -3/+3 |
| | | | | | | | on sortix. Prompted by a diff by Jonas Termansen | ||||
| * | Rework openssl-ruby-tests to run all passing tests first, then | tb | 2021-09-09 | 1 | -4/+12 |
| | | | | | | | | | | | | run the one failing test as a separate regress test. This way, all regressions should be caught with REGRESS_FAIL_EARLY=yes or on bluhm's regress webpage. This needs an up-to-date openssl-ruby-tests package and an upcoming commit by beck in x509_verify.c to work. ok beck bluhm | ||||
| * | zap trailing whitespace | tb | 2021-09-09 | 1 | -7/+7 |
| | | |||||
| * | The default Ruby has switched to 3.0 | tb | 2021-09-06 | 1 | -2/+2 |
| | | |||||
| * | Implement a -h option that allows specifying a target host that | tb | 2021-09-03 | 1 | -9/+13 |
| | | | | | will be passed to the test scripts. | ||||
| * | Now that the issue is fixed, enable test-extensions.py | tb | 2021-09-03 | 1 | -6/+2 |
| | | |||||
| * | Make Bob happy. | bluhm | 2021-09-03 | 1 | -1/+5 |
| | | |||||
| * | Add -f to usage | tb | 2021-09-02 | 1 | -2/+2 |
| | | |||||
| * | hook verify regress test to build | tb | 2021-08-30 | 1 | -1/+2 |
| | | |||||
| * | Revert accidental commit | tb | 2021-08-30 | 7 | -35/+18 |
| | | |||||
| * | link verify regress tests to build | tb | 2021-08-30 | 7 | -18/+35 |
| | | |||||
| * | Reimplement part of the openssl/x509 regress tests in C | tb | 2021-08-30 | 3 | -0/+521 |
| | | | | | | | | | Instead of using s_client and s_server and complicated shell scripts, we can reuse the framework from the ssl_get_shared_cipher() regress test and inspect the verify return value directly. Discussed with beck jan jsing | ||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |