summaryrefslogtreecommitdiff
path: root/src/regress/lib/libssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Pull in ssl_locl.h so that we can keep reaching into libssl internals.jsing2021-10-152-1/+4
|
* ssltest.c does not need param.htb2021-10-131-1/+0
| | | | From Jonas Termansen
* Remove __dead from usage() to reduce the diff needed to build LibreSSLtb2021-10-131-3/+3
| | | | | | on sortix. Prompted by a diff by Jonas Termansen
* Rework openssl-ruby-tests to run all passing tests first, thentb2021-09-091-4/+12
| | | | | | | | | | | run the one failing test as a separate regress test. This way, all regressions should be caught with REGRESS_FAIL_EARLY=yes or on bluhm's regress webpage. This needs an up-to-date openssl-ruby-tests package and an upcoming commit by beck in x509_verify.c to work. ok beck bluhm
* zap trailing whitespacetb2021-09-091-7/+7
|
* The default Ruby has switched to 3.0tb2021-09-061-2/+2
|
* Implement a -h option that allows specifying a target host thattb2021-09-031-9/+13
| | | | will be passed to the test scripts.
* Now that the issue is fixed, enable test-extensions.pytb2021-09-031-6/+2
|
* Make Bob happy.bluhm2021-09-031-1/+5
|
* Add -f to usagetb2021-09-021-2/+2
|
* hook verify regress test to buildtb2021-08-301-1/+2
|
* Revert accidental committb2021-08-307-35/+18
|
* link verify regress tests to buildtb2021-08-307-18/+35
|
* Reimplement part of the openssl/x509 regress tests in Ctb2021-08-303-0/+521
| | | | | | | | Instead of using s_client and s_server and complicated shell scripts, we can reuse the framework from the ssl_get_shared_cipher() regress test and inspect the verify return value directly. Discussed with beck jan jsing
* add new (unsupported) eddsa in certificate verify teststb2021-08-111-1/+3
|
* alarm(3) cannot fail, remove error handling.bluhm2021-07-061-3/+2
| | | | suggested by millert@
* Garbage collect do_test_cipherlist().jsing2021-07-031-45/+0
| | | | | This code no longer compiles and the equivalent test coverage has been added to regress/lib/libssl/ciphers (and is actually run).
* Add test that ensures ssl3_ciphers[] is sorted by cipher id.jsing2021-07-031-0/+37
|
* Rewrite get_put_test() as cipher_find_test().jsing2021-07-031-54/+25
| | | | | | The get_cipher_by_char() and put_cipher_by_char() pointers are no longer accessible on the SSL_METHOD (and soon will not even exist). Rewrite the test to use SSL_CIPHER_find() instead.
* Disable some code that reaches into libssl internals.jsing2021-06-301-0/+7
| | | | This should be moved to a dedicated regress test.
* Disable some tests that probably no longer make sense.jsing2021-06-301-0/+5
| | | | We'll either fix these or remove them in the near future.
* Pull in ssl_locl.h to allow for move of struct ssl_session_st.jsing2021-06-302-2/+5
|
* Add test coverage for TLSv1.3 client hellos.jsing2021-06-271-13/+166
| | | | | | This is a little bit clunky due to the number of things that vary (largely thanks to middlebox compatibility mode, along with the versions and key share extensions), however it works and can be improved at a later date.
* Add test coverage for DTLSv1.2 client hellos.jsing2021-06-271-7/+102
|
* Improve test coverage for SSL_OP_NO_DTLSv1.jsing2021-06-271-1/+9
|
* Teach hexdump() how to identify differing bytes.jsing2021-06-271-9/+13
| | | | | This allows differences between the received data and the test data to be more readily identified.
* More appropriately set cipher_list_len when AES acceleration is available.jsing2021-06-271-5/+6
|
* Tweak some data types and sprinkle some const.jsing2021-06-271-15/+15
|
* zap trailing whitespacetb2021-06-191-4/+7
|
* Add DTLS test cases that use non-zero initial epochs.jsing2021-06-192-5/+44
| | | | | | In particular, test handling of 0xfffe and 0xffff - the latter results in wrapping to zero for the next epoch. One of these tests triggers a known bug in libssl, which will be fixed following this commit.
* Add more complex DTLS tests for delay/reordering.jsing2021-06-191-17/+160
| | | | | These tests exercise the various queues and delayed processing that exists in the DTLS code.
* Expand comment that details why two DTLS tests currently fail.jsing2021-06-191-2/+5
| | | | | | | | | | | | | | | Two tests currently fail (and are disabled) due to a flaw in the DTLSv1.0 specification - this flaw was addressed in DTLSv1.2, however our DTLS server code still needs to support the fix. Quoting RFC 6347 section 4.2.4: "This requirement applies to DTLS 1.0 as well, and though not explicit in [DTLS1], it was always required for the state machine to function correctly." In otherwords, both the original DTLS implementation and the DTLSv1.0 specification have a broken state machine, resulting in possible dead lock.
* Provide the ability to delay/reorder DTLS packets.jsing2021-06-191-14/+147
| | | | | Add a test that delays the client CCS, resulting in it arriving after the client Finished message.
* Remove SSL_CTX_set_read_ahead() calls - it is now the default for DTLS.jsing2021-06-181-3/+1
|
* Rename shutdown_all() to shutdown_peers() for consistency.tb2021-05-041-3/+3
|
* Use limits.h instead of sys/limits.h in dtlstest.c for portableinoguchi2021-05-031-2/+2
| | | | discussed and input from jsing@
* Modify regress ssl_get_shared_ciphers for portableinoguchi2021-05-032-6/+6
| | | | | | | - Split out the intermediate path (../certs/) to Makefile - Change 'shutdown' to 'shutdown_all' ok tb@
* Hook openssl-ruby test to regress treetb2021-05-031-1/+2
|
* Add scaffold to run the ruby/openssl regression teststb2021-05-031-0/+72
| | | | | | | | | | | | | | | | | | This test depends on the ruby/ruby-openssl-tests port that bundles the sources and tests of the Ruby OpenSSL gem below /usr/local. The Makefile compiles the openssl.so shared object below obj/ that provides Ruby bindings for the OpenSSL API. Once this is built, the regression tests are run. There are currently 4 failing tests, all related to the new verifier. At least one libssl bug is hidden behind a pend. All this will hopefully be fixed during this release cycle. This adds a decent amount of test coverage without being overly expensive. This way, regressions should be spotted during development so jeremy will no longer have to chase and work around them. Joint work with jeremy, positive feedback from bcook and jsing.
* Enable test-renegotiation-changed-clienthello.py but skiptb2021-04-231-1/+7
| | | | | "drop extended_master_secret in renegotiation" since we don't support this extension.
* revert previous. some of the keyupdate tests still fail occasionallytb2021-04-141-2/+11
|
* Enable test-tls13-keyupdate.pytb2021-04-141-9/+2
|
* move test-record-size-limit.py to unsupportedtb2021-04-141-4/+3
|
* enable test-record-layer-fragmentation.pytb2021-04-141-7/+2
|
* factor argument to catch an alert mismatch into a helper functiontb2021-04-141-7/+8
|
* enable test-tlsfuzzer-invalid-compression-methods.pytb2021-04-131-5/+10
|
* enable test-large-hello.py as a slow testtb2021-04-131-3/+2
|
* with new defaults, test-fuzzed-plaintext.py is no longer slowtb2021-04-131-3/+2
|
* move a few tests to the unsupported group and fix two commentstb2021-04-131-15/+15
|
* annotate test-ecdhe-rsa-key-exchange-with-bad-messages.py with expectedtb2021-04-131-2/+3
| | | | alerts and where to add them.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-23 11:09:39 +0000