summaryrefslogtreecommitdiff
path: root/src/regress/lib/libssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Disable some tests that probably no longer make sense.jsing2021-06-301-0/+5
| | | | We'll either fix these or remove them in the near future.
* Pull in ssl_locl.h to allow for move of struct ssl_session_st.jsing2021-06-302-2/+5
|
* Add test coverage for TLSv1.3 client hellos.jsing2021-06-271-13/+166
| | | | | | This is a little bit clunky due to the number of things that vary (largely thanks to middlebox compatibility mode, along with the versions and key share extensions), however it works and can be improved at a later date.
* Add test coverage for DTLSv1.2 client hellos.jsing2021-06-271-7/+102
|
* Improve test coverage for SSL_OP_NO_DTLSv1.jsing2021-06-271-1/+9
|
* Teach hexdump() how to identify differing bytes.jsing2021-06-271-9/+13
| | | | | This allows differences between the received data and the test data to be more readily identified.
* More appropriately set cipher_list_len when AES acceleration is available.jsing2021-06-271-5/+6
|
* Tweak some data types and sprinkle some const.jsing2021-06-271-15/+15
|
* zap trailing whitespacetb2021-06-191-4/+7
|
* Add DTLS test cases that use non-zero initial epochs.jsing2021-06-192-5/+44
| | | | | | In particular, test handling of 0xfffe and 0xffff - the latter results in wrapping to zero for the next epoch. One of these tests triggers a known bug in libssl, which will be fixed following this commit.
* Add more complex DTLS tests for delay/reordering.jsing2021-06-191-17/+160
| | | | | These tests exercise the various queues and delayed processing that exists in the DTLS code.
* Expand comment that details why two DTLS tests currently fail.jsing2021-06-191-2/+5
| | | | | | | | | | | | | | | Two tests currently fail (and are disabled) due to a flaw in the DTLSv1.0 specification - this flaw was addressed in DTLSv1.2, however our DTLS server code still needs to support the fix. Quoting RFC 6347 section 4.2.4: "This requirement applies to DTLS 1.0 as well, and though not explicit in [DTLS1], it was always required for the state machine to function correctly." In otherwords, both the original DTLS implementation and the DTLSv1.0 specification have a broken state machine, resulting in possible dead lock.
* Provide the ability to delay/reorder DTLS packets.jsing2021-06-191-14/+147
| | | | | Add a test that delays the client CCS, resulting in it arriving after the client Finished message.
* Remove SSL_CTX_set_read_ahead() calls - it is now the default for DTLS.jsing2021-06-181-3/+1
|
* Rename shutdown_all() to shutdown_peers() for consistency.tb2021-05-041-3/+3
|
* Use limits.h instead of sys/limits.h in dtlstest.c for portableinoguchi2021-05-031-2/+2
| | | | discussed and input from jsing@
* Modify regress ssl_get_shared_ciphers for portableinoguchi2021-05-032-6/+6
| | | | | | | - Split out the intermediate path (../certs/) to Makefile - Change 'shutdown' to 'shutdown_all' ok tb@
* Hook openssl-ruby test to regress treetb2021-05-031-1/+2
|
* Add scaffold to run the ruby/openssl regression teststb2021-05-031-0/+72
| | | | | | | | | | | | | | | | | | This test depends on the ruby/ruby-openssl-tests port that bundles the sources and tests of the Ruby OpenSSL gem below /usr/local. The Makefile compiles the openssl.so shared object below obj/ that provides Ruby bindings for the OpenSSL API. Once this is built, the regression tests are run. There are currently 4 failing tests, all related to the new verifier. At least one libssl bug is hidden behind a pend. All this will hopefully be fixed during this release cycle. This adds a decent amount of test coverage without being overly expensive. This way, regressions should be spotted during development so jeremy will no longer have to chase and work around them. Joint work with jeremy, positive feedback from bcook and jsing.
* Enable test-renegotiation-changed-clienthello.py but skiptb2021-04-231-1/+7
| | | | | "drop extended_master_secret in renegotiation" since we don't support this extension.
* revert previous. some of the keyupdate tests still fail occasionallytb2021-04-141-2/+11
|
* Enable test-tls13-keyupdate.pytb2021-04-141-9/+2
|
* move test-record-size-limit.py to unsupportedtb2021-04-141-4/+3
|
* enable test-record-layer-fragmentation.pytb2021-04-141-7/+2
|
* factor argument to catch an alert mismatch into a helper functiontb2021-04-141-7/+8
|
* enable test-tlsfuzzer-invalid-compression-methods.pytb2021-04-131-5/+10
|
* enable test-large-hello.py as a slow testtb2021-04-131-3/+2
|
* with new defaults, test-fuzzed-plaintext.py is no longer slowtb2021-04-131-3/+2
|
* move a few tests to the unsupported group and fix two commentstb2021-04-131-15/+15
|
* annotate test-ecdhe-rsa-key-exchange-with-bad-messages.py with expectedtb2021-04-131-2/+3
| | | | alerts and where to add them.
* Enable test-cve-2016-6309.pytb2021-04-081-3/+2
|
* Fix two copy paste errors in error messagestb2021-04-041-3/+3
|
* Add tests for DTLSv1_2{,_client,_server}_method()tb2021-04-041-1/+20
|
* Use correct type for tmp in test_write_bytes()tb2021-04-041-2/+2
|
* Add regress coverage for TLSv1.2 record number increment.jsing2021-03-291-8/+151
|
* The failure mode of test-tls13-version-negotiation.py has changed.tb2021-03-281-4/+2
| | | | Update comment.
* Enable test-sig-algs-renegotiation-resumption.py.tb2021-03-271-5/+6
| | | | | | | This test covers various scenarios with renegotiation and session resumption. In particular it crashes the OpenSSL 1.1.1j server due to the sigalg NULL deref fixed this week. We need --sig-algs-drop-ok since we do not currently implement signature_algorithms_cert.
* Add test-sig-algs-renegotiation-resumption.pytb2021-03-261-1/+5
| | | | This test currently fails but may soon be fixed.
* The server only sends a cookie during a HRR, not a SHtb2021-03-241-4/+4
|
* Update regress for new_cipher rename.jsing2021-03-242-6/+6
|
* Plug a few memory leaks reported by Ilya Shipitsintb2021-03-221-9/+7
|
* Revise regress to match handshake struct changes.jsing2021-03-211-18/+18
|
* typotb2021-03-201-2/+2
|
* Add new test-tls13-multiple-ccs-messages.pytb2021-03-201-1/+8
| | | | | | | | | | | This is a test that checks for NSS's CCS flood DoS CVE-2020-25648. The test script currently fails on LibreSSL and OpenSSL 1.1.1j because it sends invalid records with version 0x0300 instead of 0x0303. We have the ccs_seen logic corresponding to NSS's fix: https://hg.mozilla.org/projects/nss/rev/57bbefa793232586d27cee83e74411171e128361 but we do allow up to two CCS due to an interop issue with Fizz, so at least one of the tests will likey be broken once the record version is fixed.
* Update for DTLSv1.2 being enabled.jsing2021-03-171-4/+4
|
* Update for DTLSv1.2 version handling.jsing2021-03-171-6/+90
|
* Revise TLS extension regress to match version handling changes.jsing2021-03-101-57/+25
|
* Update regress to match TLS versions change.jsing2021-02-251-6/+6
|
* Revise regress to match change in SSL{_CTX,}_get_{min,max}_proto_version().jsing2021-02-201-34/+45
|
* Update DTLS client hello due to ECC changes.jsing2021-02-081-5/+8
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 17:32:15 +0000