summaryrefslogtreecommitdiff
path: root/src/regress/lib/libssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Add regress that calls SSL_set_tlsext_host_name() with a NULL host name.jsing2021-11-021-1/+15
|
* Rework SNI hostname regress to be table driven.jsing2021-11-011-62/+147
| | | | | | | Also adjust for the changes to tlsext_sni_is_valid_hostname() and include tests for IPv4 and IPv6 literals. ok beck@
* Make this test compile again after the damage done in libcryptotb2021-10-311-19/+20
|
* openssl-ruby tests: rework for x509_alt.c r1.3 and r1.5.tb2021-10-281-6/+9
| | | | | | | ruby can no longer generate certs with bogus wildcards in it to check that they will fail to verify when creating TLS connections. It will throw an error. This change needs openssl-ruby-tests-20211024p0 or later to work.
* Free memory on text exit to make asan quieterbeck2021-10-261-53/+83
| | | | ok tb@
* Revise regress for removal of SSL_SESSION_INTERNAL.jsing2021-10-261-27/+27
|
* Add a regress test for TLS client/server.jsing2021-10-233-1/+496
| | | | | | | | | This currently exercises various combinations of TLS versions and their associated key exchange mechanisms. Note that this currently fails for TLSv1.0/TLSv1.1 with RSA KEX (to be fixed shortly). Over time all of the ssl regress should be moved into the dtls and tls regress tests.
* Revise regress test for tls13_buffer rename.jsing2021-10-231-14/+16
|
* Revise regress for tlsext_tick_lifetime_hint changing type.jsing2021-10-231-2/+2
|
* Pull in ssl_locl.h so that we can keep reaching into libssl internals.jsing2021-10-152-1/+4
|
* ssltest.c does not need param.htb2021-10-131-1/+0
| | | | From Jonas Termansen
* Remove __dead from usage() to reduce the diff needed to build LibreSSLtb2021-10-131-3/+3
| | | | | | on sortix. Prompted by a diff by Jonas Termansen
* Rework openssl-ruby-tests to run all passing tests first, thentb2021-09-091-4/+12
| | | | | | | | | | | run the one failing test as a separate regress test. This way, all regressions should be caught with REGRESS_FAIL_EARLY=yes or on bluhm's regress webpage. This needs an up-to-date openssl-ruby-tests package and an upcoming commit by beck in x509_verify.c to work. ok beck bluhm
* zap trailing whitespacetb2021-09-091-7/+7
|
* The default Ruby has switched to 3.0tb2021-09-061-2/+2
|
* Implement a -h option that allows specifying a target host thattb2021-09-031-9/+13
| | | | will be passed to the test scripts.
* Now that the issue is fixed, enable test-extensions.pytb2021-09-031-6/+2
|
* Make Bob happy.bluhm2021-09-031-1/+5
|
* Add -f to usagetb2021-09-021-2/+2
|
* hook verify regress test to buildtb2021-08-301-1/+2
|
* Revert accidental committb2021-08-307-35/+18
|
* link verify regress tests to buildtb2021-08-307-18/+35
|
* Reimplement part of the openssl/x509 regress tests in Ctb2021-08-303-0/+521
| | | | | | | | Instead of using s_client and s_server and complicated shell scripts, we can reuse the framework from the ssl_get_shared_cipher() regress test and inspect the verify return value directly. Discussed with beck jan jsing
* add new (unsupported) eddsa in certificate verify teststb2021-08-111-1/+3
|
* alarm(3) cannot fail, remove error handling.bluhm2021-07-061-3/+2
| | | | suggested by millert@
* Garbage collect do_test_cipherlist().jsing2021-07-031-45/+0
| | | | | This code no longer compiles and the equivalent test coverage has been added to regress/lib/libssl/ciphers (and is actually run).
* Add test that ensures ssl3_ciphers[] is sorted by cipher id.jsing2021-07-031-0/+37
|
* Rewrite get_put_test() as cipher_find_test().jsing2021-07-031-54/+25
| | | | | | The get_cipher_by_char() and put_cipher_by_char() pointers are no longer accessible on the SSL_METHOD (and soon will not even exist). Rewrite the test to use SSL_CIPHER_find() instead.
* Disable some code that reaches into libssl internals.jsing2021-06-301-0/+7
| | | | This should be moved to a dedicated regress test.
* Disable some tests that probably no longer make sense.jsing2021-06-301-0/+5
| | | | We'll either fix these or remove them in the near future.
* Pull in ssl_locl.h to allow for move of struct ssl_session_st.jsing2021-06-302-2/+5
|
* Add test coverage for TLSv1.3 client hellos.jsing2021-06-271-13/+166
| | | | | | This is a little bit clunky due to the number of things that vary (largely thanks to middlebox compatibility mode, along with the versions and key share extensions), however it works and can be improved at a later date.
* Add test coverage for DTLSv1.2 client hellos.jsing2021-06-271-7/+102
|
* Improve test coverage for SSL_OP_NO_DTLSv1.jsing2021-06-271-1/+9
|
* Teach hexdump() how to identify differing bytes.jsing2021-06-271-9/+13
| | | | | This allows differences between the received data and the test data to be more readily identified.
* More appropriately set cipher_list_len when AES acceleration is available.jsing2021-06-271-5/+6
|
* Tweak some data types and sprinkle some const.jsing2021-06-271-15/+15
|
* zap trailing whitespacetb2021-06-191-4/+7
|
* Add DTLS test cases that use non-zero initial epochs.jsing2021-06-192-5/+44
| | | | | | In particular, test handling of 0xfffe and 0xffff - the latter results in wrapping to zero for the next epoch. One of these tests triggers a known bug in libssl, which will be fixed following this commit.
* Add more complex DTLS tests for delay/reordering.jsing2021-06-191-17/+160
| | | | | These tests exercise the various queues and delayed processing that exists in the DTLS code.
* Expand comment that details why two DTLS tests currently fail.jsing2021-06-191-2/+5
| | | | | | | | | | | | | | | Two tests currently fail (and are disabled) due to a flaw in the DTLSv1.0 specification - this flaw was addressed in DTLSv1.2, however our DTLS server code still needs to support the fix. Quoting RFC 6347 section 4.2.4: "This requirement applies to DTLS 1.0 as well, and though not explicit in [DTLS1], it was always required for the state machine to function correctly." In otherwords, both the original DTLS implementation and the DTLSv1.0 specification have a broken state machine, resulting in possible dead lock.
* Provide the ability to delay/reorder DTLS packets.jsing2021-06-191-14/+147
| | | | | Add a test that delays the client CCS, resulting in it arriving after the client Finished message.
* Remove SSL_CTX_set_read_ahead() calls - it is now the default for DTLS.jsing2021-06-181-3/+1
|
* Rename shutdown_all() to shutdown_peers() for consistency.tb2021-05-041-3/+3
|
* Use limits.h instead of sys/limits.h in dtlstest.c for portableinoguchi2021-05-031-2/+2
| | | | discussed and input from jsing@
* Modify regress ssl_get_shared_ciphers for portableinoguchi2021-05-032-6/+6
| | | | | | | - Split out the intermediate path (../certs/) to Makefile - Change 'shutdown' to 'shutdown_all' ok tb@
* Hook openssl-ruby test to regress treetb2021-05-031-1/+2
|
* Add scaffold to run the ruby/openssl regression teststb2021-05-031-0/+72
| | | | | | | | | | | | | | | | | | This test depends on the ruby/ruby-openssl-tests port that bundles the sources and tests of the Ruby OpenSSL gem below /usr/local. The Makefile compiles the openssl.so shared object below obj/ that provides Ruby bindings for the OpenSSL API. Once this is built, the regression tests are run. There are currently 4 failing tests, all related to the new verifier. At least one libssl bug is hidden behind a pend. All this will hopefully be fixed during this release cycle. This adds a decent amount of test coverage without being overly expensive. This way, regressions should be spotted during development so jeremy will no longer have to chase and work around them. Joint work with jeremy, positive feedback from bcook and jsing.
* Enable test-renegotiation-changed-clienthello.py but skiptb2021-04-231-1/+7
| | | | | "drop extended_master_secret in renegotiation" since we don't support this extension.
* revert previous. some of the keyupdate tests still fail occasionallytb2021-04-141-2/+11
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 05:53:52 +0000