| Commit message (Collapse) | Author | Age | Files | Lines | ||
|---|---|---|---|---|---|---|
| ... | ||||||
| * | Correct cipher_set_test() when run on a machine without AES acceleration. | jsing | 2020-09-16 | 1 | -1/+19 | |
| | | | | | Noted by bcook@ and inoguchi@ while working on portable. | |||||
| * | Make cipher_set_test() log failures and continue, rather than aborting. | jsing | 2020-09-16 | 1 | -11/+3 | |
| | | ||||||
| * | Test botan TLS client with libressl, openssl, openssl11 server. | bluhm | 2020-09-15 | 4 | -6/+305 | |
| | | ||||||
| * | Connect a client to a server. Both can be current libressl, or | bluhm | 2020-09-14 | 5 | -10/+193 | |
| | | | | | | | | openssl 1.0.2, or openssl 1.1. Pin client or server to a fixed TLS version number. Incompatible versions must fail. Check that client and server have used correct version by grepping in their session print out. | |||||
| * | Add regress for SSL_{CTX_,}set_ciphersuites(). | jsing | 2020-09-13 | 2 | -7/+318 | |
| | | ||||||
| * | If CPU does not support AES-NI, LibreSSL TLS 1.3 client prefers | bluhm | 2020-09-12 | 1 | -9/+18 | |
| | | | | | chacha-poly over aes-gcm. Expect both fallbacks for non 1.3 ciphers. | |||||
| * | Enable cert and cipher interop tests. cert just works. cipher has | bluhm | 2020-09-11 | 3 | -55/+35 | |
| | | | | | | | | | been fixed to work with libressl TLS 1.3. Both libressl and openssl11 replace obsolete TLS 1.2 ciphers with AEAD-AES256-GCM-SHA384 or TLS_AES_256_GCM_SHA384 in TLS 1.3 respectively. The test expects that now. Currently GOST does not work with libressl and TLS 1.3 and is disabled. | |||||
| * | Enable test-tls13-large-number-of-extensions.py | tb | 2020-09-10 | 1 | -2/+7 | |
| | | | | | | | Skip sending an empty ECPF extension for now: we don't accept it since according to RFC 4492 and 8422 it needs to advertise uncompressed point formats. | |||||
| * | Also print a list of missing scripts in summary | tb | 2020-08-17 | 1 | -5/+10 | |
| | | ||||||
| * | Avoid test failures due to outdated packages | tb | 2020-08-17 | 1 | -1/+6 | |
| | | | | | | Indicate missing test scripts prominently in the result but do not count them as an error. | |||||
| * | enable jsing's zero content type test | tb | 2020-08-15 | 1 | -1/+2 | |
| | | ||||||
| * | I accidentally zeored out a few bytes of the TLSv1.0 session ID. | tb | 2020-08-11 | 1 | -1/+1 | |
| | | | | | Restore them to their previous values. | |||||
| * | Update TLS versions to match TLSv1.3 being enabled for TLS_method(). | jsing | 2020-08-09 | 1 | -8/+8 | |
| | | ||||||
| * | Fix regress test so that it exits non-zero for failure cases. | jsing | 2020-08-09 | 1 | -1/+11 | |
| | | ||||||
| * | Update golden values to match P-521 being enabled by default in the client. | jsing | 2020-08-09 | 1 | -20/+21 | |
| | | | | | Diff from tb@ | |||||
| * | Update golden values to match P-521 being enabled by default in the client. | jsing | 2020-08-09 | 1 | -10/+11 | |
| | | ||||||
| * | Session resumption is not currently supported for TLSv1.3. | tb | 2020-08-08 | 1 | -4/+4 | |
| | | ||||||
| * | Enable P-521 and run the tests that use it. | tb | 2020-08-08 | 1 | -5/+3 | |
| | | ||||||
| * | Force TLSv1.2 when testing SSLv3/TLSv1.2 cipher suites. | jsing | 2020-07-14 | 1 | -1/+1 | |
| | | | | | Otherwise we end up switching to TLSv1.3 and using a TLSv1.3 cipher suite. | |||||
| * | Add a -tls1_2 option so we can force TLSv1.2 for testing. | jsing | 2020-07-14 | 1 | -5/+9 | |
| | | ||||||
| * | Remove temporary RSA keys/callbacks code. | jsing | 2020-07-07 | 1 | -43/+0 | |
| | | | | | This was removed from libssl a very long time ago... | |||||
| * | Test TLSv1.3 ciphersuites now that TLS_method() supports TLSv1.3. | jsing | 2020-07-07 | 1 | -0/+12 | |
| | | ||||||
| * | tlsexttest: pass message type to the extension functions | tb | 2020-07-03 | 1 | -144/+144 | |
| | | | | | ok beck jsing | |||||
| * | adjust alpn extension test to new argument order | tb | 2020-07-03 | 1 | -3/+3 | |
| | | ||||||
| * | adjust tlsexttest to new argument order | tb | 2020-07-03 | 1 | -5/+5 | |
| | | ||||||
| * | enable test-tls13-keyshare-omitted.py | tb | 2020-06-24 | 1 | -5/+2 | |
| | | ||||||
| * | Add test-ffdhe-expected-params.py | tb | 2020-06-24 | 1 | -1/+2 | |
| | | ||||||
| * | Enable lucky 13 test. | tb | 2020-06-19 | 1 | -5/+2 | |
| | | ||||||
| * | Add lucky13 and bleichenbacher-timing tests | tb | 2020-06-10 | 1 | -1/+7 | |
| | | ||||||
| * | Implement a rolling hash of the ClientHello message, Enforce RFC 8446 | beck | 2020-06-06 | 1 | -2/+2 | |
| | | | | | | | | | section 4.1.2 to ensure subsequent ClientHello messages after a HelloRetryRequest messages must be unchanged from the initial ClientHello. ok tb@ jsing@ | |||||
| * | Enable the record layer limits test and mark two finished test cases as | tb | 2020-06-03 | 1 | -5/+8 | |
| | | | | | | xfail for now. Arguably, the expected decode_error is more appropriate than the decrypt_error that we send at the moment. | |||||
| * | Enable the test-tls13-zero-length-data.py test, skipping the | tb | 2020-06-01 | 1 | -8/+10 | |
| | | | | | three tests that fail due to a BIO_gets() bug. | |||||
| * | Enable test-dhe-rsa-key-exchange-with-bad-messages.py | tb | 2020-06-01 | 1 | -4/+2 | |
| | | ||||||
| * | Previous commit caught a few errx() cases by accident. undo them. | tb | 2020-05-24 | 1 | -25/+25 | |
| | | ||||||
| * | include newlines in FAIL messages | tb | 2020-05-24 | 1 | -108/+108 | |
| | | ||||||
| * | address some nits from jsing | tb | 2020-05-24 | 1 | -7/+11 | |
| | | ||||||
| * | The version detection doesn't work on bluhm's test machine, causing | tb | 2020-05-24 | 1 | -3/+3 | |
| | | | | | | | | the test to fail. Neuter it for now and just assume we do TLSv1.3. I have been intending to purge this version detection hack once I'm sure we can leave the 1.3 server enabled but I'll leave it here for now. | |||||
| * | Define REGRESS_TARGETS explicitly. | tb | 2020-05-23 | 1 | -2/+4 | |
| | | ||||||
| * | Enforce that SNI hostnames be correct as per rfc 6066 and 5980. | beck | 2020-05-23 | 1 | -1/+79 | |
| | | | | | | | | Correct SNI alerts to differentiate between illegal parameter and an unknown name. ok tb@` | |||||
| * | beck fixed most of the keyupdate tests. update annotation | tb | 2020-05-21 | 1 | -3/+8 | |
| | | ||||||
| * | hook tlsfuzzer to regress | tb | 2020-05-21 | 1 | -1/+2 | |
| | | ||||||
| * | Add a harness that runs tests from tlsfuzzer | tb | 2020-05-21 | 2 | -0/+781 | |
| | | | | | | | | | | | | | | This currently runs 54 tests from the tlsfuzzer suite against the TLSv1.3 server which exercise a large portion of the code. They already found a number of bugs and misbehaviors and also inspired a few diffs currently in the pipeline. This regress requires the py3-tlsfuzzer package to be installed, otherwise the tests are skipped. Many thanks to kmos for helping with the ports side and to beck for his positive feedback. ok beck | |||||
| * | move a #define after the last #include line | tb | 2020-05-14 | 1 | -3/+3 | |
| | | ||||||
| * | Revise regress for TLSv1.3 server being enabled. | jsing | 2020-05-11 | 4 | -14/+17 | |
| | | ||||||
| * | Use tls_legacy_server_method() for SSLv2 record tests. | jsing | 2020-05-11 | 2 | -5/+7 | |
| | | ||||||
| * | Revise regress now that record overflows are propagated. | jsing | 2020-05-11 | 1 | -2/+2 | |
| | | ||||||
| * | Fix out-of-bounds access in tables[][] that was exposed in bluhm's | tb | 2020-05-04 | 1 | -6/+8 | |
| | | | | | | | regress on i386 after inoguchi moved some symbols to const. ok inoguchi jsing deraadt | |||||
| * | Revise regress to match state transition changes. | jsing | 2020-04-22 | 1 | -11/+13 | |
| | | ||||||
| * | Update key share regress to match previous change. | jsing | 2020-04-17 | 1 | -4/+4 | |
| | | ||||||
| * | Revise test to handle the fact that TLSv1.3 cipher suites are now being | jsing | 2020-04-09 | 1 | -2/+4 | |
| | | | | | included in the output from `openssl ciphers`. | |||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |