summaryrefslogtreecommitdiff
path: root/src/regress/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* KNFtb2020-10-031-12/+11
|
* typotb2020-10-031-1/+1
|
* spelling, punctuation, whitespacetb2020-10-022-6/+6
|
* Add possibility to link and run this test against the OpenSSL 1.1.1 packagetb2020-10-021-1/+7
| | | | | | using the make variable EOPENSSL11. Suggested by jsing
* Use += and ?= and tidy up whitespacetb2020-10-021-8/+8
|
* Tidy up: no need to link statically against libcrypto and no needtb2020-10-021-4/+4
| | | | to look at its private headers either.
* Make this test compile against OpenSSL 1.1tb2020-10-021-11/+21
| | | | | | | The X509_STORE_CTX struct is opaque in OpenSSL 1.1. To avoid reaching inside it, reuse the trusted certificate store that was just assigned to it and use X509_STORE_CTX_get0_param(3) to access the verification parameters.
* move test-tls13-finished.py from slow tests to normal tests.tb2020-09-251-27/+26
|
* test-tls13-finished.py has 70 failing tests that expect a "decode_error"tb2020-09-251-6/+94
| | | | | | instead of the "decrypt_error" sent by tls13_server_finished_recv(). Both alerts appear to be reasonable in this context, so enable the tests while working around this.
* delete a stale commenttb2020-09-251-5/+1
|
* 1) Move the interop tests to the end so we see tlsfuzzer firstbeck2020-09-215-9/+35
| | | | | | | | | | 2) Reorder the interop tests so the really slow "cert" test is at the end 3) Change the cert tests to use REGRESS_SLOW_TARGETS when testing combination of client and server that does not involve libressl. This way we can skip testing openssl to openssl11 when running these manually by setting REGRESS_SKIP_SLOW to "yet" in mk.conf ok jsing@
* move a misplaced 'goto done;' so that all invalid uris are testedtb2020-09-211-1/+1
|
* add a few short invalid URIs in test_constraints1() that cause earlytb2020-09-211-0/+4
| | | | failure of x509_constraints_uri_host() in x509_constraints_uri()
* Correct a 1 byte read overflow in x509_contraints_uri and addbeck2020-09-201-0/+4
| | | | | | | | regress to catch it in the future. found by Guido Vranken's cryptofuzzer ok tb@
* Move variable declaration to beginning of scope in order to make thistb2020-09-181-3/+4
| | | | test compile and pass on sparc64.
* make this test compile and pass on sparc64 by moving variable declarationstb2020-09-181-4/+9
| | | | to the beginning of the respective scopes (and out of for loops)
* move variable declaration up to top to make this compile and passtb2020-09-181-1/+1
| | | | on sparc64
* Use void function argument to appease gcc 4.2.1tb2020-09-181-1/+1
|
* fix "warning: value computed is not used"tb2020-09-181-2/+2
| | | | | Add a cast to tell gcc 4.2.1 that the return value is deliberately ignored. This makes the test compile and pass on sparc64.
* fix "warning: function declaration isn't a prototype"tb2020-09-181-3/+3
| | | | | Make tests compile and pass on sparc64 with gcc 4.2.1 by properly declaring "static int foo()" as "static int foo(void)".
* zap redundant linetb2020-09-181-2/+1
|
* hook symbols test to regresstb2020-09-181-1/+2
|
* Check availability of the symbols in Symbols.listtb2020-09-182-0/+182
| | | | | | | | | | | | | | This regress parses Symbols.list and pulls all public headers out of libcrypto's Makefile to generate a simple program that uses all public symbols. A number of symbols need to be declared extern since they are unavailable in public headers and a handful must be skipped since they are apparently architecture dependent. This would have caught the recent breakage due to the accidental removal of the NAME_CONSTRAINTS_check() function and points out a number of places where cleanup may happen in the future. discussed with beck
* Add cipher set tests with empty SSL_set_ciphersuites().jsing2020-09-161-0/+22
|
* Correct cipher_set_test() when run on a machine without AES acceleration.jsing2020-09-161-1/+19
| | | | Noted by bcook@ and inoguchi@ while working on portable.
* Make cipher_set_test() log failures and continue, rather than aborting.jsing2020-09-161-11/+3
|
* Test botan TLS client with libressl, openssl, openssl11 server.bluhm2020-09-154-6/+305
|
* Change the known output to be the expected output, so that webeck2020-09-141-1421/+1421
| | | | | | no longer ignore the expected failures from the legacy name constraints validation, and will have a regress failure if we regress.
* Use a fixed validation time in these tests so we neverbeck2020-09-141-2/+4
| | | | | have to re-generate these certificates and this should just keep working even if the certs get old
* Connect a client to a server. Both can be current libressl, orbluhm2020-09-145-10/+193
| | | | | | | openssl 1.0.2, or openssl 1.1. Pin client or server to a fixed TLS version number. Incompatible versions must fail. Check that client and server have used correct version by grepping in their session print out.
* Add regress for SSL_{CTX_,}set_ciphersuites().jsing2020-09-132-7/+318
|
* Add new x509 certificate chain validator in x509_verify.cbeck2020-09-131-9/+90
| | | | | | | | | | | | | | | | | | | The new validator finds multiple validated chains to handle the modern PKI cases which may frequently have multiple paths via different intermediates to different roots. It is loosely based on golang's x509 validator This includes integration so that the new validator can be used via X509_verify_cert() as well as a new api x509_verify() which will return multiple chains (similar to go). The new validator is not enabled by default with this commit, this will be changed in a follow on commit. The new public API is not yet exposed, and will be finalized and exposed with a man page and a library minor bump later. ok tb@ inoguchi@ jsing@
* If CPU does not support AES-NI, LibreSSL TLS 1.3 client prefersbluhm2020-09-121-9/+18
| | | | chacha-poly over aes-gcm. Expect both fallbacks for non 1.3 ciphers.
* remove unused include that breaks regressbeck2020-09-121-1/+0
|
* Enable cert and cipher interop tests. cert just works. cipher hasbluhm2020-09-113-55/+35
| | | | | | | | been fixed to work with libressl TLS 1.3. Both libressl and openssl11 replace obsolete TLS 1.2 ciphers with AEAD-AES256-GCM-SHA384 or TLS_AES_256_GCM_SHA384 in TLS 1.3 respectively. The test expects that now. Currently GOST does not work with libressl and TLS 1.3 and is disabled.
* Add x509_constraints.c - a new implementation of x509 name constraints, withbeck2020-09-112-5/+495
| | | | | | | regression tests. The use of the new name constraints is not yet activated in x509_vfy.c and will be activated in a follow on commit ok jsing@
* Enable test-tls13-large-number-of-extensions.pytb2020-09-101-2/+7
| | | | | | Skip sending an empty ECPF extension for now: we don't accept it since according to RFC 4492 and 8422 it needs to advertise uncompressed point formats.
* Fix append mode so it always writes to the end and expand regress.libressl-v3.2.1millert2020-08-171-26/+77
| | | | OK deraadt@ martijn@
* Also print a list of missing scripts in summarytb2020-08-171-5/+10
|
* Avoid test failures due to outdated packagestb2020-08-171-1/+6
| | | | | Indicate missing test scripts prominently in the result but do not count them as an error.
* enable jsing's zero content type testtb2020-08-151-1/+2
|
* I accidentally zeored out a few bytes of the TLSv1.0 session ID.tb2020-08-111-1/+1
| | | | Restore them to their previous values.
* Update TLS versions to match TLSv1.3 being enabled for TLS_method().jsing2020-08-091-8/+8
|
* Fix regress test so that it exits non-zero for failure cases.jsing2020-08-091-1/+11
|
* Update golden values to match P-521 being enabled by default in the client.jsing2020-08-091-20/+21
| | | | Diff from tb@
* Update golden values to match P-521 being enabled by default in the client.jsing2020-08-091-10/+11
|
* Session resumption is not currently supported for TLSv1.3.tb2020-08-081-4/+4
|
* Enable P-521 and run the tests that use it.tb2020-08-081-5/+3
|
* Fix a bug in PEM_X509_INFO_read_bio(3) that is very likely to causeschwarze2020-07-233-1/+194
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | use-after-free and double-free issues in calling programs. The bug was introduced in SSLeay-0.6.0 released on June 21, 1996 and has been present since OpenBSD 2.4. I found the bug while documenting the function. The bug could bite in two ways that looked quite different from the perspective of the calling code: * If a stack was passed in that already contained some X509_INFO objects and an error occurred, all the objects passed in would be freed, but without removing the freed pointers from the stack, so the calling code would probable continue to access the freed pointers and eventually free them a second time. * If the input BIO contained at least two valid PEM objects followed by at least one PEM object causing an error, at least one freed pointer would be put onto the stack, even though the function would return NULL rather than the stack. But the calling code would still have a pointer to the stack, so it would be likely to access the new bogus pointers sooner or later. Fix all this by remembering the size of the input stack on entry and cutting it back to exactly that size when exiting due to an error, but no further. While here, do some related cleanup: * Garbage collect the automatic variables "error" and "i" which were only used at one single place each. * Use NULL rather than 0 for pointers. I like bugfixes that make the code four lines shorter, reduce the number of variables by one, reduce the number of brace-blocks by one, reduce the number if if-statements by one, and reduce the number of else-clauses by one. Tweaks and OK tb@.
* Fix perl bugs that had me printing the wrong cert number for errorsbeck2020-07-161-8/+9
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-17 21:34:30 +0000