summaryrefslogtreecommitdiff
path: root/src/regress (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Add a pass using the modern vfy with by_dir roots, code by me, script tobeck2021-08-283-15/+106
| | | | | | generate certdirs by jsing, and make chicken sacrifies by tb. ok tb@ jsing@
* Add case 2c to the go side. Don't tell jsing I touched go.beck2021-08-281-0/+1
|
* Add regress test testing having the root cert in the intermediate bundlebeck2021-08-275-1/+96
|
* Import regress tests for SM2. Not yet linked to the build.tb2021-08-184-0/+640
| | | | Part of Github PR #105
* add new (unsupported) eddsa in certificate verify teststb2021-08-111-1/+3
|
* Ensure that the kill signal undergoing testing is not ignored.anton2021-07-291-1/+15
| | | | ok bluhm@
* Add basic regression tests for strchr() and strrchr().visa2021-07-243-2/+79
|
* alarm(3) cannot fail, remove error handling.bluhm2021-07-061-3/+2
| | | | suggested by millert@
* Garbage collect do_test_cipherlist().jsing2021-07-031-45/+0
| | | | | This code no longer compiles and the equivalent test coverage has been added to regress/lib/libssl/ciphers (and is actually run).
* Add test that ensures ssl3_ciphers[] is sorted by cipher id.jsing2021-07-031-0/+37
|
* Rewrite get_put_test() as cipher_find_test().jsing2021-07-031-54/+25
| | | | | | The get_cipher_by_char() and put_cipher_by_char() pointers are no longer accessible on the SSL_METHOD (and soon will not even exist). Rewrite the test to use SSL_CIPHER_find() instead.
* fix a bug that resulted in incomplete testing:schwarze2021-07-031-4/+4
| | | | end statements with ';' because ',' isn't enough
* Disable some code that reaches into libssl internals.jsing2021-06-301-0/+7
| | | | This should be moved to a dedicated regress test.
* Disable some tests that probably no longer make sense.jsing2021-06-301-0/+5
| | | | We'll either fix these or remove them in the near future.
* Pull in ssl_locl.h to allow for move of struct ssl_session_st.jsing2021-06-302-2/+5
|
* Add test coverage for TLSv1.3 client hellos.jsing2021-06-271-13/+166
| | | | | | This is a little bit clunky due to the number of things that vary (largely thanks to middlebox compatibility mode, along with the versions and key share extensions), however it works and can be improved at a later date.
* Add test coverage for DTLSv1.2 client hellos.jsing2021-06-271-7/+102
|
* Improve test coverage for SSL_OP_NO_DTLSv1.jsing2021-06-271-1/+9
|
* Teach hexdump() how to identify differing bytes.jsing2021-06-271-9/+13
| | | | | This allows differences between the received data and the test data to be more readily identified.
* More appropriately set cipher_list_len when AES acceleration is available.jsing2021-06-271-5/+6
|
* Tweak some data types and sprinkle some const.jsing2021-06-271-15/+15
|
* Add GnuTLS interoperability test in appstest.shinoguchi2021-06-211-1/+109
|
* zap trailing whitespacetb2021-06-191-4/+7
|
* Add DTLS test cases that use non-zero initial epochs.jsing2021-06-192-5/+44
| | | | | | In particular, test handling of 0xfffe and 0xffff - the latter results in wrapping to zero for the next epoch. One of these tests triggers a known bug in libssl, which will be fixed following this commit.
* Add more complex DTLS tests for delay/reordering.jsing2021-06-191-17/+160
| | | | | These tests exercise the various queues and delayed processing that exists in the DTLS code.
* Expand comment that details why two DTLS tests currently fail.jsing2021-06-191-2/+5
| | | | | | | | | | | | | | | Two tests currently fail (and are disabled) due to a flaw in the DTLSv1.0 specification - this flaw was addressed in DTLSv1.2, however our DTLS server code still needs to support the fix. Quoting RFC 6347 section 4.2.4: "This requirement applies to DTLS 1.0 as well, and though not explicit in [DTLS1], it was always required for the state machine to function correctly." In otherwords, both the original DTLS implementation and the DTLSv1.0 specification have a broken state machine, resulting in possible dead lock.
* Provide the ability to delay/reorder DTLS packets.jsing2021-06-191-14/+147
| | | | | Add a test that delays the client CCS, resulting in it arriving after the client Finished message.
* Remove SSL_CTX_set_read_ahead() calls - it is now the default for DTLS.jsing2021-06-181-3/+1
|
* Like ARM, RISC-V does not implement floating point exceptions.kettenis2021-06-173-6/+6
|
* Enable libexecinfo regress.mortimer2021-06-091-1/+4
|
* Since our unix receive queue got longer, the test run-t_sendrecvbluhm2021-05-311-24/+30
| | | | | | | did not terminate anymore on some machines. The test counts 100 send errors before it finishes. NetBSD has added sched_yield() in the receiver loop to trigger the errors on the sender side. Although not perfect, it works for me. Get current t_sendrecv.c from NetBSD.
* Modify cms test in appstest.sh to work with ec cert/keyinoguchi2021-05-121-32/+53
|
* It's no longer necessary to link ecdhtest statically.tb2021-05-101-2/+2
|
* Rename shutdown_all() to shutdown_peers() for consistency.tb2021-05-041-3/+3
|
* Use limits.h instead of sys/limits.h in dtlstest.c for portableinoguchi2021-05-031-2/+2
| | | | discussed and input from jsing@
* Modify regress ssl_get_shared_ciphers for portableinoguchi2021-05-032-6/+6
| | | | | | | - Split out the intermediate path (../certs/) to Makefile - Change 'shutdown' to 'shutdown_all' ok tb@
* Hook openssl-ruby test to regress treetb2021-05-031-1/+2
|
* Add scaffold to run the ruby/openssl regression teststb2021-05-031-0/+72
| | | | | | | | | | | | | | | | | | This test depends on the ruby/ruby-openssl-tests port that bundles the sources and tests of the Ruby OpenSSL gem below /usr/local. The Makefile compiles the openssl.so shared object below obj/ that provides Ruby bindings for the OpenSSL API. Once this is built, the regression tests are run. There are currently 4 failing tests, all related to the new verifier. At least one libssl bug is hidden behind a pend. All this will hopefully be fixed during this release cycle. This adds a decent amount of test coverage without being overly expensive. This way, regressions should be spotted during development so jeremy will no longer have to chase and work around them. Joint work with jeremy, positive feedback from bcook and jsing.
* tweak one description to make it uniquetb2021-05-031-2/+3
|
* Prefix the hybrid_corner_case test with test_ for consistency.tb2021-05-031-3/+3
|
* Exercise the point conversion bit for octet string representationstb2021-05-031-1/+279
| | | | of points on secp256r1.
* Add a test that exercises the point conversion bit of the octettb2021-05-031-1/+362
| | | | string representations of points on the binary curve sect571k1.
* Add DTLS test in appstest.shinoguchi2021-04-271-1/+70
|
* test-verify-unusual-wildcard-cert is no longer expected to fail withtb2021-04-271-2/+1
| | | | lib/libcrypto/x509/x509_constraints.c r1.16
* Relax SAN DNSname validation and constraints to permit non leading *beck2021-04-271-8/+4
| | | | | | | | | | | wildcards. While we may choose not to support them the standards appear to permit them optionally so we can't declare a certificate containing them invalid. Noticed by jeremy@, and Steffan Ulrich and others. Modify the regression tests to test these cases and not check the SAN DNSnames as "hostnames" anymore (which don't support wildcards). ok jsing@, tb@
* Remove "-4" option treatment and use it always on s_server test in appstest.shinoguchi2021-04-241-9/+2
|
* Enable test-renegotiation-changed-clienthello.py but skiptb2021-04-231-1/+7
| | | | | "drop extended_master_secret in renegotiation" since we don't support this extension.
* Add a test that roundtrips a bunch of points on all builtin curvestb2021-04-212-6/+268
| | | | | via point2oct and oct2point and that checks the corner case in hybrid encoding that was fixed in ec2_oct.c r1.13.
* Adjust ectest.c for set_compressed_coordinatestb2021-04-201-9/+9
|
* Adjust ectest.c for get_Jprojective coordinate changetb2021-04-201-2/+2
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 16:52:34 +0000