- 11 May, 2017 25 commits
-
-
Richard Levitte authored
Reviewed-by:
Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3445)
-
Richard Levitte authored
Reviewed-by:
-
Bernd Edlinger authored
- Mostly missing fall thru comments - And uninitialized value used in sslapitest.c Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3440)
-
Richard Levitte authored
Reviewed-by:
-
Rich Salz authored
Add file/line# to test error message. Also remove expected/got fields since TEST structure prints them. Reviewed-by:
-
Rich Salz authored
Report test detail error. Reviewed-by:
-
Rich Salz authored
Also, allow multiple files on commandline (for future splitup of evptests.txt) Reviewed-by:
-
Tomas Mraz authored
Allow conversion of existing requests to certificates again. Fixes the issue #3396 Reviewed-by:
-
Pauli authored
The second BN_is_zero test can never be true. Reviewed-by:
Andy Polyakov <appro@openssl.org> Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3436)
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Only applies if we're not doing psk. Reviewed-by:
-
Matt Caswell authored
We abort if we read a message like this. Reviewed-by:
-
Matt Caswell authored
We should be validating that. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Previously we sent a decode_error alert. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Make sure we are using the correct alert codes as per the spec. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Add "single part" digest sign and verify functions. These sign and verify a message in one function. This simplifies some operations and it will later be used as the API for algorithms which do not support the update/final mechanism (e.g. PureEdDSA). Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
- 10 May, 2017 5 commits
-
-
Rich Salz authored
Reviewed-by:
-
Matt Caswell authored
Test that custom extensions still work even after a change in SSL_CTX due to SNI. See #2180. Reviewed-by:
-
Matt Caswell authored
The function SSL_set_SSL_CTX() can be used to swap the SSL_CTX used for a connection as part of an SNI callback. One result of this is that the s->cert structure is replaced. However this structure contains information about any custom extensions that have been loaded. In particular flags are set indicating whether a particular extension has been received in the ClientHello. By replacing the s->cert structure we lose the custom extension flag values, and it appears as if a client has not sent those extensions. SSL_set_SSL_CTX() should copy any flags for custom extensions that appear in both the old and the new cert structure. Fixes #2180 Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3430)
-
Richard Levitte authored
TAP:Harness came along in perl 5.10.1, and since we claim to support perl 5.10.0 in configuration and testing, we can only load it conditionally. The main reason to use TAP::Harness rather than Test::Harness is its capability to merge stdout and stderr output from the test recipes, which Test::Harness can't. The merge gives much more comprehensible output when testing verbosely. Reviewed-by:
-
- 09 May, 2017 10 commits
-
-
Pauli authored
Add relative tests for bignums. Reviewed-by:
-
Pauli authored
This includes support for: - comparisions between pairs of BIGNUMs - comparisions between BIGNUMs and zero - equality comparison between BIGNUMs and one - equality comparisons between BIGNUMs and constants - parity checks for BIGNUMs Reviewed-by:
-
Matt Caswell authored
Verify that we fail if we receive an HRR but no change will result in ClientHello2. Reviewed-by:
-
Matt Caswell authored
It is invalid if we receive an HRR but no change will result in ClientHello2. Reviewed-by:
-
Matt Caswell authored
Test sending a cookie without a key_share Reviewed-by:
-
Matt Caswell authored
If an HRR gets sent without a key_share (e.g. cookie only) then the code fails when it should not. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Test that sending a non NULL compression method fails in TLSv1.3 as well as other similar tests. Reviewed-by:
-
Matt Caswell authored
It is illegal in a TLSv1.3 ClientHello to send anything other than the NULL compression method. We should send an alert if we find anything else there. Previously we were ignoring this error. Reviewed-by:
-
