- Apr 07, 2016
-
-
Andy Polyakov authored
Without proper cleanup after DLL link failure second attempt to run nmake would actually proceed and failure will be "shifted" to run time. This is because libcrypto.lib import library is generated even if DLL link fails. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
pointers, except for minimal std[in|out|err]. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Viktor Dukhovni authored
Signed-off-by: Rob Percival <robpercival@google.com> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Viktor Dukhovni authored
Suppress CT callbacks with aNULL or PSK ciphersuites that involve no certificates. Ditto when the certificate chain is validated via DANE-TA(2) or DANE-EE(3) TLSA records. Also skip SCT processing when the chain is fails verification. Move and consolidate CT callbacks from libcrypto to libssl. We also simplify the interface to SSL_{,CTX_}_enable_ct() which can specify either a permissive mode that just collects information or a strict mode that requires at least one valid SCT or else asks to abort the connection. Simplified SCT processing and options in s_client(1) which now has just a simple pair of "-noct" vs. "-ct" options, the latter enables the permissive callback so that we can complete the handshake and report all relevant information. When printing SCTs, print the validation status if set and not valid. Signed-off-by: Rob Percival <robpercival@google.com> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Viktor Dukhovni authored
The original check for != SSL_VERIFY_NONE can give surprising results when flags SSL_VERIFY_PEER is not set, but other flags are. Note that SSL_VERIFY_NONE (0) is not a flag bit, it is rather the absense of all other flag bits. Signed-off-by: Rob Percival <robpercival@google.com> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
David Benjamin authored
Free up parsed X509_NAME structure if the CertificateRequest message contains excess data. The security impact is considered insignificant. This is a client side only leak and a large number of connections to malicious servers would be needed to have a significant impact. This was found by libFuzzer. Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
-
Richard Levitte authored
The environment variables TOP, SRCTOP, BLDTOP, ... are used to affect the testing framework. However, subprocesses may want to use them as well, and therefore need their values corrected when we move to a different directory. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Emilia Kasper authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Emilia Kasper authored
We used to symlink generate_ssl_tests.pl to the build directory. Now that the build scripts look for sources in both directories, this is no longer necessary (see commit fbd361ea ). Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Apr 06, 2016
-
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
Move rsa_meth_st away from public headers. Add RSA_METHOD creator/destructor functions. Add RSA_METHOD accessor/writer functions. Adapt all other source to use the creator, destructor, accessors and writers. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
Move rsa_st away from public headers. Add accessor/writer functions for the public RSA data. Adapt all other source to use the accessors and writers. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
Misc fixes for no-ocsp Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
When config'd with "no-async" the ASYNC_NULL implementation is used, so async symbols still exist. We should still init the NULL implementation so that when we get the async ctx it is NULL rather than undefined. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
[.test]ssltest.c was renamed to [.test]ssltest_old.c, reflect that in descrip.mms.tmpl. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
FdaSilvaYY authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andrea Grandi authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Apr 05, 2016
-
-
Emilia Kasper authored
ssltest_old.c is deprecated. New tests should use ssl_test.c, and the recipes in 80-test_ssl_new.t Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Emilia Kasper authored
Require that test methods return 1 on success (not 0). This is more customary for OpenSSL. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Emilia Kasper authored
Currently, SSL tests are configured via command-line switches to ssltest.c. This results in a lot of duplication between ssltest.c and apps, and a complex setup. ssltest.c is also simply old and needs maintenance. Instead, we already have a way to configure SSL servers and clients, so we leverage that. SSL tests can now be configured from a configuration file. Test servers and clients are configured using the standard ssl_conf module. Additional test settings are configured via a test configuration. Moreover, since the CONF language involves unnecessary boilerplate, the test conf itself is generated from a shorter Perl syntax. The generated testcase files are checked in to the repo to make it easier to verify that the intended test cases are in fact run; and to simplify debugging failures. To demonstrate the approach, min/max protocol tests are converted to the new format. This change also fixes MinProtocol and MaxProtocol handling. It was previously requested that an SSL_CTX have both the server and client flags set for these commands; this clearly can never work. Guide to this PR: - test/ssl_test.c - test framework - test/ssl_test_ctx.* - test configuration structure - test/handshake_helper.* - new SSL test handshaking code - test/ssl-tests/ - test configurations - test/generate_ssl_tests.pl - script for generating CONF-style test configurations from perl inputs Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Apr 04, 2016
-
-
FdaSilvaYY authored
... comes from c5137473 . Fix Travis builds. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Viktor Szakats authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Viktor Szakats authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Viktor Szakats authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
This reverts commit 620d540b . It wasn't reviewed. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
This reverts commit 2b0bcfaf . It wasn't reviewed. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
FdaSilvaYY authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
FdaSilvaYY authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-