| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2024-08-02 | Fix previous | Theo Buehler | |
| Arguably the want_protocol entries in various of these tests are incorrect but I'll leave that for another day. | |||
| 2024-08-02 | Adjust tls regress for protocol parsing fixes | Theo Buehler | |
| This mostly reverts what was done by beck in Tallinn and adjust tlstest to add new test cases and now failing connection tests. | |||
| 2024-03-20 | Use the new certificates/chains in regress. | Joel Sing | |
| The new certificates are more representative of the real world. The old certificates use weak algorithms and expire in the very near future. Most of our regress has already been switched over, this changes the remainder. Thanks to Bernhard M. Wiedemann for reminding us of the upcoming expiry. ok tb@ | |||
| 2023-07-02 | Remove the ability to do tls 1.0 and 1.1 from libtls. | Bob Beck | |
| With this change any requests from configurations to request versions of tls before tls 1.2 will use tls 1.2. This prepares us to deprecate tls 1.0 and tls 1.1 support from libssl. ok tb@ | |||
| 2023-05-28 | Refactor tls_check_common_name to use lower level API. | Bob Beck | |
| X509_NAME_get_text_by_NID is kind of a bad interface that we wish to make safer, and does not give us the visibility we really want here to detect hostile things. Instead call the lower level functions to do some better checking that should be done by X509_NAME_get_text_by_NID, but is not in the OpenSSL version. Specifically we will treat the input as hostile and fail if: 1) The certificate contains more than one CN in the subject. 2) The CN does not decode as UTF-8 3) The CN is of invalid length (must be between 1 and 64 bytes) 4) The CN contains a 0 byte 4) matches the existing logic, 1 and 2, and 3 are new checks. ok tb@ | |||
| 2023-04-14 | Make the signertest work better with the portable test framework | Theo Buehler | |
| 2022-07-16 | Revert previous. The added includes were already there. Duh. | Theo Buehler | |
| 2022-06-22 | Explicitly include fcntl.h and unistd.h for pipe2 | Theo Buehler | |
| 2022-06-15 | Switch to using TLS_INT instead of handrolling it | Theo Buehler | |
| 2022-03-24 | Adjust the signer test to link statically and work with hidden tls_signer | Theo Buehler | |
| API. | |||
| 2022-02-08 | Garbage collect the unused hash and print kp->pubkey_hash instead of NULL. | Theo Buehler | |
| Make sure kp is freed also on error. ok jsing | |||
| 2022-02-01 | Use TLS_PADDING_* defines. | Joel Sing | |
| 2022-02-01 | Revise/simplify for signer interface change. | Joel Sing | |
| 2022-01-30 | Add test coverage for tls_signer when used with a TLS server. | Joel Sing | |
| In this configuration the tls_signer is provided with the server certificate and private key, while the TLS server is configured with a sign callback and is only provided with the certificate. | |||
| 2022-01-30 | Add initial regress for tls_signer. | Joel Sing | |
| 2021-12-04 | Free cert, key and ocsp_staple on exit of do_keypair_test(). | Theo Buehler | |
| Reported by Ilya Shipitsine, discussed with jsing | |||
| 2021-04-04 | Clean up client and server tls{,_config} contexts in tls_test(). | Theo Buehler | |
| Leaks reported by Ilya Shipitsin. | |||
| 2021-02-23 | Make this test module aware so it passes with Go 1.16 | Theo Buehler | |
| 2020-07-04 | Add a missing circular_init() call in the TLS ordering test. | Joel Sing | |
| This makes the regress work correctly again - this was previously masked by the fact that tls_close() (and hence SSL_shutdown()) was draining the circular buffer, whereas now we're leaving data behind from a previous test, resulting in the ordering test failing. | |||
| 2020-05-13 | Add TLS versioning tests. | Joel Sing | |
| This ensures that a TLSv1.0, TLSv1.1, TLSv1.2 or TLSv1.3 client can talk with an appropriately configured server and vice versa. | |||
| 2020-05-04 | Use a larger (2048 bit) RSA test key. | Joel Sing | |
| Otherwise we fail to do PSS signatures since the key size is too small. | |||
| 2020-02-16 | Update protocol version test to include TLSv1.3. | Joel Sing | |
| 2020-01-20 | Update libtls config regress to include TLSv1.3. | Joel Sing | |
| 2019-11-02 | Add tls_conn_cipher_strength() to gotls regress. | Joel Sing | |
| 2019-04-24 | Do not check for working go executable during make clean cleandir obj. | Alexander Bluhm | |
| reminded by jsing@ | |||
| 2018-11-09 | Add subdirectires with SUBDIR += instead of a single assignment with | Theo Buehler | |
| line continuations. | |||
| 2018-04-07 | Revise regress to match tls_keypair_clear() removal. | Joel Sing | |
| 2018-03-19 | Remove the now unnecessary tls_init() call. | Joel Sing | |
| 2018-03-15 | Fix a format string issue that Go 1.10 complains about. | Joel Sing | |
| 2018-02-14 | Update keypair regress to match revised keypair hash handling. | Joel Sing | |
| Apparently I failed to commit this when I committed the libtls change... | |||
| 2018-02-08 | Update regress to match change to tls_keypair_pubkey_hash(). | Joel Sing | |
| 2018-02-08 | Add a regress test that covers libtls keypairs. | Joel Sing | |
| 2018-02-08 | Tweak compiler flags to include -DLIBRESSL_INTERNAL and make more warnings | Joel Sing | |
| fatal. | |||
| 2017-12-09 | Add a regress test for tls_config_parse_protocols(). | Joel Sing | |
| 2017-05-07 | Add a (currently failing) call to tls_handshake() on a client context that | Joel Sing | |
| has not yet been connected. We expect this to fail, but it should fail gracefully. | |||
| 2017-05-07 | Also test calling tls_handshake() on a server connection context that has | Joel Sing | |
| already completed a TLS handshake. | |||
| 2017-05-07 | Add a test that calls tls_handshake() on a connection that has already | Joel Sing | |
| completed a TLS handshake. This should return a failure, but currently succeeds (hence the regress currently fails). | |||
| 2017-05-07 | An an initial sequencing/ordering test for libtls. | Joel Sing | |
| 2017-05-06 | Split TLS client/server handshake and close code into separate functions | Joel Sing | |
| so that it can be reused. | |||
| 2017-05-06 | Move TLS test code into a function that is called from main, making it | Joel Sing | |
| easier for new tests to be added. | |||
| 2017-05-06 | Free tls_configs earlier now that we have refcounting. | Joel Sing | |
| 2017-04-30 | Add missing tls_init() and tls_free() calls. | Joel Sing | |
| 2017-04-10 | Rework and significantly extend TLS name verification tests to match | Joel Sing | |
| changes in libtls. | |||
| 2017-04-09 | Improve unknown protocol version handling. | Joel Sing | |
| 2017-04-07 | In ssl.h TLS 1.0 is called TLSv1. Adapt name in test to make it pass. | Alexander Bluhm | |
| OK jsing@ | |||
| 2017-03-07 | Add a test that covers a libtls client talking to a Go TLS server with | Joel Sing | |
| varying minimum and maximum protocol versions. This gives us protocol version test coverage against an independent TLS stack. | |||
| 2017-03-07 | Allow ciphers to be set on the TLS config. | Joel Sing | |
| 2017-03-07 | Provide support for libtls protocols and allow for protocols to be set on | Joel Sing | |
| a TLS config. The ConnVersion function now also returns a protocol version instead of a string. | |||
| 2017-03-07 | Add handling for errors on the TLS config and properly check/handle | Joel Sing | |
| failures when setting the CA file. | |||
| 2017-03-07 | libtls errors are much more descriptive these days - return them directly | Joel Sing | |
| and avoid adding redundant/duplicate information. | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |