| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
conditions. TLS 1.3 shortens the handshake, so some errors cannot
be reported properly to the other side. Instead the connection is
closed and the other side receives a SIGPIPE when it tries to write
the next TLS protocol message. Ignore this SIGPIPE signal in TLS
client and server and adapt error messages when grepping the log
files.
discussed with tb@ and jsing@
|
|
|
|
Two functions missed (void) in their declaration which made gcc whine
"warning: function declaration isn't a prototype".
|
|
gcc emits a signed vs unsigned comparison warning which breaks the build
due to -Werror.
|
|
and right before </pre> because that resulted in vertical
whitespace not requested by the manual page author.
Formatting bug reported by
Aman Verma <amanraoverma plus vim at gmail dot com> on discuss@.
|
|
calls match_pattern_list()
|
|
Reported by patrick@
|
|
and add the ability to parse a port in the specified ocsp url.
Since this will now pass them, enable regress tests previously
committed for ocspcheck.
mostly by me with some cleanup by tb after an obvious yak was found
to shave in the OCSP routines in libcrypto
ok tb@
|
|
Provide a BIO that can drop specific messages in order to trigger and test
DTLS timeouts and retransmissions. Note that the SSL buffering BIO (bbio)
has to be removed to ensure that handshake messages are sent individually.
This would have detected the recent DTLS breakage with retransmissions for
a flight that includes a CCS.
|
|
In particular, ensure we clear events when the client or server side has
completed and fix timeouts to ensure we use a non-zero timeout if present.
|
|
|
|
Test the operation of a DTLS client and server, with and without cookies,
using the default MTU and a specifically lowered MTU.
Further regress tests will be built on this to exercise other parts of the
DTLS code base (such as retransmission, fragmentation and reassembly).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
chain. It only takes a few dozens of ms to read it, but doing this 7290
times adds up to a few minutes run time. This way, the test completes in
a handful of seconds.
Diagnosed by jsing, ok beck
|
|
|
|
|
|
|
|
This includes a test where the server response includes multiple handhshake
messages in the single TLS plaintext record (which would have caught the
bug just fixed in tls13_legacy.c).
|
|
change
|
|
pfctl parse.y r.1702 enforced rtables to exist at ruleset creation time
but rtable 7 does not exist (this regress only tests the parser), so use 0.
Spotted by tb.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
using the make variable EOPENSSL11.
Suggested by jsing
|
|
|
|
to look at its private headers either.
|
|
The X509_STORE_CTX struct is opaque in OpenSSL 1.1. To avoid reaching
inside it, reuse the trusted certificate store that was just assigned
to it and use X509_STORE_CTX_get0_param(3) to access the verification
parameters.
|
|
|
|
instead of the "decrypt_error" sent by tls13_server_finished_recv().
Both alerts appear to be reasonable in this context, so enable the tests
while working around this.
|
|
|
|
These will not be activated until after release, with
some ocspcheck cleanups
|
|
iked, so it should also be set in the test.
ok patrick@
|
|
in rtable 1. However, we can just query the already running one.
regress breakage pointed out by tb@
|
|
2) Reorder the interop tests so the really slow "cert" test is at the end
3) Change the cert tests to use REGRESS_SLOW_TARGETS when testing combination
of client and server that does not involve libressl. This way we can
skip testing openssl to openssl11 when running these manually by
setting REGRESS_SKIP_SLOW to "yet" in mk.conf
ok jsing@
|
|
|
|
failure of x509_constraints_uri_host() in x509_constraints_uri()
|
|
regress to catch it in the future.
found by Guido Vranken's cryptofuzzer
ok tb@
|
|
|
|
millert's clear-screen change in vi.c -r1.57 it now depends on $TERM
|
|
test compile and pass on sparc64.
|
