| Age | Commit message (Collapse) | Author |
|---|
|
This allows to run them all with a single command.
Discussed with bluhm@
|
|
covers blocking with signal mask, killing process or thread, invoking
handler or waiting for signal.
|
|
|
|
|
|
make(1) ignores them.
|
|
|
|
|
|
feedback from otto@
ok mpi@ kn@ semarie@
|
|
|
|
no longer ignore the expected failures from the legacy name
constraints validation, and will have a regress failure if
we regress.
|
|
have to re-generate these certificates and this should
just keep working even if the certs get old
|
|
openssl 1.0.2, or openssl 1.1. Pin client or server to a fixed TLS
version number. Incompatible versions must fail. Check that client
and server have used correct version by grepping in their session
print out.
|
|
|
|
From Martijn Dekker
|
|
The new validator finds multiple validated chains to handle the modern
PKI cases which may frequently have multiple paths via different
intermediates to different roots. It is loosely based on golang's x509
validator
This includes integration so that the new validator can be used via
X509_verify_cert() as well as a new api x509_verify() which will
return multiple chains (similar to go).
The new validator is not enabled by default with this commit, this
will be changed in a follow on commit.
The new public API is not yet exposed, and will be finalized and
exposed with a man page and a library minor bump later.
ok tb@ inoguchi@ jsing@
|
|
|
|
|
|
|
|
Return _ret from TEST_FLOWS to allow known-negative tests.
|
|
chacha-poly over aes-gcm. Expect both fallbacks for non 1.3 ciphers.
|
|
|
|
been fixed to work with libressl TLS 1.3. Both libressl and openssl11
replace obsolete TLS 1.2 ciphers with AEAD-AES256-GCM-SHA384 or
TLS_AES_256_GCM_SHA384 in TLS 1.3 respectively. The test expects
that now. Currently GOST does not work with libressl and TLS 1.3
and is disabled.
|
|
regression tests. The use of the new name constraints is not yet activated
in x509_vfy.c and will be activated in a follow on commit
ok jsing@
|
|
|
|
Skip sending an empty ECPF extension for now: we don't accept it since
according to RFC 4492 and 8422 it needs to advertise uncompressed point
formats.
|
|
one element next-line scope, the MAN_ELINE flag must not yet be
cleared if the parent macro is another element macro having next-line
scope, or an assertion failure is caused if all this is wrapped in
another macro that has block next-line scope, for example .TP.
Bug found in an afl run performed by Jan Schreiber <jes at posteo dot de>.
|
|
|
|
before running tests.
|
|
|
|
1. Truncate excessive offsets to a width reasonable in the context
of manual pages instead of printing excessively long lines
and sometimes causing assertion failures;
found in an afl run performed by Jan Schreiber <jes at posteo dot de>.
2. Remember both the requested and the applied page offset; otherwise,
subtracting an excessive width, then adding it again, would end up
with an incorrectly large offset.
While here, simplify the code by reverting the previous offset up front,
and also add some comments to make the general ideas easier to understand.
|
|
cases resulting in an assertion failure. Instead, truncate the
temporary indent to a width reasonable in a manual page.
I found the issue in an afl run
that was performed by Jan Schreiber <jes at posteo dot de>.
|
|
While here, drop two unused arguments from the function term_field();
the related work was already done by term_fill() before this commit.
I found the bug in an afl run
that was performed by Jan Schreiber <jes at posteo dot de>.
|
|
Jan Schreiber <jes at posteo dot de> ran afl on mandoc and it turned
out mandoc tried to use spacing modifiers so large that they would
trigger assertion failures in term_ascii.c, function locale_advance().
|
|
|
|
(Fix :S with anchors and replacement)
|
|
|
|
ok djm@
|
|
|
|
verify-required resident keys) even though it doesn't
implement this feature
|
|
The fix for the misuse of EVP_PKEY_cmp() (rpki-client/cert.c -r1.16)
came with an API change. ta_parse() will now throw an error if fed a
NULL pubkey. This in turn broke a regress test.
Fix this by parsing the pubkey out of the appropriate TAL to let ta_parse()
verify that it matches the pubkey in the first level certificate.
Discussed with tobhe, benno and claudio
|
|
The select() results are now consistent with what poll() returns.
|
|
OK deraadt@ martijn@
|
|
|
|
Indicate missing test scripts prominently in the result but do not
count them as an error.
|
|
|
|
Restore them to their previous values.
|
|
|
|
|
|
Diff from tb@
|
|
|
