1. 23 6月, 2017 1 次提交
  2. 10 6月, 2017 1 次提交
  3. 02 5月, 2017 1 次提交
  4. 25 4月, 2017 1 次提交
  5. 29 3月, 2017 1 次提交
  6. 03 3月, 2017 2 次提交
  7. 09 11月, 2016 1 次提交
    • E
      Add main() test methods to reduce test boilerplate. · e364c3b2
      Emilia Kasper 提交于
      Simple tests only need to implement register_tests().
      Tests that need a custom main() should implement test_main(). This will
      be wrapped in a main() that performs common setup/teardown (currently
      crypto-mdebug).
      
      Note that for normal development, enable-asan is usually
      sufficient for detecting leaks, and more versatile.
      
      enable-crypto-mdebug is stricter as it will also
      insist that all static variables be freed. This is useful for debugging
      library init/deinit; however, it also means that test_main() must free
      everything it allocates.
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      e364c3b2
  8. 07 11月, 2016 1 次提交
    • E
      Simplify tests part 2 · d836d71b
      Emilia Kasper 提交于
      1) Remove some unnecessary fixtures
      2) Add EXECUTE_TEST_NO_TEARDOWN shorthand when a fixture exists but has
      no teardown.
      3) Fix return values in ct_test.c (introduced by an earlier refactoring,
      oops)
      
      Note that for parameterized tests, the index (test vector) usually holds all the
      customization, and there should be no need for a separate test
      fixture. The CTS test is an exception: it demonstrates how to combine
      customization with parameterization.
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      d836d71b
  9. 04 11月, 2016 1 次提交
  10. 30 8月, 2016 1 次提交
  11. 18 8月, 2016 1 次提交
  12. 16 8月, 2016 1 次提交
  13. 10 8月, 2016 3 次提交
  14. 08 8月, 2016 1 次提交
    • E
      Reorganize SSL test structures · 9f48bbac
      Emilia Kasper 提交于
      Move custom server and client options from the test dictionary to an
      "extra" section of each server/client. Rename test expectations to say
      "Expected".
      
      This is a big but straightforward change. Primarily, this allows us to
      specify multiple server and client contexts without redefining the
      custom options for each of them. For example, instead of
      "ServerNPNProtocols", "Server2NPNProtocols", "ResumeServerNPNProtocols",
      we now have, "NPNProtocols".
      
      This simplifies writing resumption and SNI tests. The first application
      will be resumption tests for NPN and ALPN.
      
      Regrouping the options also makes it clearer which options apply to the
      server, which apply to the client, which configure the test, and which
      are test expectations.
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      9f48bbac
  15. 01 8月, 2016 1 次提交
  16. 20 7月, 2016 1 次提交
  17. 19 7月, 2016 1 次提交
  18. 28 6月, 2016 1 次提交
    • E
      SSL test framework: port SNI tests · d2b23cd2
      Emilia Kasper 提交于
      Observe that the old tests were partly ill-defined:
      setting sn_server1 but not sn_server2 in ssltest_old.c does not enable
      the SNI callback.
      
      Fix this, and also explicitly test both flavours of SNI mismatch (ignore
      / fatal alert). Tests still pass.
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      d2b23cd2
  19. 13 6月, 2016 2 次提交
  20. 10 6月, 2016 1 次提交
    • T
      Fix session ticket and SNI · 5c753de6
      Todd Short 提交于
      When session tickets are used, it's possible that SNI might swtich the
      SSL_CTX on an SSL. Normally, this is not a problem, because the
      initial_ctx/session_ctx are used for all session ticket/id processes.
      
      However, when the SNI callback occurs, it's possible that the callback
      may update the options in the SSL from the SSL_CTX, and this could
      cause SSL_OP_NO_TICKET to be set. If this occurs, then two bad things
      can happen:
      
      1. The session ticket TLSEXT may not be written when the ticket expected
      flag is set. The state machine transistions to writing the ticket, and
      the client responds with an error as its not expecting a ticket.
      2. When creating the session ticket, if the ticket key cb returns 0
      the crypto/hmac contexts are not initialized, and the code crashes when
      trying to encrypt the session ticket.
      
      To fix 1, if the ticket TLSEXT is not written out, clear the expected
      ticket flag.
      To fix 2, consider a return of 0 from the ticket key cb a recoverable
      error, and write a 0 length ticket and continue. The client-side code
      can explicitly handle this case.
      
      Fix these two cases, and add unit test code to validate ticket behavior.
      Reviewed-by: NEmilia Käsper <emilia@openssl.org>
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/1098)
      5c753de6
  21. 18 5月, 2016 1 次提交
  22. 13 5月, 2016 1 次提交
    • E
      Remove proxy tests. Add verify callback tests. · a263f320
      Emilia Kasper 提交于
      The old proxy tests test the implementation of an application proxy
      policy callback defined in the test itself, which is not particularly
      useful.
      
      It is, however, useful to test cert verify overrides in
      general. Therefore, replace these tests with tests for cert verify
      callback behaviour.
      
      Also glob the ssl test inputs on the .in files to catch missing
      generated files.
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      a263f320
  23. 05 4月, 2016 2 次提交
    • E
      testutil: return 1 on success · ababe86b
      Emilia Kasper 提交于
      Require that test methods return 1 on success (not 0). This is more
      customary for OpenSSL.
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      ababe86b
    • E
      New SSL test framework · 453dfd8d
      Emilia Kasper 提交于
      Currently, SSL tests are configured via command-line switches to
      ssltest.c. This results in a lot of duplication between ssltest.c and
      apps, and a complex setup. ssltest.c is also simply old and needs
      maintenance.
      
      Instead, we already have a way to configure SSL servers and clients, so
      we leverage that. SSL tests can now be configured from a configuration
      file. Test servers and clients are configured using the standard
      ssl_conf module. Additional test settings are configured via a test
      configuration.
      
      Moreover, since the CONF language involves unnecessary boilerplate, the
      test conf itself is generated from a shorter Perl syntax.
      
      The generated testcase files are checked in to the repo to make
      it easier to verify that the intended test cases are in fact run; and to
      simplify debugging failures.
      
      To demonstrate the approach, min/max protocol tests are converted to the
      new format. This change also fixes MinProtocol and MaxProtocol
      handling. It was previously requested that an SSL_CTX have both the
      server and client flags set for these commands; this clearly can never work.
      
      Guide to this PR:
       - test/ssl_test.c - test framework
       - test/ssl_test_ctx.* - test configuration structure
       - test/handshake_helper.* - new SSL test handshaking code
       - test/ssl-tests/ - test configurations
       - test/generate_ssl_tests.pl - script for generating CONF-style test
         configurations from perl inputs
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      453dfd8d