- 23 3月, 2018 1 次提交
-
-
由 Bernd Edlinger 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5412)
-
- 20 3月, 2018 1 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5663)
-
- 14 3月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
With the current mechanism, old cipher strings that used to work in 1.1.0, may inadvertently disable all TLSv1.3 ciphersuites causing connections to fail. This is confusing for users. In reality TLSv1.3 are quite different to older ciphers. They are much simpler and there are only a small number of them so, arguably, they don't need the same level of control that the older ciphers have. This change splits the configuration of TLSv1.3 ciphers from older ones. By default the TLSv1.3 ciphers are on, so you cannot inadvertently disable them through your existing config. Fixes #5359 Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5392)
-
- 19 1月, 2018 2 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/5110)
-
由 Richard Levitte 提交于
On Windows, we sometimes see a behavior with SO_REUSEADDR where there remains lingering listening sockets on the same address and port as a newly created one. To avoid this scenario, we don't create a new proxy port for each new client run. Instead, we create one proxy socket when the proxy object is created, and close it when destroying that object. Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5095)
-
- 18 1月, 2018 2 次提交
-
-
由 Richard Levitte 提交于
On Windows, we sometimes see a behavior with SO_REUSEADDR where there remains lingering listening sockets on the same address and port as a newly created one. An easy solution is not to use ReuseAddr on Windows. Thanks Bernd Edlinger for the suggestion. Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5103)
-
由 Richard Levitte 提交于
On Windows, it seems that doing so in a forked (pseudo-)process sometimes affects the parent, and thereby hides all the results that are supposed to be seen by the running test framework (the "ok" and "not ok" lines). It turns out that our redirection isn't necessary, as the test framework seems to swallow it all in non-verbose mode anyway. It's possible that we did need this at some point, but the framework has undergone some refinement since then... Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5100)
-
- 17 1月, 2018 2 次提交
-
-
由 Richard Levitte 提交于
We use the first we can of the following IO::Socket modules to create sockets: - IO::Socket::INET6 - IO::Socket::IP - IO::Socket::INET The last of them doesn't support IPv6, so if that's the one available, we must force the s_client and s_server processes to use IPv4. Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5092)
-
由 Matt Caswell 提交于
I received this error from a TLSProxy test: Failed to start up server (localhost,4443): Transport endpoint is not connected So, extend the timeout before we give up trying to connect to the server. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5088)
-
- 13 1月, 2018 1 次提交
-
-
由 Bernd Edlinger 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5071)
-
- 14 12月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
-
- 07 11月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
Normally TLSProxy waits for the s_server process to finish before continuing. However in cases where serverconnects > 1 we need to keep the s_server process around for a later test so we continue immediately. This means that TAP test output can end up being printed to stdout at the same time as s_server is printing stuff. This confuses the test runner and can cause spurious test failures. This commit introduces a small delay in cases where serverconnects > 1 in order to give s_server enough time to finish what it was doing before we continue to the next test. Fixes #4129 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4660)
-
- 01 9月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4305)
-
- 15 8月, 2017 1 次提交
-
-
由 Richard Levitte 提交于
Instead of having perl modules under test/testlib, util and util/perl, consolidate them all to be inside util/perl. Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4069)
-
- 31 5月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
In a recent PR (#3566) it seems that TLSProxy gave up trying to connect to the server process too quickly. This meant the test failed even though the server *did* eventually start. Currently we try 3 times to connect with a 0.1 second pause between each attempt. That is probably too aggressive. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3587)
-
- 27 5月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
Issue #3562 describes a problem where a race condition can occur in the Proxy such that a test "ok" line can appear in the middle of other text causing the test harness to miss it. The issue is that we do not wait for the client process to finish after the test is complete, so that process may continue to write data to stdout/stderr at the same time that the test harness does. This commit fixes TLSProxy so that we always wait for the client process to finish before continuing. Fixes #3562 Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3567)
-
- 28 4月, 2017 1 次提交
-
-
由 Richard Levitte 提交于
When you want to debug a test that goes wrong, it's useful to know exactly what subprocess commands are run. Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3342)
-
- 15 3月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
The logic for testing whether the sessionfile has been created or not was faulty and could result in race conditions. If you "lose" the tests hang waiting for a session file that's never going to arrive. Fixes #2950 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2955)
-
- 14 2月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2341)
-
- 30 1月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
TLSProxy normally fires off s_client, which creates a connection to the server. TLSProxy also pipes some data to send to the process and s_client automatically exits when the pipe hits eof. Unfortunately this means that it sends the data and closes before it has processed the NewSessionTicket returned from the server in TLSv1.3. This commits adds an option for s_client to stay loaded until the sesion has been processed. A side effect of this is that s_client never sends a close_notify in this mode, so we count success as seeing that data has been transferred. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
- 23 1月, 2017 1 次提交
-
-
由 Bernd Edlinger 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2205)
-
- 11 1月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2157)
-
- 06 1月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
Also updates TLSProxy to be able to understand the format and parse the contained extensions. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2020)
-
- 29 12月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
The previous commit fixed a bug where the EC point formats extensions did not appear in the ServerHello. This should have been caught by 70-test_sslmessages but that test never tries an EC ciphersuite. This updates the test to do that. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2153)
-
- 09 12月, 2016 3 次提交
-
-
由 Matt Caswell 提交于
The indentation was a bit off in some of the perl files following the extensions refactor. Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Extend test_tls13messages to additionally check the expected extensions under different options given to s_client/s_server. Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 06 12月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 23 11月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
After the client processes the server's initial flight in TLS1.3 it may respond with either an encrypted, or an unencrypted alert. We needed to teach TLSProxy about this so that it didn't issue spurious warnings. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 02 11月, 2016 2 次提交
-
-
由 Matt Caswell 提交于
Now that ossltest knows about a TLS1.3 cipher we can now do TLS1.3 in TLSProxy Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Includes addition of the various options to s_server/s_client. Also adds one of the new TLS1.3 ciphersuites. This isn't "real" TLS1.3!! It's identical to TLS1.2 apart from the protocol and the ciphersuite...and the ciphersuite is just a renamed TLS1.2 one (not a "real" TLS1.3 ciphersuite). Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 27 9月, 2016 1 次提交
-
-
由 David Benjamin 提交于
This is a regression test for https://github.com/openssl/openssl/pull/1431. It tests a maximally-padded record with each possible invalid offset. This required fixing a bug in Message.pm where the client sending a fatal alert followed by close_notify was still treated as success. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 16 6月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
On some platforms we can't startup the TLSProxy due to environmental problems (e.g. network set up on the build machine). These aren't OpenSSL problems so we shouldn't treat them as test failures. Just visibly indicate that we are skipping the test. We only skip the first time we attempt to start up the proxy. If that works then everything else should do...if not we should probably investigate and so report as a failure. This also removes test_networking...there is a danger that this turns into a test of user's environmental set up rather than OpenSSL. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 17 5月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
Workaround an apparent IO:Socket::IP bug where a seemingly valid server socket is being returned even though a valid connection does not exist. This causes the tests to intermittently hang. We additionally check that the peerport looks ok to verify that the returned socket looks usable. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 12 5月, 2016 1 次提交
-
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 20 4月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 16 3月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
TLSProxy starts s_server and specifies the number of client connects it should expect. After that s_server is supposed to close down automatically. However, if another test is then run then TLSProxy will start a new instance of s_server. If the previous instance hasn't closed down yet then the new instance can fail to bind to the socket. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 21 2月, 2016 1 次提交
-
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 18 2月, 2016 1 次提交
-
-
由 Richard Levitte 提交于
It's near impossible to figure out what goes wrong with the execution of sub-commands otherwise. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 14 2月, 2016 1 次提交
-
-
由 Richard Levitte 提交于
While IO::Socket::IP is a core perl module (since Perl v5.19.8, or so says corelist), IO::Socket::INET6 has been around longer, is said to be more widely deployed, and most importantly, seems to have less bugs hitting us. We therefore prefer IO::Socket::INET6, and only fall back to IO::Socket::IP if the former doesn't exist on the local system. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-