- 30 11月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
This updates the record layer to use the TLSv1.3 style nonce construciton. It also updates TLSProxy and ossltest to be able to recognise the new layout. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 23 11月, 2016 2 次提交
-
-
由 Matt Caswell 提交于
After the client processes the server's initial flight in TLS1.3 it may respond with either an encrypted, or an unencrypted alert. We needed to teach TLSProxy about this so that it didn't issue spurious warnings. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 16 11月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 10 11月, 2016 2 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 07 11月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
Prior to TLS1.3 we check that the received record version number is correct. In TLS1.3 we need to ignore the record version number. This adds a test to make sure we do it correctly. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 03 11月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
We should fail if we receive an unrecognised record type Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 02 11月, 2016 2 次提交
-
-
由 Matt Caswell 提交于
Now that ossltest knows about a TLS1.3 cipher we can now do TLS1.3 in TLSProxy Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Includes addition of the various options to s_server/s_client. Also adds one of the new TLS1.3 ciphersuites. This isn't "real" TLS1.3!! It's identical to TLS1.2 apart from the protocol and the ciphersuite...and the ciphersuite is just a renamed TLS1.2 one (not a "real" TLS1.3 ciphersuite). Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 27 9月, 2016 1 次提交
-
-
由 David Benjamin 提交于
This is a regression test for https://github.com/openssl/openssl/pull/1431. It tests a maximally-padded record with each possible invalid offset. This required fixing a bug in Message.pm where the client sending a fatal alert followed by close_notify was still treated as success. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 16 8月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
Test that we handle a TLS ClientHello in an SSLv2 record correctly. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 27 6月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
The previous commit fixed a problem where fragmented alerts would cause an infinite loop. This commit adds a test for these fragmented alerts. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 16 6月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
On some platforms we can't startup the TLSProxy due to environmental problems (e.g. network set up on the build machine). These aren't OpenSSL problems so we shouldn't treat them as test failures. Just visibly indicate that we are skipping the test. We only skip the first time we attempt to start up the proxy. If that works then everything else should do...if not we should probably investigate and so report as a failure. This also removes test_networking...there is a danger that this turns into a test of user's environmental set up rather than OpenSSL. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 17 5月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
Workaround an apparent IO:Socket::IP bug where a seemingly valid server socket is being returned even though a valid connection does not exist. This causes the tests to intermittently hang. We additionally check that the peerport looks ok to verify that the returned socket looks usable. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 12 5月, 2016 1 次提交
-
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 20 4月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 16 3月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
TLSProxy starts s_server and specifies the number of client connects it should expect. After that s_server is supposed to close down automatically. However, if another test is then run then TLSProxy will start a new instance of s_server. If the previous instance hasn't closed down yet then the new instance can fail to bind to the socket. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 22 2月, 2016 1 次提交
-
-
由 Richard Levitte 提交于
Because we're requiring Perl 5.10.0 and the 'parent' didn't appear before Perl 5.10.1, we need to resort to the older parent module declaration style, modifying @ISA. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 21 2月, 2016 1 次提交
-
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 20 2月, 2016 1 次提交
-
-
由 Emilia Kasper 提交于
Adapted from BoringSSL. Added a test. The extension parsing code is already attempting to already handle this for some individual extensions, but it is doing so inconsistently. Duplicate efforts in individual extension parsing will be cleaned up in a follow-up. Reviewed-by: NStephen Henson <steve@openssl.org>
-
- 18 2月, 2016 1 次提交
-
-
由 Richard Levitte 提交于
It's near impossible to figure out what goes wrong with the execution of sub-commands otherwise. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 14 2月, 2016 1 次提交
-
-
由 Richard Levitte 提交于
While IO::Socket::IP is a core perl module (since Perl v5.19.8, or so says corelist), IO::Socket::INET6 has been around longer, is said to be more widely deployed, and most importantly, seems to have less bugs hitting us. We therefore prefer IO::Socket::INET6, and only fall back to IO::Socket::IP if the former doesn't exist on the local system. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 06 2月, 2016 1 次提交
-
-
由 Viktor Dukhovni 提交于
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 04 2月, 2016 4 次提交
-
-
由 Viktor Dukhovni 提交于
When connecting to "localhost" the Proxy's choice of client address family may not match the server's choice address family. Without MultiHomed => 1, the proxy may try the wrong address family first, and give up without trying the other. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Richard Levitte 提交于
This makes use of TLSProxy, which was expanded to use IO::Socket::IP (which is a core perl module) or IO::Socket::INET6 (which is said to be more popular) instead IO::Socket::INET if one of them is installed. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Emilia Kasper 提交于
CRIME protection: disable compression by default, even if OpenSSL is compiled with zlib enabled. Applications can still enable compression by calling SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION), or by using the SSL_CONF library to configure compression. SSL_CONF continues to work as before: SSL_CONF_cmd(ctx, "Options", "Compression") enables compression. SSL_CONF_cmd(ctx, "Options", "-Compression") disables compression (now no-op by default). The command-line switch has changed from -no_comp to -comp. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 30 12月, 2015 1 次提交
-
-
由 Richard Levitte 提交于
Reuse is deprecated and ReuseAddr is prefered, according to documentation. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 28 12月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
If the client sends a status_request extension in the ClientHello and the server responds with a status_request extension in the ServerHello then normally the server will also later send a CertificateStatus message. However this message is *optional* even if the extensions were sent. This adds a test to ensure that if the extensions are sent then we can still omit the message. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 09 12月, 2015 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Add function to delete extensions and fix ClientHello repacking. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 28 9月, 2015 2 次提交
-
-
由 Emilia Kasper 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Emilia Kasper 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 20 9月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
TLSProxy was failing if we are Configured with compression because it doesn't support it. This fix simply switches compression off for the purposes of the test. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 26 8月, 2015 2 次提交
-
-
由 Matt Caswell 提交于
Add a set of tests for checking that NewSessionTicket messages are behaving as expected. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Previously TLSProxy would detect a successful handshake once it saw the server Finished message. This causes problems with abbreviated handshakes, or if the client fails to process a message from the last server flight. This change additionally sends some application data and finishes when the client sends a CloseNotify. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 14 8月, 2015 2 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
- select an actual file handle for devnull - do not declare $msgdata twice - SKE records sometimes seem to come without sig - in SKE parsing, use and use $pub_key_len when parsing $pub_key Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 12 8月, 2015 1 次提交
-
-
由 Richard Levitte 提交于
Use a dynamic engine for ossltest engine so that we can build it without subsequently deploying it during install. We do not want people accidentally using this engine. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-