- 14 7月, 2017 2 次提交
-
-
由 Pauli 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3918)
-
由 Pauli 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3917)
-
- 05 7月, 2017 1 次提交
-
-
由 Pauli 提交于
This macro aborted the process which stopped any later tests from running. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3838)
-
- 26 6月, 2017 1 次提交
-
-
由 Paul Yang 提交于
BIO_sock_init returns '-1' on error, not '0', so it's needed to check explicitly istead of using '!'. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/3766)
-
- 07 6月, 2017 1 次提交
-
-
由 Todd Short 提交于
During setup of a reneg test the server can refuse to start reneg. If that happens we should let the client continue and then fail. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3432)
-
- 25 4月, 2017 2 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3286)
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3286)
-
- 10 4月, 2017 1 次提交
-
-
由 Benjamin Kaduk 提交于
RFC 7301 mandates that the server SHALL respond with a fatal "no_application_protocol" alert when there is no overlap between the client's supplied list and the server's list of supported protocols. In commit 06217867 we changed from ignoring non-success returns from the supplied alpn_select_cb() to treating such non-success returns as indicative of non-overlap and sending the fatal alert. In effect, this is using the presence of an alpn_select_cb() as a proxy to attempt to determine whether the application has configured a list of supported protocols. However, there may be cases in which an application's architecture leads it to supply an alpn_select_cb() but have that callback be configured to take no action on connections that do not have ALPN configured; returning SSL_TLSEXT_ERR_NOACK from the callback would be the natural way to do so. Unfortunately, the aforementioned behavior change also treated SSL_TLSEXT_ERR_NOACK as indicative of no overlap and terminated the connection; this change supplies special handling for SSL_TLSEXT_ERR_NOACK returns from the callback. In effect, it provides a way for a callback to obtain the behavior that would have occurred if no callback was registered at all, which was not possible prior to this change. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2570)
-
- 04 4月, 2017 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3015)
-
- 17 3月, 2017 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Add ExpectedClientCANames: for client auth this checks to see if the list of certificate authorities supplied by the server matches the expected value. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2969)
-
- 14 3月, 2017 1 次提交
-
-
由 Emilia Kasper 提交于
Also add negative tests for password mismatch. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 03 3月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
Check whether we negotiate compression in various scenarios. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2814)
-
- 24 2月, 2017 1 次提交
-
-
由 Benjamin Kaduk 提交于
Plumb things through in the same place as the SNI callback, since we recommend that the early callback replace (and supplement) the SNI callback, and add a few test cases. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2279)
-
- 17 2月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2609)
-
- 16 2月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
In 1.1.0 changing the ciphersuite during a renegotiation can result in a crash leading to a DoS attack. In master this does not occur with TLS (instead you get an internal error, which is still wrong but not a security issue) - but the problem still exists in the DTLS code. This commit provides a test for the issue. CVE-2017-3733 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 30 1月, 2017 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
-
- 25 1月, 2017 1 次提交
-
-
由 FdaSilvaYY 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1618)
-
- 20 1月, 2017 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2235)
-
- 15 1月, 2017 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NEmilia Käsper <emilia@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2224)
-
- 10 1月, 2017 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2052)
-
- 09 1月, 2017 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Add option ExpectedTmpKeyType to test the temporary key the server sends is of the correct type. Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2191)
-
- 16 12月, 2016 1 次提交
-
-
由 Richard Levitte 提交于
In some cases, both client and server end of the test can end up in SSL_ERROR_WANT_READ and never get out of it, making the test spin. Detect it and give up instead of waiting endlessly. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2096)
-
- 28 9月, 2016 2 次提交
-
-
由 Matt Caswell 提交于
Add the ability to test both server initiated and client initiated reneg. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 22 9月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Change code so when switching on an enumeration, have case's for all enumeration values. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 30 8月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
The previous commit revealed a long standing problem where CertStatus processing was broken in DTLS. This would have been revealed by better testing - so add some! Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 18 8月, 2016 2 次提交
-
-
由 Emilia Kasper 提交于
Duplicate alerts have happened, see 70c22888Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Emilia Kasper 提交于
Make maximum fragment length configurable and add various fragmentation tests, in addition to the existing multi-buffer tests. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 17 8月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org> Reviewed-by: NStephen Henson <steve@openssl.org>
-
- 16 8月, 2016 1 次提交
-
-
由 Emilia Kasper 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 11 8月, 2016 1 次提交
-
-
由 Emilia Kasper 提交于
In practice, CT isn't really functional without EC anyway, as most logs use EC keys. So, skip loading the log list with no-ec, and skip CT tests completely in that conf. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 10 8月, 2016 3 次提交
-
-
由 Emilia Kasper 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Emilia Kasper 提交于
Like OPENSSL_assert, but also prints the error stack before exiting. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Emilia Kasper 提交于
This commit only ports existing tests, and adds some coverage for resumption. We don't appear to have any handshake tests that cover SCT validation success, and this commit doesn't change that. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 08 8月, 2016 2 次提交
-
-
由 Emilia Kasper 提交于
OPENSSL_NO_NEXTPROTONEG only disables NPN, not ALPN Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Emilia Kasper 提交于
Move custom server and client options from the test dictionary to an "extra" section of each server/client. Rename test expectations to say "Expected". This is a big but straightforward change. Primarily, this allows us to specify multiple server and client contexts without redefining the custom options for each of them. For example, instead of "ServerNPNProtocols", "Server2NPNProtocols", "ResumeServerNPNProtocols", we now have, "NPNProtocols". This simplifies writing resumption and SNI tests. The first application will be resumption tests for NPN and ALPN. Regrouping the options also makes it clearer which options apply to the server, which apply to the client, which configure the test, and which are test expectations. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 01 8月, 2016 1 次提交
-
-
由 Ben Laurie 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 21 7月, 2016 1 次提交
-
-
由 Emilia Kasper 提交于
Add tests for resuming with a different client version. This happens in reality when clients persist sessions on disk through upgrades. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 20 7月, 2016 1 次提交
-
-
由 Emilia Kasper 提交于
Systematically test every server-side version downgrade or upgrade. Client version upgrade or downgrade could be tested analogously but will be done in a later change. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 19 7月, 2016 1 次提交
-
-
由 Emilia Kasper 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-