| #
c9cf4bc8 |
| 08-Apr-2017 |
Alex Gaynor |
Update the test to assert that the SCT is from an X.509 extension
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.
Update the test to assert that the SCT is from an X.509 extension
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3149)
show more ...
|
| #
a9c6d221 |
| 18-Apr-2017 |
Richard Levitte |
Adapt all test programs
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3243)
|
| #
adcd8e37 |
| 18-Apr-2017 |
Rich Salz |
Convert more tests
ct_test,evp_extra_test,wpackettest,packettest
Add strncmp TEST wrappers
And make some style/consistency fixes to ct_test
Silence travis; gcc bug?
Revi
Convert more tests
ct_test,evp_extra_test,wpackettest,packettest
Add strncmp TEST wrappers
And make some style/consistency fixes to ct_test
Silence travis; gcc bug?
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3234)
show more ...
|
|
Revision tags: OpenSSL_1_1_0e, OpenSSL_1_0_2k, OpenSSL_1_1_0d, OpenSSL-fips-2_0_15, OpenSSL-fips-2_0_14, OpenSSL_1_1_0c |
|
| #
765731a8 |
| 19-Oct-2016 |
Rob Percival |
Make sure things get deleted when test setup fails in ct_test.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/o
Make sure things get deleted when test setup fails in ct_test.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1548)
show more ...
|
| #
e2635c49 |
| 19-Oct-2016 |
Rob Percival |
Use valid signature in test_decode_tls_sct()
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull
Use valid signature in test_decode_tls_sct()
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1548)
show more ...
|
|
Revision tags: OpenSSL_1_0_2j, OpenSSL_1_1_0b, OpenSSL_1_0_1u, OpenSSL_1_0_2i, OpenSSL_1_1_0a |
|
| #
f7a39a5a |
| 07-Sep-2016 |
Rob Percival |
Construct SCT from base64 in ct_test
This gives better code coverage and is more representative of how a
user would likely construct an SCT (using the base64 returned by a CT log).
Construct SCT from base64 in ct_test
This gives better code coverage and is more representative of how a
user would likely construct an SCT (using the base64 returned by a CT log).
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1548)
show more ...
|
| #
ebcb5368 |
| 15-Nov-2016 |
Rob Percival |
Add test for CT_POLICY_EVAL_CTX default time
Checks that the epoch_time_in_ms field of CT_POLICY_EVAL_CTX is initialized
to approximately the current time (as returned by time()) by defa
Add test for CT_POLICY_EVAL_CTX default time
Checks that the epoch_time_in_ms field of CT_POLICY_EVAL_CTX is initialized
to approximately the current time (as returned by time()) by default. This
prevents the addition of this field, and its verification during SCT
validation, from breaking existing code that calls SCT_validate directly.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
show more ...
|
| #
1fa9ffd9 |
| 08-Sep-2016 |
Rob Percival |
Check that SCT timestamps are not in the future
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/o
Check that SCT timestamps are not in the future
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
show more ...
|
| #
42e055e1 |
| 10-Nov-2016 |
Richard Levitte |
Fix no-ct in test/ct_test.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1890)
|
| #
e364c3b2 |
| 07-Nov-2016 |
Emilia Kasper |
Add main() test methods to reduce test boilerplate.
Simple tests only need to implement register_tests().
Tests that need a custom main() should implement test_main(). This will
be w
Add main() test methods to reduce test boilerplate.
Simple tests only need to implement register_tests().
Tests that need a custom main() should implement test_main(). This will
be wrapped in a main() that performs common setup/teardown (currently
crypto-mdebug).
Note that for normal development, enable-asan is usually
sufficient for detecting leaks, and more versatile.
enable-crypto-mdebug is stricter as it will also
insist that all static variables be freed. This is useful for debugging
library init/deinit; however, it also means that test_main() must free
everything it allocates.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
d836d71b |
| 04-Nov-2016 |
Emilia Kasper |
Simplify tests part 2
1) Remove some unnecessary fixtures
2) Add EXECUTE_TEST_NO_TEARDOWN shorthand when a fixture exists but has
no teardown.
3) Fix return values in ct_test.c (
Simplify tests part 2
1) Remove some unnecessary fixtures
2) Add EXECUTE_TEST_NO_TEARDOWN shorthand when a fixture exists but has
no teardown.
3) Fix return values in ct_test.c (introduced by an earlier refactoring,
oops)
Note that for parameterized tests, the index (test vector) usually holds all the
customization, and there should be no need for a separate test
fixture. The CTS test is an exception: it demonstrates how to combine
customization with parameterization.
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
| #
6ec327ee |
| 03-Nov-2016 |
Emilia Kasper |
testutil: always print errors on failure
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
f3b3d7f0 |
| 30-Aug-2016 |
Rich Salz |
Add -Wswitch-enum
Change code so when switching on an enumeration, have case's for all
enumeration values.
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
Revision tags: OpenSSL_1_1_0 |
|
| #
a1bb7708 |
| 05-Aug-2016 |
Rob Percival |
Improves CTLOG_STORE setters
Changes them to have clearer ownership semantics, as suggested in
https://github.com/openssl/openssl/pull/1372#discussion_r73232196.
Reviewed-by: Em
Improves CTLOG_STORE setters
Changes them to have clearer ownership semantics, as suggested in
https://github.com/openssl/openssl/pull/1372#discussion_r73232196.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1408)
show more ...
|
|
Revision tags: OpenSSL_1_1_0-pre6, OpenSSL-fips-2_0_13 |
|
| #
876a1a83 |
| 07-Jun-2016 |
Rob Percival |
Tests should check validation status directly
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| #
4fc31f75 |
| 07-Jun-2016 |
Rob Percival |
Test SCT lists
This encompasses what was previously tested.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| #
440e5d80 |
| 17-May-2016 |
Rich Salz |
Copyright consolidation 02/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Revision tags: OpenSSL_1_0_1t, OpenSSL_1_0_2h, OpenSSL_1_1_0-pre5 |
|
| #
50eadf2a |
| 08-Apr-2016 |
Emilia Kasper |
Fix warnings exposed by clang-3.8
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
43341433 |
| 07-Apr-2016 |
Viktor Dukhovni |
Suppress CT callback as appropriate
Suppress CT callbacks with aNULL or PSK ciphersuites that involve
no certificates. Ditto when the certificate chain is validated via
DANE-TA(2) o
Suppress CT callback as appropriate
Suppress CT callbacks with aNULL or PSK ciphersuites that involve
no certificates. Ditto when the certificate chain is validated via
DANE-TA(2) or DANE-EE(3) TLSA records. Also skip SCT processing
when the chain is fails verification.
Move and consolidate CT callbacks from libcrypto to libssl. We
also simplify the interface to SSL_{,CTX_}_enable_ct() which can
specify either a permissive mode that just collects information or
a strict mode that requires at least one valid SCT or else asks to
abort the connection.
Simplified SCT processing and options in s_client(1) which now has
just a simple pair of "-noct" vs. "-ct" options, the latter enables
the permissive callback so that we can complete the handshake and
report all relevant information. When printing SCTs, print the
validation status if set and not valid.
Signed-off-by: Rob Percival <robpercival@google.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
show more ...
|
| #
f0e1fe7c |
| 18-Mar-2016 |
FdaSilvaYY |
Add missing mem leak test activation and checks
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
ababe86b |
| 05-Apr-2016 |
Emilia Kasper |
testutil: return 1 on success
Require that test methods return 1 on success (not 0). This is more
customary for OpenSSL.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Revision tags: OpenSSL_1_1_0-pre4 |
|
| #
8359b57f |
| 10-Mar-2016 |
Rob Percival |
check reviewer --reviewer=emilia
Remove 'log' field from SCT and related accessors
In order to still have access to an SCT's CTLOG when calling SCT_print,
SSL_CTX_get0_ctlog_store ha
check reviewer --reviewer=emilia
Remove 'log' field from SCT and related accessors
In order to still have access to an SCT's CTLOG when calling SCT_print,
SSL_CTX_get0_ctlog_store has been added.
Improved documentation for some CT functions in openssl/ssl.h.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
67336ea4 |
| 09-Mar-2016 |
Richard Levitte |
Make ct_dir and certs_dir static in test/ct_test.c
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| #
dc919c69 |
| 09-Mar-2016 |
Rob Percival |
Make SCT literals into const variables in ct_test.c
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
14db9bbd |
| 08-Mar-2016 |
Rob Percival |
Removes SCT_LIST_set_source and SCT_LIST_set0_logs
Both of these functions can easily be implemented by callers instead.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed
Removes SCT_LIST_set_source and SCT_LIST_set0_logs
Both of these functions can easily be implemented by callers instead.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
