| #
38fc02a7 |
| 17-Jun-2021 |
Matt Caswell |
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15801)
|
| #
f4752e88 |
| 21-May-2021 |
Rich Salz |
Move AllowClientRenegotiation tests
Move them from test_renegotiation to renegotiation in ssl_new
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@opens
Move AllowClientRenegotiation tests
Move them from test_renegotiation to renegotiation in ssl_new
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15415)
show more ...
|
| #
8984b552 |
| 04-Jun-2021 |
Matt Caswell |
Fix generate_ssl_tests.pl
Fix the generate_ssl_tests.pl script so that it can be run standalone from
the command line according to the instructions in test/README.ssltest.md
Fix
Fix generate_ssl_tests.pl
Fix the generate_ssl_tests.pl script so that it can be run standalone from
the command line according to the instructions in test/README.ssltest.md
Fixes #11430
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15617)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1 |
|
| #
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11616)
|
|
Revision tags: OpenSSL_1_1_1g |
|
| #
682bc861 |
| 07-Apr-2020 |
Matt Caswell |
Teach ssl_test_new how to test the FIPS module
We load the FIPS module and make sure it is configured before running
the ssl_test_new tests.
Reviewed-by: Shane Lontis <shane.lon
Teach ssl_test_new how to test the FIPS module
We load the FIPS module and make sure it is configured before running
the ssl_test_new tests.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11511)
show more ...
|
| #
ab5a02f7 |
| 07-Apr-2020 |
Matt Caswell |
Teach ssl_test_new to have different tests for different loaded providers
We now run the tests twice: Once with no specific providers loaded and
just using the default libctx, and a seco
Teach ssl_test_new to have different tests for different loaded providers
We now run the tests twice: Once with no specific providers loaded and
just using the default libctx, and a second time with a non-default libctx
and the default provider.
In the second run we disable tests which use a PSS cert/key because we
don't yet have support for that.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11511)
show more ...
|
|
Revision tags: OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
| #
eeacf7d0 |
| 15-Feb-2020 |
Richard Levitte |
TEST: Optionally silence OpenSSL::Test::setup()
test/generate_ssl_tests.pl uses OpenSSL::Test to get to some of its
practical location functions. A recent note in the setup() code made
TEST: Optionally silence OpenSSL::Test::setup()
test/generate_ssl_tests.pl uses OpenSSL::Test to get to some of its
practical location functions. A recent note in the setup() code made
its result not quite match the original (we do check that), so there's
a need to silence setup(), which we do with a simple optional argument.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)
show more ...
|
|
Revision tags: OpenSSL_1_0_2u, OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d |
|
| #
1935a586 |
| 09-Sep-2019 |
Richard Levitte |
Rework the perl fallback functionality
The module with_fallback.pm was kind of clunky and required a transfer
module. This change replaces if with a much more generic pragma type
mo
Rework the perl fallback functionality
The module with_fallback.pm was kind of clunky and required a transfer
module. This change replaces if with a much more generic pragma type
module, which simply appends given directories to @INC (as opposed to
the 'lib' pragma, which prepends the directories to @INC).
This also supports having a file MODULES.txt with sub-directories to
modules. This ensures that we don't have to spray individual module
paths throughout our perl code, but can have them collected in one
place.
(do note that there is a 'fallback' module on CPAN. However, it isn't
part of the core perl, and it has no support the any MODULES.txt kind
of construct)
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9826)
show more ...
|
|
Revision tags: OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b |
|
| #
909f1a2e |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in test/
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7767)
|
|
Revision tags: OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i, OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3, OpenSSL_1_1_1-pre2, OpenSSL_1_1_1-pre1, OpenSSL_1_0_2n, OpenSSL_1_0_2m, OpenSSL_1_1_0g |
|
| #
cb6afcd6 |
| 01-Aug-2017 |
Richard Levitte |
Consolidate the locations where we have our internal perl modules
Instead of having perl modules under test/testlib, util and util/perl,
consolidate them all to be inside util/perl.
Consolidate the locations where we have our internal perl modules
Instead of having perl modules under test/testlib, util and util/perl,
consolidate them all to be inside util/perl.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4069)
show more ...
|
|
Revision tags: OpenSSL_1_0_2l, OpenSSL_1_1_0f, OpenSSL-fips-2_0_16, OpenSSL_1_1_0e, OpenSSL_1_0_2k, OpenSSL_1_1_0d, OpenSSL-fips-2_0_15, OpenSSL-fips-2_0_14, OpenSSL_1_1_0c, OpenSSL_1_0_2j, OpenSSL_1_1_0b, OpenSSL_1_0_1u, OpenSSL_1_0_2i, OpenSSL_1_1_0a, OpenSSL_1_1_0, OpenSSL_1_1_0-pre6 |
|
| #
9f48bbac |
| 21-Jul-2016 |
Emilia Kasper |
Reorganize SSL test structures
Move custom server and client options from the test dictionary to an
"extra" section of each server/client. Rename test expectations to say
"Expected".
Reorganize SSL test structures
Move custom server and client options from the test dictionary to an
"extra" section of each server/client. Rename test expectations to say
"Expected".
This is a big but straightforward change. Primarily, this allows us to
specify multiple server and client contexts without redefining the
custom options for each of them. For example, instead of
"ServerNPNProtocols", "Server2NPNProtocols", "ResumeServerNPNProtocols",
we now have, "NPNProtocols".
This simplifies writing resumption and SNI tests. The first application
will be resumption tests for NPN and ALPN.
Regrouping the options also makes it clearer which options apply to the
server, which apply to the client, which configure the test, and which
are test expectations.
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
| #
d0c4415d |
| 21-Jul-2016 |
Emilia Kasper |
SSL tests: compress generated output a little
Don't emit duplicate server/client sections when they are
identical. Instead, just point to the same section.
Reviewed-by: Rich Sal
SSL tests: compress generated output a little
Don't emit duplicate server/client sections when they are
identical. Instead, just point to the same section.
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
11279b13 |
| 21-Jul-2016 |
Emilia Kasper |
Test client-side resumption
Add tests for resuming with a different client version.
This happens in reality when clients persist sessions on disk through
upgrades.
Revi
Test client-side resumption
Add tests for resuming with a different client version.
This happens in reality when clients persist sessions on disk through
upgrades.
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
590ed3d7 |
| 05-Jul-2016 |
Emilia Kasper |
SSL test framework: port resumption tests
Systematically test every server-side version downgrade or upgrade.
Client version upgrade or downgrade could be tested analogously but wil
SSL test framework: port resumption tests
Systematically test every server-side version downgrade or upgrade.
Client version upgrade or downgrade could be tested analogously but will
be done in a later change.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
|
Revision tags: OpenSSL-fips-2_0_13 |
|
| #
b0292980 |
| 13-Jun-2016 |
Emilia Kasper |
SSL test: only write out server2 when testing SNI
The SNI tests introduced a redundant "server2" section into every test
configuration. Copy this automatically from "server" unless testi
SSL test: only write out server2 when testing SNI
The SNI tests introduced a redundant "server2" section into every test
configuration. Copy this automatically from "server" unless testing SNI,
to reduce noise in the generated confs.
Also remove duplicate SSL_TEST_CTX_create (merge conflict error).
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
5c753de6 |
| 12-May-2016 |
Todd Short |
Fix session ticket and SNI
When session tickets are used, it's possible that SNI might swtich the
SSL_CTX on an SSL. Normally, this is not a problem, because the
initial_ctx/session_
Fix session ticket and SNI
When session tickets are used, it's possible that SNI might swtich the
SSL_CTX on an SSL. Normally, this is not a problem, because the
initial_ctx/session_ctx are used for all session ticket/id processes.
However, when the SNI callback occurs, it's possible that the callback
may update the options in the SSL from the SSL_CTX, and this could
cause SSL_OP_NO_TICKET to be set. If this occurs, then two bad things
can happen:
1. The session ticket TLSEXT may not be written when the ticket expected
flag is set. The state machine transistions to writing the ticket, and
the client responds with an error as its not expecting a ticket.
2. When creating the session ticket, if the ticket key cb returns 0
the crypto/hmac contexts are not initialized, and the code crashes when
trying to encrypt the session ticket.
To fix 1, if the ticket TLSEXT is not written out, clear the expected
ticket flag.
To fix 2, consider a return of 0 from the ticket key cb a recoverable
error, and write a 0 length ticket and continue. The client-side code
can explicitly handle this case.
Fix these two cases, and add unit test code to validate ticket behavior.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1098)
show more ...
|
| #
6aa36e8e |
| 21-May-2016 |
Rich Salz |
Add OpenSSL copyright to .pl files
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Revision tags: OpenSSL_1_0_1t, OpenSSL_1_0_2h, OpenSSL_1_1_0-pre5 |
|
| #
453dfd8d |
| 17-Mar-2016 |
Emilia Kasper |
New SSL test framework
Currently, SSL tests are configured via command-line switches to
ssltest.c. This results in a lot of duplication between ssltest.c and
apps, and a complex setu
New SSL test framework
Currently, SSL tests are configured via command-line switches to
ssltest.c. This results in a lot of duplication between ssltest.c and
apps, and a complex setup. ssltest.c is also simply old and needs
maintenance.
Instead, we already have a way to configure SSL servers and clients, so
we leverage that. SSL tests can now be configured from a configuration
file. Test servers and clients are configured using the standard
ssl_conf module. Additional test settings are configured via a test
configuration.
Moreover, since the CONF language involves unnecessary boilerplate, the
test conf itself is generated from a shorter Perl syntax.
The generated testcase files are checked in to the repo to make
it easier to verify that the intended test cases are in fact run; and to
simplify debugging failures.
To demonstrate the approach, min/max protocol tests are converted to the
new format. This change also fixes MinProtocol and MaxProtocol
handling. It was previously requested that an SSL_CTX have both the
server and client flags set for these commands; this clearly can never work.
Guide to this PR:
- test/ssl_test.c - test framework
- test/ssl_test_ctx.* - test configuration structure
- test/handshake_helper.* - new SSL test handshaking code
- test/ssl-tests/ - test configurations
- test/generate_ssl_tests.pl - script for generating CONF-style test
configurations from perl inputs
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
