#
7ed6de99 |
| 05-Sep-2024 |
Tomas Mraz |
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes
|
#
972ee925 |
| 16-Apr-2024 |
Tim Perry |
Use empty renegotiate extension instead of SCSV for TLS > 1.0 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com
Use empty renegotiate extension instead of SCSV for TLS > 1.0 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24161)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3 |
|
#
39ed0745 |
| 24-May-2020 |
Bernd Edlinger |
Remove OPENSSL_ia32cap overrides in various test scripts The removed override was: OPENSSL_ia32cap=~0x200000200000000 which disables AESNI codepaths and PCLMULQDQ (useful for ghash).
Remove OPENSSL_ia32cap overrides in various test scripts The removed override was: OPENSSL_ia32cap=~0x200000200000000 which disables AESNI codepaths and PCLMULQDQ (useful for ghash). It is unclear why this was done, but it probably just hides bugs. [extended tests] Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16693)
show more ...
|
#
0789c7d8 |
| 20-May-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15381)
|
#
55373bfd |
| 06-May-2021 |
Rich Salz |
Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION Add -client_renegotiation flag support. The -client_renegotiation flag is equivalent to SSL_OP_ALLOW_CLIENT_RENEGOTIATION. Add support to the app,
Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION Add -client_renegotiation flag support. The -client_renegotiation flag is equivalent to SSL_OP_ALLOW_CLIENT_RENEGOTIATION. Add support to the app, the config code, and the documentation. Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION to the SSL tests. We don't need to always enable it, but there are so many tests so this is the easiest thing to do. Add a test where client tries to renegotiate and it fails as expected. Add a test where server tries to renegotiate and it succeeds. The second test is supported by a new flag, -immediate_renegotiation, which is ignored on the client. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15184)
show more ...
|
Revision tags: openssl-3.0.0-alpha2 |
|
#
6ed34b3e |
| 30-Apr-2020 |
Matt Caswell |
Centralise Environment Variables for the tests The test_includes test was failing if OPENSSL_CONF_INCLUDE happened to be set in the user's environment. To ensure that no tests accidental
Centralise Environment Variables for the tests The test_includes test was failing if OPENSSL_CONF_INCLUDE happened to be set in the user's environment. To ensure that no tests accidentally use this or other enviroment variables from the user's environment we automatically set them centrally for all tests. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11691)
show more ...
|
Revision tags: openssl-3.0.0-alpha1 |
|
#
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
|
Revision tags: OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
#
433deaff |
| 25-Feb-2020 |
Rich Salz |
Use .cnf for config files, not .conf The default is openssl.cnf The project seems to prefer xxx.conf these days, but we should use the default convention. Rename all foo.conf (
Use .cnf for config files, not .conf The default is openssl.cnf The project seems to prefer xxx.conf these days, but we should use the default convention. Rename all foo.conf (except for Configurations) to foo.cnf Fixes #11174 Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11176)
show more ...
|
Revision tags: OpenSSL_1_0_2u, OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d |
|
#
dc5bcb88 |
| 05-Sep-2019 |
Matt Caswell |
Teach TLSProxy how to parse CertificateRequest messages We also use this in test_tls13messages to check that the extensions we expect to see in a CertificateRequest are there. R
Teach TLSProxy how to parse CertificateRequest messages We also use this in test_tls13messages to check that the extensions we expect to see in a CertificateRequest are there. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9780)
show more ...
|
Revision tags: OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b |
|
#
909f1a2e |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in test/ Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7767)
|
Revision tags: OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i, OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3, OpenSSL_1_1_1-pre2, OpenSSL_1_1_1-pre1 |
|
#
6738bf14 |
| 13-Feb-2018 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
c423ecaa |
| 09-Feb-2018 |
Matt Caswell |
Fixes for no-tls1_2 and no-tls1_2-method The no-tls1_2 option does not work properly in conjunction with TLSv1.3 being enabled (which is now the default). This commit fixes the issues.
Fixes for no-tls1_2 and no-tls1_2-method The no-tls1_2 option does not work properly in conjunction with TLSv1.3 being enabled (which is now the default). This commit fixes the issues. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5301)
show more ...
|
#
c5856878 |
| 17-Jan-2018 |
Richard Levitte |
Enable TLSProxy tests on Windows Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5094)
|
Revision tags: OpenSSL_1_0_2n |
|
#
b510b740 |
| 14-Nov-2017 |
Matt Caswell |
Ignore the session when setting SNI in s_client As per this comment: https://github.com/openssl/openssl/issues/4496#issuecomment-337767145 Since the server is entitled to r
Ignore the session when setting SNI in s_client As per this comment: https://github.com/openssl/openssl/issues/4496#issuecomment-337767145 Since the server is entitled to reject our session our ClientHello should include everything that we would want if a full handshake were to happen. Therefore we shouldn't use the session as a source of information for setting SNI. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4738)
show more ...
|
#
46f4e1be |
| 12-Nov-2017 |
Josh Soref |
Many spelling fixes/typo's corrected. Around 138 distinct errors found and fixed; thanks! Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tim Hudson <tjh@openssl.org>
Many spelling fixes/typo's corrected. Around 138 distinct errors found and fixed; thanks! Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3459)
show more ...
|
Revision tags: OpenSSL_1_0_2m, OpenSSL_1_1_0g |
|
#
db919b1e |
| 01-Aug-2017 |
Matt Caswell |
Update the tests for SNI changes If there is no SNI in the session then s_client no longer sends the SNI extension. Update the tests to take account of that Reviewed-by: Ben Kad
Update the tests for SNI changes If there is no SNI in the session then s_client no longer sends the SNI extension. Update the tests to take account of that Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
show more ...
|
Revision tags: OpenSSL_1_0_2l, OpenSSL_1_1_0f, OpenSSL-fips-2_0_16, OpenSSL_1_1_0e |
|
#
11ba87f2 |
| 13-Feb-2017 |
Matt Caswell |
Ensure s_client sends an SNI extension by default Enforcement of an SNI extension in the initial ClientHello is becoming increasingly common (e.g. see GitHub issue #2580). This commit ch
Ensure s_client sends an SNI extension by default Enforcement of an SNI extension in the initial ClientHello is becoming increasingly common (e.g. see GitHub issue #2580). This commit changes s_client so that it adds SNI be default, unless explicitly told not to via the new "-noservername" option. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2614)
show more ...
|
#
38a73150 |
| 26-Apr-2017 |
Matt Caswell |
Add a ciphersuite config sanity check for servers Ensure that there are ciphersuites enabled for the maximum supported version we will accept in a ClientHello. Reviewed-by: Rich
Add a ciphersuite config sanity check for servers Ensure that there are ciphersuites enabled for the maximum supported version we will accept in a ClientHello. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3316)
show more ...
|
#
d7345822 |
| 03-Mar-2017 |
Bernd Edlinger |
Reset executable bits on files where not needed. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/opens
Reset executable bits on files where not needed. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2835)
show more ...
|
Revision tags: OpenSSL_1_0_2k, OpenSSL_1_1_0d |
|
#
aec23ece |
| 04-Jan-2017 |
Richard Levitte |
Don't run OCSP tests when OCSP is disabled Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2173)
|
#
327d38d0 |
| 04-Jan-2017 |
Richard Levitte |
Don't test SRP when it's disabled Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2172)
|
#
e0c47b2c |
| 04-Jan-2017 |
Richard Levitte |
Don't run NPN tests when NPN is disabled Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2171)
|
#
f6e752c0 |
| 25-Dec-2016 |
Richard Levitte |
70-test_sslmessages.t: Don't check EXT_SIG_ALGS if TLS 1.2 is disabled Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2144)
|
#
0a6793c9 |
| 29-Dec-2016 |
Matt Caswell |
Fix CT test_sslmessages hangs The CT tests in test_sslmessages require EC to be available, therefore we must skip these if no-ec Reviewed-by: Richard Levitte <levitte@openssl.or
Fix CT test_sslmessages hangs The CT tests in test_sslmessages require EC to be available, therefore we must skip these if no-ec Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2153)
show more ...
|
#
397f4f78 |
| 28-Dec-2016 |
Matt Caswell |
Add a test to check the EC point formats extension appears when we expect The previous commit fixed a bug where the EC point formats extensions did not appear in the ServerHello. This sh
Add a test to check the EC point formats extension appears when we expect The previous commit fixed a bug where the EC point formats extensions did not appear in the ServerHello. This should have been caught by 70-test_sslmessages but that test never tries an EC ciphersuite. This updates the test to do that. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2153)
show more ...
|