History log of /openssl/test/recipes/70-test_tlsextms.t (Results 1 – 25 of 28)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3
# 39ed0745 24-May-2020 Bernd Edlinger

Remove OPENSSL_ia32cap overrides in various test scripts

The removed override was: OPENSSL_ia32cap=~0x200000200000000
which disables AESNI codepaths and PCLMULQDQ (useful for ghash).

Remove OPENSSL_ia32cap overrides in various test scripts

The removed override was: OPENSSL_ia32cap=~0x200000200000000
which disables AESNI codepaths and PCLMULQDQ (useful for ghash).
It is unclear why this was done, but it probably just hides bugs.

[extended tests]

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16693)

show more ...


# a28d06f3 18-Feb-2021 Matt Caswell

Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14235)


# a763ca11 14-Jan-2021 Matt Caswell

Stop disabling TLSv1.3 if ec and dh are disabled

Even if EC and DH are disabled then we may still be able to use TLSv1.3
if we have groups that have been plugged in by an external provid

Stop disabling TLSv1.3 if ec and dh are disabled

Even if EC and DH are disabled then we may still be able to use TLSv1.3
if we have groups that have been plugged in by an external provider.

Fixes #13767

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)

show more ...


Revision tags: openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u, OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d, OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b
# 909f1a2e 06-Dec-2018 Richard Levitte

Following the license change, modify the boilerplates in test/

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7767)


Revision tags: OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i, OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3, OpenSSL_1_1_1-pre2, OpenSSL_1_1_1-pre1
# 6738bf14 13-Feb-2018 Matt Caswell

Update copyright year

Reviewed-by: Richard Levitte <levitte@openssl.org>


# c5856878 17-Jan-2018 Richard Levitte

Enable TLSProxy tests on Windows

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5094)


Revision tags: OpenSSL_1_0_2n, OpenSSL_1_0_2m, OpenSSL_1_1_0g, OpenSSL_1_0_2l, OpenSSL_1_1_0f, OpenSSL-fips-2_0_16, OpenSSL_1_1_0e, OpenSSL_1_0_2k, OpenSSL_1_1_0d, OpenSSL-fips-2_0_15, OpenSSL-fips-2_0_14
# 94ed2c67 14-Nov-2016 Matt Caswell

Fixed various style issues in the key_share code

Numerous style issues as well as references to TLS1_3_VERSION instead of
SSL_IS_TLS13(s)

Reviewed-by: Rich Salz <rsalz@openssl.o

Fixed various style issues in the key_share code

Numerous style issues as well as references to TLS1_3_VERSION instead of
SSL_IS_TLS13(s)

Reviewed-by: Rich Salz <rsalz@openssl.org>

show more ...


Revision tags: OpenSSL_1_1_0c
# 0f1e51ea 02-Nov-2016 Matt Caswell

Start using the key_share data to derive the PMS

The previous commits put in place the logic to exchange key_share data. We
now need to do something with that information. In <= TLSv1.2

Start using the key_share data to derive the PMS

The previous commits put in place the logic to exchange key_share data. We
now need to do something with that information. In <= TLSv1.2 the equivalent
of the key_share extension is the ServerKeyExchange and ClientKeyExchange
messages. With key_share those two messages are no longer necessary.

The commit removes the SKE and CKE messages from the TLSv1.3 state machine.
TLSv1.3 is completely different to TLSv1.2 in the messages that it sends
and the transitions that are allowed. Therefore, rather than extend the
existing <=TLS1.2 state transition functions, we create a whole new set for
TLSv1.3. Intially these are still based on the TLSv1.2 ones, but over time
they will be amended.

The new TLSv1.3 transitions remove SKE and CKE completely. There's also some
cleanup for some stuff which is not relevant to TLSv1.3 and is easy to
remove, e.g. the DTLS support (we're not doing DTLSv1.3 yet) and NPN.

I also disable EXTMS for TLSv1.3. Using it was causing some added
complexity, so rather than fix it I removed it, since eventually it will not
be needed anyway.

Reviewed-by: Rich Salz <rsalz@openssl.org>

show more ...


Revision tags: OpenSSL_1_0_2j, OpenSSL_1_1_0b, OpenSSL_1_0_1u, OpenSSL_1_0_2i, OpenSSL_1_1_0a, OpenSSL_1_1_0, OpenSSL_1_1_0-pre6, OpenSSL-fips-2_0_13
# b02b5743 14-Jun-2016 Matt Caswell

Skip the TLSProxy tests if environmental problems are an issue

On some platforms we can't startup the TLSProxy due to environmental
problems (e.g. network set up on the build machine). T

Skip the TLSProxy tests if environmental problems are an issue

On some platforms we can't startup the TLSProxy due to environmental
problems (e.g. network set up on the build machine). These aren't OpenSSL
problems so we shouldn't treat them as test failures. Just visibly
indicate that we are skipping the test.

We only skip the first time we attempt to start up the proxy. If that works
then everything else should do...if not we should probably investigate and
so report as a failure.

This also removes test_networking...there is a danger that this turns into
a test of user's environmental set up rather than OpenSSL.

Reviewed-by: Richard Levitte <levitte@openssl.org>

show more ...


# b38c43f7 03-Jun-2016 Richard Levitte

tests: clean up temporary SSL session files.

RT#4557

Reviewed-by: Rich Salz <rsalz@openssl.org>


# b273fcc5 04-May-2016 Matt Caswell

Fix the no-tls option

The TLSProxy based tests don't work when TLS is disabled so we shouldn't
run them.

Reviewed-by: Richard Levitte <levitte@openssl.org>


Revision tags: OpenSSL_1_0_1t, OpenSSL_1_0_2h
# 596d6b7e 22-Apr-2016 Rich Salz

Unified copyright for test recipes

Reviewed-by: Richard Levitte <levitte@openssl.org>


Revision tags: OpenSSL_1_1_0-pre5
# 25c78440 01-Apr-2016 Richard Levitte

Adapt some test recipes to the newer cmdstr()

Reviewed-by: Rich Salz <rsalz@openssl.org>


# f9e55034 21-Mar-2016 Matt Caswell

Fix no-sock

Misc fixes for no-sock

Reviewed-by: Richard Levitte <levitte@openssl.org>


Revision tags: OpenSSL_1_1_0-pre4
# a717738b 05-Mar-2016 Richard Levitte

Don't define OPENSSL_ENGINES in test recipes, do it in Makefiles instead

In most builds, we can assume that engines live in the build tree
subdirectory "engines". This was hard coded in

Don't define OPENSSL_ENGINES in test recipes, do it in Makefiles instead

In most builds, we can assume that engines live in the build tree
subdirectory "engines". This was hard coded into the tests that use
the engine ossltest.

However, that hard coding is tedious, it would need to be done in
every test recipe, and it's an incorrect assumption in some cases.

This change has us play it safe and let the build files tell the
testing framework where the engines are.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

show more ...


# 5427976d 15-Mar-2016 Matt Caswell

Fix a TLSProxy race condition

TLSProxy starts s_server and specifies the number of client connects
it should expect. After that s_server is supposed to close down
automatically. Howe

Fix a TLSProxy race condition

TLSProxy starts s_server and specifies the number of client connects
it should expect. After that s_server is supposed to close down
automatically. However, if another test is then run then TLSProxy
will start a new instance of s_server. If the previous instance
hasn't closed down yet then the new instance can fail to bind to
the socket.

Reviewed-by: Richard Levitte <levitte@openssl.org>

show more ...


# 2d32d3be 05-Mar-2016 Richard Levitte

Don't run the TLSProxy based tests in native Windows

There are issues binding listening ports. This may be analyzed more
thoroughly later on.

Reviewed-by: Rich Salz <rsalz@open

Don't run the TLSProxy based tests in native Windows

There are issues binding listening ports. This may be analyzed more
thoroughly later on.

Reviewed-by: Rich Salz <rsalz@openssl.org>

show more ...


Revision tags: OpenSSL_1_0_1s, OpenSSL_1_0_2g
# b6453a68 26-Feb-2016 FdaSilvaYY

GH753: More spelling fix

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>


# 19ab5790 22-Feb-2016 Richard Levitte

Use $disabled{"dynamic-engine"} internally

We were kinda sorta using a mix of $disabled{"static-engine" and
$disabled{"dynamic-engine"} in Configure. Let's avoid confusion,
choose o

Use $disabled{"dynamic-engine"} internally

We were kinda sorta using a mix of $disabled{"static-engine" and
$disabled{"dynamic-engine"} in Configure. Let's avoid confusion,
choose one of them and stick to it.

Reviewed-by: Rich Salz <rsalz@openssl.org>

show more ...


# 2dd400bd 19-Feb-2016 Richard Levitte

Run the TLSProxy based tests as long as dynamic engines are built.

They depend on this feature because they use the engine ossltest,
which is only available as a dynamic engine.

Run the TLSProxy based tests as long as dynamic engines are built.

They depend on this feature because they use the engine ossltest,
which is only available as a dynamic engine.

Reviewed-by: Rich Salz <rsalz@openssl.org>

show more ...


# aa474d1f 19-Feb-2016 Emilia Kasper

TLS: reject duplicate extensions

Adapted from BoringSSL. Added a test.

The extension parsing code is already attempting to already handle this for
some individual extensions, bu

TLS: reject duplicate extensions

Adapted from BoringSSL. Added a test.

The extension parsing code is already attempting to already handle this for
some individual extensions, but it is doing so inconsistently. Duplicate
efforts in individual extension parsing will be cleaned up in a follow-up.

Reviewed-by: Stephen Henson <steve@openssl.org>

show more ...


Revision tags: OpenSSL_1_1_0-pre3, OpenSSL-fips-2_0_12
# b44b935e 12-Feb-2016 Richard Levitte

Let all TLSProxy based tests display debug text conditionally

If the environment variable HARNESS_ACTIVE isn't defined or
HARNESS_VERBOSE is defined, it's probable that lots of output is

Let all TLSProxy based tests display debug text conditionally

If the environment variable HARNESS_ACTIVE isn't defined or
HARNESS_VERBOSE is defined, it's probable that lots of output is
desired.

Reviewed-by: Rich Salz <rsalz@openssl.org>

show more ...


# 42e0ccdf 30-Jan-2016 Richard Levitte

unified build scheme: adjust test framework for out of source build tree

To be able to run tests when we've built in a directory other than
the source tree, the testing framework needs a

unified build scheme: adjust test framework for out of source build tree

To be able to run tests when we've built in a directory other than
the source tree, the testing framework needs a few adjustments.

test/testlib/OpenSSL/Test.pm needs to know where it can find
shlib_wrap.sh, and a number of other tests need to be told a different
place to find engines than what they may be able to figure out on
their own. Relying to $TOP is not enough, $SRCTOP and $BLDTOP can be
used as an alternative.

As part of this change, top_file and top_dir are removed and
srctop_file, bldtop_file, srctop_dir and bldtop_dir take their place.

Reviewed-by: Ben Laurie <ben@openssl.org>

show more ...


Revision tags: OpenSSL_1_0_1r, OpenSSL_1_0_2f
# 90d48e5e 26-Jan-2016 Richard Levitte

Use the new OpenSSL::Test::Utils routines.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>


# 83365051 25-Jan-2016 Richard Levitte

Make tests use configdata.pm rather than parsing Makefile

Reviewed-by: Rich Salz <rsalz@openssl.org>


12