#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
3f7b67fb |
| 28-Jun-2023 |
Hugo Landau |
Remove unused server code Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https:/
Remove unused server code Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20061)
show more ...
|
#
4454c20f |
| 18-Apr-2023 |
Pauli |
test: update ssl_new tests in line with pedantic FIPS policy Add a new option to the `test' section of SSL test data structure. This contains a space separated list of version checks, al
test: update ssl_new tests in line with pedantic FIPS policy Add a new option to the `test' section of SSL test data structure. This contains a space separated list of version checks, all of which must pass. Note that the version checks are as they as because: - 3.1.0 doesn't have mandatory EMS support, so it can run the old tests. - 3.1.1 (& later) will have mandatory EMS support, so they can't run them. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20762)
show more ...
|
#
08e49012 |
| 16-May-2022 |
Tomas Mraz |
Add a test_ssl_new testcase This requires some code being pulled into the empty protocol implementation so the state machinery works. Reviewed-by: Matt Caswell <matt@openssl.org
Add a test_ssl_new testcase This requires some code being pulled into the empty protocol implementation so the state machinery works. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18307)
show more ...
|
Revision tags: openssl-3.0.0-alpha17 |
|
#
55373bfd |
| 06-May-2021 |
Rich Salz |
Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION Add -client_renegotiation flag support. The -client_renegotiation flag is equivalent to SSL_OP_ALLOW_CLIENT_RENEGOTIATION. Add support to the app,
Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION Add -client_renegotiation flag support. The -client_renegotiation flag is equivalent to SSL_OP_ALLOW_CLIENT_RENEGOTIATION. Add support to the app, the config code, and the documentation. Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION to the SSL tests. We don't need to always enable it, but there are so many tests so this is the easiest thing to do. Add a test where client tries to renegotiate and it fails as expected. Add a test where server tries to renegotiate and it succeeds. The second test is supported by a new flag, -immediate_renegotiation, which is ignored on the client. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15184)
show more ...
|
Revision tags: openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12 |
|
#
a28d06f3 |
| 18-Feb-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14235)
|
Revision tags: OpenSSL_1_1_1j, openssl-3.0.0-alpha11 |
|
#
a763ca11 |
| 14-Jan-2021 |
Matt Caswell |
Stop disabling TLSv1.3 if ec and dh are disabled Even if EC and DH are disabled then we may still be able to use TLSv1.3 if we have groups that have been plugged in by an external provid
Stop disabling TLSv1.3 if ec and dh are disabled Even if EC and DH are disabled then we may still be able to use TLSv1.3 if we have groups that have been plugged in by an external provider. Fixes #13767 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
show more ...
|
Revision tags: openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7 |
|
#
bca7ad6e |
| 26-Sep-2020 |
Dr. David von Oheimb |
Use adapted test_get_libctx() for simpler test setup and better error reporting Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13001)
|
#
20f8bc72 |
| 29-Nov-2020 |
Dr. David von Oheimb |
test cleanup: move helper .c and .h files to test/helpers/ Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13568)
|
#
b4250010 |
| 15-Oct-2020 |
Dr. Matthias St. Pierre |
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER. The OPENSSL_CTX type stands out a little by using a different prefix. For consistency reasons, this type is renamed to OSSL_LIB_CTX. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12621)
show more ...
|
#
d8652be0 |
| 24-Sep-2020 |
Matt Caswell |
Run the withlibctx.pl script Automatically rename all instances of _with_libctx() to _ex() as per our coding style. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged fro
Run the withlibctx.pl script Automatically rename all instances of _with_libctx() to _ex() as per our coding style. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12970)
show more ...
|
Revision tags: OpenSSL_1_1_1h |
|
#
e6623cfb |
| 03-Sep-2020 |
Matt Caswell |
Fix safestack issues in x509.h Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/1
Fix safestack issues in x509.h Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
show more ...
|
#
1bb6f70d |
| 12-Aug-2020 |
Dr. David von Oheimb |
testutil: Add provider.c with test_get_libctx(), to use at least for SSL and CMP Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/
testutil: Add provider.c with test_get_libctx(), to use at least for SSL and CMP Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11808)
show more ...
|
Revision tags: openssl-3.0.0-alpha6 |
|
#
6725682d |
| 24-Jul-2020 |
Shane Lontis |
Add X509 related libctx changes. - In order to not add many X509_XXXX_with_libctx() functions the libctx and propq may be stored in the X509 object via a call to X509_new_with_libctx().
Add X509 related libctx changes. - In order to not add many X509_XXXX_with_libctx() functions the libctx and propq may be stored in the X509 object via a call to X509_new_with_libctx(). - Loading via PEM_read_bio_X509() or d2i_X509() should pass in a created cert using X509_new_with_libctx(). - Renamed some XXXX_ex() to XXX_with_libctx() for X509 API's. - Removed the extra parameters in check_purpose.. - X509_digest() has been modified so that it expects a const EVP_MD object() and then internally it does the fetch when it needs to (via ASN1_item_digest_with_libctx()). - Added API's that set the libctx when they load such as X509_STORE_new_with_libctx() so that the cert chains can be verified. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12153)
show more ...
|
Revision tags: openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u |
|
#
852c2ed2 |
| 19-Dec-2019 |
Rich Salz |
In OpenSSL builds, declare STACK for datatypes ... ... and only *define* them in the source files that need them. Use DEFINE_OR_DECLARE which is set appropriately for internal builds
In OpenSSL builds, declare STACK for datatypes ... ... and only *define* them in the source files that need them. Use DEFINE_OR_DECLARE which is set appropriately for internal builds and not non-deprecated builds. Deprecate stack-of-block Better documentation Move some ASN1 struct typedefs to types.h Update ParseC to handle this. Most of all, ParseC needed to be more consistent. The handlers are "recursive", in so far that they are called again and again until they terminate, which depends entirely on what the "massager" returns. There's a comment at the beginning of ParseC that explains how that works. {Richard Levtte} Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10669)
show more ...
|
#
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
|
#
682bc861 |
| 07-Apr-2020 |
Matt Caswell |
Teach ssl_test_new how to test the FIPS module We load the FIPS module and make sure it is configured before running the ssl_test_new tests. Reviewed-by: Shane Lontis <shane.lon
Teach ssl_test_new how to test the FIPS module We load the FIPS module and make sure it is configured before running the ssl_test_new tests. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11511)
show more ...
|
#
ab5a02f7 |
| 07-Apr-2020 |
Matt Caswell |
Teach ssl_test_new to have different tests for different loaded providers We now run the tests twice: Once with no specific providers loaded and just using the default libctx, and a seco
Teach ssl_test_new to have different tests for different loaded providers We now run the tests twice: Once with no specific providers loaded and just using the default libctx, and a second time with a non-default libctx and the default provider. In the second run we disable tests which use a PSS cert/key because we don't yet have support for that. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11511)
show more ...
|
#
fea4e2bd |
| 03-Apr-2020 |
Matt Caswell |
Run ssl_test_new with a non-default library context We also prepare the way for a future commit to run ssl_test_new with just the FIPS provider loaded. Reviewed-by: Shane Lontis
Run ssl_test_new with a non-default library context We also prepare the way for a future commit to run ssl_test_new with just the FIPS provider loaded. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11511)
show more ...
|
#
8d242823 |
| 30-Jan-2020 |
Matt Caswell |
Fix common test framework options PR#6975 added the ability to our test framework to have common options to all tests. For example providing the option "-test 5" to one of our test p
Fix common test framework options PR#6975 added the ability to our test framework to have common options to all tests. For example providing the option "-test 5" to one of our test programs will just run test number 5. This can be useful when debugging tests. Unforuntately this does not work well for a number of tests. In particular those tests that call test_get_argument() without first skipping over these common test options will not get the expected value. Some tests did this correctly but a large number did not. A helper function is introduced, test_skip_common_options(), to make this easier for those tests which do not have their own specialised test option handling, but yet still need to call test_get_argument(). This function call is then added to all those tests that need it. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10975)
show more ...
|
Revision tags: OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d, OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b, OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1, OpenSSL_1_1_1-pre9 |
|
#
a43ce58f |
| 16-Aug-2018 |
Shane Lontis |
Updated test command line parsing to support commmon commands Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://gi
Updated test command line parsing to support commmon commands Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6975)
show more ...
|
#
5c587fb6 |
| 09-Dec-2018 |
Kurt Roeckx |
Use (D)TLS_MAX_VERSION_INTERNAL internally Use 0 if we don't want to set a minimum or maximum version Reviewed-by: Matt Caswell <matt@openssl.org> GH: #7260
|
#
909f1a2e |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in test/ Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7767)
|
Revision tags: OpenSSL_1_0_2p, OpenSSL_1_1_0i, OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5 |
|
#
dbabc862 |
| 15-Apr-2018 |
Bernd Edlinger |
Add a config option to disable automatic config loading ./config no-autoload-config Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pu
Add a config option to disable automatic config loading ./config no-autoload-config Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5959)
show more ...
|
Revision tags: OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3 |
|
#
b0edda11 |
| 20-Mar-2018 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5689)
|