| #
439db0c9 |
| 01-Mar-2017 |
Matt Caswell |
Add compression tests
Check whether we negotiate compression in various scenarios.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pul
Add compression tests
Check whether we negotiate compression in various scenarios.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2814)
show more ...
|
| #
e364c3b2 |
| 07-Nov-2016 |
Emilia Kasper |
Add main() test methods to reduce test boilerplate.
Simple tests only need to implement register_tests().
Tests that need a custom main() should implement test_main(). This will
be w
Add main() test methods to reduce test boilerplate.
Simple tests only need to implement register_tests().
Tests that need a custom main() should implement test_main(). This will
be wrapped in a main() that performs common setup/teardown (currently
crypto-mdebug).
Note that for normal development, enable-asan is usually
sufficient for detecting leaks, and more versatile.
enable-crypto-mdebug is stricter as it will also
insist that all static variables be freed. This is useful for debugging
library init/deinit; however, it also means that test_main() must free
everything it allocates.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
d836d71b |
| 04-Nov-2016 |
Emilia Kasper |
Simplify tests part 2
1) Remove some unnecessary fixtures
2) Add EXECUTE_TEST_NO_TEARDOWN shorthand when a fixture exists but has
no teardown.
3) Fix return values in ct_test.c (
Simplify tests part 2
1) Remove some unnecessary fixtures
2) Add EXECUTE_TEST_NO_TEARDOWN shorthand when a fixture exists but has
no teardown.
3) Fix return values in ct_test.c (introduced by an earlier refactoring,
oops)
Note that for parameterized tests, the index (test vector) usually holds all the
customization, and there should be no need for a separate test
fixture. The CTS test is an exception: it demonstrates how to combine
customization with parameterization.
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
| #
6ec327ee |
| 03-Nov-2016 |
Emilia Kasper |
testutil: always print errors on failure
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
767ccc3b |
| 30-Aug-2016 |
Matt Caswell |
Add some CertStatus tests
The previous commit revealed a long standing problem where CertStatus
processing was broken in DTLS. This would have been revealed by better
testing - so ad
Add some CertStatus tests
The previous commit revealed a long standing problem where CertStatus
processing was broken in DTLS. This would have been revealed by better
testing - so add some!
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
6dc99745 |
| 16-Aug-2016 |
Emilia Kasper |
Port multi-buffer tests
Make maximum fragment length configurable and add various fragmentation
tests, in addition to the existing multi-buffer tests.
Reviewed-by: Rich Salz <rs
Port multi-buffer tests
Make maximum fragment length configurable and add various fragmentation
tests, in addition to the existing multi-buffer tests.
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
e0421bd8 |
| 11-Aug-2016 |
Emilia Kasper |
SSL tests: send some application data
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
d61f0078 |
| 09-Aug-2016 |
Emilia Kasper |
Add TEST_check
Like OPENSSL_assert, but also prints the error stack before exiting.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
da085d27 |
| 09-Aug-2016 |
Emilia Kasper |
SSL tests: port CT tests, add a few more
This commit only ports existing tests, and adds some coverage for
resumption. We don't appear to have any handshake tests that cover SCT
vali
SSL tests: port CT tests, add a few more
This commit only ports existing tests, and adds some coverage for
resumption. We don't appear to have any handshake tests that cover SCT
validation success, and this commit doesn't change that.
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
6bd3379a |
| 09-Aug-2016 |
Emilia Kasper |
SSL test ctx: fix tests
Some failure tests were failing for the wrong reason after the CTX
refactoring. Update those tests.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
9f48bbac |
| 21-Jul-2016 |
Emilia Kasper |
Reorganize SSL test structures
Move custom server and client options from the test dictionary to an
"extra" section of each server/client. Rename test expectations to say
"Expected".
Reorganize SSL test structures
Move custom server and client options from the test dictionary to an
"extra" section of each server/client. Rename test expectations to say
"Expected".
This is a big but straightforward change. Primarily, this allows us to
specify multiple server and client contexts without redefining the
custom options for each of them. For example, instead of
"ServerNPNProtocols", "Server2NPNProtocols", "ResumeServerNPNProtocols",
we now have, "NPNProtocols".
This simplifies writing resumption and SNI tests. The first application
will be resumption tests for NPN and ALPN.
Regrouping the options also makes it clearer which options apply to the
server, which apply to the client, which configure the test, and which
are test expectations.
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
| #
620c6ad3 |
| 31-Jul-2016 |
Ben Laurie |
Fix various no-*s.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
590ed3d7 |
| 05-Jul-2016 |
Emilia Kasper |
SSL test framework: port resumption tests
Systematically test every server-side version downgrade or upgrade.
Client version upgrade or downgrade could be tested analogously but wil
SSL test framework: port resumption tests
Systematically test every server-side version downgrade or upgrade.
Client version upgrade or downgrade could be tested analogously but will
be done in a later change.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
| #
ce2cdac2 |
| 04-Jul-2016 |
Emilia Kasper |
SSL test framework: port NPN and ALPN tests
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
d2b23cd2 |
| 20-Jun-2016 |
Emilia Kasper |
SSL test framework: port SNI tests
Observe that the old tests were partly ill-defined:
setting sn_server1 but not sn_server2 in ssltest_old.c does not enable
the SNI callback.
SSL test framework: port SNI tests
Observe that the old tests were partly ill-defined:
setting sn_server1 but not sn_server2 in ssltest_old.c does not enable
the SNI callback.
Fix this, and also explicitly test both flavours of SNI mismatch (ignore
/ fatal alert). Tests still pass.
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
74726750 |
| 03-Jun-2016 |
Emilia Kasper |
Port DTLS version negotiation tests
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
81fc33c9 |
| 09-Jun-2016 |
Emilia Kasper |
Clean up following new SNI tests
- Only send SNI in SNI tests. This allows us to test handshakes without
the SNI extension as well.
- Move all handshake-specific machinery to hands
Clean up following new SNI tests
- Only send SNI in SNI tests. This allows us to test handshakes without
the SNI extension as well.
- Move all handshake-specific machinery to handshake_helper.c
- Use enum types to represent the enum everywhere
(Resorting to plain ints can end in sign mismatch when the enum is
represented by an unsigned type.)
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
5c753de6 |
| 12-May-2016 |
Todd Short |
Fix session ticket and SNI
When session tickets are used, it's possible that SNI might swtich the
SSL_CTX on an SSL. Normally, this is not a problem, because the
initial_ctx/session_
Fix session ticket and SNI
When session tickets are used, it's possible that SNI might swtich the
SSL_CTX on an SSL. Normally, this is not a problem, because the
initial_ctx/session_ctx are used for all session ticket/id processes.
However, when the SNI callback occurs, it's possible that the callback
may update the options in the SSL from the SSL_CTX, and this could
cause SSL_OP_NO_TICKET to be set. If this occurs, then two bad things
can happen:
1. The session ticket TLSEXT may not be written when the ticket expected
flag is set. The state machine transistions to writing the ticket, and
the client responds with an error as its not expecting a ticket.
2. When creating the session ticket, if the ticket key cb returns 0
the crypto/hmac contexts are not initialized, and the code crashes when
trying to encrypt the session ticket.
To fix 1, if the ticket TLSEXT is not written out, clear the expected
ticket flag.
To fix 2, consider a return of 0 from the ticket key cb a recoverable
error, and write a 0 length ticket and continue. The client-side code
can explicitly handle this case.
Fix these two cases, and add unit test code to validate ticket behavior.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1098)
show more ...
|
| #
440e5d80 |
| 17-May-2016 |
Rich Salz |
Copyright consolidation 02/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
a263f320 |
| 07-Apr-2016 |
Emilia Kasper |
Remove proxy tests. Add verify callback tests.
The old proxy tests test the implementation of an application proxy
policy callback defined in the test itself, which is not particularly
Remove proxy tests. Add verify callback tests.
The old proxy tests test the implementation of an application proxy
policy callback defined in the test itself, which is not particularly
useful.
It is, however, useful to test cert verify overrides in
general. Therefore, replace these tests with tests for cert verify
callback behaviour.
Also glob the ssl test inputs on the .in files to catch missing
generated files.
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
ababe86b |
| 05-Apr-2016 |
Emilia Kasper |
testutil: return 1 on success
Require that test methods return 1 on success (not 0). This is more
customary for OpenSSL.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
453dfd8d |
| 17-Mar-2016 |
Emilia Kasper |
New SSL test framework
Currently, SSL tests are configured via command-line switches to
ssltest.c. This results in a lot of duplication between ssltest.c and
apps, and a complex setu
New SSL test framework
Currently, SSL tests are configured via command-line switches to
ssltest.c. This results in a lot of duplication between ssltest.c and
apps, and a complex setup. ssltest.c is also simply old and needs
maintenance.
Instead, we already have a way to configure SSL servers and clients, so
we leverage that. SSL tests can now be configured from a configuration
file. Test servers and clients are configured using the standard
ssl_conf module. Additional test settings are configured via a test
configuration.
Moreover, since the CONF language involves unnecessary boilerplate, the
test conf itself is generated from a shorter Perl syntax.
The generated testcase files are checked in to the repo to make
it easier to verify that the intended test cases are in fact run; and to
simplify debugging failures.
To demonstrate the approach, min/max protocol tests are converted to the
new format. This change also fixes MinProtocol and MaxProtocol
handling. It was previously requested that an SSL_CTX have both the
server and client flags set for these commands; this clearly can never work.
Guide to this PR:
- test/ssl_test.c - test framework
- test/ssl_test_ctx.* - test configuration structure
- test/handshake_helper.* - new SSL test handshaking code
- test/ssl-tests/ - test configurations
- test/generate_ssl_tests.pl - script for generating CONF-style test
configurations from perl inputs
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
