#
214c724e |
| 21-Jun-2024 |
Matt Caswell |
Add a test for an empty NextProto message It is valid according to the spec for a NextProto message to have no protocols listed in it. The OpenSSL implementation however does not allow
Add a test for an empty NextProto message It is valid according to the spec for a NextProto message to have no protocols listed in it. The OpenSSL implementation however does not allow us to create such a message. In order to check that we work as expected when communicating with a client that does generate such messages we have to use a TLSProxy test. Follow on from CVE-2024-5535 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24716)
show more ...
|
#
15eb7b68 |
| 14-Feb-2024 |
Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com> |
Fix typos found by codespell Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24013)
|
#
b6461792 |
| 20-Mar-2024 |
Richard Levitte |
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes (cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0) Reviewed-by: Hugo Lan
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes (cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0) Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24034)
show more ...
|
#
4d7f5b82 |
| 30-Jan-2024 |
Frederik Wedel-Heinen |
Merge dtls and tls records tests Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23319)
|
#
3e94e2b1 |
| 26-Jan-2024 |
Frederik Wedel-Heinen |
chomp does not work on windows. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23319)
|
#
4439ed16 |
| 22-Jan-2024 |
Frederik Wedel-Heinen |
Use open2 instead of open for s_server instance Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/opens
Use open2 instead of open for s_server instance Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23319)
show more ...
|
#
a1c72cc2 |
| 11-Jan-2024 |
Frederik Wedel-Heinen |
Support DTLS in TLS::Proxy. Fixes #23199 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/ope
Support DTLS in TLS::Proxy. Fixes #23199 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23319)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u |
|
#
79c44b4e |
| 30-Nov-2019 |
Veres Lajos |
Fix some typos Reported-by: misspell-fixer <https://github.com/vlajos/misspell-fixer> CLA: trivial Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Revie
Fix some typos Reported-by: misspell-fixer <https://github.com/vlajos/misspell-fixer> CLA: trivial Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10544)
show more ...
|
Revision tags: OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d |
|
#
dc5bcb88 |
| 05-Sep-2019 |
Matt Caswell |
Teach TLSProxy how to parse CertificateRequest messages We also use this in test_tls13messages to check that the extensions we expect to see in a CertificateRequest are there. R
Teach TLSProxy how to parse CertificateRequest messages We also use this in test_tls13messages to check that the extensions we expect to see in a CertificateRequest are there. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9780)
show more ...
|
Revision tags: OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b |
|
#
66a60003 |
| 04-Feb-2019 |
Matthias Kraft |
Fix Invalid Argument return code from IP_Factory in connect_to_server(). Fixes #7732 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.o
Fix Invalid Argument return code from IP_Factory in connect_to_server(). Fixes #7732 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8158)
show more ...
|
#
9059ab42 |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in util/, tools/ Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7766)
|
Revision tags: OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i, OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3 |
|
#
36ff232c |
| 14-Mar-2018 |
Matt Caswell |
Change the default number of NewSessionTickets we send to 2 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.c
Change the default number of NewSessionTickets we send to 2 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5227)
show more ...
|
#
bc661448 |
| 16-Apr-2018 |
Bernd Edlinger |
Wait max. 60 seconds for s_client to connect Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5964)
|
#
f3d3b362 |
| 18-Apr-2018 |
Andy Polyakov |
TLSProxy/Proxy.pm: preclude output intermix. s_server -rev emits info output on stderr, i.e. unbufferred, which risks intermixing with output from TLSProxy itself on non-line boundar
TLSProxy/Proxy.pm: preclude output intermix. s_server -rev emits info output on stderr, i.e. unbufferred, which risks intermixing with output from TLSProxy itself on non-line boundaries, which in turn is confusing to TAP parser. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5975)
show more ...
|
#
17cde9c2 |
| 16-Apr-2018 |
Andy Polyakov |
TLSProxy/Proxy.pm: refine NewSessionTicket detection. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5975)
|
#
44420615 |
| 12-Apr-2018 |
Andy Polyakov |
TLSProxy/Proxy.pm: straighten inner loop termination logic. Original condition was susceptible to race condition... Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Revie
TLSProxy/Proxy.pm: straighten inner loop termination logic. Original condition was susceptible to race condition... Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5933)
show more ...
|
#
de5b3a86 |
| 11-Apr-2018 |
Andy Polyakov |
TLSProxy/Proxy.pm: bind s_server to loopback interface. Bind even test/ssltest_old.c to loopback interface. This allows to avoid unnecessary alerts from Windows and Mac OS X firewalls.
TLSProxy/Proxy.pm: bind s_server to loopback interface. Bind even test/ssltest_old.c to loopback interface. This allows to avoid unnecessary alerts from Windows and Mac OS X firewalls. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5933)
show more ...
|
#
0e3ecaec |
| 13-Apr-2018 |
Bernd Edlinger |
Rework partial packet handling once more Address the concern that commit c53c2fec raised differently. The original direction of the traffic is encoded in bit 0 of the flight num
Rework partial packet handling once more Address the concern that commit c53c2fec raised differently. The original direction of the traffic is encoded in bit 0 of the flight number. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5923)
show more ...
|
#
b4c1950d |
| 11-Apr-2018 |
Andy Polyakov |
TLSProxy/Proxy.pm: handle "impossible" failure to connect to s_server. The failure is "impossible", because we have confirmation that s_server listens, yet Mac OS X fails to connect. Thi
TLSProxy/Proxy.pm: handle "impossible" failure to connect to s_server. The failure is "impossible", because we have confirmation that s_server listens, yet Mac OS X fails to connect. This avoids 10 minutes timeout on Travis CI. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5907)
show more ...
|
#
6b3e8b94 |
| 08-Apr-2018 |
Andy Polyakov |
TLSProxy/Proxy.pm: handle -1 as return value from waitpid. On rare occasion 's_server | perl -ne print' can complete before corresponding waitpid, which on Windows can results in -1 retu
TLSProxy/Proxy.pm: handle -1 as return value from waitpid. On rare occasion 's_server | perl -ne print' can complete before corresponding waitpid, which on Windows can results in -1 return value. This is not an error, don't treat it like one. Collect even return value from s_server. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5907)
show more ...
|
#
c53c2fec |
| 06-Apr-2018 |
Andy Polyakov |
TLSProxy/Proxy.pm: refine partial packet handling. Original logic was "if no records found *or* last one is truncated, then leave complete records in queue." Trouble is that if we don't
TLSProxy/Proxy.pm: refine partial packet handling. Original logic was "if no records found *or* last one is truncated, then leave complete records in queue." Trouble is that if we don't pass on complete records and get complete packet in opposite direction, then queued records will go back to sender. In other words complete records should always be passed on. [Possible alternative would be to match direction in reconstruct_record.] Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5887)
show more ...
|
#
55fd5d3f |
| 05-Apr-2018 |
Andy Polyakov |
TLSProxy/Proxy.pm: harmonize inner loop with the way sockets are. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5887)
|
#
6228b1da |
| 02-Apr-2018 |
Andy Polyakov |
TLSProxy/Proxy.pm: switch to dynamic ports and overhaul. By asking for port 0, you get a free port dynamically assigned by OS. TLSProxy::Proxy now asks for 0 and asks s_server to do the
TLSProxy/Proxy.pm: switch to dynamic ports and overhaul. By asking for port 0, you get a free port dynamically assigned by OS. TLSProxy::Proxy now asks for 0 and asks s_server to do the same. The s_server's port is reported in "ACCEPT" line, which TLSProxy::Proxy parses and uses. Because the server port is now a random affair in TLSProxy::Proxy, it's no longer possible to change it with the method 'server_port', and it has become an accessor only. For the sake of orthogonality, so has the method 'server_addr'. Remove all fork calls on Windows, as fork is not to be trusted there. This naturally minimized amount of fork calls on POSIX systems, to 1. Sink s_server's output to 'perl -ne print' which ensures that output is written strictly in lines. This keeps TAP parser happy. Improve synchronization in -naccept +n cases by establishing next connection to s_server *after* s_client finishes instead of before it starts. Improve error handling and clean up some methods. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5843)
show more ...
|
#
7814cdf3 |
| 27-Mar-2018 |
Matt Caswell |
Revert "Temporarily disable some tests that hang" This reverts commit 37a385956461ab526ecea2739a8a40364a8db259. These tests should now be fixed by commit e6e9170d6. Reviewe
Revert "Temporarily disable some tests that hang" This reverts commit 37a385956461ab526ecea2739a8a40364a8db259. These tests should now be fixed by commit e6e9170d6. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/5765)
show more ...
|
#
37a38595 |
| 26-Mar-2018 |
Matt Caswell |
Temporarily disable some tests that hang The previous commit causes some tests to hang so we temporarily disable them. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (M
Temporarily disable some tests that hang The previous commit causes some tests to hang so we temporarily disable them. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5757)
show more ...
|