| #
37a38595 |
| 26-Mar-2018 |
Matt Caswell |
Temporarily disable some tests that hang
The previous commit causes some tests to hang so we temporarily disable them.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(M
Temporarily disable some tests that hang
The previous commit causes some tests to hang so we temporarily disable them.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5757)
show more ...
|
| #
12636c14 |
| 22-Mar-2018 |
Bernd Edlinger |
Handle partial messages in TLSProxy
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5412)
|
| #
2e2faa8c |
| 19-Mar-2018 |
Richard Levitte |
In TLSProxy::Proxy, specify TLSv1.3 as maximum allowable protocol
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5663)
|
|
Revision tags: OpenSSL_1_1_1-pre2 |
|
| #
f865b081 |
| 16-Feb-2018 |
Matt Caswell |
Split configuration of TLSv1.3 ciphers from older ciphers
With the current mechanism, old cipher strings that used to work in 1.1.0,
may inadvertently disable all TLSv1.3 ciphersuites ca
Split configuration of TLSv1.3 ciphers from older ciphers
With the current mechanism, old cipher strings that used to work in 1.1.0,
may inadvertently disable all TLSv1.3 ciphersuites causing connections to
fail. This is confusing for users.
In reality TLSv1.3 are quite different to older ciphers. They are much
simpler and there are only a small number of them so, arguably, they don't
need the same level of control that the older ciphers have.
This change splits the configuration of TLSv1.3 ciphers from older ones.
By default the TLSv1.3 ciphers are on, so you cannot inadvertently disable
them through your existing config.
Fixes #5359
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5392)
show more ...
|
|
Revision tags: OpenSSL_1_1_1-pre1 |
|
| #
48e5119a |
| 19-Jan-2018 |
Richard Levitte |
Copyright update of more files that have changed this year
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/5110)
|
| #
c7454e1a |
| 17-Jan-2018 |
Richard Levitte |
Create one permanent proxy socket per TLSProxy::Proxy instance
On Windows, we sometimes see a behavior with SO_REUSEADDR where there
remains lingering listening sockets on the same addre
Create one permanent proxy socket per TLSProxy::Proxy instance
On Windows, we sometimes see a behavior with SO_REUSEADDR where there
remains lingering listening sockets on the same address and port as a
newly created one.
To avoid this scenario, we don't create a new proxy port for each new
client run. Instead, we create one proxy socket when the proxy object
is created, and close it when destroying that object.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5095)
show more ...
|
| #
e02d5886 |
| 18-Jan-2018 |
Richard Levitte |
TLSProxy::Proxy: Don't use ReuseAddr on Windows
On Windows, we sometimes see a behavior with SO_REUSEADDR where there
remains lingering listening sockets on the same address and port as
TLSProxy::Proxy: Don't use ReuseAddr on Windows
On Windows, we sometimes see a behavior with SO_REUSEADDR where there
remains lingering listening sockets on the same address and port as a
newly created one.
An easy solution is not to use ReuseAddr on Windows.
Thanks Bernd Edlinger for the suggestion.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5103)
show more ...
|
| #
825038d8 |
| 17-Jan-2018 |
Richard Levitte |
TLSProxy::Proxy: don't waste time redirecting STDOUT and STDERR
On Windows, it seems that doing so in a forked (pseudo-)process
sometimes affects the parent, and thereby hides all the re
TLSProxy::Proxy: don't waste time redirecting STDOUT and STDERR
On Windows, it seems that doing so in a forked (pseudo-)process
sometimes affects the parent, and thereby hides all the results that
are supposed to be seen by the running test framework (the "ok" and
"not ok" lines).
It turns out that our redirection isn't necessary, as the test
framework seems to swallow it all in non-verbose mode anyway.
It's possible that we did need this at some point, but the framework
has undergone some refinement since then...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5100)
show more ...
|
| #
c44bab08 |
| 16-Jan-2018 |
Richard Levitte |
TLSProxy::Proxy: If we don't support IPv6, force IPv4
We use the first we can of the following IO::Socket modules to create
sockets:
- IO::Socket::INET6
- IO::Socket::IP
TLSProxy::Proxy: If we don't support IPv6, force IPv4
We use the first we can of the following IO::Socket modules to create
sockets:
- IO::Socket::INET6
- IO::Socket::IP
- IO::Socket::INET
The last of them doesn't support IPv6, so if that's the one available,
we must force the s_client and s_server processes to use IPv4.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5092)
show more ...
|
| #
82992a41 |
| 16-Jan-2018 |
Matt Caswell |
Extend timeout for TLSProxy
I received this error from a TLSProxy test:
Failed to start up server (localhost,4443): Transport endpoint is not
connected
So, extend the t
Extend timeout for TLSProxy
I received this error from a TLSProxy test:
Failed to start up server (localhost,4443): Transport endpoint is not
connected
So, extend the timeout before we give up trying to connect to the server.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5088)
show more ...
|
| #
438e57a4 |
| 13-Jan-2018 |
Bernd Edlinger |
Catch SIGPIPE in TLSProxy::Proxy::clientstart
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5071)
|
|
Revision tags: OpenSSL_1_0_2n |
|
| #
597c51bc |
| 05-Dec-2017 |
Matt Caswell |
Merge HRR into ServerHello
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)
|
| #
018632ae |
| 03-Nov-2017 |
Matt Caswell |
Fix race condition in TLSProxy
Normally TLSProxy waits for the s_server process to finish before
continuing. However in cases where serverconnects > 1 we need to keep the
s_server pr
Fix race condition in TLSProxy
Normally TLSProxy waits for the s_server process to finish before
continuing. However in cases where serverconnects > 1 we need to keep the
s_server process around for a later test so we continue immediately. This
means that TAP test output can end up being printed to stdout at the same
time as s_server is printing stuff. This confuses the test runner and can
cause spurious test failures. This commit introduces a small delay in cases
where serverconnects > 1 in order to give s_server enough time to finish
what it was doing before we continue to the next test.
Fixes #4129
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4660)
show more ...
|
|
Revision tags: OpenSSL_1_0_2m, OpenSSL_1_1_0g |
|
| #
41300166 |
| 31-Aug-2017 |
Matt Caswell |
Fix Proxy where a timeout occurs waiting for both client and server
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4305)
|
| #
cb6afcd6 |
| 01-Aug-2017 |
Richard Levitte |
Consolidate the locations where we have our internal perl modules
Instead of having perl modules under test/testlib, util and util/perl,
consolidate them all to be inside util/perl.
Consolidate the locations where we have our internal perl modules
Instead of having perl modules under test/testlib, util and util/perl,
consolidate them all to be inside util/perl.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4069)
show more ...
|
