#
eec204f4 |
| 25-May-2022 |
Todd Short |
Make running individual ssl-test easier Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org>
Make running individual ssl-test easier Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18407)
show more ...
|
#
f4752e88 |
| 21-May-2021 |
Rich Salz |
Move AllowClientRenegotiation tests Move them from test_renegotiation to renegotiation in ssl_new Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@opens
Move AllowClientRenegotiation tests Move them from test_renegotiation to renegotiation in ssl_new Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15415)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2 |
|
#
257e9d03 |
| 07-May-2020 |
Rich Salz |
Fix issues reported by markdownlint Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/
Fix issues reported by markdownlint Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/11739)
show more ...
|
#
9df3dd6b |
| 27-Apr-2020 |
Matt Caswell |
Update README.ssltests.md The ssltest docs were out of date because gneerate_ssl_tests now needs a provider to be specified on the command line. Fixes #11639 Reviewed-b
Update README.ssltests.md The ssltest docs were out of date because gneerate_ssl_tests now needs a provider to be specified on the command line. Fixes #11639 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11659)
show more ...
|
Revision tags: openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
#
433deaff |
| 25-Feb-2020 |
Rich Salz |
Use .cnf for config files, not .conf The default is openssl.cnf The project seems to prefer xxx.conf these days, but we should use the default convention. Rename all foo.conf (
Use .cnf for config files, not .conf The default is openssl.cnf The project seems to prefer xxx.conf these days, but we should use the default convention. Rename all foo.conf (except for Configurations) to foo.cnf Fixes #11174 Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11176)
show more ...
|
#
30a4cda5 |
| 18-Feb-2020 |
Richard Levitte |
Replace util/shlib_wrap.sh with util/wrap.pl in diverse docs Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/11110)
|
Revision tags: OpenSSL_1_0_2u, OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d, OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b, OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i, OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3, OpenSSL_1_1_1-pre2, OpenSSL_1_1_1-pre1, OpenSSL_1_0_2n, OpenSSL_1_0_2m, OpenSSL_1_1_0g, OpenSSL_1_0_2l, OpenSSL_1_1_0f, OpenSSL-fips-2_0_16, OpenSSL_1_1_0e, OpenSSL_1_0_2k, OpenSSL_1_1_0d, OpenSSL-fips-2_0_15, OpenSSL-fips-2_0_14, OpenSSL_1_1_0c, OpenSSL_1_0_2j, OpenSSL_1_1_0b, OpenSSL_1_0_1u, OpenSSL_1_0_2i, OpenSSL_1_1_0a |
|
#
a84e5c9a |
| 01-Sep-2016 |
Todd Short |
Session resume broken switching contexts When an SSL's context is swtiched from a ticket-enabled context to a ticket-disabled context in the servername callback, no session-id is gen
Session resume broken switching contexts When an SSL's context is swtiched from a ticket-enabled context to a ticket-disabled context in the servername callback, no session-id is generated, so the session can't be resumed. If a servername callback changes the SSL_OP_NO_TICKET option, check to see if it's changed to disable, and whether a session ticket is expected (i.e. the client indicated ticket support and the SSL had tickets enabled at the time), and whether we already have a previous session (i.e. s->hit is set). In this case, clear the ticket-expected flag, remove any ticket data and generate a session-id in the session. If the SSL hit (resumed) and switched to a ticket-disabled context, assume that the resumption was via session-id, and don't bother to update the session. Before this fix, the updated unit-tests in 06-sni-ticket.conf would fail test #4 (server1 = SNI, server2 = no SNI). Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/1529)
show more ...
|
#
f90486f4 |
| 07-Sep-2017 |
David Benjamin |
Fix test documentation. The instructions don't work. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openss
Fix test documentation. The instructions don't work. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4349)
show more ...
|
#
f15b50c4 |
| 31-Mar-2017 |
Dr. Stephen Henson |
Add ExpectedServerCANames Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3015)
|
#
2e21539b |
| 15-Mar-2017 |
Dr. Stephen Henson |
Add ExpectedClientCANames Add ExpectedClientCANames: for client auth this checks to see if the list of certificate authorities supplied by the server matches the expected value.
Add ExpectedClientCANames Add ExpectedClientCANames: for client auth this checks to see if the list of certificate authorities supplied by the server matches the expected value. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2969)
show more ...
|
#
ea1ecd98 |
| 14-Mar-2017 |
Emilia Kasper |
Port SRP tests to the new test framework Also add negative tests for password mismatch. Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
54b7f2a5 |
| 27-Jan-2017 |
Dr. Stephen Henson |
Add test support for TLS signature types. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/open
Add test support for TLS signature types. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
show more ...
|
#
ee5b6a42 |
| 13-Jan-2017 |
Dr. Stephen Henson |
Add options to check TLS signing hashes Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2235)
|
#
7289ab49 |
| 12-Jan-2017 |
Dr. Stephen Henson |
add ECDSA test server certificate Reviewed-by: Emilia Käsper <emilia@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2224)
|
#
7f5f35af |
| 08-Jan-2017 |
Dr. Stephen Henson |
Add options to check certificate types. Reviewed-by: Emilia Käsper <emilia@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2224)
|
#
b93ad05d |
| 08-Jan-2017 |
Dr. Stephen Henson |
Add new ssl_test option. Add option ExpectedTmpKeyType to test the temporary key the server sends is of the correct type. Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewe
Add new ssl_test option. Add option ExpectedTmpKeyType to test the temporary key the server sends is of the correct type. Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2191)
show more ...
|
#
fe7dd553 |
| 27-Sep-2016 |
Matt Caswell |
Extend the renegotiation tests Add the ability to test both server initiated and client initiated reneg. Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
1329b952 |
| 27-Sep-2016 |
Matt Caswell |
Update README.ssltest.md Add update for testing renegotiation. Also change info on CTLOG_FILE environment variable - which always seems to be required. Reviewed-by: Rich Salz <r
Update README.ssltest.md Add update for testing renegotiation. Also change info on CTLOG_FILE environment variable - which always seems to be required. Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_1_0 |
|
#
15269e56 |
| 19-Aug-2016 |
Emilia Kasper |
Add more details on how to add a new SSL test Reviewed-by: Stephen Henson <steve@openssl.org>
|
#
dd8e5a57 |
| 12-Aug-2016 |
Emilia Kasper |
Test that the peers send at most one fatal alert Duplicate alerts have happened, see 70c22888c1648fe8652e77107f3c74bf2212de36 Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
6dc99745 |
| 16-Aug-2016 |
Emilia Kasper |
Port multi-buffer tests Make maximum fragment length configurable and add various fragmentation tests, in addition to the existing multi-buffer tests. Reviewed-by: Rich Salz <rs
Port multi-buffer tests Make maximum fragment length configurable and add various fragmentation tests, in addition to the existing multi-buffer tests. Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
#
da085d27 |
| 09-Aug-2016 |
Emilia Kasper |
SSL tests: port CT tests, add a few more This commit only ports existing tests, and adds some coverage for resumption. We don't appear to have any handshake tests that cover SCT vali
SSL tests: port CT tests, add a few more This commit only ports existing tests, and adds some coverage for resumption. We don't appear to have any handshake tests that cover SCT validation success, and this commit doesn't change that. Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_1_0-pre6 |
|
#
9f48bbac |
| 21-Jul-2016 |
Emilia Kasper |
Reorganize SSL test structures Move custom server and client options from the test dictionary to an "extra" section of each server/client. Rename test expectations to say "Expected".
Reorganize SSL test structures Move custom server and client options from the test dictionary to an "extra" section of each server/client. Rename test expectations to say "Expected". This is a big but straightforward change. Primarily, this allows us to specify multiple server and client contexts without redefining the custom options for each of them. For example, instead of "ServerNPNProtocols", "Server2NPNProtocols", "ResumeServerNPNProtocols", we now have, "NPNProtocols". This simplifies writing resumption and SNI tests. The first application will be resumption tests for NPN and ALPN. Regrouping the options also makes it clearer which options apply to the server, which apply to the client, which configure the test, and which are test expectations. Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
#
11279b13 |
| 21-Jul-2016 |
Emilia Kasper |
Test client-side resumption Add tests for resuming with a different client version. This happens in reality when clients persist sessions on disk through upgrades. Revi
Test client-side resumption Add tests for resuming with a different client version. This happens in reality when clients persist sessions on disk through upgrades. Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
#
590ed3d7 |
| 05-Jul-2016 |
Emilia Kasper |
SSL test framework: port resumption tests Systematically test every server-side version downgrade or upgrade. Client version upgrade or downgrade could be tested analogously but wil
SSL test framework: port resumption tests Systematically test every server-side version downgrade or upgrade. Client version upgrade or downgrade could be tested analogously but will be done in a later change. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|