| #
214c724e |
| 21-Jun-2024 |
Matt Caswell |
Add a test for an empty NextProto message
It is valid according to the spec for a NextProto message to have no
protocols listed in it. The OpenSSL implementation however does not allow
Add a test for an empty NextProto message
It is valid according to the spec for a NextProto message to have no
protocols listed in it. The OpenSSL implementation however does not allow
us to create such a message. In order to check that we work as expected
when communicating with a client that does generate such messages we have
to use a TLSProxy test.
Follow on from CVE-2024-5535
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24716)
show more ...
|
| #
15eb7b68 |
| 14-Feb-2024 |
Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com> |
Fix typos found by codespell
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24013)
|
| #
b6461792 |
| 20-Mar-2024 |
Richard Levitte |
Copyright year updates
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0)
Reviewed-by: Hugo Lan
Copyright year updates
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24034)
show more ...
|
| #
4d7f5b82 |
| 30-Jan-2024 |
Frederik Wedel-Heinen |
Merge dtls and tls records tests
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23319)
|
| #
3e94e2b1 |
| 26-Jan-2024 |
Frederik Wedel-Heinen |
chomp does not work on windows.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23319)
|
| #
4439ed16 |
| 22-Jan-2024 |
Frederik Wedel-Heinen |
Use open2 instead of open for s_server instance
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/opens
Use open2 instead of open for s_server instance
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23319)
show more ...
|
| #
a1c72cc2 |
| 11-Jan-2024 |
Frederik Wedel-Heinen |
Support DTLS in TLS::Proxy.
Fixes #23199
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/ope
Support DTLS in TLS::Proxy.
Fixes #23199
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23319)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u |
|
| #
79c44b4e |
| 30-Nov-2019 |
Veres Lajos |
Fix some typos
Reported-by: misspell-fixer <https://github.com/vlajos/misspell-fixer>
CLA: trivial
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Revie
Fix some typos
Reported-by: misspell-fixer <https://github.com/vlajos/misspell-fixer>
CLA: trivial
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10544)
show more ...
|
|
Revision tags: OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d |
|
| #
dc5bcb88 |
| 05-Sep-2019 |
Matt Caswell |
Teach TLSProxy how to parse CertificateRequest messages
We also use this in test_tls13messages to check that the extensions we
expect to see in a CertificateRequest are there.
R
Teach TLSProxy how to parse CertificateRequest messages
We also use this in test_tls13messages to check that the extensions we
expect to see in a CertificateRequest are there.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9780)
show more ...
|
|
Revision tags: OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b |
|
| #
66a60003 |
| 04-Feb-2019 |
Matthias Kraft |
Fix Invalid Argument return code from IP_Factory in connect_to_server().
Fixes #7732
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.o
Fix Invalid Argument return code from IP_Factory in connect_to_server().
Fixes #7732
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8158)
show more ...
|
| #
9059ab42 |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in util/, tools/
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7766)
|
|
Revision tags: OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i, OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3 |
|
| #
36ff232c |
| 14-Mar-2018 |
Matt Caswell |
Change the default number of NewSessionTickets we send to 2
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.c
Change the default number of NewSessionTickets we send to 2
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5227)
show more ...
|
| #
bc661448 |
| 16-Apr-2018 |
Bernd Edlinger |
Wait max. 60 seconds for s_client to connect
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5964)
|
| #
f3d3b362 |
| 18-Apr-2018 |
Andy Polyakov |
TLSProxy/Proxy.pm: preclude output intermix.
s_server -rev emits info output on stderr, i.e. unbufferred, which
risks intermixing with output from TLSProxy itself on non-line
boundar
TLSProxy/Proxy.pm: preclude output intermix.
s_server -rev emits info output on stderr, i.e. unbufferred, which
risks intermixing with output from TLSProxy itself on non-line
boundaries, which in turn is confusing to TAP parser.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5975)
show more ...
|
| #
17cde9c2 |
| 16-Apr-2018 |
Andy Polyakov |
TLSProxy/Proxy.pm: refine NewSessionTicket detection.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5975)
|
| #
44420615 |
| 12-Apr-2018 |
Andy Polyakov |
TLSProxy/Proxy.pm: straighten inner loop termination logic.
Original condition was susceptible to race condition...
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Revie
TLSProxy/Proxy.pm: straighten inner loop termination logic.
Original condition was susceptible to race condition...
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5933)
show more ...
|
| #
de5b3a86 |
| 11-Apr-2018 |
Andy Polyakov |
TLSProxy/Proxy.pm: bind s_server to loopback interface.
Bind even test/ssltest_old.c to loopback interface. This allows to avoid
unnecessary alerts from Windows and Mac OS X firewalls.
TLSProxy/Proxy.pm: bind s_server to loopback interface.
Bind even test/ssltest_old.c to loopback interface. This allows to avoid
unnecessary alerts from Windows and Mac OS X firewalls.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5933)
show more ...
|
| #
0e3ecaec |
| 13-Apr-2018 |
Bernd Edlinger |
Rework partial packet handling once more
Address the concern that commit c53c2fec raised differently.
The original direction of the traffic is encoded in bit 0
of the flight num
Rework partial packet handling once more
Address the concern that commit c53c2fec raised differently.
The original direction of the traffic is encoded in bit 0
of the flight number.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5923)
show more ...
|
| #
b4c1950d |
| 11-Apr-2018 |
Andy Polyakov |
TLSProxy/Proxy.pm: handle "impossible" failure to connect to s_server.
The failure is "impossible", because we have confirmation that s_server
listens, yet Mac OS X fails to connect. Thi
TLSProxy/Proxy.pm: handle "impossible" failure to connect to s_server.
The failure is "impossible", because we have confirmation that s_server
listens, yet Mac OS X fails to connect. This avoids 10 minutes timeout
on Travis CI.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5907)
show more ...
|
| #
6b3e8b94 |
| 08-Apr-2018 |
Andy Polyakov |
TLSProxy/Proxy.pm: handle -1 as return value from waitpid.
On rare occasion 's_server | perl -ne print' can complete before
corresponding waitpid, which on Windows can results in -1 retu
TLSProxy/Proxy.pm: handle -1 as return value from waitpid.
On rare occasion 's_server | perl -ne print' can complete before
corresponding waitpid, which on Windows can results in -1 return
value. This is not an error, don't treat it like one. Collect
even return value from s_server.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5907)
show more ...
|
| #
c53c2fec |
| 06-Apr-2018 |
Andy Polyakov |
TLSProxy/Proxy.pm: refine partial packet handling.
Original logic was "if no records found *or* last one is truncated, then
leave complete records in queue." Trouble is that if we don't
TLSProxy/Proxy.pm: refine partial packet handling.
Original logic was "if no records found *or* last one is truncated, then
leave complete records in queue." Trouble is that if we don't pass on
complete records and get complete packet in opposite direction, then
queued records will go back to sender. In other words complete records
should always be passed on. [Possible alternative would be to match
direction in reconstruct_record.]
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5887)
show more ...
|
| #
55fd5d3f |
| 05-Apr-2018 |
Andy Polyakov |
TLSProxy/Proxy.pm: harmonize inner loop with the way sockets are.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5887)
|
| #
6228b1da |
| 02-Apr-2018 |
Andy Polyakov |
TLSProxy/Proxy.pm: switch to dynamic ports and overhaul.
By asking for port 0, you get a free port dynamically assigned by OS.
TLSProxy::Proxy now asks for 0 and asks s_server to do the
TLSProxy/Proxy.pm: switch to dynamic ports and overhaul.
By asking for port 0, you get a free port dynamically assigned by OS.
TLSProxy::Proxy now asks for 0 and asks s_server to do the same. The
s_server's port is reported in "ACCEPT" line, which TLSProxy::Proxy
parses and uses.
Because the server port is now a random affair in TLSProxy::Proxy,
it's no longer possible to change it with the method 'server_port',
and it has become an accessor only. For the sake of orthogonality, so
has the method 'server_addr'.
Remove all fork calls on Windows, as fork is not to be trusted there.
This naturally minimized amount of fork calls on POSIX systems, to 1.
Sink s_server's output to 'perl -ne print' which ensures that output
is written strictly in lines. This keeps TAP parser happy.
Improve synchronization in -naccept +n cases by establishing next
connection to s_server *after* s_client finishes instead of before it
starts.
Improve error handling and clean up some methods.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5843)
show more ...
|
| #
7814cdf3 |
| 27-Mar-2018 |
Matt Caswell |
Revert "Temporarily disable some tests that hang"
This reverts commit 37a385956461ab526ecea2739a8a40364a8db259.
These tests should now be fixed by commit e6e9170d6.
Reviewe
Revert "Temporarily disable some tests that hang"
This reverts commit 37a385956461ab526ecea2739a8a40364a8db259.
These tests should now be fixed by commit e6e9170d6.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/5765)
show more ...
|
| #
37a38595 |
| 26-Mar-2018 |
Matt Caswell |
Temporarily disable some tests that hang
The previous commit causes some tests to hang so we temporarily disable them.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(M
Temporarily disable some tests that hang
The previous commit causes some tests to hang so we temporarily disable them.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5757)
show more ...
|
