aboutsummaryrefslogtreecommitdiffstats
path: root/test/recipes
Commit message (Collapse)AuthorAgeFilesLines
* Add a DTLS unprocesed records testMatt Caswell2016-08-191-0/+21
| | | | | | | Add a test to inject a record from the next epoch during the handshake and make sure it doesn't get processed immediately. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add more details on how to add a new SSL testEmilia Kasper2016-08-191-1/+5
| | | | Reviewed-by: Stephen Henson <steve@openssl.org>
* Port multi-buffer testsEmilia Kasper2016-08-182-24/+7
| | | | | | | Make maximum fragment length configurable and add various fragmentation tests, in addition to the existing multi-buffer tests. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Remove a stray unneeded line in 70-test_sslrecords.tMatt Caswell2016-08-151-1/+0
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Add some SSLv2 ClientHello testsMatt Caswell2016-08-151-1/+197
| | | | | | Test that we handle a TLS ClientHello in an SSLv2 record correctly. Reviewed-by: Tim Hudson <tjh@openssl.org>
* Skip the SRP tests in 80-test_ssl_old.t if no TLS versions is enabledRichard Levitte2016-08-151-1/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Don't attempt to load the CT log list with no-ecEmilia Kasper2016-08-101-1/+2
| | | | | | | | In practice, CT isn't really functional without EC anyway, as most logs use EC keys. So, skip loading the log list with no-ec, and skip CT tests completely in that conf. Reviewed-by: Rich Salz <rsalz@openssl.org>
* SSL tests: port CT tests, add a few moreEmilia Kasper2016-08-102-24/+5
| | | | | | | | This commit only ports existing tests, and adds some coverage for resumption. We don't appear to have any handshake tests that cover SCT validation success, and this commit doesn't change that. Reviewed-by: Rich Salz <rsalz@openssl.org>
* NPN and ALPN: test resumptionEmilia Kasper2016-08-081-17/+1
| | | | | | | In NPN and ALPN, the protocol is renegotiated upon resumption. Test that resumption picks up changes to the extension. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix ALPN tests when NPN is offEmilia Kasper2016-08-081-1/+0
| | | | | | OPENSSL_NO_NEXTPROTONEG only disables NPN, not ALPN Reviewed-by: Richard Levitte <levitte@openssl.org>
* spelling fixes, just comments and readme.klemens2016-08-053-3/+3
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1413)
* Add basic test for Cisco DTLS1_BAD_VER and record replay handlingDavid Woodhouse2016-08-041-0/+20
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* 80-test_ssl_new.t: only skip on $no_tls if no other skip conditions definedRichard Levitte2016-08-021-1/+1
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* In 80-test_ssl_new, more "plan tests" to a more useful positionRichard Levitte2016-08-021-4/+4
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* Fix tests for no-nextprotonegMatt Caswell2016-08-021-0/+1
| | | | | | | Fix the 80-test_ssl_test_ctx and 80-test_ssl_new tests when used with the no-nextprotoneg option Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix no-tls1_2Matt Caswell2016-07-252-3/+4
| | | | | | Misc fixes impacting no-tls1_2. Also fixes no-dtls1_2. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix no-dtls*Matt Caswell2016-07-251-5/+4
| | | | | | Also fixes some other options like no-dgram and no-sock. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix no-ctMatt Caswell2016-07-251-1/+4
| | | | | | Ensure that we don't build/run the ct fuzzing code if no-ct is used. Reviewed-by: Rich Salz <rsalz@openssl.org>
* SSL test framework: port resumption testsEmilia Kasper2016-07-202-48/+5
| | | | | | | | | | Systematically test every server-side version downgrade or upgrade. Client version upgrade or downgrade could be tested analogously but will be done in a later change. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Fix building with no-cmsMatt Caswell2016-07-191-1/+5
| | | | | | The new fuzzing code broke no-cms Reviewed-by: Richard Levitte <levitte@openssl.org>
* SSL test framework: port NPN and ALPN testsEmilia Kasper2016-07-192-51/+7
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix client auth test_ssl_new failures when enabling/disabling protocolsMatt Caswell2016-07-181-0/+1
| | | | | | | If configuring for anything other than the default TLS protocols then test failures were occuring. Reviewed-by: Emilia Käsper <emilia@openssl.org>
* Extend mkcert.sh to support nameConstraints generation and more complexDr. Stephen Henson2016-07-111-1/+42
| | | | | | | | | subject alternate names. Add nameConstraints tests incluing DNS, IP and email tests both in subject alt name extension and subject name. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Platform sanity testRich Salz2016-07-082-1/+1
| | | | | | Replace nptest with sanity test. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Re-add x509 and crl fuzzerKurt Roeckx2016-07-011-1/+1
| | | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1276
* Run the fuzzing corpora as tests.Ben Laurie2016-07-011-0/+33
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* SSL test framework: port SNI testsEmilia Kasper2016-06-281-20/+1
| | | | | | | | | | | Observe that the old tests were partly ill-defined: setting sn_server1 but not sn_server2 in ssltest_old.c does not enable the SNI callback. Fix this, and also explicitly test both flavours of SNI mismatch (ignore / fatal alert). Tests still pass. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add a test for fragmented alertsMatt Caswell2016-06-271-1/+61
| | | | | | | The previous commit fixed a problem where fragmented alerts would cause an infinite loop. This commit adds a test for these fragmented alerts. Reviewed-by: Andy Polyakov <appro@openssl.org>
* Add verification of proxy certs to 25-test_verify.tRichard Levitte2016-06-201-1/+23
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* Skip the TLSProxy tests if environmental problems are an issueMatt Caswell2016-06-168-91/+16
| | | | | | | | | | | | | | | | On some platforms we can't startup the TLSProxy due to environmental problems (e.g. network set up on the build machine). These aren't OpenSSL problems so we shouldn't treat them as test failures. Just visibly indicate that we are skipping the test. We only skip the first time we attempt to start up the proxy. If that works then everything else should do...if not we should probably investigate and so report as a failure. This also removes test_networking...there is a danger that this turns into a test of user's environmental set up rather than OpenSSL. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add some session API testsMatt Caswell2016-06-131-2/+4
| | | | | | | | | | This commit adds some session API tests, and in particular tests the modified behaviour of SSL_set_session() introduced in the last commit. To do this I have factored out some common code from the asynciotest into a new ssltestlib.c file. I've also renamed getsettest to sslapitest as this more closely matches what it now is! Reviewed-by: Rich Salz <rsalz@openssl.org>
* Port DTLS version negotiation testsEmilia Kasper2016-06-132-59/+26
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix no-dtls* buildsMatt Caswell2016-06-101-1/+1
| | | | | | | Most of the no-dtls* builds were failing due to one test which had an incorrect "skip" condition. Reviewed-by: Andy Polyakov <appro@openssl.org>
* Fix session ticket and SNITodd Short2016-06-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | When session tickets are used, it's possible that SNI might swtich the SSL_CTX on an SSL. Normally, this is not a problem, because the initial_ctx/session_ctx are used for all session ticket/id processes. However, when the SNI callback occurs, it's possible that the callback may update the options in the SSL from the SSL_CTX, and this could cause SSL_OP_NO_TICKET to be set. If this occurs, then two bad things can happen: 1. The session ticket TLSEXT may not be written when the ticket expected flag is set. The state machine transistions to writing the ticket, and the client responds with an error as its not expecting a ticket. 2. When creating the session ticket, if the ticket key cb returns 0 the crypto/hmac contexts are not initialized, and the code crashes when trying to encrypt the session ticket. To fix 1, if the ticket TLSEXT is not written out, clear the expected ticket flag. To fix 2, consider a return of 0 from the ticket key cb a recoverable error, and write a 0 length ticket and continue. The client-side code can explicitly handle this case. Fix these two cases, and add unit test code to validate ticket behavior. Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1098)
* Add some accessor API'sRich Salz2016-06-081-1/+5
| | | | | | | | | GH1098: Add X509_get_pathlen() (and a test) GH1097: Add SSL_is_dtls() function. Documented. Reviewed-by: Matt Caswell <matt@openssl.org>
* Add empty record testsMatt Caswell2016-06-071-0/+81
| | | | | | | | | | | The previous commit changed how we handle out-of-context empty records. This commit adds some tests for the various scenarios. There are three tests: 1: Check that if we inject an out-of-context empty record then we fail 2: Check that if we inject an in-context empty record then we succeed 3: Check that if we inject too many in-context empty records then we fail. Reviewed-by: Andy Polyakov <appro@openssl.org>
* Add an SSL get/set testMatt Caswell2016-06-071-0/+20
| | | | | | | We just do the getters/setter for tlsext_status_type. This could be extended for others in the future. Reviewed-by: Rich Salz <rsalz@openssl.org>
* tests: Shut the shell up unless verboseRichard Levitte2016-06-061-1/+0
| | | | | | | In rare cases, the shell we run test programs in may have complaints. Shut those up unless testing verbosely. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Silence misleading test_abort stderr outputViktor Dukhovni2016-06-051-0/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Make 25-test_gen.t and 25-test_req.t into oneRichard Levitte2016-06-042-55/+30
| | | | | | | | | | Since one generates files that the other depends on, there's no real reason to keep them separate. Since they were both different aspects of 'openssl req', the merge ends up in 25-test_req.t. This also makes cleanup easier. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Have some more test recipes clean up after themselvesRichard Levitte2016-06-043-3/+43
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* tests: clean up temporary SSL session files.Richard Levitte2016-06-032-8/+16
| | | | | | RT#4557 Reviewed-by: Rich Salz <rsalz@openssl.org>
* Update client authentication testsEmilia Kasper2016-06-032-61/+30
| | | | | | | | Port client auth tests to the new framework, add coverage. The old tests were only testing success, and only for some protocol versions; the new tests add all protocol versions and various failure modes. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Testing symbol presence: also take note of small objectsRichard Levitte2016-06-021-1/+1
| | | | | | | | The S symbol class wasn't checked. Notified by Sebastian Andrzej Siewior Reviewed-by: Tim Hudson <tjh@openssl.org>
* Add final(?) set of copyrights.Rich Salz2016-06-011-0/+8
| | | | | | | | | Add copyright to missing assembler files. Add copyrights to missing test/* files. Add copyrights Various source and misc files. Reviewed-by: Richard Levitte <levitte@openssl.org>
* perl: use the 'if' module to conditionally load File::GlobRichard Levitte2016-05-302-6/+2
| | | | | | | Trying to use normal perl conditions to conditionally 'use' a perl module didn't quite work. Using the 'if' module to do so does work. Reviewed-by: Andy Polyakov <appro@openssl.org>
* Configure,test/recipes: "pin" glob to File::Glob::glob.Andy Polyakov2016-05-292-4/+10
| | | | | | | | | | | | | | As it turns out default glob's behaviour for quoted argument varies from version to version, making it impossible to Configure or run tests in some cases. The reason for quoting globs was to accommodate source path with spaces in its name, which was treated by default glob as multiple paths. File::Glob::glob on the other hand doesn't consider spaces as delimiters and therefore works with unquoted patterns. [Unfortunaltely File::Glob::glob, being too csh-ly, doesn't work on VMS, hence the "pinning" is conditional.] Reviewed-by: Richard Levitte <levitte@openssl.org>
* make sure to put quotes around -config argument, in case of spacesRichard Levitte2016-05-271-3/+3
| | | | | | RT#4486 Reviewed-by: Matt Caswell <matt@openssl.org>
* perl glob: make sure to put quotes around the pattern, in case of spacesRichard Levitte2016-05-271-1/+1
| | | | | | RT#4486 Reviewed-by: Matt Caswell <matt@openssl.org>
* Avoid msys name manglingMatt Caswell2016-05-271-4/+10
| | | | | | | | | | | | | | | | | | If using the msys console then msys attempts to "fix" command line arguments to convert them from Unix style to Windows style. One of the things it does is to look for arguments seperated by colons. This it assumes is a list of file paths, so it replaces the colon with a semi-colon. This was causing one of our tests to fail when calling the "req" command line app. We were attempting to create a new DSA key and passing the argument "dsa:../apps/dsa1024.pem". This is exactly what we intended but Msys mangles it to "dsa;../apps/dsa1024.pem" and the command fails. There doesn't seem to be a way to suppress Msys name mangling. Fortunately we can work around this issue by generating the DSA key in a separate step by calling "gendsa". RT#4255 Reviewed-by: Richard Levitte <levitte@openssl.org>
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-22 19:48:04 +0000