| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
| |
The intention with that option is to allow extra flags to the perl
interpreter itself.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
|
|
|
|
|
|
| |
Previously, it was sufficient to have certSign in keyUsage when the
basicConstraints extension was missing. That is still accepted in
a trust anchor, but is no longer accepted in an intermediate CA.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
|
| |
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #2452
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to documentation, perl's Math::BigInt does floored division,
i.e. the bdiv function does 1 / -4 = -1. OpenSSL's BN_div, as well as
bc, do truncated division, i.e. 1 / -4 = 0.
We need to compensate for that difference in test/recipes/bc.pl to
make sure to verify the bntest results under its own conditions, by
dividing the absolute values of the given numbers and fixup the
result's negativity afterwards.
Closes RT#4485
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
|
|
|
|
|
| |
Misc fixes for no-sock
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
|
|
|
|
| |
Fix the evp tests when no-scrypt is used.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
|
|
|
|
| |
This fixes the no-cms compile time option.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
|
|
|
|
| |
Misc fixes for no-dsa.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
|
|
|
|
|
| |
This removes all scripts that deal with MINFO as well, since that's
only used by mk1mf.
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
|
|
|
|
|
|
|
|
| |
* Clear proposed, along with selected, before looking at ClientHello
* Add test case for above
* Clear NPN seen after selecting ALPN on server
* Minor documentation updates
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
|
| |
Numerous fixes for no-des.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
|
| |
There were a couple of CMAC references without OPENSSL_NO_CMAC guards.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
$? in perl gets the status value from wait(2), which is a word with
the exit code in the upper half and the number of a raised signal in
the lower half. OpenSSL::Test::run() ignored the signal half up until
now.
With this change, we recalculate an exit code the same way the Unix
shells do, using this formula:
($? & 0x7f) ? ($? & 0x7f)|0x80 : ($? >> 8);
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
|
|
|
|
|
| |
The CMS test uses some RC2 keys which should be skipped if the RC2 is
disabled.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
|
|
| |
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In most builds, we can assume that engines live in the build tree
subdirectory "engines". This was hard coded into the tests that use
the engine ossltest.
However, that hard coding is tedious, it would need to be done in
every test recipe, and it's an incorrect assumption in some cases.
This change has us play it safe and let the build files tell the
testing framework where the engines are.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
|
|
|
|
|
| |
Reduces #ifdef complexity.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
|
|
|
|
|
|
|
|
|
| |
Some platforms claim to be POSIX but their getcontext() implementation
does not work. Therefore we update the ASYNC_is_capable() function to test
for this.
RT#4366
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
|
|
|
|
|
|
|
|
|
| |
TLSProxy starts s_server and specifies the number of client connects
it should expect. After that s_server is supposed to close down
automatically. However, if another test is then run then TLSProxy
will start a new instance of s_server. If the previous instance
hasn't closed down yet then the new instance can fail to bind to
the socket.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds the general verify options of ocsp, verify,
cms, etc. to the openssl timestamping app as suggested by
Stephen N. Henson in [openssl.org #4287]. The conflicting
"-policy" option of "openssl ts" has been renamed to
"-tspolicy". Documentation and tests have been updated.
CAVE: This will break code, which currently uses the "-policy"
option.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
|
|
|
|
|
|
| |
Also make it possible to disable afalg separately.
we still need to update config again
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
|
|
| |
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
|
|
|
|
|
|
| |
While insignificant on Unix like systems, this is significant on
systems like VMS.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
|
|
|
|
| |
That doesn't change even to make a dummy to hide its unavailability.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
| |
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
| |
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
| |
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
|
|
| |
Running test_ssl with HARNESS_VERBOSE results in lots of spurious warnings
about an inability to load the CT config file. This fixes it.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
|
|
|
|
| |
Issue identified on Solaris by Erik Forsberg <erik@efca.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove 'log' field from SCT and related accessors
In order to still have access to an SCT's CTLOG when calling SCT_print,
SSL_CTX_get0_ctlog_store has been added.
Improved documentation for some CT functions in openssl/ssl.h.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
|
|
| |
The afalgtest was unnecessarily initing an EVP_CIPHER_CTX. It is not
needed and is deprecated.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
|
| |
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1824
|
|
|
|
|
|
| |
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1824
|
|
|
|
|
|
| |
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1824
|
|
|
|
| |
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
ct_test assumed it's run in the source directory and failed when built
elsewhere. It still defaults to that, but can be told another story
with the environment variables CT_DIR and CERTS_DIR.
Test recipe updated to match.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
| |
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
|
|
| |
Both of these functions can easily be implemented by callers instead.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
| |
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
| |
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
|
|
| |
Also improves some documentation of those functions.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
| |
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
|
|
|
|
|
|
|
|
| |
ct_test assumed it's run in the source directory and failed when built
elsewhere. It still defaults to that, but can be told another story
with the environment variables CT_DIR and CERTS_DIR.
Test recipe updated to match.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
|
|
|
|
|
|
|
|
| |
All OpenSSL code has now been transferred to use the new threading API,
so the old one is no longer used and can be removed. We provide some compat
macros for removed functions which are all no-ops.
There is now no longer a need to set locking callbacks!!
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
|
|
|
|
|
| |
There are issues binding listening ports. This may be analyzed more
thoroughly later on.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
|
|
| |
CRYPTO_mem_leaks de-inits the library, so we must not do anything
interesting after we've used it!
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
|
|
|
|
|
| |
The new Rand usage of Thread API exposed a bug in ssltest. ssltest "cheats"
and uses internal headers to directly call functions that normally you
wouldn't be able to do. This means that auto-init doesn't happen, and
therefore auto-deinit doesn't happen either, meaning that the new rand locks
don't get cleaned up properly.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
| |
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|