Age | Commit message (Collapse) | Author |
|
* Perform ALPN after the SNI callback; the SSL_CTX may change due to
that processing
* Add flags to indicate that we actually sent ALPN, to properly error
out if unexpectedly received.
* document ALPN functions
* unit tests
Backport of commit 817cd0d52f0462039d1fe60462150be7f59d2002
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
|
SSLv2 should be off by default. You can only turn it on if you have called
SSL_CTX_clear_options(SSL_OP_NO_SSLv2) or
SSL_clear_options(SSL_OP_NO_SSLv2). You should not be able to inadvertantly
turn it on again via SSL_CONF without having done that first.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
Since we don't use the eay style any more, there's no point tryint to
tell emacs to use it.
Reviewed-by: Ben Laurie <ben@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
(cherry picked from commit 028bac0670c167f154438742eb4d0fbed73df209)
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
The function SSL_set_session_ticket_ext sets the ticket data to be sent in
the ClientHello. This is useful for EAP-FAST. This commit adds a test to
ensure that when this function is called the expected ticket data actually
appears in the ClientHello.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
|
This adds a test for CVE-2015-1793. This adds a new test file
verify_extra_test.c, which could form the basis for additional
verification tests.
Reviewed-by: Stephen Henson <steve@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 5fced2395ddfb603a50fd1bd87411e603a59dc6f)
|
|
Typo in local variable name; introduced by previous fix.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit cc3f3fc2b1c94d65824ab8d69595b6d89b17cf8d)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 75ba5c58c6b3b3326a6c3198100830afa120e7c3)
|
|
For librypto to be complete, the stuff in both crypto/ and engines/
have to be built. Doing 'make test' or 'make apps' from a clean
source tree failed to do so.
Corrected by using the new 'build_libcrypto' in the top Makefile.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit acaff3b797f50a0a0e17a0be45b7fafad962004e)
|
|
Also add more ciphersuite test coverage, and a negative test for
512-bit DHE.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 1ee85aab75d7c9f20058f781bfe9222323df08eb)
|
|
We had updates of certain header files in both Makefile.org and the
Makefile in the directory the header file lived in. This is error
prone and also sometimes generates slightly different results (usually
just a comment that differs) depending on which way the update was
done.
This removes the file update targets from the top level Makefile, adds
an update: target in all Makefiles and has it depend on the depend: or
local_depend: targets, whichever is appropriate, so we don't get a
double run through the whole file tree.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 0f539dc1a2f45580435c39dada44dd276e79cb88)
Conflicts:
Makefile.org
apps/Makefile
test/Makefile
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 9fdbc9df76a68a30df349c53f1ceeb915f82948c)
|
|
OCSP verification changes mean the OCSP tests now need -trusted_first
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Updated test/testssl script to include the new DTLS capability in ssltest.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 3c381e54233be3d0dcbce7cc853c4767d979fe90)
|
|
called evp_test.c, so I have called this one evp_extra_test.c
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Conflicts:
crypto/evp/Makefile
test/Makefile
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 5da05a26f21e7c43a156b65b13a9bc968a6c78db)
|
|
Making a specific variable $failure_code and a bit of commenting in the
VMS section should help clear things up.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit e00ab250c878f7a7f0ae908a6305cebf6883a244)
|
|
This should be a one off operation (subsequent invokation of the
script should not move them)
This commit is for the 1.0.2 changes
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
indent will not alter them when reformatting comments
(cherry picked from commit 1d97c8435171a7af575f73c526d79e1ef0ee5960)
Conflicts:
crypto/bn/bn_lcl.h
crypto/bn/bn_prime.c
crypto/engine/eng_all.c
crypto/rc4/rc4_utl.c
crypto/sha/sha.h
ssl/kssl.c
ssl/t1_lib.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit af6e2d51bfeabbae827030d4c9d58a8f7477c4a0)
|
|
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Pull constant-time methods out to a separate header, add tests.
Reviewed-by: Bodo Moeller <bodo@openssl.org>
(cherry picked from commit 5a3d21c0585064292bde5cd34089e120487ab687)
Conflicts:
ssl/s3_cbc.c
test/Makefile
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 193c1c07165b0042abd217274a084b49459d4443)
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
properly built.
|
|
|
|
Partly provided by Zoltan Arpadffy <arpadffy@polarhome.com>
|
|
|
|
Partly provided by Zoltan Arpadffy <arpadffy@polarhome.com>
|
|
|
|
(cherry picked from commit 77a27a5066e8c0975d78be635ed356749a6f16db)
|
|
Defines SETUP_TEST_FIXTURE and EXECUTE_TEST, and updates ssl/heartbeat_test.c
using these macros. SETUP_TEST_FIXTURE makes use of the new TEST_CASE_NAME
macro, defined to use __func__ or __FUNCTION__ on platforms that support those
symbols, or to use the file name and line number otherwise. This should fix
several reported build problems related to lack of C99 support.
|
|
It's using an internal API that that might not be available in the shared
library.
|
|
Regression test against CVE-2014-0160 (Heartbleed).
More info: http://mike-bland.com/tags/heartbleed.html
(based on commit 35cb55988b75573105eefd00d27d0138eebe40b1)
|
|
Submitted by: Roumen Petrov
|
|
(cherry picked from commit d5605699a15d870457f96b3e1795135228547324)
|
|
(cherry picked from commit b85f8afe3735eb77073481ffff2a4c972a6c3b21)
|
|
(cherry picked from commit bbc098ffb3c0b09e0bbeca787e20efddc3242ec1)
|
|
Add some ECDH CMS tests.
(cherry picked from commit 5cdc25a7545e44523b1f15418146bbda8eb03015)
|
|
(cherry picked from commit 75787fd833a11798e09b027991aabc5b7dafa335)
|
|
Add a script to generate keys and certificates for the S/MIME and CMS
tests.
Update certificates and add EC examples.
(cherry picked from commit a0957d55059f0b6052235737f7441fc35da41afd)
|
|
Add new tests to cms-test.pl covering PSS and OAEP.
(cherry picked from commit 32b18e0338a326723680c7c347d3f04bf4e24b40)
|