summaryrefslogtreecommitdiff
path: root/tests/ssl_gtests
Commit message (Collapse)AuthorAgeFilesLines
* Bug 1720230 Gtest update changed the gtest reports, losing gtest details in ↵Robert Relyea2021-07-151-51/+1
| | | | | | | | | | | | | | | | | | | | | | | | | all.sh reports. This patch includes the updated .sed script, and an experiment using bash instead to see how hard it would be to make a more robust parser. The robust parser generates identical output as sed, but takes about 30x longer, so instead of subsecond operations, it takes almost half a minute. With that result, I think we can stay with sed and continue to update when we get new versions of gtests. (sigh). time cat report.xml.0 | sed -f parsegtestreport.sed > r1 real 0m0.710s user 0m0.705s sys 0m0.008s time cat report.xml.0 | sh parsegtestreport.sh > r2 real 0m25.066s user 0m17.759s sys 0m9.506s [rrelyea@localhost common]$ diff r1 r2 updated: with review comments from Martin and move the report parsing to the common code so it can be shared with both ssl_gtests and gtests shell scripts. Differential Revision: https://phabricator.services.mozilla.com/D120028
* Bug 1617968 - Update Delegated Credentials implementation to draft-07 r=mtKevin Jacobs2020-03-161-0/+1
| | | | | | Remove support for RSAE in delegated credentials (both in DC signatures and SPKIs), add SignatureScheme list functionality to initial DC extension. Differential Revision: https://phabricator.services.mozilla.com/D65252
* Bug 1588244 - SSLExp_DelegateCredential to support 'rsaEncryption' ↵Kevin Jacobs2019-10-161-0/+1
| | | | | | | | end-entity certs with default scheme override r=mt If an end-entity cert has an SPKI type of 'rsaEncryption', override the DC alg to be `ssl_sig_rsa_pss_rsae_sha256`. Differential Revision: https://phabricator.services.mozilla.com/D49176
* Bug 1540403 - draft-ietf-tls-subcerts-03, r=mt,jcjChristopher Patton2019-06-251-0/+1
| | | | Differential Revision: https://phabricator.services.mozilla.com/D25654
* Bug 1485989, integrate tlsfuzzer interop tests with Taskcluster, r=mtDaiki Ueno2018-09-241-58/+4
| | | | | | | | | | | | | | Summary: As a start, it only tests TLS 1.3 so far; 8 out of 18 are skipped because of failures. Reviewers: franziskus, HubertKario, mt Reviewed By: mt Subscribers: mt Bug #: 1485989 Differential Revision: https://phabricator.services.mozilla.com/D4217
* Bug 1427921 - Restore RSA-PSS support for TLS 1.2 and 1.3, r=ttaubert,uenoMartin Thomson2018-01-041-17/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds support for the new codepoints that we added in TLS 1.3 draft -23. In short, the split between rsa_pss_rsae and rsa_pss_pss made our support for PSS inconsistent (we would generate only the former). This adds support for the rsa_pss_pss_shaX signature schemes. It does so by using the ssl_auth_rsa_pss codepoint, which I originally added, then we decided not to use because the generic RSA codepoints were enough at the time. Now, with the split on signature schemes, it isn't possible with the current certificate configuration APIs to have everything work with just ssl_auth_rsa_sign. We expect PSS keys to be configured alongside PKCS#1 keys and use SSLAuthType to distinguish them, but if we only use ssl_auth_rsa_sign, we can't find the right key when resuming. In this way, we are assigning certificates an SSLAuthType based on the type of the key and not the signature it has. That makes it cleaner than what we used to have, at least. That said, once we support signature_algorithms_cert extensions properly, we will not want to bucket certificates on the server. Instead, we will have a list and pick the first that matches, with no attempt to use types as we had. There are just too many ways in which a certificate might be chosen or not when you have to examine the entire chain. Of course, that's an even bigger change than this. The biggest change here is to attempt to determine the signature scheme based on the certificate SPKI. If that works, then we use that signature scheme, otherwise we fall back to the existing logic (which searches a list). For PSS with parameters and EC (EC only in TLS 1.3), there is just one signature scheme for a given SPKI, so that works out nicely. PSS without parameters, ECDSA, and older RSA certificates fall back to searching. I expect all future schemes to have just one scheme each, so it's a structure that I think supports that well.
* Bug 1459456 - check maximum DH and RSA key length in TLS, r=mtFranziskus Kiefer2018-05-151-0/+2
| | | | Differential Revision: https://phabricator.services.mozilla.com/D1212
* Bug 1414718 - Have a single way to signal a CA cert, r=uenoMartin Thomson2017-11-061-4/+5
|
* Bug 1400844, Implement handling of RSA-PSS signatures on certificates, r=mtDaiki Ueno2017-10-241-0/+7
| | | | This series adds high level API to sign and verify RSA-PSS signatures on certificates and utilizes them in tools.
* Bug 1345859 - Small follow-up for parallel ssl_gtests.sh r=mtTim Taubert2017-03-161-1/+1
|
* Bug 1345859 - Run ssl_gtests in parallel when multiple cores are available ↵Tim Taubert2017-03-151-15/+90
| | | | | | r=franziskus Differential Revision: https://nss-review.dev.mozaws.net/D244
* Bug 1317657 - Test for multiple certificates. r=mtEKR2016-11-151-1/+3
| | | | | | | Reviewers: mt Differential Revision: https://nss-review.dev.mozaws.net/D65
* Bug 1315193 - Fuzzing mode: ssl_Time() must return a constant value r=franziskusTim Taubert2016-11-041-1/+2
| | | | Differential Revision: https://nss-review.dev.mozaws.net/D19
* Bug 1309446 - Add a new API for signature configuration, r=ekrMartin Thomson2016-10-171-0/+2
|
* Bug 1296153 - Enable ECDH_RSA cipher suites in gtests, r=franziskusMartin Thomson2016-08-181-6/+11
|
* Bug 1287271 - Switch to using SignatureScheme internally, r=ekr,ttaubertMartin Thomson2016-08-041-0/+2
|
* Bug 1292006 - Remove cipherType, keyBits, and secretKeyBits from ss->sec, r=ekrMartin Thomson2016-08-051-3/+5
|
* Bug 1290847 - Support configuring PSS certificates r=mtTim Taubert2016-08-101-0/+2
|
* Bug 1291888, avoid searching core files for individual gtests, avoid nested ↵Kai Engert2016-08-041-4/+8
| | | | process pipe, more output to help track down the stuck tests on windows, r=ekr
* Bug 1168425 - Reenable NSS_STRICT_SHUTDOWN and leak checking for gtests r=ekrTim Taubert2016-05-041-2/+0
|
* Bug 1266633 - Gtests for individual cipher suites, r=ttaubertMartin Thomson2016-04-261-0/+2
|
* Backed out changeset ca23f9e14d63Franziskus Kiefer2016-04-301-0/+2
|
* Bug 1168425 - Reenable NSS_STRICT_SHUTDOWN and leak checking for gtests r=mt,ekrTim Taubert2016-04-251-2/+0
|
* Bug 1237514 - Fix test fixtures for ssl_gtests, r=franziskusMartin Thomson2016-04-221-36/+42
|
* Bug 1224737 - Adding pk11_gtests to CI suite, r=ttaubertMartin Thomson2015-11-132-11/+1
|
* Bug 1214390 - Fixing compilation errors on Windows, r=ekr,wtcMartin Thomson2015-10-191-0/+10
|
* Backed out changeset 71a3941348a2Kai Engert2015-10-191-10/+0
|
* Bug 1214390 - Fixing compilation errors on Windows, r=ekr,wtcMartin Thomson2015-10-161-0/+10
|
* Bug 1208243 - Enable ssl_gtest if built, r=ekrMartin Thomson2015-09-242-8/+82
|
* Bug 1057584 - Add gtest framework and initial tests optionally (4/4). Hooks ↵Camilo Viecco2014-09-081-0/+59
with test suite. r=kaie
View Lorry Controller Status