summaryrefslogtreecommitdiff
path: root/test/clienthellotest.c
Commit message (Collapse)AuthorAgeFilesLines
* fix some code with obvious wrong coding stylex20182021-10-281-1/+1
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16918)
* Handle set_alpn_protos inputs better.Todd Short2021-04-131-3/+9
| | | | | | | | | | It's possible to set an invalid protocol list that will be sent in a ClientHello. This validates the inputs to make sure this does not happen. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14815)
* Update copyright yearMatt Caswell2021-04-081-1/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14801)
* test: fix coverity 1454812: improper use of negative valuePauli2021-03-241-2/+2
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14638)
* Update copyright yearMatt Caswell2020-04-231-1/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
* Fix common test framework optionsMatt Caswell2020-02-031-0/+5
| | | | | | | | | | | | | | | | | | | | | PR#6975 added the ability to our test framework to have common options to all tests. For example providing the option "-test 5" to one of our test programs will just run test number 5. This can be useful when debugging tests. Unforuntately this does not work well for a number of tests. In particular those tests that call test_get_argument() without first skipping over these common test options will not get the expected value. Some tests did this correctly but a large number did not. A helper function is introduced, test_skip_common_options(), to make this easier for those tests which do not have their own specialised test option handling, but yet still need to call test_get_argument(). This function call is then added to all those tests that need it. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10975)
* Test SSL_set_ciphersuitesraja-ashok2019-08-151-0/+1
| | | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9079)
* Make the PACKET/WPACKET code available to both libcrypto and libsslMatt Caswell2019-07-121-1/+1
| | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9111)
* Correctly initialise PACKET to zero in the tests to avoid possible problemsPauli2019-03-291-1/+5
| | | | | | | with padding bytes. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8611)
* Ignore cipher suites when setting cipher listSam Roberts2019-02-141-1/+2
| | | | | | | | | | | set_cipher_list() sets TLSv1.2 (and below) ciphers, and its success or failure should not depend on whether set_ciphersuites() has been used to setup TLSv1.3 ciphers. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7759)
* Updated test command line parsing to support commmon commandsShane Lontis2019-02-111-0/+2
| | | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6975)
* Use (D)TLS_MAX_VERSION_INTERNAL internallyKurt Roeckx2018-12-151-1/+1
| | | | | | | Use 0 if we don't want to set a minimum or maximum version Reviewed-by: Matt Caswell <matt@openssl.org> GH: #7260
* Following the license change, modify the boilerplates in test/Richard Levitte2018-12-061-1/+1
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7767)
* Enhance ssltestlib's create_ssl_ctx_pair to take min and max proto versionRichard Levitte2018-03-191-0/+2
| | | | | | | | | Have all test programs using that function specify those versions. Additionally, have the remaining test programs that use SSL_CTX_new directly specify at least the maximum protocol version. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5663)
* Fix clienthellotest for new TLSv1.3 ciphersuite configurationMatt Caswell2018-03-141-1/+3
| | | | | | | | A place in clienthellotest was missed in converting to the new mechanism for configuration of TLSv1.3 ciphersuites. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5392)
* Split configuration of TLSv1.3 ciphers from older ciphersMatt Caswell2018-03-141-2/+1
| | | | | | | | | | | | | | | | | | | With the current mechanism, old cipher strings that used to work in 1.1.0, may inadvertently disable all TLSv1.3 ciphersuites causing connections to fail. This is confusing for users. In reality TLSv1.3 are quite different to older ciphers. They are much simpler and there are only a small number of them so, arguably, they don't need the same level of control that the older ciphers have. This change splits the configuration of TLSv1.3 ciphers from older ones. By default the TLSv1.3 ciphers are on, so you cannot inadvertently disable them through your existing config. Fixes #5359 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5392)
* Update tests for TLS Ed448Matt Caswell2018-03-051-4/+11
| | | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/5470)
* Update copyright yearMatt Caswell2018-02-131-1/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fixes for no-tls1_2 and no-tls1_2-methodMatt Caswell2018-02-091-0/+5
| | | | | | | | The no-tls1_2 option does not work properly in conjunction with TLSv1.3 being enabled (which is now the default). This commit fixes the issues. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5301)
* Fix clienthellotest with TLSv1.3Matt Caswell2018-02-071-0/+9
| | | | | | | | | | | | | | If TLSv1.3 is enabled and combined with other options that extend the size of the ClientHello, then the clienthello test can sometimes fail because the ClientHello has grown too large. Part of the purpose of the test is to check that the padding extension works properly. This requires the ClientHello size to be kept within certain bounds. By restricting the number of ciphersuites sent we can reduce the size of the ClientHello. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5266)
* Implement session id TLSv1.3 middlebox compatibility modeMatt Caswell2017-12-141-0/+2
| | | | | | | Clients will send a "fake" session id and servers must echo it back. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
* Resolve warnings in VC-WIN32 build, which allows to add /WX.Andy Polyakov2017-11-131-1/+1
| | | | | | | | It's argued that /WX allows to keep better focus on new code, which motivates its comeback... Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4721)
* Fix test_client_hello with no-tls1_2_methodBenjamin Kaduk2017-09-071-2/+3
| | | | | | | | | | | | | The extensions not sent when TLS 1.2 is not used caused the message length to be 109, which is less than the 127 threshold needed to activate the F5 workaround. Add another 20 bytes of dummy ALPN data do push it over the threshold. Also, fix the definition of the (unused) local macro indicating the threshold. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4346)
* Don't use ciphersuites for inflating the ClientHello in clienthellotestMatt Caswell2017-09-041-7/+5
| | | | | | | | | | | | clienthellotest tries to fill out the size of the ClientHello by adding extra ciphersuites in order to test the padding extension. This is unreliable because they are very dependent on configuration options. If we add too much data the test will fail! We were already also adding some dummy ALPN protocols to pad out the size, and it turns out that this is sufficient just in itself, so drop the extra ciphersuites. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4331)
* Update the test framework so that the need for test_main is removed. EverythingPauli2017-07-271-8/+5
| | | | | | | | | | | | | | | | | | | | that needed test_main now works using the same infrastructure as tests that used register_tests. This meant: * renaming register_tests to setup_tests and giving it a success/failure return. * renaming the init_test function to setup_test_framework. * renaming the finish_test function to pulldown_test_framework. * adding a user provided global_init function that runs before the test frame work is initialised. It returns a failure indication that stops the stest. * adding helper functions that permit tests to access their command line args. * spliting the BIO initialisation and finalisation out from the test setup and teardown. * hiding some of the now test internal functions. * fix the comments in testutil.h Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3953)
* Fix a pedantic gcc-7 warning.Bernd Edlinger2017-04-281-1/+1
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3328)
* Adapt all test programsRichard Levitte2017-04-241-1/+0
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3243)
* Convert clienthellotest for the new test frameworkMatt Caswell2017-04-121-64/+46
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3186)
* Handle TLSv1.3 being disabled in clienthello testMatt Caswell2017-03-161-4/+17
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2968)
* Add tests for the padding extensionMatt Caswell2017-03-161-84/+160
| | | | | | Check that the padding extension pads correctly for various scenarios. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2968)
* Fix a warning about an uninit varMatt Caswell2016-11-241-1/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix some style issues with TLSv1.3 state machine PRMatt Caswell2016-11-231-4/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Remove old style NewSessionTicket from TLSv1.3Matt Caswell2016-11-231-0/+16
| | | | | | | | | TLSv1.3 has a NewSessionTicket message, but it is *completely* different to the TLSv1.2 one and may as well have been called something else. This commit removes the old style NewSessionTicket from TLSv1.3. We will have to add the new style one back in later. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix clienthellotest to use PACKET functionsDavid Woodhouse2016-08-101-36/+24
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Copyright consolidation 02/10Rich Salz2016-05-171-52/+6
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Use version flexible method instead of fixed versionKurt Roeckx2016-03-091-22/+5
| | | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> MR: #1824
* Fix usage of OPENSSL_NO_*_METHODKurt Roeckx2016-03-091-1/+2
| | | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> MR: #1824
* Clean up the tests for auto-init/de-initMatt Caswell2016-02-091-7/+0
| | | | | | Remove the need to explicitly initialise/deinitialise for the tests Reviewed-by: Richard Levitte <levitte@openssl.org>
* If memory debugging enabled return error on leaks.Dr. Stephen Henson2016-02-051-1/+2
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Only use TLS1.2 when it's availableRichard Levitte2016-02-041-0/+5
| | | | Reviewed-by: Ben Laurie <ben@openssl.org>
* Enable/disable crypto-mdebug just like other featuresViktor Dukhovni2016-01-111-1/+1
| | | | | | Also always abort() on leak failure. Reviewed-by: Stephen Henson <steve@openssl.org>
* mem functions cleanupRich Salz2016-01-071-2/+3
| | | | | | | | | | | | | | | | | Only two macros CRYPTO_MDEBUG and CRYPTO_MDEBUG_ABORT to control this. If CRYPTO_MDEBUG is not set, #ifdef out the whole debug machinery. (Thanks to Jakob Bohm for the suggestion!) Make the "change wrapper functions" be the only paradigm. Wrote documentation! Format the 'set func' functions so their paramlists are legible. Format some multi-line comments. Remove ability to get/set the "memory debug" functions at runtme. Remove MemCheck_* and CRYPTO_malloc_debug_init macros. Add CRYPTO_mem_debug(int flag) function. Add test/memleaktest. Rename CRYPTO_malloc_init to OPENSSL_malloc_init; remove needless calls. Reviewed-by: Richard Levitte <levitte@openssl.org>
* GH354: Memory leak fixesAlessandro Ghedini2015-08-281-0/+1
| | | | | | | | | | | | Fix more potential leaks in X509_verify_cert() Fix memory leak in ClientHello test Fix memory leak in gost2814789 test Fix potential memory leak in PKCS7_verify() Fix potential memory leaks in X509_add1_reject_object() Refactor to use "goto err" in cleanup. Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Emilia Käsper <emilia@openssl.org>
* Add test for SSL_set_session_ticket_extMatt Caswell2015-07-271-0/+218
The function SSL_set_session_ticket_ext sets the ticket data to be sent in the ClientHello. This is useful for EAP-FAST. This commit adds a test to ensure that when this function is called the expected ticket data actually appears in the ClientHello. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
View Lorry Controller Status