yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
20715 commits 1 branch 0 tags 94 MiB
Commit graph

178 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
392c2d2524 compat.sh: run 1.2-only tests with DTLS too 2018-02-27 12:39:12 +01:00
Gilles Peskine
3c9e2b5004 wait_server_start: warn if lsof is not available 
If lsof is not available, wait_server_start uses a fixed timeout,
which can trigger a race condition if the timeout turns out to be too
short. Emit a warning so that we know this is going on from the test
logs.
 2018-01-22 10:29:24 +01:00
Manuel Pégourié-Gonnard
0d225daf7d Increase waiting times compat.sh and ssl-opt.sh 
- Some of the CI machines don't have lsof installed yet, so rely on an sleeping
an arbitrary number of seconds while the server starts. We're seeing
occasional failures with the current delay because the CI machines are highly
loaded, which seems to indicate the current delay is not quite enough, but
hopefully not to far either, so double it.

- While at it, also double the watchdog delay: while I don't remember seeing
  much failures due to client timeout, this change doesn't impact normal
running time of the script, so better err on the safe side.

These changes don't affect the test and should only affect the false positive
rate coming from the test framework in those scripts.
 2018-01-22 10:22:09 +01:00
Gilles Peskine
12c49c7f7c compat.sh: use wait_server_start 
Port wait_server_start from ssl-opt.sh to compat.sh, instead of just
using "sleep 1". This solves the problem that on a heavily loaded
machine, sleep 1 is sometimes not enough (we had CI failures because
of this). This is also faster on a lightly-loaded machine (execution
time reduced from ~8min to ~6min on my machine).
 2017-12-14 19:02:00 +01:00
Gilles Peskine
62469d95e2 Allow SHA-1 in test scripts 2017-06-06 18:44:14 +02:00
Andres AG
f181e25e5b Remove specific GnuTLS and OpenSSL version requirements 2016-09-15 20:45:53 +01:00
Simon Butcher
ac22d1113c Remove references to PolarSSL in compat.sh 
Removed references to PolarSSL for mbed TLS for clarity.
 2016-09-05 13:17:25 +01:00
Simon Butcher
3ea7f52fdf Update interop tests to default configuration 
Removed SSLv3 from the default tests in compat.sh, and adapted the test
cases in all.sh to include an additional SSLv3 regression test suite.
 2016-03-09 19:32:11 +00:00
Manuel Pégourié-Gonnard
9afdc83d77 Fix bashisms in test scripts 2015-08-04 17:15:13 +02:00
Manuel Pégourié-Gonnard
39e2ca9194 Use OpenSSL in compat.sh on Travis, except DTLS 
Less heavy-handed than skipping all OpenSSL interop
 2015-08-04 16:43:37 +02:00
Manuel Pégourié-Gonnard
7eb58cbae8 Rm obsolete hack in ssl-opt.sh 2015-07-07 11:54:14 +02:00
Manuel Pégourié-Gonnard
03db6b0da1 Cosmetics in test scripts 
Some versions of "which" print on stderr.
 2015-06-26 15:45:30 +02:00
Manuel Pégourié-Gonnard
6195767554 Fix default of openssl s_server 
openssl s_server up to 1.0.2.a included uses a 512-bit prime for DH by
default. Since we now require 1024 bit at least, make s_server use decent
params. (1.0.2b and up use acceptable params by default.)
 2015-06-22 14:40:55 +02:00
Manuel Pégourié-Gonnard
e36d56419e Merge branch 'mbedtls-1.3' into development 
* mbedtls-1.3:
  fix bug in ssl_mail_client
  Adapt compat.sh to GnuTLS 3.4
  Fix undefined behaviour in x509

Conflicts:
	programs/ssl/ssl_mail_client.c
	tests/compat.sh
 2015-04-30 13:52:25 +02:00
Manuel Pégourié-Gonnard
f52248a959 Adapt compat.sh to GnuTLS 3.4 2015-04-30 12:15:16 +02:00
Manuel Pégourié-Gonnard
2cf5a7c98e The Great Renaming 
A simple execution of tmp/invoke-rename.pl
 2015-04-08 13:25:31 +02:00
Manuel Pégourié-Gonnard
ea0920f079 Adjust test scripts to new RC4 defaults 2015-03-24 10:14:23 +01:00
Manuel Pégourié-Gonnard
751286be39 Make tests/*.sh runnable from anywhere 2015-03-10 13:43:56 +00:00
Manuel Pégourié-Gonnard
19db8eaf9b Make tests/*.sh runnable from anywhere 2015-03-10 13:42:28 +00:00
Manuel Pégourié-Gonnard
82cf0a1f9a Fix for openssl s_server oddity in 1.0.2 2015-02-09 13:05:54 +00:00
Manuel Pégourié-Gonnard
dba564bc79 Fix files that are not in development 2015-01-23 11:37:14 +00:00
Manuel Pégourié-Gonnard
eab72e2ced Merge branch 'development' into dtls 
* development:
  Update copyright
  Fix issue in compat.sh
  Rename doxyfile
  Rename to mbed TLS in tests/
  Rename to mbed TLS in examples
  Remove old test certificates.
  Rename to mbed TLS in the documentation/comments
  Change name to mbed TLS in the copyright notice

Conflicts:
	doxygen/input/doc_mainpage.h
	doxygen/mbedtls.doxyfile
	include/polarssl/version.h
	tests/compat.sh
 2015-01-23 10:23:17 +00:00
Manuel Pégourié-Gonnard
a8f3b75f54 Fix issue in compat.sh 2015-01-22 17:20:35 +00:00
Manuel Pégourié-Gonnard
e4f6edcda1 Rename to mbed TLS in tests/ 2015-01-22 16:43:54 +00:00
Manuel Pégourié-Gonnard
67505bf9e8 Merge branch 'development' into dtls 
* development:
  Adapt tests to new defaults/errors.
  Fix typos/cosmetics in Changelog
  Disable RC4 by default in example programs.
  Add ssl_set_arc4_support()
  Set min version to TLS 1.0 in programs

Conflicts:
	include/polarssl/ssl.h
	library/ssl_cli.c
	library/ssl_srv.c
	tests/compat.sh
 2015-01-21 13:57:33 +00:00
Paul Bakker
5b8f7eaa3e Merge new security defaults for programs (RC4 disabled, SSL3 disabled) 2015-01-14 16:26:54 +01:00
Manuel Pégourié-Gonnard
bd47a58221 Add ssl_set_arc4_support() 
Rationale: if people want to disable RC4 but otherwise keep the default suite
list, it was cumbersome. Also, since it uses a global array,
ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like
the best place, even if it means temporarily adding one SSL setting.
 2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard
a65d5082b6 Merge branch 'development' into dtls 
* development:
  Fix previous commit
  Allow flexible location of valgrind
  Fix test scripts portability issues
  Fix Gnu-ism in script

Conflicts:
	tests/ssl-opt.sh
 2015-01-12 14:54:55 +01:00
Paul Bakker
54b1a8fa4d Merge support for Extended Master Secret (session-hash) 2015-01-12 14:14:07 +01:00
Manuel Pégourié-Gonnard
f46f128f4a Fix test scripts portability issues 2014-12-11 17:26:09 +01:00
Manuel Pégourié-Gonnard
56d985d0a6 Merge branch 'session-hash' into dtls 
* session-hash:
  Update Changelog for session-hash
  Make session-hash depend on TLS versions
  Forbid extended master secret with SSLv3
  compat.sh: allow git version of gnutls
  compat.sh: make options a bit more robust
  Implement extended master secret
  Add negotiation of Extended Master Secret

Conflicts:
	include/polarssl/check_config.h
	programs/ssl/ssl_server2.c
 2014-11-06 01:25:09 +01:00
Manuel Pégourié-Gonnard
dd4592774b compat.sh: allow git version of gnutls 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
85a4178f82 compat.sh: make options a bit more robust 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
36795197d9 Rm now useless MTU setting in compat.sh 2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard
53aef81a7d Work around OpenSSL bug in compat.sh 2014-10-21 16:30:12 +02:00
Manuel Pégourié-Gonnard
d1af1025d0 Add DTLS interop testing with OpenSSL server 
PSK suites failing with client auth
 2014-10-21 16:30:12 +02:00
Manuel Pégourié-Gonnard
9bfb1226da Add DTLS interop testing with GnuTLS server 2014-10-21 16:30:12 +02:00
Manuel Pégourié-Gonnard
29980b16bd Add DTLS interop testing (PolarSSL server) 2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard
3025b6cfd6 Add DTLS self-op test in compat.sh 2014-10-21 16:30:10 +02:00
Manuel Pégourié-Gonnard
7fa67728ad Scripts print more info on failure within buildbot 2014-08-31 17:42:53 +02:00
Manuel Pégourié-Gonnard
1287f11d54 Detect GnuTLS presence and version in compat.sh 2014-08-31 16:31:32 +02:00
Manuel Pégourié-Gonnard
16494496db Fix details in compat.sh 2014-08-31 10:37:14 +02:00
Manuel Pégourié-Gonnard
72e51ee7be Use arithmetic expansion in scripts, avoid bashisms 2014-08-31 10:22:11 +02:00
Manuel Pégourié-Gonnard
c0f6a692fb Add client timeout to ssl-opt.sh and compat.sh 2014-08-30 22:59:55 +02:00
Manuel Pégourié-Gonnard
decaf0b182 Clean up unused variable in compat.sh 2014-08-30 22:22:09 +02:00
Manuel Pégourié-Gonnard
74b11702d7 Simplify terminating ssl_server2 in test scripts 2014-08-14 18:33:00 +02:00
Manuel Pégourié-Gonnard
e46aa5e336 Update GnuTLS version requirements in compat.sh 2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
7e0a5183db Add a missing suite to compat.sh 2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
8d4ad07706 SHA-2 ciphersuites now require TLS 1.x 2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
7457cb3a56 Fix some version/peer requirements in compat.sh 2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
fab2a3c3d6 Fix port selection in ssl test scripts 
Port was selected in the 1000-1999 range which is bad (system ports).
 2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard
32f8f4d1a0 Catch SERVERQUIT timeout in ssl test scripts 2014-05-29 11:57:44 +02:00
Manuel Pégourié-Gonnard
bc3b16c7e2 Also use unique names for temp files 2014-05-29 11:57:43 +02:00
Manuel Pégourié-Gonnard
8066b81a54 Pick a "unique" port in SSL test scripts 2014-05-29 11:57:43 +02:00
Paul Bakker
1ebc0c592c Fix typos 2014-05-22 15:47:58 +02:00
Manuel Pégourié-Gonnard
2594859bc6 Add CCM suites to compat.sh (self-op only) 2014-05-22 14:36:02 +02:00
Paul Bakker
17b85cbd69 Merged additional tests and improved code coverage 
Conflicts:
	ChangeLog
 2014-04-08 14:38:48 +02:00
Manuel Pégourié-Gonnard
563ad02663 Fix final report in compat.sh 
Only affect what's printed, the exit code was already correct.
 2014-04-08 11:56:35 +02:00
Manuel Pégourié-Gonnard
913030c286 Enable SSLv2 testing if OPENSSL_CMD is set 2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard
e9a9a61c61 Deduplicate suites in compat.sh 2014-03-26 12:58:56 +01:00
Manuel Pégourié-Gonnard
12b8472f2f Test against GnuTLS for every common ciphersuite 2014-03-26 12:58:54 +01:00
Manuel Pégourié-Gonnard
a1a9f9a639 Allow GnuTLS to be enabled via environment 2014-03-26 12:58:53 +01:00
Manuel Pégourié-Gonnard
e01af4cd37 Tune compat.sh and ssl-opt.sh error reporting 2014-03-26 12:58:48 +01:00
Manuel Pégourié-Gonnard
5de31ecf9c Don't use dummy CA in compat.sh 2014-03-19 17:43:25 +01:00
Manuel Pégourié-Gonnard
3947d04b24 Fix too aggressive test for gnutls commands 2014-03-14 18:13:53 +01:00
Manuel Pégourié-Gonnard
74faf3c400 Fix usage of environment variables for commands 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard
84fd6877c6 Use ssl_client2 to terminate ssl_server2 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard
ba0b8442f0 compat.sh and ssl-opt.sh cosmetics 
- do not print '0 memory errors' when memcheck was not used
- add commands to the log files
 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard
9edba77c06 Add --exclude and --peers options to compat.sh 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard
a4371447e4 Start adding GnuTLS client support to compat.sh 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard
213c67adfc Adapt to new ssl_client2 default 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard
5b2d776d2a GnuTLS in compat.sh: server-side 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard
3eec60402f Add memcheck support to compat.sh 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard
1b149ef746 Use no cert when none is required in compat.sh 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard
f7a2690561 Make the openssl command configurable in sh tests 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard
911622d84a compat.sh: never kill our server 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard
87ae3031ac compat.sh: use file output (prep. for valgrind) 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard
42d195acc1 compat.sh: don't start server if no ciphersuite 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard
9dea8bd658 Minor compat.sh clean-up 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
a9062e96e7 shell scripts: clean up when exiting on signal 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
4145b89091 compat.sh cosmetics 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
da782c9458 compat.sh: better certificate verification testing 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
eaadc508fb New ssl-opt.sh test script 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
c57e98b5fa compat.sh: terminate ssl_server2 cleanly 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
5f593f07f7 compat.sh: rm a useless sleep 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
95957717f3 compat.sh: source cosmetics 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
330e4111cb compat.sh: factor code into run_client() function 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
304beef2ae compat.sh: function to start server 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
9ada01a70c compat.sh: regroup arguments even more 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
1b31d7fd97 compat.sh: remove useless server restart 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
48f196cda5 compat.sh refactoring: group ciphersuite lists 2014-03-14 08:40:59 +01:00
Manuel Pégourié-Gonnard
d941a796be compat.sh refectoring: regroup argument setting 2014-03-14 08:40:59 +01:00
Paul Bakker
fe40f484fb Do not print error on missing kill target in compat.sh 2013-12-19 17:47:24 +01:00
Paul Bakker
5a607d26b7 Merged IPv6 support in the NET module 2013-12-17 14:34:19 +01:00
Manuel Pégourié-Gonnard
c9baa873ca Force server to IPv4 in compat.s 2013-12-17 14:10:58 +01:00
Manuel Pégourié-Gonnard
0759d369e6 Fix ciphersuite selection in compat.sh 2013-12-17 11:50:52 +01:00
Manuel Pégourié-Gonnard
31a2325810 Add ECDH_ECDSA suites to compat.sh 2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard
07b54e06da Fix EC suites version requirements in compat.sh 2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard
452f6ba1a6 compat.sh cleanups 2013-12-17 11:26:59 +01:00
Manuel Pégourié-Gonnard
c6f03faeaf Update compat.sh ciphersuite versions 2013-11-26 14:29:13 +01:00