Commit graph

1136 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
921f2d02cf Add test cases with DTLS and/or password mismatch 2015-09-16 22:58:30 +02:00
Manuel Pégourié-Gonnard
0f1660ab4f Implement key exchange messages and PMS derivation
This completes the first working version. No interop testing done yet.
2015-09-16 22:58:30 +02:00
Manuel Pégourié-Gonnard
0a1324aaa1 Add client-side extension parsing 2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard
55c7f99112 Add server writing of the extension 2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard
bf57be690e Add server extension parsing
Only accept EC J-PAKE ciphersuite if extension was present and OK (single flag
for both), and ignore extension if we have no password.
2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard
e511b4e7cb Ignore ECJPAKE suite if not configured on server 2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard
cd345898a0 Fix #ifdef in test suite 2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard
d9802af1d0 Add tests for round 2
Also move one check earlier as it makes more sense
2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard
3059095e86 Complete tests for reading round one
Also change the code to forbid public keys being 0
2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard
bbe4e52c3b Start adding tests for EC J-PAKE round one 2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard
4d8685b4ff Add skeleton for EC J-PAKE module 2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard
aac5502553 Bump version to 2.1.0 2015-09-04 14:33:31 +02:00
Simon Butcher
52754594b6 Merging iotssl-457-badtail with development branch 2015-09-03 13:06:01 +01:00
Manuel Pégourié-Gonnard
fdbdd72b8b Skip to trusted certs early in the chain
This helps in the case where an intermediate certificate is directly trusted.
In that case we want to ignore what comes after it in the chain, not only for
performance but also to avoid false negatives (eg an old root being no longer
trusted while the newer intermediate is directly trusted).

closes #220
2015-09-01 17:24:42 +02:00
Manuel Pégourié-Gonnard
560fea3767 Add tests for verify callback
As we're about to change the chain construction logic, we want to make sure
the callback will still be called exactly when it should, and not on the
(upcoming) ignored certs in the chain.
2015-09-01 17:24:42 +02:00
Manuel Pégourié-Gonnard
d68434efba Disable some tests with valgrind
Tends to cause spurious failures on buildbots due to peer timing out.
Anyway, those tests are mainly for interop, any memory error is most likely
catched by some earlier self-op test. (Also, we'll run these tests with ASan
anyway.)
2015-08-31 12:48:22 +02:00
Manuel Pégourié-Gonnard
4d04cdcd12 Fix RSA mutex fix
Once the mutex is acquired, we must goto cleanup rather that return.
Since cleanup adjusts the return value, adjust that in test cases.

Also, at cleanup we don't want to overwrite 'ret', or we'll loose track of
errors.

see #257
2015-08-31 09:31:55 +02:00
Manuel Pégourié-Gonnard
38db006e0c Finish test in pkwrite 2015-08-19 10:24:34 +02:00
Manuel Pégourié-Gonnard
04b7eec539 Fix pkwrite test that were failing on mingw32
Apparently fread() writes some junk after the contents of the file. Don't look
at it.
2015-08-18 19:49:40 +02:00
Manuel Pégourié-Gonnard
4b7027a8da Avoid race condition in test
Apparently openssl s_server does not flush stdout, anyway sometimes the client
receives the reply and exits, thus terminating the test, before is request is
visible on the server's stdout. So, just don't check that, checking the
client's output and exit code is already enough.
2015-08-10 13:18:48 +02:00
Manuel Pégourié-Gonnard
e33316c607 Add test build of shared libs for windows 2015-08-07 13:22:37 +02:00
Manuel Pégourié-Gonnard
32da9f66a8 Add support for MBEDTLS_USER_CONFIG_FILE 2015-08-06 09:57:54 +02:00
Manuel Pégourié-Gonnard
77d56bb6c2 Add yotta test builds to all.sh 2015-08-06 09:57:53 +02:00
Manuel Pégourié-Gonnard
ab5f7b40e0 Fix indentation 2015-08-04 21:01:37 +02:00
Manuel Pégourié-Gonnard
a365addc0a Make ssl-opt.sh more robust against client timeout
Retry one time in case we have a client timeout. These should be fairly rare
but still happen from time to time with udp_proxy tests which is annoying, and
until now has never indicated an actual issue.
2015-08-04 20:59:36 +02:00
Manuel Pégourié-Gonnard
74681fa2e6 Make ssl-opt.sh more tolerant to start timeouts
Rather than flat-out die when we can't see the server started with lsof, just
stop waiting and try to go ahead with the test. Maybe it'll work if there was
a problem with lsof, most probably it will fail, but at least we'll have the
log, and the results of the following tests.

Note: date +%s isn't POSIX, but it works at least on Linux, Darwin/FreeBSD and
OpenBSD, which should be good enough for a test script.
2015-08-04 20:34:39 +02:00
Manuel Pégourié-Gonnard
bf6ed08aaa Fix list-symbols.sh
- make it work on Linux
- use all three libraries
2015-08-04 17:46:21 +02:00
Manuel Pégourié-Gonnard
9afdc83d77 Fix bashisms in test scripts 2015-08-04 17:15:13 +02:00
Manuel Pégourié-Gonnard
39e2ca9194 Use OpenSSL in compat.sh on Travis, except DTLS
Less heavy-handed than skipping all OpenSSL interop
2015-08-04 16:43:37 +02:00
Manuel Pégourié-Gonnard
d55bc20e43 Fix missing gnutls guard in ssl-opt.sh 2015-08-04 16:22:30 +02:00
Manuel Pégourié-Gonnard
4268ae046b Fix test for new debug message level
The issue was introduced in cb0d212c when a debug message that was incorrectly
set at level 0 was moved to level 2: now the tests need debug_level=2.
2015-08-04 12:44:10 +02:00
Manuel Pégourié-Gonnard
0a8857435c DTLS: treat bad MAC on Finished as an error
This is not required nor recommended by the protocol, and it's a layering
violation, but it's a know flaw in the protocol that you can't detect a PSK
auth error in any other way, so it is probably the right thing to do.

closes #227
2015-08-04 12:11:17 +02:00
Manuel Pégourié-Gonnard
052d10c9d5 Accept a trailing space at end of PEM lines
With certs being copy-pasted from webmails and all, this will probably become
more and more common.

closes #226
2015-07-31 11:11:26 +02:00
Manuel Pégourié-Gonnard
4cc8c63226 Add test for extensionless ClientHello 2015-07-23 12:24:03 +02:00
Manuel Pégourié-Gonnard
e88b49323e Fix run-test-suite.pl with coverage 2015-07-15 12:31:12 +02:00
Paul Bakker
4cb87f409d Prepare for 2.0.0 release 2015-07-10 14:09:43 +01:00
Manuel Pégourié-Gonnard
78ec2b049c Cosmetics in Makefiles 2015-07-08 22:12:06 +01:00
Manuel Pégourié-Gonnard
1780f89ecf Some more scripts simplified
make now has an alias test = check
2015-07-08 22:08:02 +01:00
Manuel Pégourié-Gonnard
3d404b4763 Simplify some scripts
ssl-opt.sh and compat.sh can now be run from root too
2015-07-08 21:59:16 +01:00
Manuel Pégourié-Gonnard
89eb1970e9 mklink needs /d for directories 2015-07-08 21:39:43 +01:00
Manuel Pégourié-Gonnard
85113848bd Use Perl to run tests suites with make
- works on Windows too!
- we need Perl to generate/build the test suites anyway
- easier & more flexible (eg, now count total number of tests run)
2015-07-08 21:36:06 +01:00
Manuel Pégourié-Gonnard
6cacde2d57 Invoke perl directly in Makefile
mingw32-make doesn't look too happy with #!/usr/bin/env perl
2015-07-08 16:04:00 +02:00
Manuel Pégourié-Gonnard
7eb58cbae8 Rm obsolete hack in ssl-opt.sh 2015-07-07 11:54:14 +02:00
Manuel Pégourié-Gonnard
31cafa33d8 Rm obsolete test in ssl-opt.sh 2015-07-06 17:12:27 +02:00
Manuel Pégourié-Gonnard
ae738c29eb Fix warning from Perl 5.21 in helper script 2015-07-01 19:32:00 +02:00
Manuel Pégourié-Gonnard
3083053dd2 More cmake for windows tune-ups 2015-07-01 17:06:28 +02:00
Manuel Pégourié-Gonnard
7e2d68c1b2 cmake: -W flags only for GCC and Clang 2015-07-01 13:41:35 +02:00
Manuel Pégourié-Gonnard
a16e7c468c Rename a debug function 2015-06-29 20:14:19 +02:00
Manuel Pégourié-Gonnard
b74c245a20 Rework debug to not need dynamic alloc
But introduces dependency on variadic macros
2015-06-29 20:08:23 +02:00
Manuel Pégourié-Gonnard
fc36708697 Use $(MAKE), not make
For the sake of systems where we want gmake.
2015-06-26 16:50:24 +02:00