Manuel Pégourié-Gonnard
a6ace04c5c
Test for lost HelloRequest
2014-10-21 16:32:57 +02:00
Manuel Pégourié-Gonnard
f1384470bf
Avoid spurious timeout in ssl-opt.sh
2014-10-21 16:32:57 +02:00
Manuel Pégourié-Gonnard
74a1378175
Avoid false positive in ssl-opt.sh with memcheck
2014-10-21 16:32:56 +02:00
Manuel Pégourié-Gonnard
e698f59a25
Add tests for ssl_set_dtls_badmac_limit()
2014-10-21 16:32:56 +02:00
Manuel Pégourié-Gonnard
caecdaed25
Cosmetics in ssl_server2 & complete tests for HVR
2014-10-21 16:32:54 +02:00
Manuel Pégourié-Gonnard
37e08e1689
Fix max_fragment_length with DTLS
2014-10-21 16:32:53 +02:00
Manuel Pégourié-Gonnard
127ab88dba
Give more time to lossy tests with normal timers
2014-10-21 16:32:51 +02:00
Manuel Pégourié-Gonnard
ba958b8bdc
Add test for server-initiated renego
...
Just assuming the HelloRequest isn't lost for now
2014-10-21 16:32:50 +02:00
Manuel Pégourié-Gonnard
85beb30b11
Add test for resumption with non-blocking I/O
2014-10-21 16:32:48 +02:00
Manuel Pégourié-Gonnard
a59af05dce
Give more time to tests that time out too often
2014-10-21 16:32:47 +02:00
Manuel Pégourié-Gonnard
7a26d73735
Add test for session resumption
2014-10-21 16:32:47 +02:00
Manuel Pégourié-Gonnard
df9a0a8460
Drop unexpected ApplicationData
...
This is likely to happen on resumption if client speaks first at the
application level.
2014-10-21 16:32:46 +02:00
Manuel Pégourié-Gonnard
37a4de2cec
Use shorter timeouts in ssl-opt.sh proxy tests
2014-10-21 16:32:44 +02:00
Manuel Pégourié-Gonnard
6093d81c20
Add tests with proxy and non-blocking I/O
2014-10-21 16:32:42 +02:00
Manuel Pégourié-Gonnard
579950c2bb
Fix bug with non-blocking I/O and cookies
2014-10-21 16:32:42 +02:00
Manuel Pégourié-Gonnard
bd97fdb3a4
Make ssl_server2's HVR handling more realistic
...
It makes not sense to keep the connection open until the client is verified.
Until now it was useful since closing it crates a race where the second
ClientHello might be lost. But now that our client is able to resend, that's
not an issue any more.
2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard
36795197d9
Rm now useless MTU setting in compat.sh
2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard
7a66cbca75
Rm some redundant tests
2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard
9590e0a176
Add proxy tests with gnutls-srv & fragmentation
2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard
fa60f128d6
Quit using "yes" in ssl-opt.sh with openssl
...
It caused s_server to send an AppData record of 16Kb every millisecond or so,
which destroyed readability of the proxy and client logs.
2014-10-21 16:32:39 +02:00
Manuel Pégourié-Gonnard
08a1d4bce1
Fix bug with client auth with DTLS
2014-10-21 16:32:39 +02:00
Manuel Pégourié-Gonnard
d0fd1daa6b
Add test with proxy and openssl server
2014-10-21 16:32:38 +02:00
Manuel Pégourié-Gonnard
1b753f1e27
Add test for renego with proxy
2014-10-21 16:32:38 +02:00
Manuel Pégourié-Gonnard
18e519a660
Add proxy tests with more handshake flows
2014-10-21 16:32:37 +02:00
Manuel Pégourié-Gonnard
76fe9e41c1
Test that anti-replay ignores all duplicates
2014-10-21 16:32:36 +02:00
Manuel Pégourié-Gonnard
2739313cea
Make anti-replay a runtime option
2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard
246c13a05f
Fix epoch checking
2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard
b47368a00a
Add replay detection
2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard
4956fd7437
Test and fix anti-replay functions
2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard
825a49ed7c
Add more udp_proxy tests
2014-10-21 16:32:32 +02:00
Manuel Pégourié-Gonnard
a6189f0fb0
udp_proxy wasn't actually killed
2014-10-21 16:32:30 +02:00
Manuel Pégourié-Gonnard
a0719727da
Add tests with dropped packets
2014-10-21 16:32:30 +02:00
Manuel Pégourié-Gonnard
63eca930d7
Drop invalid records with DTLS
2014-10-21 16:30:28 +02:00
Manuel Pégourié-Gonnard
990f9e428a
Handle late handshake messages gracefully
2014-10-21 16:30:26 +02:00
Manuel Pégourié-Gonnard
be9eb877f7
Adapt ssl-opt.sh to allow using udp_proxy in tests
2014-10-21 16:30:25 +02:00
Manuel Pégourié-Gonnard
0a65934ef3
Re-enable valgrind for all tests
...
Now we can handle duplicated messages due to the peer re-sending (due to us
being soooo slow with valgrind)
2014-10-21 16:30:24 +02:00
Manuel Pégourié-Gonnard
0c4cbc7895
Add test for fragmentation + renego with GnuTLS
2014-10-21 16:30:23 +02:00
Manuel Pégourié-Gonnard
f1499f602e
Add interop testing for renego with GnuTLS
2014-10-21 16:30:23 +02:00
Manuel Pégourié-Gonnard
77b0b8d100
Disable some tests with valgrind for now
2014-10-21 16:30:23 +02:00
Manuel Pégourié-Gonnard
64dffc5d14
Make handshake reassembly work with openssl
2014-10-21 16:30:22 +02:00
Manuel Pégourié-Gonnard
a77561765f
Add test with openssl with DTLS in ssl-opt.sh
2014-10-21 16:30:22 +02:00
Manuel Pégourié-Gonnard
502bf30fb5
Handle reassembly of handshake messages
...
Works only with GnuTLS for now, OpenSSL packs other records in the same
datagram after the last fragmented one, which we don't handle yet.
Also, ssl-opt.sh fails the tests with valgrind for now: we're so slow with
valgrind that gnutls-serv retransmits some messages, and we don't handle
duplicated messages yet.
2014-10-21 16:30:22 +02:00
Manuel Pégourié-Gonnard
c392b240c4
Fix server-initiated renegotiation with DTLS
2014-10-21 16:30:21 +02:00
Manuel Pégourié-Gonnard
30d16eb429
Fix client-initiated renegotiation with DTLS
2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard
0eb6cab979
Add DTLS cookies test to ssl-opt.sh
2014-10-21 16:30:19 +02:00
Manuel Pégourié-Gonnard
53aef81a7d
Work around OpenSSL bug in compat.sh
2014-10-21 16:30:12 +02:00
Manuel Pégourié-Gonnard
d1af1025d0
Add DTLS interop testing with OpenSSL server
...
PSK suites failing with client auth
2014-10-21 16:30:12 +02:00
Manuel Pégourié-Gonnard
9bfb1226da
Add DTLS interop testing with GnuTLS server
2014-10-21 16:30:12 +02:00
Manuel Pégourié-Gonnard
29980b16bd
Add DTLS interop testing (PolarSSL server)
2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard
3025b6cfd6
Add DTLS self-op test in compat.sh
2014-10-21 16:30:10 +02:00