yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-23 19:35:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
3,155 Commits 88 Branches 205 Tags 69 MiB
21b967137d
Commit Graph

111 Commits

Author SHA1 Message Date
Janos Follath
33857f4c3d Update default configuration 
Change the default settings for SSL and modify the tests accordingly.
 2016-04-09 00:16:40 +01:00
Manuel Pégourié-Gonnard
84690c35ee Make ssl-opt.sh more tolerant to start timeouts 
Rather than flat-out die when we can't see the server started with lsof, just
stop waiting and try to go ahead with the test. Maybe it'll work if there was
a problem with lsof, most probably it will fail, but at least we'll have the
log, and the results of the following tests.

Note: date +%s isn't POSIX, but it works at least on Linux, Darwin/FreeBSD and
OpenBSD, which should be good enough for a test script.
 2015-08-10 17:06:22 +02:00
Manuel Pégourié-Gonnard
6461f368d8 Use good DH params with OpenSSL in tests 2015-06-29 18:52:57 +02:00
Manuel Pégourié-Gonnard
e16b62c3a9 Make results of (ext)KeyUsage accessible 2015-04-29 17:07:31 +02:00
Manuel Pégourié-Gonnard
0c6ce2f536 Use x509_crt_verify_info() in programs 2015-04-17 19:57:21 +02:00
Manuel Pégourié-Gonnard
751286be39 Make tests/*.sh runnable from anywhere 2015-03-10 13:43:56 +00:00
Paul Bakker
539d972a25 Add missing guards for gnuTLS 2015-02-08 16:18:35 +01:00
Manuel Pégourié-Gonnard
dc370e4969 Improve script portability 2015-01-22 10:24:59 +00:00
Manuel Pégourié-Gonnard
51d81661dc Adapt tests to new defaults/errors. 2015-01-14 17:20:46 +01:00
Paul Bakker
5b8f7eaa3e Merge new security defaults for programs (RC4 disabled, SSL3 disabled) 2015-01-14 16:26:54 +01:00
Paul Bakker
c82b7e2003 Merge option to disable truncated hmac on the server-side 2015-01-14 16:16:55 +01:00
Paul Bakker
e522d0fa57 Merge smarter certificate selection for pre-TLS-1.2 clients 2015-01-14 16:12:48 +01:00
Manuel Pégourié-Gonnard
9835bc077a Fix racy test. 
With exchanges == renego period, sometimes the connection will be closed by
the client before the server had time to read the ClientHello, making the test
fail. The extra exchange avoids that.
 2015-01-14 14:41:58 +01:00
Manuel Pégourié-Gonnard
a852cf4833 Fix issue with non-blocking I/O & record splitting 2015-01-13 20:56:15 +01:00
Paul Bakker
f3561154ff Merge support for 1/n-1 record splitting 2015-01-13 16:31:34 +01:00
Paul Bakker
f6080b8557 Merge support for enabling / disabling renegotiation support at compile-time 2015-01-13 16:18:23 +01:00
Paul Bakker
d9e2dd2bb0 Merge support for Encrypt-then-MAC 2015-01-13 14:23:56 +01:00
Manuel Pégourié-Gonnard
bd47a58221 Add ssl_set_arc4_support() 
Rationale: if people want to disable RC4 but otherwise keep the default suite
list, it was cumbersome. Also, since it uses a global array,
ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like
the best place, even if it means temporarily adding one SSL setting.
 2015-01-13 13:03:06 +01:00
Paul Bakker
54b1a8fa4d Merge support for Extended Master Secret (session-hash) 2015-01-12 14:14:07 +01:00
Paul Bakker
b52b015c0b Merge support for FALLBACK_SCSV 2015-01-12 14:07:59 +01:00
Manuel Pégourié-Gonnard
448ea506bf Set min version to TLS 1.0 in programs 2015-01-12 12:32:04 +01:00
Manuel Pégourié-Gonnard
e117a8fc0d Make truncated hmac a runtime option server-side 
Reading the documentation of ssl_set_truncated_hmac() may give the impression
I changed the default for clients but I didn't, the old documentation was
wrong.
 2015-01-09 12:52:20 +01:00
Manuel Pégourié-Gonnard
f01768c55e Specific error for suites in common but none good 2015-01-08 17:06:16 +01:00
Manuel Pégourié-Gonnard
df331a55d2 Prefer SHA-1 certificates for pre-1.2 clients 2015-01-08 16:43:07 +01:00
Manuel Pégourié-Gonnard
3ff78239fe Add tests for CBC record splitting 2015-01-08 11:15:09 +01:00
Manuel Pégourié-Gonnard
c82ee3555f Fix tests that were failing with record splitting 2015-01-07 16:39:10 +01:00
Manuel Pégourié-Gonnard
f46f128f4a Fix test scripts portability issues 2014-12-11 17:26:09 +01:00
Manuel Pégourié-Gonnard
590f416142 Add tests for periodic renegotiation 2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard
85d915b81d Add tests for renego security enforcement 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard
b575b54cb9 Forbid extended master secret with SSLv3 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
169dd6a514 Adjust minimum length for EtM 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
78e745fc0a Don't send back EtM extension if not using CBC 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
0098e7dc70 Preparation for EtM 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
699cafaea2 Implement initial negotiation of EtM 
Not implemented yet:
- actually using EtM
- conditions on renegotiation
 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
01b2699198 Implement FALLBACK_SCSV server-side 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
1cbd39dbeb Implement FALLBACK_SCSV client-side 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
367381fddd Add negotiation of Extended Master Secret 
(But not the actual thing yet.)
 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
7fa67728ad Scripts print more info on failure within buildbot 2014-08-31 17:42:53 +02:00
Manuel Pégourié-Gonnard
c2b0092a1b Fix leaving around temporary file in ssl-opt.sh 2014-08-31 17:17:36 +02:00
Manuel Pégourié-Gonnard
72e51ee7be Use arithmetic expansion in scripts, avoid bashisms 2014-08-31 10:22:11 +02:00
Manuel Pégourié-Gonnard
c0f6a692fb Add client timeout to ssl-opt.sh and compat.sh 2014-08-30 22:59:55 +02:00
Manuel Pégourié-Gonnard
a4afadfccd Fix bug in OpenSSL v2 support testing 2014-08-30 22:09:36 +02:00
Manuel Pégourié-Gonnard
644e8f377d Adapt debug_level in ssl-opt.sh to new levels 
The meaning of debug_level was shift by one during the last debug overhaul.
(The new one is more rational, previously debug_level=1 didn't do anything.)
 2014-08-30 21:59:31 +02:00
Manuel Pégourié-Gonnard
8e03c71b23 Normalize names in ssl-opt.sh 
No numbering: does not add value, and painful to maintain, esp. with branches
 2014-08-30 21:42:40 +02:00
Manuel Pégourié-Gonnard
51362961b8 Add interop testing of renegotiation 2014-08-30 21:22:47 +02:00
Manuel Pégourié-Gonnard
f2629b965e Rm now useless tricks from ssl-opt.sh 2014-08-30 14:20:14 +02:00
Manuel Pégourié-Gonnard
480905d563 Fix selection of hash from sig_alg ClientHello ext. 2014-08-30 14:19:59 +02:00
Manuel Pégourié-Gonnard
baa7f07809 Add GnuTLS support to ssl-opt.sh 2014-08-20 20:15:53 +02:00
Manuel Pégourié-Gonnard
f07f421759 Fix server-initiated renego with non-blocking I/O 2014-08-19 13:32:15 +02:00
Manuel Pégourié-Gonnard
a8c0a0dbd0 Add "exchanges" option to test server and client 
Goal is to test renegotiation better: we need more than one exchange for
server-initiated renego to work reliably (the previous hack for this wouldn't
work with non-blocking I/O and probably not with DTLS either).

Also check message termination in a semi-realistic way.
 2014-08-19 13:26:05 +02:00