Commit Graph

158 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
dba564bc79 Fix files that are not in development 2015-01-23 11:37:14 +00:00
Manuel Pégourié-Gonnard
eab72e2ced Merge branch 'development' into dtls
* development:
  Update copyright
  Fix issue in compat.sh
  Rename doxyfile
  Rename to mbed TLS in tests/
  Rename to mbed TLS in examples
  Remove old test certificates.
  Rename to mbed TLS in the documentation/comments
  Change name to mbed TLS in the copyright notice

Conflicts:
	doxygen/input/doc_mainpage.h
	doxygen/mbedtls.doxyfile
	include/polarssl/version.h
	tests/compat.sh
2015-01-23 10:23:17 +00:00
Manuel Pégourié-Gonnard
a8f3b75f54 Fix issue in compat.sh 2015-01-22 17:20:35 +00:00
Manuel Pégourié-Gonnard
e4f6edcda1 Rename to mbed TLS in tests/ 2015-01-22 16:43:54 +00:00
Manuel Pégourié-Gonnard
67505bf9e8 Merge branch 'development' into dtls
* development:
  Adapt tests to new defaults/errors.
  Fix typos/cosmetics in Changelog
  Disable RC4 by default in example programs.
  Add ssl_set_arc4_support()
  Set min version to TLS 1.0 in programs

Conflicts:
	include/polarssl/ssl.h
	library/ssl_cli.c
	library/ssl_srv.c
	tests/compat.sh
2015-01-21 13:57:33 +00:00
Paul Bakker
5b8f7eaa3e Merge new security defaults for programs (RC4 disabled, SSL3 disabled) 2015-01-14 16:26:54 +01:00
Manuel Pégourié-Gonnard
bd47a58221 Add ssl_set_arc4_support()
Rationale: if people want to disable RC4 but otherwise keep the default suite
list, it was cumbersome. Also, since it uses a global array,
ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like
the best place, even if it means temporarily adding one SSL setting.
2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard
a65d5082b6 Merge branch 'development' into dtls
* development:
  Fix previous commit
  Allow flexible location of valgrind
  Fix test scripts portability issues
  Fix Gnu-ism in script

Conflicts:
	tests/ssl-opt.sh
2015-01-12 14:54:55 +01:00
Paul Bakker
54b1a8fa4d Merge support for Extended Master Secret (session-hash) 2015-01-12 14:14:07 +01:00
Manuel Pégourié-Gonnard
f46f128f4a Fix test scripts portability issues 2014-12-11 17:26:09 +01:00
Manuel Pégourié-Gonnard
56d985d0a6 Merge branch 'session-hash' into dtls
* session-hash:
  Update Changelog for session-hash
  Make session-hash depend on TLS versions
  Forbid extended master secret with SSLv3
  compat.sh: allow git version of gnutls
  compat.sh: make options a bit more robust
  Implement extended master secret
  Add negotiation of Extended Master Secret

Conflicts:
	include/polarssl/check_config.h
	programs/ssl/ssl_server2.c
2014-11-06 01:25:09 +01:00
Manuel Pégourié-Gonnard
dd4592774b compat.sh: allow git version of gnutls 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
85a4178f82 compat.sh: make options a bit more robust 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
36795197d9 Rm now useless MTU setting in compat.sh 2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard
53aef81a7d Work around OpenSSL bug in compat.sh 2014-10-21 16:30:12 +02:00
Manuel Pégourié-Gonnard
d1af1025d0 Add DTLS interop testing with OpenSSL server
PSK suites failing with client auth
2014-10-21 16:30:12 +02:00
Manuel Pégourié-Gonnard
9bfb1226da Add DTLS interop testing with GnuTLS server 2014-10-21 16:30:12 +02:00
Manuel Pégourié-Gonnard
29980b16bd Add DTLS interop testing (PolarSSL server) 2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard
3025b6cfd6 Add DTLS self-op test in compat.sh 2014-10-21 16:30:10 +02:00
Manuel Pégourié-Gonnard
7fa67728ad Scripts print more info on failure within buildbot 2014-08-31 17:42:53 +02:00
Manuel Pégourié-Gonnard
1287f11d54 Detect GnuTLS presence and version in compat.sh 2014-08-31 16:31:32 +02:00
Manuel Pégourié-Gonnard
16494496db Fix details in compat.sh 2014-08-31 10:37:14 +02:00
Manuel Pégourié-Gonnard
72e51ee7be Use arithmetic expansion in scripts, avoid bashisms 2014-08-31 10:22:11 +02:00
Manuel Pégourié-Gonnard
c0f6a692fb Add client timeout to ssl-opt.sh and compat.sh 2014-08-30 22:59:55 +02:00
Manuel Pégourié-Gonnard
decaf0b182 Clean up unused variable in compat.sh 2014-08-30 22:22:09 +02:00
Manuel Pégourié-Gonnard
74b11702d7 Simplify terminating ssl_server2 in test scripts 2014-08-14 18:33:00 +02:00
Manuel Pégourié-Gonnard
e46aa5e336 Update GnuTLS version requirements in compat.sh 2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
7e0a5183db Add a missing suite to compat.sh 2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
8d4ad07706 SHA-2 ciphersuites now require TLS 1.x 2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
7457cb3a56 Fix some version/peer requirements in compat.sh 2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
fab2a3c3d6 Fix port selection in ssl test scripts
Port was selected in the 1000-1999 range which is bad (system ports).
2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard
32f8f4d1a0 Catch SERVERQUIT timeout in ssl test scripts 2014-05-29 11:57:44 +02:00
Manuel Pégourié-Gonnard
bc3b16c7e2 Also use unique names for temp files 2014-05-29 11:57:43 +02:00
Manuel Pégourié-Gonnard
8066b81a54 Pick a "unique" port in SSL test scripts 2014-05-29 11:57:43 +02:00
Paul Bakker
1ebc0c592c Fix typos 2014-05-22 15:47:58 +02:00
Manuel Pégourié-Gonnard
2594859bc6 Add CCM suites to compat.sh (self-op only) 2014-05-22 14:36:02 +02:00
Paul Bakker
17b85cbd69 Merged additional tests and improved code coverage
Conflicts:
	ChangeLog
2014-04-08 14:38:48 +02:00
Manuel Pégourié-Gonnard
563ad02663 Fix final report in compat.sh
Only affect what's printed, the exit code was already correct.
2014-04-08 11:56:35 +02:00
Manuel Pégourié-Gonnard
913030c286 Enable SSLv2 testing if OPENSSL_CMD is set 2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard
e9a9a61c61 Deduplicate suites in compat.sh 2014-03-26 12:58:56 +01:00
Manuel Pégourié-Gonnard
12b8472f2f Test against GnuTLS for every common ciphersuite 2014-03-26 12:58:54 +01:00
Manuel Pégourié-Gonnard
a1a9f9a639 Allow GnuTLS to be enabled via environment 2014-03-26 12:58:53 +01:00
Manuel Pégourié-Gonnard
e01af4cd37 Tune compat.sh and ssl-opt.sh error reporting 2014-03-26 12:58:48 +01:00
Manuel Pégourié-Gonnard
5de31ecf9c Don't use dummy CA in compat.sh 2014-03-19 17:43:25 +01:00
Manuel Pégourié-Gonnard
3947d04b24 Fix too aggressive test for gnutls commands 2014-03-14 18:13:53 +01:00
Manuel Pégourié-Gonnard
74faf3c400 Fix usage of environment variables for commands 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard
84fd6877c6 Use ssl_client2 to terminate ssl_server2 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard
ba0b8442f0 compat.sh and ssl-opt.sh cosmetics
- do not print '0 memory errors' when memcheck was not used
- add commands to the log files
2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard
9edba77c06 Add --exclude and --peers options to compat.sh 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard
a4371447e4 Start adding GnuTLS client support to compat.sh 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard
213c67adfc Adapt to new ssl_client2 default 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard
5b2d776d2a GnuTLS in compat.sh: server-side 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard
3eec60402f Add memcheck support to compat.sh 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard
1b149ef746 Use no cert when none is required in compat.sh 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard
f7a2690561 Make the openssl command configurable in sh tests 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard
911622d84a compat.sh: never kill our server 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard
87ae3031ac compat.sh: use file output (prep. for valgrind) 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard
42d195acc1 compat.sh: don't start server if no ciphersuite 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard
9dea8bd658 Minor compat.sh clean-up 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
a9062e96e7 shell scripts: clean up when exiting on signal 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
4145b89091 compat.sh cosmetics 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
da782c9458 compat.sh: better certificate verification testing 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
eaadc508fb New ssl-opt.sh test script 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
c57e98b5fa compat.sh: terminate ssl_server2 cleanly 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
5f593f07f7 compat.sh: rm a useless sleep 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
95957717f3 compat.sh: source cosmetics 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
330e4111cb compat.sh: factor code into run_client() function 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
304beef2ae compat.sh: function to start server 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
9ada01a70c compat.sh: regroup arguments even more 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
1b31d7fd97 compat.sh: remove useless server restart 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
48f196cda5 compat.sh refactoring: group ciphersuite lists 2014-03-14 08:40:59 +01:00
Manuel Pégourié-Gonnard
d941a796be compat.sh refectoring: regroup argument setting 2014-03-14 08:40:59 +01:00
Paul Bakker
fe40f484fb Do not print error on missing kill target in compat.sh 2013-12-19 17:47:24 +01:00
Paul Bakker
5a607d26b7 Merged IPv6 support in the NET module 2013-12-17 14:34:19 +01:00
Manuel Pégourié-Gonnard
c9baa873ca Force server to IPv4 in compat.s 2013-12-17 14:10:58 +01:00
Manuel Pégourié-Gonnard
0759d369e6 Fix ciphersuite selection in compat.sh 2013-12-17 11:50:52 +01:00
Manuel Pégourié-Gonnard
31a2325810 Add ECDH_ECDSA suites to compat.sh 2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard
07b54e06da Fix EC suites version requirements in compat.sh 2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard
452f6ba1a6 compat.sh cleanups 2013-12-17 11:26:59 +01:00
Manuel Pégourié-Gonnard
c6f03faeaf Update compat.sh ciphersuite versions 2013-11-26 14:29:13 +01:00
Manuel Pégourié-Gonnard
65ea372f9b Rm unsupported suites (export) from compat.sh 2013-10-25 18:44:07 +02:00
Manuel Pégourié-Gonnard
8d01eea7af Add Camellia-GCM ciphersuites 2013-10-25 16:46:05 +02:00
Manuel Pégourié-Gonnard
eebb5ad6cc Add RSA-PSK and ECDHE-PSK suites to compat.sh 2013-10-15 12:27:22 +02:00
Manuel Pégourié-Gonnard
eb1714e9c8 Fix certs/psk arguments in compat.sh 2013-09-20 12:44:08 +02:00
Manuel Pégourié-Gonnard
d331319a38 Check -m option in compat.sh 2013-09-18 14:34:32 +02:00
Manuel Pégourié-Gonnard
70064fd721 compat.sh: report results 2013-08-27 22:21:22 +02:00
Manuel Pégourié-Gonnard
7ebaf376f9 Add ECDSA suites to compat.sh 2013-08-27 22:21:22 +02:00
Manuel Pégourié-Gonnard
dfc8d5accc Small adjustments in compat.sh 2013-08-27 22:21:22 +02:00
Manuel Pégourié-Gonnard
9791a4043e Refactor compat.sh to prepare for ECDSA 2013-08-27 22:21:22 +02:00
Paul Bakker
0f2f0bfc87 CAMELLIA-based PSK and DHE-PSK ciphersuites added 2013-07-26 15:04:03 +02:00
Paul Bakker
524691c0a0 Added --modes option to tests/compat.sh 2013-07-25 17:01:20 +02:00
Paul Bakker
accd4eb665 compat.sh now has -f command-line option to filter used ciphersuites 2013-07-19 14:51:31 +02:00
Paul Bakker
89fe7f4388 compat.sh modified to support new ssl_server2 and ssl_client2
capabilities
2013-06-29 18:35:41 +02:00
Paul Bakker
40afb4ba13 Added PSK GCM, SHA256 and SHA384 ciphers from RFC5487 2013-04-19 22:03:30 +02:00
Paul Bakker
a1bf92ddb4 Added PSK NULL ciphers from RFC4785 2013-04-19 20:47:26 +02:00
Paul Bakker
48f7a5d724 DHE-PSK based ciphersuite support added and cleaner key exchange based
code selection

The base RFC 4279 DHE-PSK ciphersuites are now supported and added.

The SSL code cuts out code not relevant for defined key exchange methods
2013-04-19 20:47:26 +02:00
Paul Bakker
7e5e7ca205 Added PSK ciphersuite tests to compat.sh 2013-04-18 23:12:34 +02:00
Paul Bakker
abfdfbfd46 Removed duplicate value from compat.sh ciphersuite list 2013-04-08 14:07:43 +02:00
Paul Bakker
27714b1aa1 Added Camellia ECDHE-based CBC ciphersuites
Added TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 and
TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384
2013-04-07 23:07:12 +02:00
Paul Bakker
a54e493bc0 Added ECDHE-based SHA256 and SHA384 ciphersuites
Added TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 and
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ciphersuites
2013-03-20 15:31:54 +01:00