mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
17,084 Commits 5 Branches 162 Tags
Commit Graph

42 Commits

Author SHA1 Message Date
Daniel Pouzzner
6984cf83b2 scripts/ocsp-stapling.test: fix whitespace. 2022-05-19 16:45:50 -05:00
Daniel Pouzzner
368854b243 scripts/: refactor TLS version support tests to use -V, rather than -v (which makes frivolous connection attempts). 2022-05-19 11:18:34 -05:00
Daniel Pouzzner
abfc788389 script cleanup: use #!/bin/bash on all scripts that use "echo -e" (/bin/sh is sometimes a non-Bourne/non-POSIX shell, e.g. dash/ash, with no support for "echo -e"); fix whitespace. 2022-03-09 12:28:22 -06:00
Elms
21db484f50 tests: fix test scripts for paths with spaces 2021-06-13 21:37:07 -07:00
Elms
12eddee104 scripts: fix tests for out of tree distcheck 
Copying or using certs from directory relative to scripts source directory.
 2021-02-08 10:43:31 -08:00
Sean Parkinson
fa86c1aa91 Configuration: enable all, disable TLS 1.3 - turn off TLS 1.3 only options 
configuration: --enable-all --disable-tls13
Post-handshake authentication and HRR cookie are enable with
'--enable-all' but disabling TLS 1.3 caused configure to fail.
Don't enable these TLS 1.3 only options when TLS 1.3 is disabled.

Also fix up tests that don't work without TLS 1.3 enabled.
 2021-01-06 14:19:57 +10:00
John Safranek
c482d16029
Merge pull request #3544 from haydenroche5/ocsp_stapling_bug 
Fix bug where OCSP stapling wasn't happening even when requested by client
 2020-12-29 14:23:10 -08:00
Daniel Pouzzner
eeefe043ec scripts/: nix timeout wrappers in ocsp-stapling.test and ocsp-stapling2.test, for portability. 2020-12-16 17:31:53 -06:00
Hayden Roche
801aa18b9e Fix bug where OCSP stapling wasn't happening even when requested by client. 
The OCSP request that we created didn't have a URL for the OCSP responder, so
the server couldn't reach out to the responder for its cert status.
 2020-12-15 16:56:21 -06:00
Daniel Pouzzner
139b0431cb ocsp-stapling*.test: prefix waited servers with "timeout 60" to avoid deadlock failure modes; grep output from "openssl s_client" in "test interop fail case" for expected error message ("self signed certificate in certificate chain"). 2020-10-28 17:28:05 -05:00
Daniel Pouzzner
0568ec304f pass -4 flag to openssl and nc only when IPV6_SUPPORTED. 2020-10-28 17:28:05 -05:00
Daniel Pouzzner
94a3f86dcd scripts/ocsp-stapling*.test: check if IPv6 is supported by the installed openssl and nc executables, and if not, don't attempt to wrestle the version. with no IPv6 support, and an --enable-ipv6 wolfssl build, skip the test entirely. also, restore a couple -b (bind-all-interfaces) flags to examples/server/server recipes in case that's useful. 2020-10-28 17:28:05 -05:00
Daniel Pouzzner
7a5cbaa9bc fix scripts/ocsp-stapling*.test to accommodate IPv6 examples/ client/server build. 2020-10-28 17:28:05 -05:00
Sean Parkinson
60b0b0170b TLS OCSP Stapling: MUST staple option 
Can enable OCSP Must Staple option to mean that if the client sends a
request for an OCSP Staple then it must receive a response.
 2020-10-16 09:03:27 +10:00
Daniel Pouzzner
5ed2fe8092 scripts/: more race elimination/mitigation. 2020-09-17 12:03:44 -05:00
Daniel Pouzzner
b669f8eeb9 scripts/: tweak scripts/include.am to run ocsp tests before rather than after testsuite and unit.test; revert POSIXish scripts/*.test to use /bin/sh. 2020-09-14 16:06:45 -05:00
Daniel Pouzzner
51046d45d3 add bwrapping on all other scripts/*.test except those that make Internet connections, and remove test for setuid bit, as some systems are configured to not require setuid/CAP_NET_ADMIN for CLONE_NEWNET. 2020-09-12 00:20:38 -05:00
Daniel Pouzzner
1e9971f64c scripts/ocsp-stapling*.test: add bwrap attempt at top, to isolate network namespace. 2020-09-11 18:20:27 -05:00
Daniel Pouzzner
8f25456f86 scripts/ocsp-stapling*.test, wolfssl/test.h: refactor scripts/ocsp-stapling*.test for orthogonality and robustness, with retries and early failure detection. also, reduce sleeps in ocsp-stapling-with-ca-as-responder.test to 0.1, matching sleeps in other 2 scripts. finally, in wolfssl/test.h, #ifdef SO_REUSEPORT do that when binding ports, and add optional rendering of errno strings for failed syscalls using err_sys_with_errno() when -DDEBUG_TEST_ERR_SYS_WITH_ERRNO. 2020-09-11 15:30:37 -05:00
David Garske
6a984da53f Fixes and Improvements to OCSP scripts. Fix for OCSP test with IPV6 enabled (use -b bind to any on server). Fix to use random port number for the oscp-stapling.test script. Reduce delay times in scripts. 2020-08-25 10:55:41 -07:00
kaleb-himes
42f3a6d7a4 Put both potential roots for login.live.com into collection for stapling test 2020-07-07 16:02:48 -06:00
Jacob Barthelmeh
0a6b93fda2 add single quotes around -? in test scripts 2020-03-24 22:40:48 -06:00
Eric Blankenhorn
b83804cb9d Correct misspellings and typos from codespell tool 2019-12-24 12:29:33 -06:00
Jacob Barthelmeh
a00eaeb877 add ocsp stapling test and initialize values 2019-01-04 13:16:47 -07:00
toddouska
fc64788092
Merge pull request #1795 from SparkiDev/tls13_no_tls12 
Fixes to work when compiled with TLS 1.3 only
 2018-08-29 16:16:46 -07:00
Sean Parkinson
487c60df78 Fixes to work when compiled with TLS 1.3 only 
TLS 1.3 Early Data can be used with PSK and not session tickets.
If only TLS 1.3 and no session tickets then no resumption.
External sites don't support TLS 1.3 yet.
 2018-08-28 15:37:15 +10:00
Jacob Barthelmeh
46c04cafd3 change grep message for RSA key size with tests 2018-08-24 16:47:37 -06:00
Jacob Barthelmeh
f74406d2c9 check max key size with ocsp stapling test 2018-08-15 09:52:43 -06:00
kaleb-himes
280de47d06 Use pzero solutions on servers and clients in addition to ocsp responders 2018-08-10 14:17:17 -06:00
kaleb-himes
c288a214b1 give servers time to shut-down after client connection 2018-08-10 11:57:35 -06:00
kaleb-himes
35dbf9a6fe address file restoration issue present when git not available 2018-08-10 10:24:42 -06:00
John Safranek
c71f730d67 OSCP 
1. Made killing the OCSP server process more reliable.
2. Added attr files for the OSCP status files. Bare minimum attr.
3. Added a NL to the error string from the client regarding external tests.
 2018-08-02 11:32:36 -07:00
kaleb-himes
ddec878152 Disable external tests for OCSP scripts 2018-08-02 10:03:47 -06:00
kaleb-himes
a178764a8b Portability and self-cleanup changes to ocsp test scripts 2018-08-02 09:47:13 -06:00
Sean Parkinson
0bf3a89992 TLS 1.3 OCSP Stapling 
Introduce support for OCSP stapling in TLS 1.3.
Note: OCSP Stapling v2 is not used in TLS 1.3.
Added tests.
Allow extensions to be sent with first certificate.
Fix writing out of certificate chains in TLS 1.3.
Tidy up the OCSP stapling code to remove duplication as much as
possible.
 2018-07-02 16:59:23 +10:00
Moisés Guimarães
43c234029b adds a call to wolfSSL_CTX_EnableOCSPStapling() on client.c to fix ocspstapling2 tests and removes unnecessary 'kill ' from the test scripts 2017-12-26 22:32:21 -03:00
Chris Conlon
af00787f80 update root certs for ocsp scripts 2017-08-14 12:58:36 -06:00
Moisés Guimarães
a9d5dcae58 updates ocsp tests; adds check for OCSP response signed by issuer. 2017-06-21 14:12:12 -07:00
Chris Conlon
45c8ed1436 remove -X from ocsp stapling tests that are not external 2016-08-22 14:18:35 -06:00
Moisés Guimarães
db7aab5e37 fixes ocsp stapling tests ignoring CRL 2016-06-17 08:19:57 -03:00
David Garske
993972162e MinGW fixes, server port assigning cleanup and ping test cleanup. Fixes issue with visibility detection with MinGW. The visibility.m4 script was not actually trying to call the hidden function, which caused MinGW to detect improperly that visibility was supported. Fix for bogusFile on Windows build. Fixes to build warnings for unused variable 'res' and signed/unsigned comparison for sizeof min(). Cleanup of the server side port assignment to allow use with Windows/MinGW/Cygwin. If Windows uses new GetRandomPort() function in test.h to get port in in the 49152 - 65535 range. If *nix then uses the tcp_listen returned port. Otherwise uses the default wolfSSLPort. Refactor of the ping test code to use common file and properly handle ping count differences (Windows "-c" vs. *Nix style "-n"). Workaround for MinGW and cyassl/options.h getting file permissions error. Added non-fatal compile warning if using MinGW that "strtok_s" might be missing along with a link to public domain source that can be used. 2016-04-08 11:48:14 -06:00
Moisés Guimarães
ec9d23a9c3 Merge branch 'csr' 2015-12-28 19:38:04 -03:00