summaryrefslogtreecommitdiff
path: root/tests/Makefile.am
Commit message (Collapse)AuthorAgeFilesLines
* handshake: do not send TLS extensions under DTLS and vice versatmp-prohibit-tls-dtls-mixNikos Mavrogiannopoulos2018-05-171-1/+1
| | | | | | | | | | That is, introduce the notion of TLS-only and DTLS-only extensions, providing a framework to prevent sending extensions which are registered for example for TLS 1.3, under DTLS and vice versa. Resolves #440 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_ext_raw_parse: introduced GNUTLS_EXT_RAW_FLAG_DTLS_CLIENT_HELLONikos Mavrogiannopoulos2018-05-171-1/+1
| | | | | | This allows parsing extensions from a DTLS client hello. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* pcert: added functionality to retrieve listsNikos Mavrogiannopoulos2018-05-121-1/+2
| | | | | | | | | That introduces gnutls_pcert_list_import_x509_file() and gnutls_x509_crt_list_import_url(). Resolves #373 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* New constructors for classes client_session() and server_session() provide ↵Philippe Widmer2018-05-101-2/+16
| | | | | | passing flags. Closes #438. Signed-off-by: Philippe Widmer <pw@earthwave.ch>
* Use configured CC for pkg-config testMichael Weiser2018-05-071-0/+1
| | | | | | | Using the configured compiler aids in running the test suite under qemu or in a multlib scenario. Signed-off-by: Michael Weiser <michael.weiser@gmx.de>
* pkcs11: mark private key objects as sensitive by defaulttmp-pkcs11-sensitive-fixNikos Mavrogiannopoulos2018-05-031-1/+1
| | | | | | | That is, to prevent accidentally creating objects which can be exported. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: check the behavior of TLS1.2 key exchange methods under TLS1.3Nikos Mavrogiannopoulos2018-04-301-1/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added reproducers for receiving app data when rehandshake is expectedNikos Mavrogiannopoulos2018-04-181-2/+3
| | | | | | Relates: #426 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: eagain: moved to cmocka and enhanced for TLS1.3Nikos Mavrogiannopoulos2018-04-181-3/+4
| | | | | | That also makes macros from eagain-common.h functioning under cmocka. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: enhanced test suite for TLS1.3 and PSKNikos Mavrogiannopoulos2018-04-061-0/+2
| | | | | | | | That includes tests with unknown usernames and connections with wrong key and updates to fastopen.sh to use certificate auth, making it applicable under TLS1.3. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Simplified the _gnutls13_psk_ext_parser interface and added unit testsNikos Mavrogiannopoulos2018-04-061-0/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* _gnutls_supported_ecc_recv_params: take into account precedenceNikos Mavrogiannopoulos2018-03-231-0/+2
| | | | | | | | | | | | That is, when %SERVER_PRECEDENCE is given in the priority string make sure that the negotiated curve of DH group respects the server's priorities. That's very relevant under TLS1.3 as ciphersuite negotiation itself, where %SERVER_PRECEDENCE applied, does contain only the cipher algorithm and MAC unlike TLS1.2 which included key exchange as well. Resolves #378 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: testpkcs11.sh was moved to the main testsNikos Mavrogiannopoulos2018-03-191-2/+5
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: long-crl.sh was moved to main suiteNikos Mavrogiannopoulos2018-03-191-3/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: pkcs7-cat: moved to main suiteNikos Mavrogiannopoulos2018-03-191-2/+4
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: updated for TLS1.3 inclusionNikos Mavrogiannopoulos2018-03-191-2/+2
| | | | | | | | | This moves the test to use a specific version or test multiple TLS versions if applicable. Resolves #413 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: mini-record-retvals was split into return vals checking and alerts ↵Nikos Mavrogiannopoulos2018-03-191-1/+1
| | | | | | checking Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* record: ignore any ChangeCipherSpec messages under TLS1.3 handshakeNikos Mavrogiannopoulos2018-03-081-0/+2
| | | | | | | | | | Also send ChangeCipherSpec messages under TLS1.3 handshake. This is a draft-ietf-tls-tls13-22 change. Resolves #395 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added reproducer with DER re-encoding error on client sideNikos Mavrogiannopoulos2018-03-051-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: eliminated destructive teststmp-simplify-nettle-checkNikos Mavrogiannopoulos2018-03-021-2/+2
| | | | | | That adds a dependency to p11-kit 0.23.10 for the test suite. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_ext_raw_parse: introduced functionNikos Mavrogiannopoulos2018-02-261-1/+1
| | | | | | | | | | That function can be combined with callbacks like gnutls_handshake_set_hook_function() for applications to be able to process messages when necessary. Resolves #382 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* record: new gnutls_record_send2 functionDaiki Ueno2018-02-191-1/+1
| | | | | | | This adds a new function gnutls_record_send2() which takes an extra argument to specify the padding size of the record. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* tests: added unit test for gnutls_ocsp_resp_list_import2Nikos Mavrogiannopoulos2018-02-191-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added ocsptool sanity check programNikos Mavrogiannopoulos2018-02-191-1/+2
| | | | | | | This checks its functionality in loading and exporting PEM and DER structures. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: enhanced OCSP testsNikos Mavrogiannopoulos2018-02-191-2/+8
| | | | | | | | | | | | | | | * Run tests under TLS1.2 and TLS1.3 * Verify whether multiple OCSP responses are received in client side, under TLS1.3. * Verify that OCSP status responses can be sent by client under TLS1.3 * Verify operation of gnutls_certificate_retrieve_function3 * Verify operation when multiple OCSP responses by file are set Resolves #307 Resolves #291 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added test suite on key limitsNikos Mavrogiannopoulos2018-02-191-0/+2
| | | | | | This checks whether key update occurs for the expected ciphersuites. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: check gnutls_rehandshake() and gnutls_handshake() under TLS1.3Nikos Mavrogiannopoulos2018-02-191-0/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added unit tests with TLS1.3 key updateNikos Mavrogiannopoulos2018-02-191-0/+2
| | | | | | Relates #131 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_prf_rfc5705: calculate exporter using HKDF if TLS 1.3Daiki Ueno2018-02-191-1/+2
| | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
* tests: added unit test for RDNs in cert callbackNikos Mavrogiannopoulos2018-02-191-1/+1
| | | | | | | | | | This verifies whether the RDNs received at the callbacks under TLS1.2 and TLS1.3 have the expected values (corresponding to the certificates used). Resolves #297 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added check for client hello random value after HRRNikos Mavrogiannopoulos2018-02-191-4/+4
| | | | | | | | | That way we ensure that we follow the tls1.3 draft which requires the second client hello to be identical to the initial one. Resolves #299 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added key share behavioral testNikos Mavrogiannopoulos2018-02-191-1/+1
| | | | | | | | | This verifies whether the gnutls_init() flags GNUTLS_KEY_SHARE_TOP, GNUTLS_KEY_SHARE_TOP2, GNUTLS_KEY_SHARE_TOP3 behave as advertized. Resolves #284 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added tests for TLS1.2- rollback detectionNikos Mavrogiannopoulos2018-02-191-1/+18
| | | | | | | | | | That is, tests which check * whether the server's generated values under TLS1.2- match the expected * whether the client would fail on negotiation if the rollback values are detected Resolves #293 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: check the correct handling of cookie extension in client sideNikos Mavrogiannopoulos2018-02-191-1/+2
| | | | | | Resolves #218 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: rehandshake tests were restricted to TLS1.2Nikos Mavrogiannopoulos2018-02-191-3/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: introduced basic TLS1.3 key exchange test suiteNikos Mavrogiannopoulos2018-02-191-0/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: resumption tests were restricted to TLS 1.2Nikos Mavrogiannopoulos2018-02-191-10/+10
| | | | | | | TLS 1.3 implements resumption is a different way, so we should introduce new resumption tests once that support is in place. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added unit tests for post-handshake-auth extensionNikos Mavrogiannopoulos2018-02-191-1/+3
| | | | | | | These test whether this extension is seen under TLS 1.3 in client hello, and whether it is not present in server hello. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added checks for special signature algorithmsNikos Mavrogiannopoulos2018-02-191-1/+1
| | | | | | | This tests the behavior when signature algorithms only available under TLS1.3 are present in a TLS 1.2 session. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added unit test for TLS 1.3 version negotiationNikos Mavrogiannopoulos2018-02-191-1/+3
| | | | | | | This checks whether the Client Hello and Server Hello packets contain the expected values. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: check gnutls_fips140_set_mode operation per threadNikos Mavrogiannopoulos2018-02-191-1/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added unit test of gnutls_fips140_set_modeNikos Mavrogiannopoulos2018-02-191-1/+1
| | | | | | | Also ensure that 512-bit keys cannot be generated in FIPS140-2 mode Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: gc.c -> gnutls_hmac_fast.cNikos Mavrogiannopoulos2018-02-191-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: check whether gnutls_credentials_set() can be set in an hsk hooktmp-improved-vhost-documentation-testsNikos Mavrogiannopoulos2018-02-141-1/+1
| | | | | | | | | This is useful when these are set during the handshake process on the handshake hook before client hello is parsed. Relates #382 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added unit test for _gnutls_record_overhead()Nikos Mavrogiannopoulos2018-01-161-1/+7
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added reproducer for self-signed verification errorNikos Mavrogiannopoulos2018-01-061-0/+1
| | | | | | Relates #347 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: combined key and cert teststmp-simplify-testsNikos Mavrogiannopoulos2017-11-211-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: windows subdir is only included on windows buildsNikos Mavrogiannopoulos2017-11-211-9/+18
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: dtls subdir was merged into main testsNikos Mavrogiannopoulos2017-11-211-2/+13
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added PKCS#11 module loading testNikos Mavrogiannopoulos2017-11-031-1/+10
| | | | | | | | | | | | | | | | | | This checks: 1. Whether all modules are loaded from p11-kit when no explicit gnutls_pkcs11_init() is called and pkcs11 calls are accessed. 2. Whether only the trusted modules are loaded from p11-kit and no other PKCS#11 calls than PKCS#11 cert validation is performed. 3. Whether the trusted modules are loaded when gnutls_pkcs11_init() is called with manual flag. Resolves #315 Resolves #316 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
View Lorry Controller Status