summaryrefslogtreecommitdiff
path: root/tests/srp.c
Commit message (Collapse)AuthorAgeFilesLines
* Use https:// for www.gnu.org and www.example.comTim Rühsen2019-03-131-1/+1
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Fix warnings seen on OpenCSW Solaris 10Tim Rühsen2018-06-101-1/+1
| | | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de> Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* ANON,SRP,NULL ciphersuites: when set do not negotiate TLS1.3 or laterNikos Mavrogiannopoulos2018-04-131-10/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | The reason is that these ciphersuites cannot be negotiated using TLS1.3. There is a different strategy followed for these. * NULL ciphersuites: they are not something normally enabled and used for debugging purposes mostly. When set both in client and server side only TLS1.2 can be used. * SRP ciphersuites: they are used on client side when the client is actually performing a username-password authentication with SRP. On server side we can have indeed a server support SRP and non-SRP. In that case we limit both on TLS1.2. That an unfortunate restriction, but is not a regression and IMHO these servers would most likely be phased out as very few would want to stick to TLS1.2 connections for SRP; or we may have an SRP update for TLS1.3 which could lift that limitation in the future. * ANON ciphersuites: they are used in certain client/server setups where very basic level of security is required, and in opportunistic encryption scenarios. There is a difference in the handling of these cases. In the case of Anon-only server/clients they provide the session with anonymous credentials structure; in the case of opportunistic encryption they provide both certificate and anonymous credentials. Thus we allow the protocol (TLS1.3) be in the priorities, but if we see no certificate or PSK credentials we disable TLS1.3 negotiation. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: updated for TLS1.3 inclusionNikos Mavrogiannopoulos2018-03-191-8/+11
| | | | | | | | | This moves the test to use a specific version or test multiple TLS versions if applicable. Resolves #413 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: srp: increased timeout to 40secs [ci skip]Nikos Mavrogiannopoulos2018-02-191-2/+2
| | | | | | | Since we increased the maximum parameters to 8k, ensure that slower systems have enough time to complete the handshake. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: updated SRP checksNikos Mavrogiannopoulos2017-11-211-37/+60
| | | | | | | | Test 1024, 1536, 2048, 3072, 4096 and 8192 bit parameters. In addition, verify that parameters not in the SRP spec are rejected by a gnutls client. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* several spacing fixes to keep syntax-check happyNikos Mavrogiannopoulos2016-09-111-2/+2
|
* tests: do not run srp test when no SRP support is compiled inNikos Mavrogiannopoulos2016-08-091-1/+1
|
* tests: moved child status error checking code in utils.hNikos Mavrogiannopoulos2016-08-091-3/+1
|
* tests: srp tests moved outside subdirNikos Mavrogiannopoulos2016-07-281-0/+336
View Lorry Controller Status