Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | updated tlsfuzzertmp-tls1.3-backports | Nikos Mavrogiannopoulos | 2017-07-13 | 1 | -0/+0 |
| | | | | | | | That fixes issue detecting connection termination from gnutls-serv in chacha20 test. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tlsfuzzer: enabled ALPN tests | Nikos Mavrogiannopoulos | 2017-07-06 | 3 | -1/+92 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | updated tlsfuzzer | Nikos Mavrogiannopoulos | 2017-07-05 | 1 | -0/+0 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | tests: enabled X25519 interop tests with openssl 1.1.0 | Nikos Mavrogiannopoulos | 2017-06-19 | 2 | -15/+31 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | .gitlab-ci.yml: added aarch64 build based on Debiantmp-aarch64-ci | Nikos Mavrogiannopoulos | 2017-06-04 | 1 | -0/+0 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | tests: modify tests to allow signatures with SHA1 | Nikos Mavrogiannopoulos | 2017-05-31 | 3 | -6/+6 |
| | | | | | | | There were several tests that were utilizing SHA1 signatures but were not failing due to the bug in gnutls_pubkey_verify_hash2(). Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tls-fuzzer: ignore the incomplete RSA-PSS tests | Nikos Mavrogiannopoulos | 2017-05-29 | 1 | -1/+4 |
| | | | | | | | These tests fail because tls-fuzzer currently does not properly implement RSA-PSS. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tlsfuzzer: the test-certificate-verify-malformed check now passes | Nikos Mavrogiannopoulos | 2017-05-29 | 1 | -3/+1 |
| | | | | | | | | Previously it was expecting a different alert code than gnutls returned. Now gnutls returns the expected alert code (GNUTLS_A_DECRYPT_ERROR) on malformed signatures. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: tls-fuzzer: corrected unlocking at tls-fuzzer-cert.sh | Nikos Mavrogiannopoulos | 2017-05-26 | 1 | -0/+1 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tlsfuzzer: enabled ocsp stapling test | Nikos Mavrogiannopoulos | 2017-05-24 | 2 | -0/+3 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tlsfuzzer: updated to latest version | Nikos Mavrogiannopoulos | 2017-05-24 | 1 | -0/+0 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: added global locks on tls-fuzzer tests | Nikos Mavrogiannopoulos | 2017-03-28 | 2 | -0/+6 |
| | | | | | | | They both require access to the same port and thus cannot be run in parallel. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | testsuite: added tlsfuzzer certificate requiring tests | Nikos Mavrogiannopoulos | 2017-03-28 | 3 | -1/+113 |
| | | | | | | | This enhances the testsuite by running all the tlsfuzzer fuzzer tests which require certificates from server. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: create-chain.sh: do not explicitly set serial | Nikos Mavrogiannopoulos | 2017-03-23 | 1 | -4/+0 |
| | | | | | | | We were previously exporting certificates with serial number being zero, which is not allowed by RFC5280. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: updated to account SHA1 move to broken set | Nikos Mavrogiannopoulos | 2017-03-16 | 3 | -4/+4 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: added an OCSP response parsing coverage test | Nikos Mavrogiannopoulos | 2017-03-13 | 328 | -2/+124 |
| | | | | | | | | This inputs a large set of valid and invalid OCSP files in the OCSP parser with the intention to stress test its error checking, and prevent regressions. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: added a certificate parsing coverage test | Nikos Mavrogiannopoulos | 2017-03-13 | 486 | -1/+124 |
| | | | | | | | | This inputs a large set of valid and invalid certificates in the certificate parser with the intention to stress test its error checking, and prevent regressions. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: suppressions.valgrind: supress fillin_rpath | Alon Bar-Lev | 2017-03-13 | 2 | -0/+16 |
| | | | | Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> | ||||
* | testsuite: added tlsfuzzer | Nikos Mavrogiannopoulos | 2017-03-07 | 6 | -1/+163 |
| | | | | | | | This enhances the testsuite by running all the tlsfuzzer fuzzer tests which require no certificates from server. https://github.com/tomato42/tlsfuzzer | ||||
* | tests: converted compile-time checks for FIPS140 mode to run-timetmp-use-thread-local-rng | Nikos Mavrogiannopoulos | 2017-03-07 | 3 | -0/+15 |
| | | | | | | | | This allows running the complete test suite even when the library is compiled in FIPS140-2 mode, as long as the run-time is not at this mode. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | tests: verify that a written certificate will inherit its ID from privkeytmp-assign-same-pkcs11-id | Nikos Mavrogiannopoulos | 2017-01-24 | 2 | -0/+167 |
| | | | | | | | That is, whether p11tool will do the right thing and figure the proper ID to use for a certificate object, if the public key is available. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | Revert "tests: suite: pkcs11: skip if no softhsm" | Nikos Mavrogiannopoulos | 2017-01-20 | 1 | -1/+1 |
| | | | | | | This reverts commit 276a6ee44d80d4d3b144a78794020c177be8f0ea. The reason is to avoid having changes in softhsm packaging, result to skipping large parts of the test suite without someone noticing. | ||||
* | tests: remove bash usage | Alon Bar-Lev | 2017-01-05 | 8 | -8/+8 |
| | | | | Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> | ||||
* | tests: suite: chain: support separate builddir | Alon Bar-Lev | 2017-01-05 | 1 | -1/+3 |
| | | | | Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> | ||||
* | tests: skip tests that requires tools if tools are disabled | Alon Bar-Lev | 2017-01-05 | 2 | -0/+10 |
| | | | | | | building with --disable-tools should not cause test failure. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> | ||||
* | tests: skip tests that requires tools if tools are disabled | Alon Bar-Lev | 2017-01-04 | 10 | -6/+84 |
| | | | | | | building with --disable-tools should not cause test failure. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> | ||||
* | tests: suite: pkcs11: skip if no softhsm | Alon Bar-Lev | 2017-01-04 | 1 | -1/+1 |
| | | | | | | similar to other tests Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> | ||||
* | tests: enable all the ciphersuite in openssl cli for DSS checksfix-compat-tests | Nikos Mavrogiannopoulos | 2016-12-31 | 1 | -3/+3 |
| | |||||
* | tests: don't check against 3DES if disabled in openssl | Nikos Mavrogiannopoulos | 2016-12-31 | 1 | -3/+8 |
| | |||||
* | tests: do not pass the -dhparams to openssl 1.1.0; it doesn't work | Nikos Mavrogiannopoulos | 2016-12-31 | 1 | -1/+8 |
| | |||||
* | tests: simplified DH params format | Nikos Mavrogiannopoulos | 2016-12-31 | 1 | -33/+9 |
| | | | | Also switch to RFC7919 DH params. | ||||
* | tests: corrected type in openssl compat tests | Nikos Mavrogiannopoulos | 2016-12-31 | 1 | -2/+2 |
| | |||||
* | tests: added common variable for DH parameters | Nikos Mavrogiannopoulos | 2016-12-31 | 3 | -31/+33 |
| | |||||
* | tests: fixed paths in compat tests | Nikos Mavrogiannopoulos | 2016-12-31 | 1 | -2/+2 |
| | |||||
* | tests: better termination checking in compat tests | Nikos Mavrogiannopoulos | 2016-12-31 | 2 | -3/+22 |
| | | | | | This ensures that the exit code of all spawned processes is checked. | ||||
* | tests: added check for certtool loading CA certificates from PKCS#11 | Nikos Mavrogiannopoulos | 2016-12-19 | 3 | -8/+184 |
| | |||||
* | tests: disable ASAN leak checks on suite tests | Nikos Mavrogiannopoulos | 2016-12-09 | 1 | -4/+5 |
| | | | | | These detect memory leaks in the tools in src/ which are not critical nor there is serious reason to address. | ||||
* | tests: modified to account for backwards-encoded DN (according to RFC4514) | Nikos Mavrogiannopoulos | 2016-10-31 | 2 | -2/+2 |
| | |||||
* | tests: do not enable testpkcs11.sh twice | Dmitry Eremin-Solenikov | 2016-10-27 | 1 | -1/+1 |
| | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | ||||
* | Fix compilation of tests if nettle is not installed in standard path | Dmitry Eremin-Solenikov | 2016-10-25 | 1 | -0/+2 |
| | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | ||||
* | tests: removed nohats.ca from testdane | Nikos Mavrogiannopoulos | 2016-10-22 | 1 | -1/+1 |
| | | | | The host seems to be unreliable. | ||||
* | tests: introduced verification constraints checks for PKCS#7 structures | Nikos Mavrogiannopoulos | 2016-10-18 | 1 | -1/+15 |
| | | | | That is, key purpose checks and more elaborate time checks. | ||||
* | tests: crl-test: use a unique temp file | Nikos Mavrogiannopoulos | 2016-10-14 | 1 | -4/+5 |
| | |||||
* | tests: added sanity check for included primes | Nikos Mavrogiannopoulos | 2016-10-14 | 2 | -2/+60 |
| | |||||
* | tests: updated pkcs7 text outputs to account for certtool update | Nikos Mavrogiannopoulos | 2016-10-14 | 2 | -0/+6908 |
| | |||||
* | tests: replaced large test2.cat with a smaller file | Nikos Mavrogiannopoulos | 2016-10-14 | 3 | -136/+22 |
| | |||||
* | tests: added checks for the decoding of various PKCS#7 structures | Nikos Mavrogiannopoulos | 2016-10-11 | 9 | -2/+481 |
| | |||||
* | avoid the usage of '-a' and '-o' bash options | Nikos Mavrogiannopoulos | 2016-09-11 | 1 | -2/+2 |
| | | | | This keeps syntax-check happy. | ||||
* | doc update | Nikos Mavrogiannopoulos | 2016-09-11 | 1 | -1/+1 |
| | |||||
* | tests: added checks to verify behavior in writing pkcs11 objects | Nikos Mavrogiannopoulos | 2016-09-06 | 1 | -0/+20 |
| | | | | | That is, verify that private keys are marked as private by default, and public objects are marked as non-private by default. |