0a8857435c
DTLS: treat bad MAC on Finished as an error
...
This is not required nor recommended by the protocol, and it's a layering
violation, but it's a know flaw in the protocol that you can't detect a PSK
auth error in any other way, so it is probably the right thing to do.
closes #227
2015-08-04 12:11:17 +02:00
052d10c9d5
Accept a trailing space at end of PEM lines
...
With certs being copy-pasted from webmails and all, this will probably become
more and more common.
closes #226
2015-07-31 11:11:26 +02:00
4cc8c63226
Add test for extensionless ClientHello
2015-07-23 12:24:03 +02:00
e88b49323e
Fix run-test-suite.pl with coverage
2015-07-15 12:31:12 +02:00
4cb87f409d
Prepare for 2.0.0 release
2015-07-10 14:09:43 +01:00
78ec2b049c
Cosmetics in Makefiles
2015-07-08 22:12:06 +01:00
1780f89ecf
Some more scripts simplified
...
make now has an alias test = check
2015-07-08 22:08:02 +01:00
3d404b4763
Simplify some scripts
...
ssl-opt.sh and compat.sh can now be run from root too
2015-07-08 21:59:16 +01:00
89eb1970e9
mklink needs /d for directories
2015-07-08 21:39:43 +01:00
85113848bd
Use Perl to run tests suites with make
...
- works on Windows too!
- we need Perl to generate/build the test suites anyway
- easier & more flexible (eg, now count total number of tests run)
2015-07-08 21:36:06 +01:00
6cacde2d57
Invoke perl directly in Makefile
...
mingw32-make doesn't look too happy with #!/usr/bin/env perl
2015-07-08 16:04:00 +02:00
7eb58cbae8
Rm obsolete hack in ssl-opt.sh
2015-07-07 11:54:14 +02:00
31cafa33d8
Rm obsolete test in ssl-opt.sh
2015-07-06 17:12:27 +02:00
ae738c29eb
Fix warning from Perl 5.21 in helper script
2015-07-01 19:32:00 +02:00
3083053dd2
More cmake for windows tune-ups
2015-07-01 17:06:28 +02:00
7e2d68c1b2
cmake: -W flags only for GCC and Clang
2015-07-01 13:41:35 +02:00
a16e7c468c
Rename a debug function
2015-06-29 20:14:19 +02:00
b74c245a20
Rework debug to not need dynamic alloc
...
But introduces dependency on variadic macros
2015-06-29 20:08:23 +02:00
fc36708697
Use $(MAKE), not make
...
For the sake of systems where we want gmake.
2015-06-26 16:50:24 +02:00
03db6b0da1
Cosmetics in test scripts
...
Some versions of "which" print on stderr.
2015-06-26 15:45:30 +02:00
4fd0b256a8
Fix dual use of buffer in test
...
x509_get_name() does not make defensive copies of strings in its input (which
is OK as usually the caller will have made a copy already), so we shouldn't
reuse its input buffer as an output while "parsed" is still alive.
2015-06-26 14:15:48 +02:00
4b00f08e20
Fix snprintf test
...
Our Windows implementation based on vsnprintf_s( ..., _TRUNCATE ) sometimes
writes *two* terminating NULLs. Allow for that, but obviously bytes past the
end of the buffer mustn't be touched.
2015-06-26 14:10:13 +02:00
ea9556a76e
Fix mistaken changes in Makefile's clean target
...
I was a bit too trigger-happy with copy-pasting in a previous commit...
2015-06-25 14:19:25 +02:00
6dc2651f02
Cosmetics
2015-06-25 10:59:57 +02:00
c84d0e1ec1
Use LD_LIBRARY_PATH to run test with SHARED=1
...
In my tests on Linux, LD_PRELOAD does not seem to work, but LD_LIBRARY_PATH
does.
2015-06-25 10:59:57 +02:00
9b06abe1d1
Add a shared build with make on Linux to all.sh
2015-06-25 10:59:57 +02:00
216a1831de
Fix whitespace in CMakeLists.txt
...
- all spaces no tabs
- indent with 4 spaces everywhere
2015-06-25 10:59:57 +02:00
e058ea2ed8
More consistent toolchains in all.sh
2015-06-25 10:59:57 +02:00
21e1ac205e
Fix linking order with make
...
GNU ld cares about the order in which static libs are mentioned on the command
line: if A depends on B then A must com first.
2015-06-25 10:59:57 +02:00
5c59a4fea5
Split libs with make + general make cleanups
2015-06-25 10:59:56 +02:00
8d4a613cc5
Small Makefile improvements
...
- fix old build commands still using OFLAGS
- make everything work with --warn-undefined-variables, which can be useful
for debugging typos
2015-06-25 10:59:56 +02:00
ac5361f7dc
Fix small issues in tests found by Coverity
2015-06-24 01:08:09 +02:00
fd474233c8
Change SSL debug API in the library
2015-06-23 18:44:11 +02:00
52fa38a214
Better cleanup in all.sh
2015-06-23 18:44:10 +02:00
d23f593737
Avoid static buffer in debug module
...
Caused issues in threading situations
2015-06-23 13:09:11 +02:00
655a964539
Adapt check_key_usage to new weird bits
2015-06-23 13:09:10 +02:00
9a702255f4
Add parsing/printing for new X.509 keyUsage flags
2015-06-23 13:09:10 +02:00
07894338a0
Rename M255 to Curve25519
2015-06-23 13:09:10 +02:00
9386664543
Move from inttypes.h to stdint.h
...
Some toolchains do not have inttypes.h, and we only need stdint.h which is a
subset of it.
2015-06-22 23:41:26 +02:00
e91e21cf1b
Simplify code in test suites
...
Hopefully makes it easier on static analyzers
2015-06-22 18:47:07 +02:00
bcf13bab5d
Fix issue with MemSan and entropy
...
Due to the recent change about entropy sources strength, it is no longer
acceptable to just disable the platform source. So, instead "fix" it so that
it is clear to MemSan that memory is initialized.
I tried __attribute__((no_sanitize_memory)) and MemSan's blacklist file, but
couldn't seem to get them to work.
2015-06-22 18:25:41 +02:00
6ea831dcf4
Add tests for mbedtls_set_hs_ca_chain()
2015-06-22 17:30:18 +02:00
c948a798bd
Add tests for mbedtls_ssl_set_hs_authmode()
2015-06-22 16:04:20 +02:00
4d6f178376
Add support for SNI CA and authmode in ssl_server2
2015-06-22 14:52:40 +02:00
7b6dcbe993
Add tests for snprintf
...
- Added in each tests program to be sure they are run (putting them in a test
suite/function specific to the platform layer would cause them to be skipped
when PLATFORM_C is not defined).
- Platforms have already moved from a standard to a broken snprintf in the
past [1], so make sure to catch that if it ever happens again.
[1]: http://sourceforge.net/p/mingw-w64/mailman/message/31241434/
2015-06-22 14:42:04 +02:00
bbc60db221
Adjustments for armcc in all.sh
...
- no HAVE_TIME -> no HAVE_TIME_DATE
- check if --help works, so that the test is cleanly skipped if license server
cannot be reached
2015-06-22 14:41:37 +02:00
d5f38b045d
Fix dependencies on time on x509 test suite
2015-06-22 14:40:56 +02:00
7580ba475d
Add a concept of entropy source strength.
...
The main goal is, we want and error if cycle counter is the only source.
2015-06-22 14:40:56 +02:00
6195767554
Fix default of openssl s_server
...
openssl s_server up to 1.0.2.a included uses a 512-bit prime for DH by
default. Since we now require 1024 bit at least, make s_server use decent
params. (1.0.2b and up use acceptable params by default.)
2015-06-22 14:40:55 +02:00
c0696c216b
Rename mbedtls_mpi_msb to mbedtls_mpi_bitlen
2015-06-18 16:49:37 +02:00
