rust/rustls
rust
/
rustls
mirror of https://github.com/ctz/rustls
1
0
Fork 0
Code Issues Releases Wiki Activity
1,004 Commits 45 Branches 69 Tags 31 MiB
Commit Graph

69 Commits

Author SHA1 Message Date
Joseph Birr-Pixton 339923fc53 Get new bogo version working 2020-04-12 11:34:22 +01:00
Joseph Birr-Pixton 278009aa58 Take newer bogo for go1.14 
Another minor go version, another set of breakage.
 2020-04-12 11:34:22 +01:00
Joseph Birr-Pixton 4da973d8c9 Patch bogo to fix golang 1.13 breakage 
Taking upstream patches to fix this in a different way requires 1.13,
which isn't available on travis or azure.
 2019-12-30 18:03:32 +00:00
Joseph Birr-Pixton 40bd3d1aa8 Fix bogo tests: 
- disable SHA1 invalid signature tests
- test for golang sending an internal error alert when
  we don't offer its selected signature algorithm
- also look for 'no common signature algorithms' in SHA1 tests
 2019-01-27 18:39:19 +00:00
Kyle Huey dc9fc45844 Change test failure to note handshake failure now that SHA-1 is unsupported. 2019-01-26 20:11:30 -08:00
Joseph Birr-Pixton 0124afea77 bogo: Entry in TestErrorMap denotes expected failure 2019-01-20 12:12:20 +00:00
Brian Smith 47486717b1 Adjust BoGo configuration to account for SHA-1 not being supported. 2019-01-19 19:12:44 +00:00
Joseph Birr-Pixton 261ce07131 Parallelise bogo runs 2019-01-13 19:15:46 +00:00
Joseph Birr-Pixton 181765111c Disable QUICTransportParams bogo tests 
This isn't really compatible with how QUIC works now.
 2019-01-13 19:12:54 +00:00
Benjamin Saunders d766c4d8b6 QUIC handshake I/O and crypto 2019-01-13 16:36:55 +00:00
Joseph Birr-Pixton b838ec0c4e Track bogo additional tests/changes 2018-09-16 23:57:39 +01:00
Joseph Birr-Pixton d32805d151 Move to a mainline bogo supporting TLS1.3 2018-09-16 23:57:39 +01:00
Joseph Birr-Pixton cca1f321b8 fiddle with bogo 2018-09-16 23:57:39 +01:00
Joseph Birr-Pixton 5563722f56 Correct bogo TLS1.3 variant selection 2018-08-11 09:04:25 +01:00
Yiming Jing 3ef32a23d2 Add bogo tests for TLS 1.3 0-RTT 2018-07-31 20:23:17 +01:00
Joseph Birr-Pixton 20f16668db Make bogo only test for draft 28 2018-07-29 18:59:05 +01:00
Joseph Birr-Pixton 012e841739 Update bogo config for new draft 2018-07-29 10:33:41 +01:00
Joseph Birr-Pixton 5fb0c6b5ee Update bogo for draft-28 support 2018-07-29 10:32:23 +01:00
Joseph Birr-Pixton 5a4d3d7827 Extend bogo testing of signature algorithms 2018-06-02 15:54:22 +01:00
Joseph Birr-Pixton 3912f0b701 Enable ECDSA bogo tests 2018-06-01 23:45:06 +01:00
Joseph Birr-Pixton 87ab639360 Enable quic tests in bogo 
- bogo_shim needs quic feature
- provide/check quic transport params in bogo_shim
- reject servers that handshake at TLS1.2, but include a quic transport
  params extension.
- don't expose quic transport params extension for TLS1.2 clients.

These last two match BoringSSL.
 2018-05-14 21:00:17 +01:00
Joseph Birr-Pixton 32eeec61d3 Update bogo config 2018-04-01 16:02:00 +01:00
Joseph Birr-Pixton e5a9e395ba Take new bogo 2018-03-31 18:12:36 +01:00
Joseph Birr-Pixton 8d39b98592 Let bogo tests fail on os-x 2017-12-30 19:44:37 +00:00
Joseph Birr-Pixton 777dd534e7 bogo/bogo_shim updates 
bogo_shim: don't remember kx hints
 2017-12-30 12:29:09 +00:00
Joseph Birr-Pixton a8bff78499 Take later bogo without multiple draft support 2017-12-28 17:29:38 +00:00
Joseph Birr-Pixton 6c8ebc9f16 check.py: help clean up DisabledTests 2017-12-28 17:29:23 +00:00
Joseph Birr-Pixton 032b63bbdc More bogo updates, and checking script 2017-12-28 14:53:19 +00:00
Joseph Birr-Pixton e7a73d9b76 Enable draft22 tests 2017-12-28 14:53:19 +00:00
Joseph Birr-Pixton 9a4a329395 Improve bogo pass rate; TLS13 is now TLS13Draft22 2017-12-28 14:53:19 +00:00
Joseph Birr-Pixton b103ad7f6c Update bogo version 2017-12-28 14:53:19 +00:00
Joseph Birr-Pixton 0e946f6d08 also skip Shutdown-Shim-Sync-SplitHandshakeRecords 
broken on macos
 2017-12-28 14:15:40 +00:00
Joseph Birr-Pixton a4e08fb18c Skip Unclean-Shutdown-Ignored 2017-11-22 21:55:54 +00:00
Joseph Birr-Pixton 5fc1e283a9 bogo: run close notify tests 2017-08-28 17:26:02 +01:00
Joseph Birr-Pixton 0507dd0111 Don't rely on recent openssl 2017-08-28 15:36:34 +01:00
Joseph Birr-Pixton f2ec040f7c Generate certs with SANs for bogo 2017-08-28 13:56:53 +01:00
Joseph Birr-Pixton 8890d193e3 Tighten up SCT list checking 2017-07-16 16:38:27 +01:00
Joseph Birr-Pixton b25072598e bogo support for SCT tests 2017-07-16 12:16:39 +01:00
Joseph Birr-Pixton 3e5380f34b Use PKCS#8 keys in bogo 2017-07-16 11:30:34 +01:00
Joseph Birr-Pixton 2d94844277 Support server-side OCSP stapling 2017-07-04 23:43:04 +01:00
Joseph Birr-Pixton 22f611260f bogo fixups 2017-07-01 13:34:35 +01:00
Joseph Birr-Pixton 85fa1fe081 Enable bogo OCSP tests 2017-06-29 20:36:35 +01:00
Joseph Birr-Pixton 527f5a5ae2 Remove bogo hack for ridiculous kcov performance 2017-06-18 13:43:04 +01:00
Joseph Birr-Pixton e7a54f60f2 Use lcov/llvm for coverage 2017-06-17 22:08:22 +01:00
Joseph Birr-Pixton 46d5fc03a5 Add tests for dangerous_configuration 
Also:

- use it for bogo_shim, which previously used DANGEROUS_DISABLE_VERIFY.
  bogo_shim now only built with dangerous_configuration.
- require a non-empty certificate list outside the external verifier;
  this is a internal invariant.
- Abolish ASN1Cert in preference to key::Certificate
 2017-05-13 18:08:21 +01:00
Joseph Birr-Pixton 466ed6381a Support RFC7627 extended master secret 2017-02-17 02:10:39 +00:00
Joseph Birr-Pixton b6a62a4e54 Disable unsupported bogo tests to increase test speed 2017-01-23 20:30:58 +00:00
Joseph Birr-Pixton b7f0a7d9e3 Fix more bogo-found issues 
- in shim, support versions for server tests.
- check handshake defragmenter is aligned on key changes (like ccs)
- don't include SupportedVersions ext if it would be empty
- don't offer or support PSK_KE in clients (no pfs)
- tighten validation of hrr extensions
- tighten validation of encrypted extensions
- tighten validation of certificate extensions
- alter assorted alert descriptions
- if a server sends an ECPointFormats extension (they typically don't)
  check it contains Uncompressed.
- tighten validation of certificate messages/extensions
- tighten validation of client certreq message
- tighten validation of keyshares extensions received by server
- loosen suite compatiblity check on resumption by client
 2017-01-22 19:12:12 +00:00
Joseph Birr-Pixton a82414ed67 More bogo-found bug fixes: 
- Fix a duplicated enum.
- Don't special-case HelloRequest for TLS1.3
- Do extra TLS1.3-specific validation of ServerHello to check
  for inappropriate extensions.
- If the client doesn't offer DHE_KE, don't send a ticket or resume from one.
 2017-01-22 19:12:12 +00:00
Joseph Birr-Pixton 1a7bfc0dd1 Update bogo config 
Getting there...
 2017-01-22 19:12:12 +00:00