kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
0b7ca7dc00
boringssl/ssl
History
David Benjamin 0b7ca7dc00 Add tests for doing client auth with no certificates. 
In TLS, you never skip the Certificate message. It may be empty, but its
presence is determined by CertificateRequest. (This is sensible.)

In SSL 3.0, the client omits the Certificate message. This means you need to
probe and may receive either Certificate or ClientKeyExchange (thankfully,
ClientKeyExchange is not optional, or we'd have to probe at ChangeCipherSpec).

We didn't have test coverage for this, despite some of this logic being a
little subtle asynchronously. Fix this.

Change-Id: I149490ae5506f02fa0136cb41f8fea381637bf45
Reviewed-on: https://boringssl-review.googlesource.com/7419
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-11 19:09:59 +00:00
..
pqueue Don't cast |OPENSSL_malloc|/|OPENSSL_realloc| result. 2016-02-11 22:07:56 +00:00
test Add tests for doing client auth with no certificates. 2016-03-11 19:09:59 +00:00
CMakeLists.txt Implement draft-ietf-tls-curve25519-01 in C. 2015-12-22 21:51:30 +00:00
custom_extensions.c
d1_both.c Switch s to ssl everywhere. 2015-12-22 23:28:22 +00:00
d1_clnt.c Prune finished labels from SSL3_ENC_METHOD. 2016-01-15 22:04:53 +00:00
d1_lib.c Don't initialize enc_method before version negotiation. 2016-01-27 21:38:12 +00:00
d1_meth.c Pull ChangeCipherSpec into the handshake state machine. 2015-12-16 18:36:57 +00:00
d1_pkt.c Clean up some silly variable names. 2016-03-10 19:21:20 +00:00
d1_srtp.c Add defines for SRTP profiles using GCM ciphers from RFC 7714. 2015-12-10 23:18:16 +00:00
d1_srvr.c Prune finished labels from SSL3_ENC_METHOD. 2016-01-15 22:04:53 +00:00
dtls_record.c Move aead_{read,write}_ctx and next_proto_negotiated into ssl->s3. 2016-01-15 21:40:25 +00:00
internal.h Bring back |verify_store|. 2016-03-02 15:57:27 +00:00
s3_both.c Disable all TLS crypto in fuzzer mode. 2016-03-02 23:39:36 +00:00
s3_clnt.c Disable all TLS crypto in fuzzer mode. 2016-03-02 23:39:36 +00:00
s3_enc.c Remove alert mapping machinery. 2016-01-27 21:28:48 +00:00
s3_lib.c Empty SNI names are not valid 2016-02-24 15:49:09 +00:00
s3_meth.c Pull ChangeCipherSpec into the handshake state machine. 2015-12-16 18:36:57 +00:00
s3_pkt.c Clean up some silly variable names. 2016-03-10 19:21:20 +00:00
s3_srvr.c Clean up some silly variable names. 2016-03-10 19:21:20 +00:00
ssl_aead_ctx.c Disable all TLS crypto in fuzzer mode. 2016-03-02 23:39:36 +00:00
ssl_asn1.c Check for overflow when parsing a CBS with d2i_*. 2015-11-16 23:17:42 +00:00
ssl_buffer.c Remove SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER. 2015-12-15 19:14:00 +00:00
ssl_cert.c Add |SSL_CTX_set_private_key_method| to parallel |SSL_set_private_key_method| 2016-03-07 18:16:58 +00:00
ssl_cipher.c Move AES128 above AES256 by default. 2016-03-04 19:07:12 +00:00
ssl_ecdh.c Rename NID_x25519 to NID_X25519. 2016-03-07 15:48:51 +00:00
ssl_file.c More SSL_SESSION serialization functions. 2015-10-26 17:57:50 +00:00
ssl_lib.c SSL_set_fd should create socket BIOs, not fd BIOs. 2016-03-07 18:19:12 +00:00
ssl_rsa.c Add |SSL_CTX_set_private_key_method| to parallel |SSL_set_private_key_method| 2016-03-07 18:16:58 +00:00
ssl_session.c Don't cast |OPENSSL_malloc|/|OPENSSL_realloc| result. 2016-02-11 22:07:56 +00:00
ssl_stat.c
ssl_test.cc BIO_new_mem_buf should take const void * 2016-02-24 19:14:19 +00:00
t1_enc.c Don't cast |OPENSSL_malloc|/|OPENSSL_realloc| result. 2016-02-11 22:07:56 +00:00
t1_lib.c Remove dead comment. 2016-03-03 18:06:19 +00:00
tls_record.c Disable all TLS crypto in fuzzer mode. 2016-03-02 23:39:36 +00:00