kris/crypto-tls-bogo-shim
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
19 Commits 6 Branches 0 Tags 806 KiB
d4993a8e16
Commit Graph

19 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Peter Wu
d4993a8e16 Add keylog file support for debugging 
Normally this environment variable is not set, but when it is, it allows
inspection of the IPC with Wireshark.
 2017-11-14 15:33:04 +00:00
Peter Wu
3726fac5b8 Fixes LargeMessage test 
Fixed in tls-tris: "crypto/tls: accept 2^14+1 TLSInnerPlaintext"
 2017-10-04 16:31:12 +01:00
Peter Wu
742b5b3053 Fixed PartialEncryptedExtensionsWithServerHello test 
Problem was in the TLS 1.3 client implementation of tls-tris, fixed in:
"crypto/tls: prevent handshake messages crossing key boundaries"
 2017-10-04 15:52:40 +01:00
Peter Wu
3fbd902fed Document TLS13-WrongOuterRecord 
The spec only says that the "opaque_type" field is always set to 23
(application_data), but that is not a MUST check.

https://github.com/cloudflare/tls-tris/issues/47
 2017-10-04 15:06:11 +01:00
Peter Wu
961b387c76 Fixed BadCBCPadding255 test 
https://go-review.googlesource.com/c/go/+/68070
 2017-10-04 14:40:44 +01:00
Peter Wu
57e3e08e16 Fold LargeRecord tests 
See https://github.com/cloudflare/tls-tris/issues/46, current
implementations may send one byte too much since they do not include the
content type in the calculation.
 2017-10-03 18:46:07 +01:00
Peter Wu
ae4cad4eb9 Improve description for some disabled tests 2017-10-03 12:52:34 +01:00
Peter Wu
3b70371d64 Enable client tests 
Tested with the initial tls-tris client support branch which includes
basic RSASSA-PSS support. Coverage changed from ... to ...:

    0/3509/3692/3692/4136
    0/2784/3195/3195/4136
 2017-10-02 16:54:31 +01:00
Peter Wu
e12c7d5ba7 shim: support -min-version and -max-version 
Required for test case RSA-PSS-Default-Sign which is currently the only
test that fails with tls-tris.
 2017-09-06 15:33:03 +01:00
Peter Wu
8d196e3081 Fix "dial tcp 127.0.0.1:63890: getsockopt: connection refused" 
Since 2d04cf08cb3413ba9c7271a1884ceca00c56c7e2 ("Test with IPv6 by
default, and IPv4 only if that fails."), the test runner listens on ::1
by default instead of 127.0.0.1.
 2017-09-05 16:57:59 -04:00
Peter Wu
87979f9592 Disable KeyUpdate tests 
KeyUpdate is not implemented in tls-tris yet
 2017-09-05 16:57:59 -04:00
Peter Wu
cd01f9ce21 Update to latest boringssl tests 
Go 1.8 includes "crypto/tls: disable CBC cipher suites with SHA-256 by
default." which breaks the "TLS12-AES128-SHA256-server" test (among
others). Since this was fixed upstream (by removing the CBC tests), just
update the vendored copy using:

    gvt update github.com/google/boringssl/ssl/test

Removed tests from config.json that are no longer present while at it.
 2017-09-05 16:57:59 -04:00
Filippo Valsorda
145b2cd402 Temporarily ignore the renegotiation tests 2017-01-24 13:22:51 +00:00
Filippo Valsorda
1f2998de6f Unbundle tls-tris to run from the Tris CI 2017-01-18 17:56:30 +00:00
Filippo Valsorda
eab3c72dbe Reach 0 failed / 217 passed on Tris 2017-01-18 17:47:47 +00:00
Filippo Valsorda
85a7969e65 (c) 2016 Cloudflare 2017-01-09 19:12:09 -05:00
Filippo Valsorda
b6d73d9163 Switch to Tris and get basic server tests to run 2017-01-09 18:24:36 -05:00
Filippo Valsorda
6f6a519c21 First shim that does... nothing 2017-01-09 16:47:43 -05:00
Filippo Valsorda
7d0e00e93b Initial commit 2016-11-06 23:35:51 -08:00