Commit Graph

20 Commits

Author SHA1 Message Date
Peter Wu
fc9d5b3aad Disable PSS test for TLS 1.2, disable unknown extension client test
PSS test is disabled because its implementation is not accepted yet
(https://go-review.googlesource.com/c/go/+/79738). Do not check for
UnknownUnencryptedExtension-Client-TLS13, the client currently does not
check for extensions that it did not advertise.
2017-11-27 18:13:31 +00:00
Peter Wu
d4993a8e16 Add keylog file support for debugging
Normally this environment variable is not set, but when it is, it allows
inspection of the IPC with Wireshark.
2017-11-14 15:33:04 +00:00
Peter Wu
3726fac5b8 Fixes LargeMessage test
Fixed in tls-tris: "crypto/tls: accept 2^14+1 TLSInnerPlaintext"
2017-10-04 16:31:12 +01:00
Peter Wu
742b5b3053 Fixed PartialEncryptedExtensionsWithServerHello test
Problem was in the TLS 1.3 client implementation of tls-tris, fixed in:
"crypto/tls: prevent handshake messages crossing key boundaries"
2017-10-04 15:52:40 +01:00
Peter Wu
3fbd902fed Document TLS13-WrongOuterRecord
The spec only says that the "opaque_type" field is always set to 23
(application_data), but that is not a MUST check.

https://github.com/cloudflare/tls-tris/issues/47
2017-10-04 15:06:11 +01:00
Peter Wu
961b387c76 Fixed BadCBCPadding255 test
https://go-review.googlesource.com/c/go/+/68070
2017-10-04 14:40:44 +01:00
Peter Wu
57e3e08e16 Fold LargeRecord tests
See https://github.com/cloudflare/tls-tris/issues/46, current
implementations may send one byte too much since they do not include the
content type in the calculation.
2017-10-03 18:46:07 +01:00
Peter Wu
ae4cad4eb9 Improve description for some disabled tests 2017-10-03 12:52:34 +01:00
Peter Wu
3b70371d64 Enable client tests
Tested with the initial tls-tris client support branch which includes
basic RSASSA-PSS support. Coverage changed from ... to ...:

    0/3509/3692/3692/4136
    0/2784/3195/3195/4136
2017-10-02 16:54:31 +01:00
Peter Wu
e12c7d5ba7 shim: support -min-version and -max-version
Required for test case RSA-PSS-Default-Sign which is currently the only
test that fails with tls-tris.
2017-09-06 15:33:03 +01:00
Peter Wu
8d196e3081 Fix "dial tcp 127.0.0.1:63890: getsockopt: connection refused"
Since 2d04cf08cb3413ba9c7271a1884ceca00c56c7e2 ("Test with IPv6 by
default, and IPv4 only if that fails."), the test runner listens on ::1
by default instead of 127.0.0.1.
2017-09-05 16:57:59 -04:00
Peter Wu
87979f9592 Disable KeyUpdate tests
KeyUpdate is not implemented in tls-tris yet
2017-09-05 16:57:59 -04:00
Peter Wu
cd01f9ce21 Update to latest boringssl tests
Go 1.8 includes "crypto/tls: disable CBC cipher suites with SHA-256 by
default." which breaks the "TLS12-AES128-SHA256-server" test (among
others). Since this was fixed upstream (by removing the CBC tests), just
update the vendored copy using:

    gvt update github.com/google/boringssl/ssl/test

Removed tests from config.json that are no longer present while at it.
2017-09-05 16:57:59 -04:00
Filippo Valsorda
145b2cd402 Temporarily ignore the renegotiation tests 2017-01-24 13:22:51 +00:00
Filippo Valsorda
1f2998de6f Unbundle tls-tris to run from the Tris CI 2017-01-18 17:56:30 +00:00
Filippo Valsorda
eab3c72dbe Reach 0 failed / 217 passed on Tris 2017-01-18 17:47:47 +00:00
Filippo Valsorda
85a7969e65 (c) 2016 Cloudflare 2017-01-09 19:12:09 -05:00
Filippo Valsorda
b6d73d9163 Switch to Tris and get basic server tests to run 2017-01-09 18:24:36 -05:00
Filippo Valsorda
6f6a519c21 First shim that does... nothing 2017-01-09 16:47:43 -05:00
Filippo Valsorda
7d0e00e93b Initial commit 2016-11-06 23:35:51 -08:00