Because some operating systems have executable extensions, typically
".exe", we need to append it when looking for files in test() and
app() (or rather, their subroutines).
Reviewed-by: Rich Salz <rsalz@openssl.org>
If the command file that app(), test(), perlapp(9 and perltest() are
looking for doesn't exist in the build tree, look for it in the source
tree as well.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Since OpenSSL::Test only redirects stderr to /dev/null when being run
through non-verbose test harness, this change allows the stderr output
to be displayed when verbosity is requested.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Previously, it was sufficient to have certSign in keyUsage when the
basicConstraints extension was missing. That is still accepted in
a trust anchor, but is no longer accepted in an intermediate CA.
Reviewed-by: Rich Salz <rsalz@openssl.org>
According to documentation, perl's Math::BigInt does floored division,
i.e. the bdiv function does 1 / -4 = -1. OpenSSL's BN_div, as well as
bc, do truncated division, i.e. 1 / -4 = 0.
We need to compensate for that difference in test/recipes/bc.pl to
make sure to verify the bntest results under its own conditions, by
dividing the absolute values of the given numbers and fixup the
result's negativity afterwards.
Closes RT#4485
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Clear proposed, along with selected, before looking at ClientHello
* Add test case for above
* Clear NPN seen after selecting ALPN on server
* Minor documentation updates
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
$? in perl gets the status value from wait(2), which is a word with
the exit code in the upper half and the number of a raised signal in
the lower half. OpenSSL::Test::run() ignored the signal half up until
now.
With this change, we recalculate an exit code the same way the Unix
shells do, using this formula:
($? & 0x7f) ? ($? & 0x7f)|0x80 : ($? >> 8);
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
In most builds, we can assume that engines live in the build tree
subdirectory "engines". This was hard coded into the tests that use
the engine ossltest.
However, that hard coding is tedious, it would need to be done in
every test recipe, and it's an incorrect assumption in some cases.
This change has us play it safe and let the build files tell the
testing framework where the engines are.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Some platforms claim to be POSIX but their getcontext() implementation
does not work. Therefore we update the ASYNC_is_capable() function to test
for this.
RT#4366
Reviewed-by: Richard Levitte <levitte@openssl.org>
TLSProxy starts s_server and specifies the number of client connects
it should expect. After that s_server is supposed to close down
automatically. However, if another test is then run then TLSProxy
will start a new instance of s_server. If the previous instance
hasn't closed down yet then the new instance can fail to bind to
the socket.
Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit adds the general verify options of ocsp, verify,
cms, etc. to the openssl timestamping app as suggested by
Stephen N. Henson in [openssl.org #4287]. The conflicting
"-policy" option of "openssl ts" has been renamed to
"-tspolicy". Documentation and tests have been updated.
CAVE: This will break code, which currently uses the "-policy"
option.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
While insignificant on Unix like systems, this is significant on
systems like VMS.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Running test_ssl with HARNESS_VERBOSE results in lots of spurious warnings
about an inability to load the CT config file. This fixes it.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Remove 'log' field from SCT and related accessors
In order to still have access to an SCT's CTLOG when calling SCT_print,
SSL_CTX_get0_ctlog_store has been added.
Improved documentation for some CT functions in openssl/ssl.h.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
ct_test assumed it's run in the source directory and failed when built
elsewhere. It still defaults to that, but can be told another story
with the environment variables CT_DIR and CERTS_DIR.
Test recipe updated to match.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Both of these functions can easily be implemented by callers instead.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
ct_test assumed it's run in the source directory and failed when built
elsewhere. It still defaults to that, but can be told another story
with the environment variables CT_DIR and CERTS_DIR.
Test recipe updated to match.
Reviewed-by: Matt Caswell <matt@openssl.org>
All OpenSSL code has now been transferred to use the new threading API,
so the old one is no longer used and can be removed. We provide some compat
macros for removed functions which are all no-ops.
There is now no longer a need to set locking callbacks!!
Reviewed-by: Richard Levitte <levitte@openssl.org>
