Have all test programs using that function specify those versions.
Additionally, have the remaining test programs that use SSL_CTX_new
directly specify at least the maximum protocol version.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5663)
The new ServerHello format is essentially now the same as the old TLSv1.2
one, but it must additionally include supported_versions. The version
field is fixed at TLSv1.2, and the version negotiation happens solely via
supported_versions.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)
that needed test_main now works using the same infrastructure as tests that used
register_tests.
This meant:
* renaming register_tests to setup_tests and giving it a success/failure return.
* renaming the init_test function to setup_test_framework.
* renaming the finish_test function to pulldown_test_framework.
* adding a user provided global_init function that runs before the test frame
work is initialised. It returns a failure indication that stops the stest.
* adding helper functions that permit tests to access their command line args.
* spliting the BIO initialisation and finalisation out from the test setup and
teardown.
* hiding some of the now test internal functions.
* fix the comments in testutil.h
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3953)
Certain callback APIs allow the callback to request async processing
by trickling a particular error value up the stack to the application
as an error return from the handshake function. In those cases,
SSL_want() returns a code specific to the type of async processing
needed.
The create_ssl_connection() helper function for the tests is very
helpful for several things, including creating API tests. However,
it does not currently let us test the async processing functionality
of these callback interfaces, because the special SSL error codes
are treated as generic errors and the helper continues to loop until
it reaches its maximum iteration count.
Add a new parameter, 'want', that indicates an expected/desired
special SSL error code, so that the helper will terminate when
either side reports that error, giving control back to the calling
function and allowing the test to proceed.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2279)
A BIO_read() 0 return indicates that a failure occurred that may be
retryable. An SSL_read() 0 return indicates a non-retryable failure. Check
that if BIO_read() returns 0, SSL_read() returns <0. Same for SSL_write().
The asyncio test filter BIO already returns 0 on a retryable failure so we
build on that.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Split the create_ssl_connection() helper function into two steps: one to
create the SSL objects, and one to actually create the connection. This
provides the ability to make changes to the SSL object before the
connection is actually made.
Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit adds some session API tests, and in particular tests the
modified behaviour of SSL_set_session() introduced in the last commit. To
do this I have factored out some common code from the asynciotest into a
new ssltestlib.c file. I've also renamed getsettest to sslapitest as this
more closely matches what it now is!
Reviewed-by: Rich Salz <rsalz@openssl.org>
This adds an async IO test. There are two test runs. The first one does
a normal handshake with lots of async IO events. The second one does the
same but this time breaks up all the written records into multiple records
of one byte in length. We do this all the way up until the CCS.
Reviewed-by: Andy Polyakov <appro@openssl.org>
