openssl/apps
Kurt Roeckx 2dbcdb6935 Replace apps/server.pem with certificate with a sha256 signature.
It replaces apps/server.pem that used a sha1 signature with a copy of
test/certs/servercert.pem that is uses sha256.

This caused the dtlstest to start failing. It's testing connection
sbetween a dtls client and server. In particular it was checking that if
we drop a record that the handshake recovers and still completes
successfully. The test iterates a number of times. The first time
through it drops the first record. The second time it drops the second
one, and so on. In order to do this it has a hard-coded value for the
expected number of records it should see in a handshake. That's ok
because we completely control both sides of the handshake and know what
records we expect to see. Small changes in message size would be
tolerated because that is unlikely to have an impact on the number of
records. Larger changes in message size however could increase or
decrease the number of records and hence cause the test to fail.

This particular test uses a mem bio which doesn't have all the CTRLs
that the dgram BIO has. When we are using a dgram BIO we query that BIO
to determine the MTU size. The smaller the MTU the more fragmented
handshakes become. Since the mem BIO doesn't report an MTU we use a
rather small default value and get quite a lot of records in our
handshake. This has the tendency to increase the likelihood of the
number of records changing in the test if the message size changes.

It so happens that the new server certificate is smaller than the old
one. AFAICT this is probably because the DNs for the Subject and Issuer
are significantly shorter than previously. The result is that the number
of records used to transmit the Certificate message is one less than it
was before. This actually has a knock on impact for subsequent messages
and how we fragment them resulting in one less ServerKeyExchange record
too (the actual size of the ServerKeyExchange message hasn't changed,
but where in that message it gets fragmented has). In total the number
of records used in the handshake has decreased by 2 with the new
server.pem file.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
GH: #10784
(cherry picked from commit 5fd72d96a592c3c4ef28ff11c6ef334a856b0cd1)
2020-01-25 14:12:07 +01:00
..
demoSRP Remove unnecessary trailing whitespace 2019-02-05 16:29:17 +01:00
app_rand.c Update copyright year 2018-11-20 13:27:36 +00:00
apps.c Ignore empty ALPN elements in CLI args 2019-10-11 20:19:18 -04:00
apps.h Fix header file include guard names 2019-09-27 23:58:12 +02:00
asn1pars.c Update copyright year 2019-05-28 14:49:38 +02:00
bf_prefix.c Fix of prefix bio filter (bf_prefix.c): rely on the given length 2018-02-01 22:09:41 +01:00
build.info Make sure the 'tsget' script is called 'tsget.pl' everywhere 2018-07-23 18:33:48 +02:00
ca-cert.srl
ca-key.pem
ca-req.pem
ca.c Update copyright year 2019-09-10 13:56:40 +01:00
CA.pl.in Update copyright year 2018-03-20 13:08:46 +00:00
cert.pem
ciphers.c Split configuration of TLSv1.3 ciphers from older ciphers 2018-03-14 10:15:50 +00:00
client.pem
cms.c Update copyright year 2019-05-28 14:49:38 +02:00
crl.c Update copyright year 2018-02-13 13:59:25 +00:00
crl2p7.c Update copyright year 2018-02-13 13:59:25 +00:00
ct_log_list.cnf Remove unnecessary trailing whitespace 2019-02-05 16:29:17 +01:00
dgst.c apps/dgst.c: allocate a new signature buffer 2019-10-30 10:30:59 +01:00
dh1024.pem Remove unnecessary trailing whitespace 2019-02-05 16:29:17 +01:00
dh2048.pem Remove unnecessary trailing whitespace 2019-02-05 16:29:17 +01:00
dh4096.pem Remove unnecessary trailing whitespace 2019-02-05 16:29:17 +01:00
dhparam.c apps/dsaparam.c generates code that is intended to be pasted or included 2018-07-30 07:34:32 +10:00
dsa-ca.pem
dsa-pca.pem
dsa.c Update copyright year 2018-02-13 13:59:25 +00:00
dsa512.pem
dsa1024.pem
dsap.pem
dsaparam.c apps/dsaparam.c generates code that is intended to be pasted or included 2018-07-30 07:34:32 +10:00
ec.c Update copyright year 2018-02-13 13:59:25 +00:00
ecparam.c Use the new non-curve type specific EC functions internally 2018-07-31 09:08:38 +01:00
enc.c Update dgst.c to show a list of message digests 2019-10-22 23:29:15 +02:00
engine.c Update copyright year 2018-02-13 13:59:25 +00:00
errstr.c Update copyright year 2018-02-13 13:59:25 +00:00
gendsa.c Issue warnings for large DSA and RSA keys 2018-06-05 18:08:01 +02:00
genpkey.c add 'unsupported cipher mode' diagnostics to evp_lib.c and genpkey.c 2018-06-18 10:45:35 +01:00
genrsa.c Issue warnings for large DSA and RSA keys 2018-06-05 18:08:01 +02:00
nseq.c Update copyright year 2018-02-13 13:59:25 +00:00
ocsp.c apps/ocsp.c: sock_timeout -> socket_timeout 2019-11-29 09:46:54 +01:00
openssl-vms.cnf Remove unnecessary trailing whitespace 2019-02-05 16:29:17 +01:00
openssl.c main: avoid a NULL dereference on initialisation. 2019-11-22 15:24:13 +10:00
openssl.cnf Remove unnecessary trailing whitespace 2019-02-05 16:29:17 +01:00
opt.c apps: Stop pretending to care about Netscape keys 2018-11-02 10:59:17 +01:00
passwd.c Fix some typos 2019-12-11 19:17:00 +01:00
pca-cert.srl
pca-key.pem
pca-req.pem
pkcs7.c Update copyright year 2018-02-13 13:59:25 +00:00
pkcs8.c Update copyright year 2018-02-13 13:59:25 +00:00
pkcs12.c apps/pkcs12: print multiple PKCS#12 safeBag attribute values if present 2019-09-17 11:03:19 +02:00
pkey.c Do not ignore EVP_PKEY_print_public/EVP_PKEY_print_private return values 2018-08-24 15:33:26 +03:00
pkeyparam.c Update copyright year 2018-02-13 13:59:25 +00:00
pkeyutl.c Fix pkeyutl -verifyrecover 2020-01-08 10:02:20 +00:00
prime.c Update copyright year 2018-02-13 13:59:25 +00:00
privkey.pem
progs.pl Enable all implemented digests 2018-04-19 21:03:53 +02:00
rand.c Update copyright year 2018-02-13 13:59:25 +00:00
rehash.c Update copyright year 2019-02-26 14:05:09 +00:00
req.c Return 1 when openssl req -addext kv is duplicated 2019-12-16 15:08:03 +01:00
req.pem
rsa.c Check return value of EVP_PKEY_new 2018-11-10 04:42:29 +02:00
rsa8192.pem
rsautl.c Update copyright year 2018-02-13 13:59:25 +00:00
s512-key.pem
s512-req.pem
s1024key.pem
s1024req.pem
s_apps.h Update copyright year 2019-09-10 13:56:40 +01:00
s_cb.c Suppress 'No server certificate CA names sent' message 2019-09-04 16:48:49 +02:00
s_client.c Fix Typos 2019-07-01 02:02:06 +08:00
s_server.c Fix an s_server arbitrary file read issue on Windows 2019-10-28 13:15:52 +00:00
s_socket.c Only set TCP_NODELAY if the protocol is TCP 2018-05-31 10:39:13 +01:00
s_time.c Don't call setsockopt with an invalid fd 2018-05-31 10:39:13 +01:00
server.pem Replace apps/server.pem with certificate with a sha256 signature. 2020-01-25 14:12:07 +01:00
server.srl
server2.pem
sess_id.c Fix the type of -out option 2018-02-28 18:44:56 +01:00
smime.c Update copyright year 2018-02-13 13:59:25 +00:00
speed.c Fix disabled ecdsa in apps/speed 2020-01-05 13:45:33 +02:00
spkac.c Fix mixed indentation (and other whitespace issues) 2018-04-26 21:34:46 +02:00
srp.c update SRP copyright notice 2018-03-13 18:33:44 +10:00
storeutl.c Update copyright year 2019-09-10 13:56:40 +01:00
testCA.pem
testdsa.h
testrsa.h
timeouts.h Fix header file include guard names 2019-09-27 23:58:12 +02:00
ts.c Check return value after loading config file 2019-12-13 13:40:24 +10:00
tsget.in Update copyright year 2018-03-20 13:08:46 +00:00
verify.c Update copyright year 2019-02-26 14:05:09 +00:00
version.c Restore the display of options with 'openssl version -a' 2018-03-09 14:28:51 +01:00
vms_decc_init.c
vms_term_sock.c
vms_term_sock.h Fix header file include guard names 2019-09-27 23:58:12 +02:00
win32_init.c
x509.c Fix regression on x509 keyform argument 2019-12-19 10:03:19 +01:00