1c68da282c
portability enhancement: use "#!/usr/bin/env <interpreter>" on all perl scripts and shell scripts that use bash extensions, and use "#!/bin/sh" on the rest.
2024-08-20 13:48:33 -05:00
ac5b81edd1
fix unit test
2024-06-21 13:22:00 +09:00
30eb558d58
fix ocsp response when using DTLS
2024-06-21 09:57:59 +09:00
51ba745214
ocsp: don't error out if we can't verify our certificate
...
We can omit either the CeritificateStatus message or the appropriate extension when we can not provide the OCSP staple that the peer is asking for. Let peer decide if it requires stapling and error out if we don't send it.
2023-12-12 14:49:52 +01:00
f1aa43dc48
Merge pull request #6230 from bandi13/zd15855
...
Fix for variable server startup time
2023-03-28 09:13:52 -06:00
591089664d
Fixes for sniffer with enable all
2023-03-27 16:37:14 -06:00
d57d6d2b78
Fix for variable server startup time
2023-03-23 15:03:26 -04:00
fdb0338473
Be more aggressive in killing processes
2023-02-16 09:55:52 -05:00
9a193a3e02
Address Issue pointed out in (now deleted) comment on an old merge
2022-09-18 08:45:18 -06:00
77dec16b3b
Supplemental fix in addition to #5470
2022-08-22 08:00:40 -06:00
8efc8b0819
Fix up other test scripts using the same logic
2022-08-11 06:26:43 -06:00
40d9473e6a
Display SKIP instead of PASS when tests skipped for make check
2022-06-21 13:11:08 -07:00
f5bbad185f
Supplement to @julek-wolfssl's fantastic find, just allow for proper expansion
2022-05-27 13:52:26 -06:00
b664cea735
Typo in testing script
2022-05-25 12:10:27 +02:00
6984cf83b2
scripts/ocsp-stapling.test: fix whitespace.
2022-05-19 16:45:50 -05:00
368854b243
scripts/: refactor TLS version support tests to use -V, rather than -v (which makes frivolous connection attempts).
2022-05-19 11:18:34 -05:00
abfc788389
script cleanup: use #!/bin/bash on all scripts that use "echo -e" (/bin/sh is sometimes a non-Bourne/non-POSIX shell, e.g. dash/ash, with no support for "echo -e"); fix whitespace.
2022-03-09 12:28:22 -06:00
21db484f50
tests: fix test scripts for paths with spaces
2021-06-13 21:37:07 -07:00
12eddee104
scripts: fix tests for out of tree `distcheck`
...
Copying or using certs from directory relative to scripts source directory.
2021-02-08 10:43:31 -08:00
fa86c1aa91
Configuration: enable all, disable TLS 1.3 - turn off TLS 1.3 only options
...
configuration: --enable-all --disable-tls13
Post-handshake authentication and HRR cookie are enable with
'--enable-all' but disabling TLS 1.3 caused configure to fail.
Don't enable these TLS 1.3 only options when TLS 1.3 is disabled.
Also fix up tests that don't work without TLS 1.3 enabled.
2021-01-06 14:19:57 +10:00
c482d16029
Merge pull request #3544 from haydenroche5/ocsp_stapling_bug
...
Fix bug where OCSP stapling wasn't happening even when requested by client
2020-12-29 14:23:10 -08:00
eeefe043ec
scripts/: nix `timeout` wrappers in ocsp-stapling.test and ocsp-stapling2.test, for portability.
2020-12-16 17:31:53 -06:00
801aa18b9e
Fix bug where OCSP stapling wasn't happening even when requested by client.
...
The OCSP request that we created didn't have a URL for the OCSP responder, so
the server couldn't reach out to the responder for its cert status.
2020-12-15 16:56:21 -06:00
139b0431cb
ocsp-stapling*.test: prefix waited servers with "timeout 60" to avoid deadlock failure modes; grep output from "openssl s_client" in "test interop fail case" for expected error message ("self signed certificate in certificate chain").
2020-10-28 17:28:05 -05:00
0568ec304f
pass -4 flag to openssl and nc only when IPV6_SUPPORTED.
2020-10-28 17:28:05 -05:00
94a3f86dcd
scripts/ocsp-stapling*.test: check if IPv6 is supported by the installed openssl and nc executables, and if not, don't attempt to wrestle the version. with no IPv6 support, and an --enable-ipv6 wolfssl build, skip the test entirely. also, restore a couple -b (bind-all-interfaces) flags to examples/server/server recipes in case that's useful.
2020-10-28 17:28:05 -05:00
7a5cbaa9bc
fix scripts/ocsp-stapling*.test to accommodate IPv6 examples/ client/server build.
2020-10-28 17:28:05 -05:00
60b0b0170b
TLS OCSP Stapling: MUST staple option
...
Can enable OCSP Must Staple option to mean that if the client sends a
request for an OCSP Staple then it must receive a response.
2020-10-16 09:03:27 +10:00
5ed2fe8092
scripts/: more race elimination/mitigation.
2020-09-17 12:03:44 -05:00
b669f8eeb9
scripts/: tweak scripts/include.am to run ocsp tests before rather than after testsuite and unit.test; revert POSIXish scripts/*.test to use /bin/sh.
2020-09-14 16:06:45 -05:00
51046d45d3
add bwrapping on all other scripts/*.test except those that make Internet connections, and remove test for setuid bit, as some systems are configured to not require setuid/CAP_NET_ADMIN for CLONE_NEWNET.
2020-09-12 00:20:38 -05:00
1e9971f64c
scripts/ocsp-stapling*.test: add bwrap attempt at top, to isolate network namespace.
2020-09-11 18:20:27 -05:00
8f25456f86
scripts/ocsp-stapling*.test, wolfssl/test.h: refactor scripts/ocsp-stapling*.test for orthogonality and robustness, with retries and early failure detection. also, reduce sleeps in ocsp-stapling-with-ca-as-responder.test to 0.1, matching sleeps in other 2 scripts. finally, in wolfssl/test.h, #ifdef SO_REUSEPORT do that when binding ports, and add optional rendering of errno strings for failed syscalls using err_sys_with_errno() when -DDEBUG_TEST_ERR_SYS_WITH_ERRNO.
2020-09-11 15:30:37 -05:00
6a984da53f
Fixes and Improvements to OCSP scripts. Fix for OCSP test with IPV6 enabled (use `-b` bind to any on server). Fix to use random port number for the `oscp-stapling.test` script. Reduce delay times in scripts.
2020-08-25 10:55:41 -07:00
42f3a6d7a4
Put both potential roots for login.live.com into collection for stapling test
2020-07-07 16:02:48 -06:00
0a6b93fda2
add single quotes around -? in test scripts
2020-03-24 22:40:48 -06:00
b83804cb9d
Correct misspellings and typos from codespell tool
2019-12-24 12:29:33 -06:00
a00eaeb877
add ocsp stapling test and initialize values
2019-01-04 13:16:47 -07:00
fc64788092
Merge pull request #1795 from SparkiDev/tls13_no_tls12
...
Fixes to work when compiled with TLS 1.3 only
2018-08-29 16:16:46 -07:00
487c60df78
Fixes to work when compiled with TLS 1.3 only
...
TLS 1.3 Early Data can be used with PSK and not session tickets.
If only TLS 1.3 and no session tickets then no resumption.
External sites don't support TLS 1.3 yet.
2018-08-28 15:37:15 +10:00
46c04cafd3
change grep message for RSA key size with tests
2018-08-24 16:47:37 -06:00
f74406d2c9
check max key size with ocsp stapling test
2018-08-15 09:52:43 -06:00
280de47d06
Use pzero solutions on servers and clients in addition to ocsp responders
2018-08-10 14:17:17 -06:00
c288a214b1
give servers time to shut-down after client connection
2018-08-10 11:57:35 -06:00
35dbf9a6fe
address file restoration issue present when git not available
2018-08-10 10:24:42 -06:00
c71f730d67
OSCP
...
1. Made killing the OCSP server process more reliable.
2. Added attr files for the OSCP status files. Bare minimum attr.
3. Added a NL to the error string from the client regarding external tests.
2018-08-02 11:32:36 -07:00
ddec878152
Disable external tests for OCSP scripts
2018-08-02 10:03:47 -06:00
a178764a8b
Portability and self-cleanup changes to ocsp test scripts
2018-08-02 09:47:13 -06:00
0bf3a89992
TLS 1.3 OCSP Stapling
...
Introduce support for OCSP stapling in TLS 1.3.
Note: OCSP Stapling v2 is not used in TLS 1.3.
Added tests.
Allow extensions to be sent with first certificate.
Fix writing out of certificate chains in TLS 1.3.
Tidy up the OCSP stapling code to remove duplication as much as
possible.
2018-07-02 16:59:23 +10:00
43c234029b
adds a call to wolfSSL_CTX_EnableOCSPStapling() on client.c to fix ocspstapling2 tests and removes unnecessary 'kill ' from the test scripts
2017-12-26 22:32:21 -03:00
Daniel Pouzzner
Hideki Miyazaki
Juliusz Sosinowicz
JacobBarthelmeh
Lealem Amedie
Andras Fekete
kaleb-himes
Lealem Amedie
Elms
Sean Parkinson
John Safranek
Hayden Roche
David Garske
Eric Blankenhorn
toddouska
Moisés Guimarães