sync code with last improvements from OpenBSD
This commit is contained in:
parent
454dab66ed
commit
27298272ec
GPG key ID:
F42C07F07E2E35B7
237 changed files with 4666 additions and 2149 deletions
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssltest.c,v 1.42 2023/07/27 07:08:09 tb Exp $ */
|
||||
/* $OpenBSD: ssltest.c,v 1.43 2023/08/15 11:20:57 tb Exp $ */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
|
|
@ -281,8 +281,8 @@ verify_alpn(SSL *client, SSL *server)
|
|||
free(alpn_selected);
|
||||
alpn_selected = NULL;
|
||||
|
||||
if (client_proto_len != server_proto_len ||
|
||||
memcmp(client_proto, server_proto, client_proto_len) != 0) {
|
||||
if (client_proto_len != server_proto_len || (client_proto_len > 0 &&
|
||||
memcmp(client_proto, server_proto, client_proto_len) != 0)) {
|
||||
BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
|
||||
goto err;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
# $OpenBSD: tlsfuzzer.py,v 1.51 2023/08/03 20:13:12 tb Exp $
|
||||
# $OpenBSD: tlsfuzzer.py,v 1.52 2023/08/14 18:10:42 tb Exp $
|
||||
#
|
||||
# Copyright (c) 2020 Theo Buehler <tb@openbsd.org>
|
||||
#
|
||||
|
|
@ -370,7 +370,6 @@ tls12_tests = TestGroup("TLSv1.2 tests", [
|
|||
Test("test-message-skipping.py"),
|
||||
Test("test-no-heartbeat.py"),
|
||||
Test("test-record-layer-fragmentation.py"),
|
||||
Test("test-sessionID-resumption.py"),
|
||||
Test("test-sslv2-connection.py"),
|
||||
Test("test-truncating-of-finished.py"),
|
||||
Test("test-truncating-of-kRSA-client-key-exchange.py"),
|
||||
|
|
@ -388,7 +387,7 @@ tls12_tests = TestGroup("TLSv1.2 tests", [
|
|||
Test(
|
||||
"test-ccs.py", [
|
||||
"-x", "two bytes long CCS",
|
||||
"-X", "does not match received \"decode_error\"",
|
||||
"-X", substitute_alert("unexpected_message", "decode_error"),
|
||||
]
|
||||
),
|
||||
Test(
|
||||
|
|
@ -439,6 +438,11 @@ tls12_tests = TestGroup("TLSv1.2 tests", [
|
|||
"-e", "drop extended_master_secret in renegotiation",
|
||||
]),
|
||||
|
||||
Test("test-sessionID-resumption.py", [
|
||||
"-x", "Client Hello too long session ID",
|
||||
"-X", substitute_alert("decode_error", "illegal_parameter"),
|
||||
]),
|
||||
|
||||
# Without --sig-algs-drop-ok, two tests fail since we do not currently
|
||||
# implement the signature_algorithms_cert extension (although we MUST).
|
||||
Test("test-sig-algs-renegotiation-resumption.py", ["--sig-algs-drop-ok"]),
|
||||
|
|
@ -558,6 +562,12 @@ tls12_failing_tests = TestGroup("failing TLSv1.2 tests", [
|
|||
# 'resumption with cipher from old CH but not selected by server'
|
||||
Test("test-resumption-with-wrong-ciphers.py"),
|
||||
|
||||
# 'session resumption with empty session_id'
|
||||
# 'session resumption with random session_id'
|
||||
# 'session resumption with renegotiation'
|
||||
# AssertionError: Server did not send extension(s): session_ticket
|
||||
Test("test-session-ticket-resumption.py"),
|
||||
|
||||
# 5 failures:
|
||||
# 'empty sigalgs'
|
||||
# 'only undefined sigalgs'
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue