summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
35e742e)
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6741)
"tests",
"threads",
"tls",
"tests",
"threads",
"tls",
"ts",
"ubsan",
"ui-console",
"ts",
"ubsan",
"ui-console",
"ssl3" => "default",
"ssl3-method" => "default",
"ubsan" => "default",
"ssl3" => "default",
"ssl3-method" => "default",
"ubsan" => "default",
- "tls13downgrade" => "default",
"unit-test" => "default",
"weak-ssl-ciphers" => "default",
"zlib" => "default",
"unit-test" => "default",
"weak-ssl-ciphers" => "default",
"zlib" => "default",
require additional system-dependent options! See "Note on
multi-threading" below.
require additional system-dependent options! See "Note on
multi-threading" below.
- enable-tls13downgrade
- TODO(TLS1.3): Make this enabled by default and remove the
- option when TLSv1.3 is out of draft
- TLSv1.3 offers a downgrade protection mechanism. This is
- implemented but disabled by default. It should not typically
- be enabled except for testing purposes. Otherwise this could
- cause problems if a pre-RFC version of OpenSSL talks to an
- RFC implementation (it will erroneously be detected as a
- downgrade).
-
no-ts
Don't build Time Stamping Authority support.
no-ts
Don't build Time Stamping Authority support.
} else {
ret = RAND_bytes(result, len);
}
} else {
ret = RAND_bytes(result, len);
}
-#ifndef OPENSSL_NO_TLS13DOWNGRADE
if (ret > 0) {
if (!ossl_assert(sizeof(tls11downgrade) < len)
|| !ossl_assert(sizeof(tls12downgrade) < len))
if (ret > 0) {
if (!ossl_assert(sizeof(tls11downgrade) < len)
|| !ossl_assert(sizeof(tls12downgrade) < len))
memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
sizeof(tls11downgrade));
}
memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
sizeof(tls11downgrade));
}
if (s->version != vent->version)
continue;
if (s->version != vent->version)
continue;
-#ifndef OPENSSL_NO_TLS13DOWNGRADE
/* Check for downgrades */
if (s->version == TLS1_2_VERSION && highver > s->version) {
if (memcmp(tls12downgrade,
/* Check for downgrades */
if (s->version == TLS1_2_VERSION && highver > s->version) {
if (memcmp(tls12downgrade,
s->method = method;
return 1;
s->method = method;
return 1;
plan skip_all => "$test_name needs TLS1.3 and TLS1.2 enabled"
if disabled("tls1_3") || disabled("tls1_2");
plan skip_all => "$test_name needs TLS1.3 and TLS1.2 enabled"
if disabled("tls1_3") || disabled("tls1_2");
-# TODO(TLS1.3): Enable this when TLSv1.3 comes out of draft
-plan skip_all => "$test_name not run in pre TLSv1.3 RFC implementation"
- if disabled("tls13downgrade");
-
$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
my $proxy = TLSProxy::Proxy->new(
$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
my $proxy = TLSProxy::Proxy->new(