- 07 Mar, 2016 - 5 commits
-
-
Simon Butcher authored
-
Simon Butcher authored
Removed SSLv3 from the default tests in compat.sh, and adapted the test cases in all.sh to include an additional SSLv3 regression test suite.
-
Simon Butcher authored
The change to defaults configurations in a720ced4 broke the yotta build. This fix addresses that.
-
Simon Butcher authored
Fixes the test script test/scripts/all.sh which was failing at the baremetal ARM builds due to the entropy platform check introduced in 7ff4b774.
-
Janos Follath authored
Change the default settings for SSL and modify the tests accordingly.
-
- 04 Mar, 2016 - 2 commits
-
-
Simon Butcher authored
The purpose and use of the test script, curves.pl was not obvious without reading the source code, plus the file was missing a copyright statement.
-
Simon Butcher authored
The test script curves.pl was failing on testing dependencies for the P-384 curve on the new test cases introduced by ede75f06 and 884b4fc2.
-
- 02 Mar, 2016 - 1 commit
-
-
Simon Butcher authored
-
- 01 Mar, 2016 - 23 commits
-
-
Simon Butcher authored
-
Janos Follath authored
Fix an issue that caused valid certificates being rejected whenever an expired or not yet valid version of the trusted certificate was before the valid version in the trusted certificate list.
-
Janos Follath authored
-
Janos Follath authored
-
Simon Butcher authored
-
SimonB authored
Restructed test suite helper and main code to support tests suite helper functions, changed C++ comments to C-style, and made the generated source code more navigable.
-
SimonB authored
Added to generate_code.pl: - support for per test suite helper functions - description of the structure of the files the script uses to construct the test suite file - delimiters through the source code to make the machine generated code easier to understand
-
SimonB authored
Added comments to explain purpose and usage of generate_code.pl
-
Simon Butcher authored
Script generate-afl-tests.sh will split the test suite data files into individual test case files, suitable for fuzzing.
-
Simon Butcher authored
All test suites can now take an arbitrary test file.
-
Simon Butcher authored
The callback typedefs defined for mbedtls_ssl_set_bio() and mbedtls_ssl_set_timer_cb() were not used consistently where the callbacks were referenced in structures or in code.
-
Simon Butcher authored
Fix spelling mistakes and typos.
-
Manuel Pégourié-Gonnard authored
- basicContraints checks are done during verification - there is no need to set extensions that are not present to default values, as the code using the extension will check if it was present using ext_types. (And default values would not make sense anyway.)
-
Manuel Pégourié-Gonnard authored
-
-
Manuel Pégourié-Gonnard authored
- document why we made that choice - remove the two TODOs about checking hash and CA - remove the code that parsed certificate_type: it did nothing except store the selected type in handshake->cert_type, but that field was never accessed afterwards. Since handshake_params is now an internal type, we can remove that field without breaking the ABI.
-
Manuel Pégourié-Gonnard authored
We don't implement anonymous key exchanges, and we don't intend to, so it can never happen that an unauthenticated server requests a certificate from us.
-
Manuel Pégourié-Gonnard authored
Also tune up some working while at it.
-
Manuel Pégourié-Gonnard authored
-
Manuel Pégourié-Gonnard authored
After the record contents are decompressed, in_len is no longer accessed directly, only in_msglen is accessed. in_len is only read by ssl_parse_record_header() which happens before ssl_prepare_record_contents(). This is also made clear by the fact that in_len is not touched after decrypting anyway, so if it was accessed after that it would be wrong unless decryption is used - as this is not the case, it show in_len is not accessed.
-
Manuel Pégourié-Gonnard authored
-
Manuel Pégourié-Gonnard authored
Previously it was failing with errors about headers not found, which is suboptimal in terms of clarity. Now give a clean error with pointer to the documentation. Do the checks in the .c files rather than check_config.h as it keeps them closer to the platform-specific implementations.
-
Manuel Pégourié-Gonnard authored
The previous documentation was not explicit about what was expected of the callbacks - the user had to infer that from the descriptions in net.h or timing.h, and it was not clear what was part of the calling convention and what was specific to our implementation.
-
Manuel Pégourié-Gonnard authored
fixes #398
-
- 13 Feb, 2016 - 1 commit
-
-
Simon Butcher authored
Clarified the lifetime of the protos parameter passed in the function mbedtls_ssl_conf_alpn_protocols().
-
- 10 Feb, 2016 - 1 commit
-
-
Janos Follath authored
-
- 09 Feb, 2016 - 1 commit
-
-
Janos Follath authored
-
- 29 Jan, 2016 - 1 commit
-
-
Manuel Pégourié-Gonnard authored
-
- 20 Jan, 2016 - 1 commit
-
-
Simon Butcher authored
The links in the references in rsa.c and dhm.c were no longer valid and needed updating.
-
- 13 Jan, 2016 - 1 commit
-
-
Simon Butcher authored
-
- 12 Jan, 2016 - 3 commits
-
-
Manuel Pégourié-Gonnard authored
This re-introduces the apidoc with full config.h, but hopefully with the race conditions and other issues that the previous implementation had. Adapt doxygen test script to use that new script, and also check for errors in addition to warnings while at it.
-
Manuel Pégourié-Gonnard authored
This partially reverts 1989caf7 (only the changes to Makefile and CMakeLists, the addition to scripts/config.pl is kept). Modifying config.h in the apidoc target creates a race condition with make -j4 all apidoc where some parts of the library, tests or programs could be built with the wrong config.h, resulting in all kinds of (semi-random) errors. Recent versions of CMake mitigate this by adding a .NOTPARALLEL target to the generated Makefile, but people would still get errors with older CMake versions that are still in use (eg in RHEL 5), and with plain make. An additional issue is that, by failing to use cp -p, the apidoc target was updating the timestamp on config.h, which seems to cause further build issues. Let's get back to the previous, safe, situation. The improved apidoc building will be resurrected in a script in the next commit. fixes #390 fixes #391
-
Simon Butcher authored
Previous change to include excluded the content in doxygen/input
-