GitLab

Known to fail on VMs (such as the buildbots), see eg
http://blog.badtrace.com/post/rdtsc-x86-instruction-to-detect-vms/

This is particularly problematic when calling FD_SET( -1, ... ), but let's
check it in all functions.

This was introduced with the new API and the fact the net_free() now sets the
internal fd to -1 in order to mark it as closed: now using this information.

The "inline" keyword is supported since Visual Studio 2005 according to MSDN,
and we require Visual Studio 2010 or higher.

We now require support for stdint.h from the compiler.

For some reason select() doesn't seem to work.

This is made possible by the new API where net_accept() gets a pointer to
bind_ctx, so it can update it.

close() may be more meaningful, but free() is symmetric with _init(), and more
consistent with all other modules

Provides more flexibility for future changes/extensions.

On Windows, recvfrom() returns an error code if the destination buffer is too
small to hold the next datagram.

But introduces dependency on variadic macros

Assume we have two trusted CAs with the same name, the first uses ECDSA 256
bits, the second RSA 2048; cert is signed by the second. If we do the keysize
check before we checked the key types match, we'll raise the badkey flags when
checking the EC-256 CA and it will remain up even when we finally find the
correct CA. So, move the check for the key size after signature verification,
which implicitly checks the key type.

When we build with Visual Studio in debug mode, the invalid parameter handler
aborts the application (and offers to debug it) when n is 0. We want to
just return -1 instead (as calls with n == 0 are expected and happen in our
tests).

Name chosen to match the existing make target.

- all spaces no tabs
- indent with 4 spaces everywhere

Timing belongs in libcrypto (due to havege depending on it)
while net.c was put in libtls (only test ssl servers use it)

certs.c belongs to the X.509 library, while DHM belongs to the crypto lib.

We document that either of recv or recv_timeout may be NULL, but for TLS we
always used recv... Thanks Coverity for catching that.
(Not remotely trigerrable: local configuration.)

Also made me notice net_recv_timeout didn't do its job properly.

With the default config, it noticed the accept_comp was always 0, so the rest
of the test was dead code.

Found using Codenomicon Defensics.

Found by Coverity Scan.

May happen with a faulty configuration (eg no allowed curve but trying to use
ECDHE key exchange), but not trigger able remotely.

(Found with Clang's scan-build.)

scan-build was reporting NULL dereferences

Probably a bad merge from the 1.3 branch

- avoids dependency on snprintf
- allows using "smtps" instead of "456" if desired