kmx git

Commit	Date	Message
c22f2757	2022-07-09T23:27:23	Use OPENSSL_VERSION_NUMBER over OPENSSL_VERSION_MAJOR (for compatibility) Since OpenSSL 3.0 there is new OPENSSL_VERSION_MAJOR, but previous releases does not have it. So let's use plain old OPENSSL_VERSION_NUMBER to avoid more preprocessor macros.
29c420c4	2022-06-18T21:43:31	Initial OpenSSL 3.0 support * Don't use deprecated functions when building against OpenSSL 3.0. * Recognise that OpenSSL 3.0 can signal a dirty shutdown as a protocol. error in addition to the expected IO error produced by OpenSSL 1.1.1 * Update regress_mbedtls.c for compatibility with OpenSSL 3
187f6b91	2022-06-27T22:41:47	OpenSSL 3 fixes: Disable TLS 1.3 when testing renegotiation support TLS 1.3 does not support renegotation - it has been removed from the protocol. Disable TLS 1.3 when testing this, so we negotiate an older protocol version
a9595ccd	2021-12-21T13:15:58	regress_ssl: Use intptr_t when shoving an int into a void * Currently the code uses long, but long does not always have the same representation as a pointer, such as on 64-bit Windows where long is only 32-bit due to its unususal LLP64 ABI, but also on CHERI, and thus Arm's prototype Morello architecture, where C language pointers are represented as hardware capabilities, which have bounds, permissions and other metadata to enforce spatial memory safety. Both of these cases warn when casting a long to a pointer (Windows due to long being shorter and thus it being likely you've truncated the address, and CHERI due to long not having any capability metadata like pointers and thus it being likely you've stripped the metadata, with the resulting "null-derived" capability destined to trap if dereferenced), and in both cases casting to intptr_t as the intermediate type instead will get rid of those warnings.
a490172d	2020-10-31T22:53:31	Introduce new BUFFEREVENT_SSL_BATCH_WRITE flag to avoid Nagle effect in SSL
028385f6	2020-05-28T17:14:46	fix build system and add test and cleanup code
cdbb2373	2020-06-25T21:40:40	test: "fix" (with a quirk) leak in ssl/bufferevent_wm (w/o defer callbacks)
08981f8d	2020-01-05T19:02:22	Fix compilation without OPENSSL_API_COMPAT Use the following for openssl 1.1+: - X509_getm_notBefore over X509_get_notBefore - X509_getm_notAfter over X509_get_notAfter - use OPENSSL_VERSION_NUMBER over SSLeay() - add missing headers Refs: openssl/openssl@0b7347effee5
ae9b285d	2019-02-03T18:47:14	test/ssl/bufferevent_wm: explicitly break the loop once client/server received enough There can be tricky cases (that can be reproduced by reducing SO_RCVBUF/SO_SNDBUF to 6144, on linux, and be aware, since linux doubles this const), when there is still write event pending, although we read enough. This should be fixed in a more sophisticated way, but to backport the patch, let's simply break the loop manually. The ssl/bufferevent_wm originally failed on solaris.
b29207dc	2019-01-29T21:12:33	Eliminate fd conversion warnings and introduce EVUTIL_INVALID_SOCKET (windows) windows has intptr_t instead of regular int. Also tt_fd_op() had been introduced, since we cannot use tt_int_op() for comparing fd, since it is not always int.
1fc1c7ef	2018-11-08T00:36:07	regress_ssl: fix ssl/bufferevent_wm_filter for non defered callbacks Even after referenced patch there is still possible recursive callbacks from evbuffer_drain(bev_input), i.e.: wm_transfer() -> evbuffer_drain() -> wm_transfer() inc(ctx->get) But if we will increment ctx->get before drain that we will not add more data to buffer. Refs: 54c6fe3c ("regress_ssl: make ssl/bufferevent_wm_filter more fault-tolerance") CI: https://ci.appveyor.com/project/nmathewson/libevent/build/job/f0rv299i71wnuxdq#L2546
54c6fe3c	2018-11-05T22:25:15	regress_ssl: make ssl/bufferevent_wm_filter more fault-tolerance Due to inplace callbacks (i.e. no BEV_OPT_DEFER_CALLBACKS) we cannot be sure that wm_transfer() will not be called recursively and indeed it still happens sometimes, and the referenced patch increase amount of this times, especially for linux/poll. Fixes: 66304a23cf748714159c988e78f35401c5352827 ("Fix ssl/bufferevent_wm_filter when bev does not reach watermark on break")
66304a23	2018-11-04T20:40:04	Fix ssl/bufferevent_wm_filter when bev does not reach watermark on break For the ssl/bufferevent_wm* we have next configuration: - payload_len = 1024 - wm_high = 5120 - limit = 40960 - to_read = 512 In this test we expect that with high watermark installed to "wm_high" we will read "limit" bytes by reading "to_read" at a time, but adding "payload_len" at a time (this "to_read"/"payload_len" limits is installed to finally overflow watermark). Once we read "limit" bytes we break, by disable EV_READ and reset callbacks. Although this will not work if when we want to break we do not reach watermark, this is because watermarks installs evbuffer callback for the input buffer and if the watermark does not reached it will enable EV_READ while be_openssl_enable() will read from the underlying buffer (in case the openssl bufferevent created via bufferevent_openssl_filter_new()) and call callback again (until it will reach watermark or read al from the underlying buffer -- this is why it stops in our caes). And this is exactly what happened in win32, you can see this in the following logs: - win32 before: OK C:\vagrant\test\regress_ssl.c:829: wm_transfer-client(00DC2750): in: 4608, out: 0, got: 40960 OK C:\vagrant\test\regress_ssl.c:834: wm_transfer-client(00DC2750): break OK C:\vagrant\test\regress_ssl.c:829: wm_transfer-client(00DC2750): in: 4608, out: 0, got: 41472 OK C:\vagrant\test\regress_ssl.c:834: wm_transfer-client(00DC2750): break OK C:\vagrant\test\regress_ssl.c:829: wm_transfer-client(00DC2750): in: 4608, out: 0, got: 41984 OK C:\vagrant\test\regress_ssl.c:834: wm_transfer-client(00DC2750): break OK C:\vagrant\test\regress_ssl.c:829: wm_transfer-client(00DC2750): in: 4608, out: 0, got: 42496 OK C:\vagrant\test\regress_ssl.c:834: wm_transfer-client(00DC2750): break - win32 after: OK C:\vagrant\test\regress_ssl.c:821: wm_transfer-client(00FC26F0): break OK C:\vagrant\test\regress_ssl.c:836: wm_transfer-client(00FC26F0): in: 4800, out: 0, got: 40960 - linux before: OK ../test/regress_ssl.c:829: wm_transfer-client(0x55555566f5e0): in: 5120, out: 0, got: 40960 OK ../test/regress_ssl.c:834: wm_transfer-client(0x55555566f5e0): break - linux after: OK ../test/regress_ssl.c:821: wm_transfer-client(0x55555566f5e0): break OK ../test/regress_ssl.c:836: wm_transfer-client(0x55555566f5e0): in: 5120, out: 0, got: 40960 (As you can see in linux case we already reach watermark hence it passed before). So fix the issue by breaking before draining. But during fixing this I was thinking is this right? I.e. reading from the be_openssl_enable(), maybe we should force deferred callbacks at least?
e8c407e7	2018-11-04T20:15:14	regress_ssl: cover watermarks with deferred callbacks
fb7f43f0	2018-11-04T20:03:50	regress_ssl: improve bufferevent_wm/bufferevent_wm_filter logging - add bev pointer - use EV_SIZE_FMT over %zu (win32)
9fe952a0	2018-10-27T19:34:52	regress_ssl: reset static variables on test setup/cleanup and eliminate leaks One tricky bit is reply to the BIO_C_GET_FD command, since otherwise it will try to close(0) and accepted bev in ssl/bufferevent_connect_sleep will leak. Other seems more or less trivial. This was done to make sure that for at least generic cases does not leak (tricky cases was listed here nmathewson/Libevent#83). And this will allow run ssl/.. with --no-fork
a5b2ed56	2018-10-04T01:03:10	test: cover watermarks (with some corner cases) in ssl bufferevent
28b80754	2018-04-02T13:18:27	Fix build with LibreSSL 2.7 LibreSSL 2.7 implements OpenSSL 1.1 API except for BIO_get_init() See also: https://bugs.freebsd.org/226900 Signed-off-by: Bernard Spil <brnrd@FreeBSD.org> Closes: #617 (cherry-pick)
c2c08e02	2017-11-22T10:33:15	Add missing includes into openssl-compat.h Before it depends from the caller #include appropriate headers (at least for OPENSSL_VERSION_NUMBER), but let's make it independent. Fixes: #574
d057c45e	2017-01-28T16:42:13	Unbreak build with LibreSSL after openssl 1.1 support added Fixes: 3e9e0a0d46e4 ("Make it build using OpenSSL 1.1.0") Fixes: #445
09b62013	2016-12-08T02:11:22	test/ssl: fix bufferevent_getfd() for bufferevent_openssl_filter_new()
d047c241	2016-12-02T18:32:03	test/ssl: cover case when we writing to be_openssl after connecting Right now it fails because of regression for filtered openssl bufferevent, and by it I mean ssl/bufferevent_filter_write_after_connect test, and by fails - hang. Regression-for: da52933550fd4736aa1c213b6de497e2ffc31e34 ("be_openssl: don't call do_write() directly from outbuf_cb")
532a47ce	2016-11-14T02:17:51	test: fix building under openssl 1.1 (init functions has been deprecated) Refs: #397
336f3b11	2016-12-06T13:15:27	Fix _FILE_OFFSET_BITS redinition (solaris/autotools) So firstly include our header (config.h) -- <evconfig-private.h>, and only after it <sys/types.h> since latest has #ifdef guard, while our config.h is not inteded for this. And besides all this thing with LARGE_FILE is a abit awkward, since we don't nefine _LP64/_LP32 anyway, and so we have next error actually (64bit VS 32bit): ==> solaris: In file included from ./util-internal.h:30:0, ==> solaris: from test/regress_ssl.c:49: ==> solaris: ./evconfig-private.h:29:0: warning: "_FILE_OFFSET_BITS" redefined ==> solaris: #define _FILE_OFFSET_BITS 64 ==> solaris: ^ ==> solaris: In file included from /usr/include/sys/types.h:17:0, ==> solaris: from test/regress_ssl.c:38: ==> solaris: /opt/csw/lib/gcc/i386-pc-solaris2.10/5.2.0/include-fixed/sys/feature_tests.h:196:0: note: this is the location of the previous definition ==> solaris: #define _FILE_OFFSET_BITS 32 ==> solaris: ^ For cmake it commented in: 8b228e27f57300be61b57a41a2ec8666b726dc34 ("Lot's of cmake updates")
3e9e0a0d	2016-09-19T22:05:15	Make it build using OpenSSL 1.1.0 Rebased (azat): - tabs instead of whitespaces - make openssl-compat.h safe for complex expressions - do not call sk_SSL_COMP_free() in 1.1 (fixes double free) TODO: - clean methods_bufferevent Closes: #397 (cherry-picked)
f9803a69	2016-10-12T17:49:10	Switch from a 512 to 2048-bit RSA key. The 512 bit key is too small to sign larger hashes. This can cause the regression tests to fail depending on the defaults in libssl.
a9e8cd67	2016-08-09T12:25:11	test/ssl: use send()/recv()/EVUTIL_ERR_RW_RETRIABLE()/EVUTIL_SOCKET_ERROR() to fix win32 Fixes: https://ci.appveyor.com/project/azat/libevent/build/2.1.5.107/job/k70our1xdp0ym4dm#L1906 Fixes: ssl/bufferevent_connect_sleep
73d0360e	2016-02-15T18:01:36	test/regress_ssl: Fix compile problems for win32 Windows doesn't have unistd.h, but have the required functionality in io.h. azat: use ev_ssize_t instead of ssize_t
da0ea7ae	2015-11-18T02:50:25	test/ssl: cover busy-loop (i.e. {read,write}-blocked-on-{write,read} stuff) This covers SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE error codes from ssl, under which we must block read/write to avoid busy looping, and hence extra CPU usage. This test introduces custom BIO that will count read/write and validates counters, with patches for be_openssl that drops handling SSL/SSL_ERROR_WANT_READ there are more then 43K reads, so 100 is pretty ok.
0c4c387c	2015-11-05T10:34:18	test/ssl: export getkey()/getcert()/get_ssl_ctx()/init_ssl() for https
9f02a445	2015-10-05T12:37:41	make test/regress_ssl.c compile without warnings
cdafdf01	2015-09-02T17:49:41	test/regress_ssl: check events fd/pending after timeout triggered In this case client can't connect to server, and this bring to the front some bugs with assigning on already added events (because of ```fd_is_set``` stuff), for more info see #258, since this is the reproducible for it.
74845f11	2015-09-02T17:36:20	test/regress_ssl: cover case when server didn't up (failed with timeout)
df507afa	2015-09-02T17:17:43	test/regress_ssl: covert that we can't change fd with underlying
762edb46	2015-09-02T17:06:51	test/regress_ssl: cover that events (read/write) at finish not pending
b78a8297	2015-09-02T12:35:51	test/regress_ssl: cover fd manipulations
46bba731	2015-09-02T12:31:15	test/regress_ssl: convert open_ssl_bufevs() to mask
34559913	2015-09-02T12:26:40	test/regress_ssl: convert client/server to mask too
04303273	2015-09-02T11:34:13	test/regress_ssl: cover "allow_dirty_shutdown"
342e116f	2015-09-02T11:22:43	test/regress_ssl: convert regress_bufferevent_openssl() to bitmask
25e56fdb	2015-08-25T17:01:42	tests/regress_ssl: drop duplicated assert
89c1a3b7	2014-09-18T12:40:38	Fix several memory leaks in the unit tests. Also add a comment to buffer.c about why we call evbuffer_file_segment_free on failure to add the segment.
e212c548	2014-01-22T13:19:49	Check for OSX when checking for clang.
0ef1d04e	2013-12-17T14:32:07	Get rid of unknown pragma warnings.
69c3516b	2013-12-17T13:28:23	Get rid of deprecation warnings for OpenSSL on OSX 10.7+
f38e0788	2012-11-18T01:36:03	Make ssl version check in unit tests work
5a9a0141	2012-11-16T16:17:07	Fix a couple of compile warnings in the unit tests
1f5a48d1	2012-11-15T11:45:12	Merge remote-tracking branch 'origin/patches-2.0'
ac009f92	2012-11-15T11:43:20	Warn when openssl version in unit test mismatches compiled version.
c2f30863	2012-11-15T11:42:14	Fix renegotiation test to work around openssl 1.0.1 bug There's a bug in openssl 1.0.1 where TLS1.1 and TLS1.2 can't renegotiate with themselves. When testing renegotiation with OpenSSL >=1.0.1 and <1.0.1d, disable those protocols.
2e6a9850	2012-11-01T18:12:07	Merge remote-tracking branch 'github/20_win64_compilation' into 21_win64_compilation Conflicts: event.c http.c sample/event-read-fifo.c test/regress_bufferevent.c
94866c27	2012-11-01T17:38:34	Compile without warnings on mingw64 This is mostly a matter of catching cases where we were still assuming that evutil_socket_t could be used as an int.
9852107f	2012-07-26T10:43:13	Merge remote-tracking branch 'origin/patches-2.0' Conflicts: buffer.c http.c
a2006c00	2012-07-26T10:37:47	Move assignment outside tt_assert in ssl unit tests. Appeases coverity.
539466e5	2012-02-10T17:33:50	Merge remote-tracking branch 'origin/patches-2.0' Conflicts: Makefile.am WIN32-Code/event2/event-config.h configure.in
e49e2891	2012-02-10T17:29:53	Update copyright notices to 2012
0cb70e33	2011-10-26T10:17:21	Merge remote-tracking branch 'origin/patches-2.0'
3c824bd3	2011-10-24T13:18:09	Update copyright dates to 2011.
e40bafe7	2011-06-04T21:40:55	Merge remote-tracking branch 'origin/patches-2.0' Conflicts: Makefile.am WIN32-Code/event2/event-config.h configure.in test/regress_ssl.c
bdfb8330	2011-06-03T17:06:17	Fix regress_ssl.c build on openbsd
9f560bfa	2011-05-25T19:50:56	Use "_WIN32", not WIN32: it's standard and we don't need to fake it This patch was automatically generated with perl. Based on a patch by Peter Rosin.
c0bf63ce	2010-12-02T14:13:33	tests: Use relative includes ("") instead of system includes (<>)
02f6259f	2010-10-14T11:44:32	New unit test for ssl bufferevents starting with connected SSLs.
34331e45	2010-10-08T01:09:02	The corrected bufferevent filter semantics let us fix our openssl tests
a5ce9ad4	2010-09-09T16:01:42	Make SSL tests cover enabling/disabling EV_READ. I want my 80% coverage.
17efc1cd	2010-03-04T01:25:51	Update all our copyright notices to say "2010"
e5bbd40a	2010-02-18T17:41:15	Clean up formatting: use tabs, not 8-spaces, to indent.
d17c720c	2009-08-14T20:07:01	Remove an extraneous puts(). svn:r1415
cf54d74a	2009-07-30T20:41:41	More unit tests for Openssl, including initializing with no socket. Up to 75% coverage. svn:r1399
7a2a51a3	2009-07-30T20:41:21	Add unit tests for SSL session renegotiation. This tickles the write-blocked-on-read code, and in this case turned up a bug in it. svn:r1397
eecefc50	2009-07-30T20:41:00	Add a function to extract the SSL object from a bufferevent_openssl. svn:r1395
709c21c4	2009-07-28T04:03:57	Bufferevent support for openssl. This code adds a new Bufferevent type that is only compiled when the openssl library is present. It supports using an SSL object and an event alert mechanism, which can either be an fd or an underlying bufferevent. There is still more work to do: the unit tests are incomplete, and we need to support flush and shutdown much better. Sometimes events are generated needlessly: this will hose performance. There's a new encrypting proxy in sample/le-proxy.c. This code has only been tested on OSX, and nowhere else. svn:r1382

c22f2757

2022-07-09T23:27:23

Use OPENSSL_VERSION_NUMBER over OPENSSL_VERSION_MAJOR (for compatibility) Since OpenSSL 3.0 there is new OPENSSL_VERSION_MAJOR, but previous releases does not have it. So let's use plain old OPENSSL_VERSION_NUMBER to avoid more preprocessor macros.

29c420c4

2022-06-18T21:43:31

Initial OpenSSL 3.0 support * Don't use deprecated functions when building against OpenSSL 3.0. * Recognise that OpenSSL 3.0 can signal a dirty shutdown as a protocol. error in addition to the expected IO error produced by OpenSSL 1.1.1 * Update regress_mbedtls.c for compatibility with OpenSSL 3

187f6b91

2022-06-27T22:41:47

OpenSSL 3 fixes: Disable TLS 1.3 when testing renegotiation support TLS 1.3 does not support renegotation - it has been removed from the protocol. Disable TLS 1.3 when testing this, so we negotiate an older protocol version

a9595ccd

2021-12-21T13:15:58

regress_ssl: Use intptr_t when shoving an int into a void * Currently the code uses long, but long does not always have the same representation as a pointer, such as on 64-bit Windows where long is only 32-bit due to its unususal LLP64 ABI, but also on CHERI, and thus Arm's prototype Morello architecture, where C language pointers are represented as hardware capabilities, which have bounds, permissions and other metadata to enforce spatial memory safety. Both of these cases warn when casting a long to a pointer (Windows due to long being shorter and thus it being likely you've truncated the address, and CHERI due to long not having any capability metadata like pointers and thus it being likely you've stripped the metadata, with the resulting "null-derived" capability destined to trap if dereferenced), and in both cases casting to intptr_t as the intermediate type instead will get rid of those warnings.

a490172d

2020-10-31T22:53:31

Introduce new BUFFEREVENT_SSL_BATCH_WRITE flag to avoid Nagle effect in SSL

028385f6

2020-05-28T17:14:46

fix build system and add test and cleanup code

cdbb2373

2020-06-25T21:40:40

test: "fix" (with a quirk) leak in ssl/bufferevent_wm (w/o defer callbacks)

08981f8d

2020-01-05T19:02:22

Fix compilation without OPENSSL_API_COMPAT Use the following for openssl 1.1+: - X509_getm_notBefore over X509_get_notBefore - X509_getm_notAfter over X509_get_notAfter - use OPENSSL_VERSION_NUMBER over SSLeay() - add missing headers Refs: openssl/openssl@0b7347effee5

ae9b285d

2019-02-03T18:47:14

test/ssl/bufferevent_wm: explicitly break the loop once client/server received enough There can be tricky cases (that can be reproduced by reducing SO_RCVBUF/SO_SNDBUF to 6144, on linux, and be aware, since linux doubles this const), when there is still write event pending, although we read enough. This should be fixed in a more sophisticated way, but to backport the patch, let's simply break the loop manually. The ssl/bufferevent_wm originally failed on solaris.

b29207dc

2019-01-29T21:12:33

Eliminate fd conversion warnings and introduce EVUTIL_INVALID_SOCKET (windows) windows has intptr_t instead of regular int. Also tt_fd_op() had been introduced, since we cannot use tt_int_op() for comparing fd, since it is not always int.

1fc1c7ef

2018-11-08T00:36:07

regress_ssl: fix ssl/bufferevent_wm_filter for non defered callbacks Even after referenced patch there is still possible recursive callbacks from evbuffer_drain(bev_input), i.e.: wm_transfer() -> evbuffer_drain() -> wm_transfer() inc(ctx->get) But if we will increment ctx->get before drain that we will not add more data to buffer. Refs: 54c6fe3c ("regress_ssl: make ssl/bufferevent_wm_filter more fault-tolerance") CI: https://ci.appveyor.com/project/nmathewson/libevent/build/job/f0rv299i71wnuxdq#L2546

54c6fe3c

2018-11-05T22:25:15

regress_ssl: make ssl/bufferevent_wm_filter more fault-tolerance Due to inplace callbacks (i.e. no BEV_OPT_DEFER_CALLBACKS) we cannot be sure that wm_transfer() will not be called recursively and indeed it still happens sometimes, and the referenced patch increase amount of this times, especially for linux/poll. Fixes: 66304a23cf748714159c988e78f35401c5352827 ("Fix ssl/bufferevent_wm_filter when bev does not reach watermark on break")

66304a23

2018-11-04T20:40:04

Fix ssl/bufferevent_wm_filter when bev does not reach watermark on break For the ssl/bufferevent_wm* we have next configuration: - payload_len = 1024 - wm_high = 5120 - limit = 40960 - to_read = 512 In this test we expect that with high watermark installed to "wm_high" we will read "limit" bytes by reading "to_read" at a time, but adding "payload_len" at a time (this "to_read"/"payload_len" limits is installed to finally overflow watermark). Once we read "limit" bytes we break, by disable EV_READ and reset callbacks. Although this will not work if when we want to break we do not reach watermark, this is because watermarks installs evbuffer callback for the input buffer and if the watermark does not reached it will enable EV_READ while be_openssl_enable() will read from the underlying buffer (in case the openssl bufferevent created via bufferevent_openssl_filter_new()) and call callback again (until it will reach watermark or read al from the underlying buffer -- this is why it stops in our caes). And this is exactly what happened in win32, you can see this in the following logs: - win32 before: OK C:\vagrant\test\regress_ssl.c:829: wm_transfer-client(00DC2750): in: 4608, out: 0, got: 40960 OK C:\vagrant\test\regress_ssl.c:834: wm_transfer-client(00DC2750): break OK C:\vagrant\test\regress_ssl.c:829: wm_transfer-client(00DC2750): in: 4608, out: 0, got: 41472 OK C:\vagrant\test\regress_ssl.c:834: wm_transfer-client(00DC2750): break OK C:\vagrant\test\regress_ssl.c:829: wm_transfer-client(00DC2750): in: 4608, out: 0, got: 41984 OK C:\vagrant\test\regress_ssl.c:834: wm_transfer-client(00DC2750): break OK C:\vagrant\test\regress_ssl.c:829: wm_transfer-client(00DC2750): in: 4608, out: 0, got: 42496 OK C:\vagrant\test\regress_ssl.c:834: wm_transfer-client(00DC2750): break - win32 after: OK C:\vagrant\test\regress_ssl.c:821: wm_transfer-client(00FC26F0): break OK C:\vagrant\test\regress_ssl.c:836: wm_transfer-client(00FC26F0): in: 4800, out: 0, got: 40960 - linux before: OK ../test/regress_ssl.c:829: wm_transfer-client(0x55555566f5e0): in: 5120, out: 0, got: 40960 OK ../test/regress_ssl.c:834: wm_transfer-client(0x55555566f5e0): break - linux after: OK ../test/regress_ssl.c:821: wm_transfer-client(0x55555566f5e0): break OK ../test/regress_ssl.c:836: wm_transfer-client(0x55555566f5e0): in: 5120, out: 0, got: 40960 (As you can see in linux case we already reach watermark hence it passed before). So fix the issue by breaking before draining. But during fixing this I was thinking is this right? I.e. reading from the be_openssl_enable(), maybe we should force deferred callbacks at least?

e8c407e7

2018-11-04T20:15:14

regress_ssl: cover watermarks with deferred callbacks

fb7f43f0

2018-11-04T20:03:50

regress_ssl: improve bufferevent_wm/bufferevent_wm_filter logging - add bev pointer - use EV_SIZE_FMT over %zu (win32)

9fe952a0

2018-10-27T19:34:52

regress_ssl: reset static variables on test setup/cleanup and eliminate leaks One tricky bit is reply to the BIO_C_GET_FD command, since otherwise it will try to close(0) and accepted bev in ssl/bufferevent_connect_sleep will leak. Other seems more or less trivial. This was done to make sure that for at least generic cases does not leak (tricky cases was listed here nmathewson/Libevent#83). And this will allow run ssl/.. with --no-fork

a5b2ed56

2018-10-04T01:03:10

test: cover watermarks (with some corner cases) in ssl bufferevent

28b80754

2018-04-02T13:18:27

Fix build with LibreSSL 2.7 LibreSSL 2.7 implements OpenSSL 1.1 API except for BIO_get_init() See also: https://bugs.freebsd.org/226900 Signed-off-by: Bernard Spil <brnrd@FreeBSD.org> Closes: #617 (cherry-pick)

c2c08e02

2017-11-22T10:33:15

Add missing includes into openssl-compat.h Before it depends from the caller #include appropriate headers (at least for OPENSSL_VERSION_NUMBER), but let's make it independent. Fixes: #574

d057c45e

2017-01-28T16:42:13

Unbreak build with LibreSSL after openssl 1.1 support added Fixes: 3e9e0a0d46e4 ("Make it build using OpenSSL 1.1.0") Fixes: #445

09b62013

2016-12-08T02:11:22

test/ssl: fix bufferevent_getfd() for bufferevent_openssl_filter_new()

d047c241

2016-12-02T18:32:03

test/ssl: cover case when we writing to be_openssl after connecting Right now it fails because of regression for filtered openssl bufferevent, and by it I mean ssl/bufferevent_filter_write_after_connect test, and by fails - hang. Regression-for: da52933550fd4736aa1c213b6de497e2ffc31e34 ("be_openssl: don't call do_write() directly from outbuf_cb")

532a47ce

2016-11-14T02:17:51

test: fix building under openssl 1.1 (init functions has been deprecated) Refs: #397

336f3b11

2016-12-06T13:15:27

Fix _FILE_OFFSET_BITS redinition (solaris/autotools) So firstly include our header (config.h) -- <evconfig-private.h>, and only after it <sys/types.h> since latest has #ifdef guard, while our config.h is not inteded for this. And besides all this thing with LARGE_FILE is a abit awkward, since we don't nefine _LP64/_LP32 anyway, and so we have next error actually (64bit VS 32bit): ==> solaris: In file included from ./util-internal.h:30:0, ==> solaris: from test/regress_ssl.c:49: ==> solaris: ./evconfig-private.h:29:0: warning: "_FILE_OFFSET_BITS" redefined ==> solaris: #define _FILE_OFFSET_BITS 64 ==> solaris: ^ ==> solaris: In file included from /usr/include/sys/types.h:17:0, ==> solaris: from test/regress_ssl.c:38: ==> solaris: /opt/csw/lib/gcc/i386-pc-solaris2.10/5.2.0/include-fixed/sys/feature_tests.h:196:0: note: this is the location of the previous definition ==> solaris: #define _FILE_OFFSET_BITS 32 ==> solaris: ^ For cmake it commented in: 8b228e27f57300be61b57a41a2ec8666b726dc34 ("Lot's of cmake updates")

3e9e0a0d

2016-09-19T22:05:15

Make it build using OpenSSL 1.1.0 Rebased (azat): - tabs instead of whitespaces - make openssl-compat.h safe for complex expressions - do not call sk_SSL_COMP_free() in 1.1 (fixes double free) TODO: - clean methods_bufferevent Closes: #397 (cherry-picked)

f9803a69

2016-10-12T17:49:10

Switch from a 512 to 2048-bit RSA key. The 512 bit key is too small to sign larger hashes. This can cause the regression tests to fail depending on the defaults in libssl.

a9e8cd67

2016-08-09T12:25:11

test/ssl: use send()/recv()/EVUTIL_ERR_RW_RETRIABLE()/EVUTIL_SOCKET_ERROR() to fix win32 Fixes: https://ci.appveyor.com/project/azat/libevent/build/2.1.5.107/job/k70our1xdp0ym4dm#L1906 Fixes: ssl/bufferevent_connect_sleep

73d0360e

2016-02-15T18:01:36

test/regress_ssl: Fix compile problems for win32 Windows doesn't have unistd.h, but have the required functionality in io.h. azat: use ev_ssize_t instead of ssize_t

da0ea7ae

2015-11-18T02:50:25

test/ssl: cover busy-loop (i.e. {read,write}-blocked-on-{write,read} stuff) This covers SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE error codes from ssl, under which we must block read/write to avoid busy looping, and hence extra CPU usage. This test introduces custom BIO that will count read/write and validates counters, with patches for be_openssl that drops handling SSL/SSL_ERROR_WANT_READ there are more then 43K reads, so 100 is pretty ok.

0c4c387c

2015-11-05T10:34:18

test/ssl: export getkey()/getcert()/get_ssl_ctx()/init_ssl() for https

9f02a445

2015-10-05T12:37:41

make test/regress_ssl.c compile without warnings

cdafdf01

2015-09-02T17:49:41

test/regress_ssl: check events fd/pending after timeout triggered In this case client can't connect to server, and this bring to the front some bugs with assigning on already added events (because of ```fd_is_set``` stuff), for more info see #258, since this is the reproducible for it.

74845f11

2015-09-02T17:36:20

test/regress_ssl: cover case when server didn't up (failed with timeout)

df507afa

2015-09-02T17:17:43

test/regress_ssl: covert that we can't change fd with underlying

762edb46

2015-09-02T17:06:51

test/regress_ssl: cover that events (read/write) at finish not pending

b78a8297

2015-09-02T12:35:51

test/regress_ssl: cover fd manipulations

46bba731

2015-09-02T12:31:15

test/regress_ssl: convert open_ssl_bufevs() to mask

34559913

2015-09-02T12:26:40

test/regress_ssl: convert client/server to mask too

04303273

2015-09-02T11:34:13

test/regress_ssl: cover "allow_dirty_shutdown"

342e116f

2015-09-02T11:22:43

test/regress_ssl: convert regress_bufferevent_openssl() to bitmask

25e56fdb

2015-08-25T17:01:42

tests/regress_ssl: drop duplicated assert

89c1a3b7

2014-09-18T12:40:38

Fix several memory leaks in the unit tests. Also add a comment to buffer.c about why we call evbuffer_file_segment_free on failure to add the segment.

e212c548

2014-01-22T13:19:49

Check for OSX when checking for clang.

0ef1d04e

2013-12-17T14:32:07

Get rid of unknown pragma warnings.

69c3516b

2013-12-17T13:28:23

Get rid of deprecation warnings for OpenSSL on OSX 10.7+

f38e0788

2012-11-18T01:36:03

Make ssl version check in unit tests work

5a9a0141

2012-11-16T16:17:07

Fix a couple of compile warnings in the unit tests

1f5a48d1

2012-11-15T11:45:12

Merge remote-tracking branch 'origin/patches-2.0'

ac009f92

2012-11-15T11:43:20

Warn when openssl version in unit test mismatches compiled version.

c2f30863

2012-11-15T11:42:14

Fix renegotiation test to work around openssl 1.0.1 bug There's a bug in openssl 1.0.1 where TLS1.1 and TLS1.2 can't renegotiate with themselves. When testing renegotiation with OpenSSL >=1.0.1 and <1.0.1d, disable those protocols.

2e6a9850

2012-11-01T18:12:07

Merge remote-tracking branch 'github/20_win64_compilation' into 21_win64_compilation Conflicts: event.c http.c sample/event-read-fifo.c test/regress_bufferevent.c

94866c27

2012-11-01T17:38:34

Compile without warnings on mingw64 This is mostly a matter of catching cases where we were still assuming that evutil_socket_t could be used as an int.

9852107f

2012-07-26T10:43:13

Merge remote-tracking branch 'origin/patches-2.0' Conflicts: buffer.c http.c

a2006c00

2012-07-26T10:37:47

Move assignment outside tt_assert in ssl unit tests. Appeases coverity.

539466e5

2012-02-10T17:33:50

Merge remote-tracking branch 'origin/patches-2.0' Conflicts: Makefile.am WIN32-Code/event2/event-config.h configure.in

e49e2891

2012-02-10T17:29:53

0cb70e33

2011-10-26T10:17:21

Merge remote-tracking branch 'origin/patches-2.0'

3c824bd3

2011-10-24T13:18:09

e40bafe7

2011-06-04T21:40:55

Merge remote-tracking branch 'origin/patches-2.0' Conflicts: Makefile.am WIN32-Code/event2/event-config.h configure.in test/regress_ssl.c

bdfb8330

2011-06-03T17:06:17

Fix regress_ssl.c build on openbsd

9f560bfa

2011-05-25T19:50:56

Use "_WIN32", not WIN32: it's standard and we don't need to fake it This patch was automatically generated with perl. Based on a patch by Peter Rosin.

c0bf63ce

2010-12-02T14:13:33

tests: Use relative includes ("") instead of system includes (<>)

02f6259f

2010-10-14T11:44:32

New unit test for ssl bufferevents starting with connected SSLs.

34331e45

2010-10-08T01:09:02

The corrected bufferevent filter semantics let us fix our openssl tests

a5ce9ad4

2010-09-09T16:01:42

Make SSL tests cover enabling/disabling EV_READ. I want my 80% coverage.

17efc1cd

2010-03-04T01:25:51

e5bbd40a

2010-02-18T17:41:15

Clean up formatting: use tabs, not 8-spaces, to indent.

d17c720c

2009-08-14T20:07:01

Remove an extraneous puts(). svn:r1415

cf54d74a

2009-07-30T20:41:41

More unit tests for Openssl, including initializing with no socket. Up to 75% coverage. svn:r1399

7a2a51a3

2009-07-30T20:41:21

Add unit tests for SSL session renegotiation. This tickles the write-blocked-on-read code, and in this case turned up a bug in it. svn:r1397

eecefc50

2009-07-30T20:41:00

Add a function to extract the SSL object from a bufferevent_openssl. svn:r1395

709c21c4

2009-07-28T04:03:57

Bufferevent support for openssl. This code adds a new Bufferevent type that is only compiled when the openssl library is present. It supports using an SSL object and an event alert mechanism, which can either be an fd or an underlying bufferevent. There is still more work to do: the unit tests are incomplete, and we need to support flush and shutdown much better. Sometimes events are generated needlessly: this will hose performance. There's a new encrypting proxy in sample/le-proxy.c. This code has only been tested on OSX, and nowhere else. svn:r1382

kc3-lang/libevent/test/regress_ssl.c

test/regress_ssl.c

Log