kc3-lang/libevent/test/regress_ssl.c
Branch :
Log
| Author | Commit | Date | CI | Message |
|---|---|---|---|---|
 |
5755befd | 2024-10-15 12:44:09 | fix a Werror error | |
|
370d9924 | 2024-10-15 12:33:52 | mbedtls3 does not support tls<1.3, and tls<1.3 does not support renegotiations. therefore, disable | |
 |
d1a90d09 | 2024-08-07 17:20:46 | tests: Fix potential NULL pointer dereference | |
 |
c22f2757 | 2022-07-09 23:27:23 | Use OPENSSL_VERSION_NUMBER over OPENSSL_VERSION_MAJOR (for compatibility) Since OpenSSL 3.0 there is new OPENSSL_VERSION_MAJOR, but previous releases does not have it. So let's use plain old OPENSSL_VERSION_NUMBER to avoid more preprocessor macros. | |
 |
29c420c4 | 2022-06-18 21:43:31 | Initial OpenSSL 3.0 support * Don't use deprecated functions when building against OpenSSL 3.0. * Recognise that OpenSSL 3.0 can signal a dirty shutdown as a protocol. error in addition to the expected IO error produced by OpenSSL 1.1.1 * Update regress_mbedtls.c for compatibility with OpenSSL 3 | |
 |
187f6b91 | 2022-06-27 22:41:47 | OpenSSL 3 fixes: Disable TLS 1.3 when testing renegotiation support TLS 1.3 does not support renegotation - it has been removed from the protocol. Disable TLS 1.3 when testing this, so we negotiate an older protocol version | |
 |
a9595ccd | 2021-12-21 13:15:58 | regress_ssl: Use intptr_t when shoving an int into a void * Currently the code uses long, but long does not always have the same representation as a pointer, such as on 64-bit Windows where long is only 32-bit due to its unususal LLP64 ABI, but also on CHERI, and thus Arm's prototype Morello architecture, where C language pointers are represented as hardware capabilities, which have bounds, permissions and other metadata to enforce spatial memory safety. Both of these cases warn when casting a long to a pointer (Windows due to long being shorter and thus it being likely you've truncated the address, and CHERI due to long not having any capability metadata like pointers and thus it being likely you've stripped the metadata, with the resulting "null-derived" capability destined to trap if dereferenced), and in both cases casting to intptr_t as the intermediate type instead will get rid of those warnings. | |
|
a490172d | 2020-10-31 22:53:31 | Introduce new BUFFEREVENT_SSL_BATCH_WRITE flag to avoid Nagle effect in SSL | |
 |
028385f6 | 2020-05-28 17:14:46 | fix build system and add test and cleanup code | |
|
cdbb2373 | 2020-06-25 21:40:40 | test: "fix" (with a quirk) leak in ssl/bufferevent_wm (w/o defer callbacks) | |
|
08981f8d | 2020-01-05 19:02:22 | Fix compilation without OPENSSL_API_COMPAT Use the following for openssl 1.1+: - X509_getm_notBefore over X509_get_notBefore - X509_getm_notAfter over X509_get_notAfter - use OPENSSL_VERSION_NUMBER over SSLeay() - add missing headers Refs: openssl/openssl@0b7347effee5 | |
|
ae9b285d | 2019-02-03 18:47:14 | test/ssl/bufferevent_wm: explicitly break the loop once client/server received enough There can be tricky cases (that can be reproduced by reducing SO_RCVBUF/SO_SNDBUF to 6144, on linux, and be aware, since linux doubles this const), when there is still write event pending, although we read enough. This should be fixed in a more sophisticated way, but to backport the patch, let's simply break the loop manually. The ssl/bufferevent_wm originally failed on solaris. | |
|
b29207dc | 2019-01-29 21:12:33 | Eliminate fd conversion warnings and introduce EVUTIL_INVALID_SOCKET (windows) windows has intptr_t instead of regular int. Also tt_fd_op() had been introduced, since we cannot use tt_int_op() for comparing fd, since it is not always int. | |
 |
1fc1c7ef | 2018-11-08 00:36:07 | regress_ssl: fix ssl/bufferevent_wm_filter for non defered callbacks Even after referenced patch there is still possible recursive callbacks from evbuffer_drain(bev_input), i.e.: wm_transfer() -> evbuffer_drain() -> wm_transfer() inc(ctx->get) But if we will increment ctx->get before drain that we will not add more data to buffer. Refs: 54c6fe3c ("regress_ssl: make ssl/bufferevent_wm_filter more fault-tolerance") CI: https://ci.appveyor.com/project/nmathewson/libevent/build/job/f0rv299i71wnuxdq#L2546 | |
|
54c6fe3c | 2018-11-05 22:25:15 | regress_ssl: make ssl/bufferevent_wm_filter more fault-tolerance Due to inplace callbacks (i.e. no BEV_OPT_DEFER_CALLBACKS) we cannot be sure that wm_transfer() will not be called recursively and indeed it still happens sometimes, and the referenced patch increase amount of this times, especially for linux/poll. Fixes: 66304a23cf748714159c988e78f35401c5352827 ("Fix ssl/bufferevent_wm_filter when bev does not reach watermark on break") | |
|
66304a23 | 2018-11-04 20:40:04 | Fix ssl/bufferevent_wm_filter when bev does not reach watermark on break For the ssl/bufferevent_wm* we have next configuration: - payload_len = 1024 - wm_high = 5120 - limit = 40960 - to_read = 512 In this test we expect that with high watermark installed to "wm_high" we will read "limit" bytes by reading "to_read" at a time, but adding "payload_len" at a time (this "to_read"/"payload_len" limits is installed to finally overflow watermark). Once we read "limit" bytes we break, by disable EV_READ and reset callbacks. Although this will not work if when we want to break we do not reach watermark, this is because watermarks installs evbuffer callback for the input buffer and if the watermark does not reached it will enable EV_READ while be_openssl_enable() will read from the underlying buffer (in case the openssl bufferevent created via bufferevent_openssl_filter_new()) and call callback again (until it will reach watermark or read al from the underlying buffer -- this is why it stops in our caes). And this is exactly what happened in win32, you can see this in the following logs: - win32 before: OK C:\vagrant\test\regress_ssl.c:829: wm_transfer-client(00DC2750): in: 4608, out: 0, got: 40960 OK C:\vagrant\test\regress_ssl.c:834: wm_transfer-client(00DC2750): break OK C:\vagrant\test\regress_ssl.c:829: wm_transfer-client(00DC2750): in: 4608, out: 0, got: 41472 OK C:\vagrant\test\regress_ssl.c:834: wm_transfer-client(00DC2750): break OK C:\vagrant\test\regress_ssl.c:829: wm_transfer-client(00DC2750): in: 4608, out: 0, got: 41984 OK C:\vagrant\test\regress_ssl.c:834: wm_transfer-client(00DC2750): break OK C:\vagrant\test\regress_ssl.c:829: wm_transfer-client(00DC2750): in: 4608, out: 0, got: 42496 OK C:\vagrant\test\regress_ssl.c:834: wm_transfer-client(00DC2750): break - win32 after: OK C:\vagrant\test\regress_ssl.c:821: wm_transfer-client(00FC26F0): break OK C:\vagrant\test\regress_ssl.c:836: wm_transfer-client(00FC26F0): in: 4800, out: 0, got: 40960 - linux before: OK ../test/regress_ssl.c:829: wm_transfer-client(0x55555566f5e0): in: 5120, out: 0, got: 40960 OK ../test/regress_ssl.c:834: wm_transfer-client(0x55555566f5e0): break - linux after: OK ../test/regress_ssl.c:821: wm_transfer-client(0x55555566f5e0): break OK ../test/regress_ssl.c:836: wm_transfer-client(0x55555566f5e0): in: 5120, out: 0, got: 40960 (As you can see in linux case we already reach watermark hence it passed before). So fix the issue by breaking before draining. But during fixing this I was thinking is this right? I.e. reading from the be_openssl_enable(), maybe we should force deferred callbacks at least? | |
|
e8c407e7 | 2018-11-04 20:15:14 | regress_ssl: cover watermarks with deferred callbacks | |
|
fb7f43f0 | 2018-11-04 20:03:50 | regress_ssl: improve bufferevent_wm/bufferevent_wm_filter logging - add bev pointer - use EV_SIZE_FMT over %zu (win32) | |
|
9fe952a0 | 2018-10-27 19:34:52 | regress_ssl: reset static variables on test setup/cleanup and eliminate leaks One tricky bit is reply to the BIO_C_GET_FD command, since otherwise it will try to close(0) and accepted bev in ssl/bufferevent_connect_sleep will leak. Other seems more or less trivial. This was done to make sure that for at least generic cases does not leak (tricky cases was listed here nmathewson/Libevent#83). And this will allow run ssl/.. with --no-fork | |
|
a5b2ed56 | 2018-10-04 01:03:10 | test: cover watermarks (with some corner cases) in ssl bufferevent | |
 |
28b80754 | 2018-04-02 13:18:27 | Fix build with LibreSSL 2.7 LibreSSL 2.7 implements OpenSSL 1.1 API except for BIO_get_init() See also: https://bugs.freebsd.org/226900 Signed-off-by: Bernard Spil <brnrd@FreeBSD.org> Closes: #617 (cherry-pick) | |
|
c2c08e02 | 2017-11-22 10:33:15 | Add missing includes into openssl-compat.h Before it depends from the caller #include appropriate headers (at least for OPENSSL_VERSION_NUMBER), but let's make it independent. Fixes: #574 | |
 |
d057c45e | 2017-01-28 16:42:13 | Unbreak build with LibreSSL after openssl 1.1 support added Fixes: 3e9e0a0d46e4 ("Make it build using OpenSSL 1.1.0") Fixes: #445 | |
|
09b62013 | 2016-12-08 02:11:22 | test/ssl: fix bufferevent_getfd() for bufferevent_openssl_filter_new() | |
|
d047c241 | 2016-12-02 18:32:03 | test/ssl: cover case when we writing to be_openssl after connecting Right now it fails because of regression for filtered openssl bufferevent, and by it I mean ssl/bufferevent_filter_write_after_connect test, and by fails - hang. Regression-for: da52933550fd4736aa1c213b6de497e2ffc31e34 ("be_openssl: don't call do_write() directly from outbuf_cb") | |
|
532a47ce | 2016-11-14 02:17:51 | test: fix building under openssl 1.1 (init functions has been deprecated) Refs: #397 | |
|
336f3b11 | 2016-12-06 13:15:27 | Fix _FILE_OFFSET_BITS redinition (solaris/autotools) So firstly include our header (config.h) -- <evconfig-private.h>, and only after it <sys/types.h> since latest has #ifdef guard, while our config.h is not inteded for this. And besides all this thing with LARGE_FILE is a abit awkward, since we don't nefine _LP64/_LP32 anyway, and so we have next error actually (64bit VS 32bit): ==> solaris: In file included from ./util-internal.h:30:0, ==> solaris: from test/regress_ssl.c:49: ==> solaris: ./evconfig-private.h:29:0: warning: "_FILE_OFFSET_BITS" redefined ==> solaris: #define _FILE_OFFSET_BITS 64 ==> solaris: ^ ==> solaris: In file included from /usr/include/sys/types.h:17:0, ==> solaris: from test/regress_ssl.c:38: ==> solaris: /opt/csw/lib/gcc/i386-pc-solaris2.10/5.2.0/include-fixed/sys/feature_tests.h:196:0: note: this is the location of the previous definition ==> solaris: #define _FILE_OFFSET_BITS 32 ==> solaris: ^ For cmake it commented in: 8b228e27f57300be61b57a41a2ec8666b726dc34 ("Lot's of cmake updates") | |
 |
3e9e0a0d | 2016-09-19 22:05:15 | Make it build using OpenSSL 1.1.0 Rebased (azat): - tabs instead of whitespaces - make openssl-compat.h safe for complex expressions - do not call sk_SSL_COMP_free() in 1.1 (fixes double free) TODO: - clean methods_bufferevent Closes: #397 (cherry-picked) | |
 |
f9803a69 | 2016-10-12 17:49:10 | Switch from a 512 to 2048-bit RSA key. The 512 bit key is too small to sign larger hashes. This can cause the regression tests to fail depending on the defaults in libssl. | |
|
a9e8cd67 | 2016-08-09 12:25:11 | test/ssl: use send()/recv()/EVUTIL_ERR_RW_RETRIABLE()/EVUTIL_SOCKET_ERROR() to fix win32 Fixes: https://ci.appveyor.com/project/azat/libevent/build/2.1.5.107/job/k70our1xdp0ym4dm#L1906 Fixes: ssl/bufferevent_connect_sleep | |
 |
73d0360e | 2016-02-15 18:01:36 | test/regress_ssl: Fix compile problems for win32 Windows doesn't have unistd.h, but have the required functionality in io.h. azat: use ev_ssize_t instead of ssize_t | |
|
da0ea7ae | 2015-11-18 02:50:25 | test/ssl: cover busy-loop (i.e. {read,write}-blocked-on-{write,read} stuff) This covers SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE error codes from ssl, under which we must block read/write to avoid busy looping, and hence extra CPU usage. This test introduces custom BIO that will count read/write and validates counters, with patches for be_openssl that drops handling SSL/SSL_ERROR_WANT_READ there are more then 43K reads, so 100 is pretty ok. | |
|
0c4c387c | 2015-11-05 10:34:18 | test/ssl: export getkey()/getcert()/get_ssl_ctx()/init_ssl() for https | |
 |
9f02a445 | 2015-10-05 12:37:41 | make test/regress_ssl.c compile without warnings | |
|
cdafdf01 | 2015-09-02 17:49:41 | test/regress_ssl: check events fd/pending after timeout triggered In this case client can't connect to server, and this bring to the front some bugs with assigning on already added events (because of ```fd_is_set``` stuff), for more info see #258, since this is the reproducible for it. | |
|
74845f11 | 2015-09-02 17:36:20 | test/regress_ssl: cover case when server didn't up (failed with timeout) | |
|
df507afa | 2015-09-02 17:17:43 | test/regress_ssl: covert that we can't change fd with underlying | |
|
762edb46 | 2015-09-02 17:06:51 | test/regress_ssl: cover that events (read/write) at finish not pending | |
|
b78a8297 | 2015-09-02 12:35:51 | test/regress_ssl: cover fd manipulations | |
|
46bba731 | 2015-09-02 12:31:15 | test/regress_ssl: convert open_ssl_bufevs() to mask | |
|
34559913 | 2015-09-02 12:26:40 | test/regress_ssl: convert client/server to mask too | |
|
04303273 | 2015-09-02 11:34:13 | test/regress_ssl: cover "allow_dirty_shutdown" | |
|
342e116f | 2015-09-02 11:22:43 | test/regress_ssl: convert regress_bufferevent_openssl() to bitmask | |
|
25e56fdb | 2015-08-25 17:01:42 | tests/regress_ssl: drop duplicated assert | |
 |
89c1a3b7 | 2014-09-18 12:40:38 | Fix several memory leaks in the unit tests. Also add a comment to buffer.c about why we call evbuffer_file_segment_free on failure to add the segment. | |
 |
e212c548 | 2014-01-22 13:19:49 | Check for OSX when checking for clang. | |
|
0ef1d04e | 2013-12-17 14:32:07 | Get rid of unknown pragma warnings. | |
|
69c3516b | 2013-12-17 13:28:23 | Get rid of deprecation warnings for OpenSSL on OSX 10.7+ | |
|
f38e0788 | 2012-11-18 01:36:03 | Make ssl version check in unit tests work | |
|
5a9a0141 | 2012-11-16 16:17:07 | Fix a couple of compile warnings in the unit tests | |
|
1f5a48d1 | 2012-11-15 11:45:12 | Merge remote-tracking branch 'origin/patches-2.0' | |
|
ac009f92 | 2012-11-15 11:43:20 | Warn when openssl version in unit test mismatches compiled version. | |
|
c2f30863 | 2012-11-15 11:42:14 | Fix renegotiation test to work around openssl 1.0.1 bug There's a bug in openssl 1.0.1 where TLS1.1 and TLS1.2 can't renegotiate with themselves. When testing renegotiation with OpenSSL >=1.0.1 and <1.0.1d, disable those protocols. | |
|
2e6a9850 | 2012-11-01 18:12:07 | Merge remote-tracking branch 'github/20_win64_compilation' into 21_win64_compilation Conflicts: event.c http.c sample/event-read-fifo.c test/regress_bufferevent.c | |
|
94866c27 | 2012-11-01 17:38:34 | Compile without warnings on mingw64 This is mostly a matter of catching cases where we were still assuming that evutil_socket_t could be used as an int. | |
|
9852107f | 2012-07-26 10:43:13 | Merge remote-tracking branch 'origin/patches-2.0' Conflicts: buffer.c http.c | |
|
a2006c00 | 2012-07-26 10:37:47 | Move assignment outside tt_assert in ssl unit tests. Appeases coverity. | |
|
539466e5 | 2012-02-10 17:33:50 | Merge remote-tracking branch 'origin/patches-2.0' Conflicts: Makefile.am WIN32-Code/event2/event-config.h configure.in | |
|
e49e2891 | 2012-02-10 17:29:53 | Update copyright notices to 2012 | |
|
0cb70e33 | 2011-10-26 10:17:21 | Merge remote-tracking branch 'origin/patches-2.0' | |
|
3c824bd3 | 2011-10-24 13:18:09 | Update copyright dates to 2011. | |
|
e40bafe7 | 2011-06-04 21:40:55 | Merge remote-tracking branch 'origin/patches-2.0' Conflicts: Makefile.am WIN32-Code/event2/event-config.h configure.in test/regress_ssl.c | |
|
bdfb8330 | 2011-06-03 17:06:17 | Fix regress_ssl.c build on openbsd | |
|
9f560bfa | 2011-05-25 19:50:56 | Use "_WIN32", not WIN32: it's standard and we don't need to fake it This patch was automatically generated with perl. Based on a patch by Peter Rosin. | |
 |
c0bf63ce | 2010-12-02 14:13:33 | tests: Use relative includes ("") instead of system includes (<>) | |
|
02f6259f | 2010-10-14 11:44:32 | New unit test for ssl bufferevents starting with connected SSLs. | |
|
34331e45 | 2010-10-08 01:09:02 | The corrected bufferevent filter semantics let us fix our openssl tests | |
|
a5ce9ad4 | 2010-09-09 16:01:42 | Make SSL tests cover enabling/disabling EV_READ. I want my 80% coverage. | |
|
17efc1cd | 2010-03-04 01:25:51 | Update all our copyright notices to say "2010" | |
|
e5bbd40a | 2010-02-18 17:41:15 | Clean up formatting: use tabs, not 8-spaces, to indent. | |
|
d17c720c | 2009-08-14 20:07:01 | Remove an extraneous puts(). svn:r1415 | |
|
cf54d74a | 2009-07-30 20:41:41 | More unit tests for Openssl, including initializing with no socket. Up to 75% coverage. svn:r1399 | |
|
7a2a51a3 | 2009-07-30 20:41:21 | Add unit tests for SSL session renegotiation. This tickles the write-blocked-on-read code, and in this case turned up a bug in it. svn:r1397 | |
|
eecefc50 | 2009-07-30 20:41:00 | Add a function to extract the SSL object from a bufferevent_openssl. svn:r1395 | |
|
709c21c4 | 2009-07-28 04:03:57 | Bufferevent support for openssl. This code adds a new Bufferevent type that is only compiled when the openssl library is present. It supports using an SSL object and an event alert mechanism, which can either be an fd or an underlying bufferevent. There is still more work to do: the unit tests are incomplete, and we need to support flush and shutdown much better. Sometimes events are generated needlessly: this will hose performance. There's a new encrypting proxy in sample/le-proxy.c. This code has only been tested on OSX, and nowhere else. svn:r1382 |