-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Backport 2.28: Fix skipped tests in configurations without RSA #9137
Merged
gilles-peskine-arm
merged 10 commits into
Mbed-TLS:mbedtls-2.28
from
gilles-peskine-arm:ssl-opt-server2-detection-2.28
May 15, 2024
Merged
Backport 2.28: Fix skipped tests in configurations without RSA #9137
gilles-peskine-arm
merged 10 commits into
Mbed-TLS:mbedtls-2.28
from
gilles-peskine-arm:ssl-opt-server2-detection-2.28
May 15, 2024
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Only s_server has a -nocert option, s_client doesn't. Fixes OpenSSL client test cases in PSK-only builds. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When given a PSK key but no username, gnutls-cli prompts for a password. Prevent that by passing --pskusername with the same identity that ssl_server2 uses by default. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
ssl-opt.sh uses a 3-byte PSK in many test cases. Unfortunately GnuTLS >=3.4.0 rejects a PSK that is less than 4 bytes long: > Error setting the PSK credentials: The request is invalid. Use a longer PSK throughout ssl-opt. Only the test cases involving GnuTLS need to change, but it's easier to do a global search-and-replace, and it's easier to not have to worry about mismatches in constructed test cases later, so replace everything. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This allows many tests to pass with the system openssl and gnutls-*. As before, not all test cases will pass due to differences between versions and build options. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Replace more sample PSK by longer (GnuTLS-compatible) strings, taking care of keeping distinct PSK distinct for wrong-PSK tests. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
gilles-peskine-arm
added
component-tls
needs-ci
Needs to pass CI tests
size-s
Estimated task size: small (~2d)
priority-high
High priority - will be reviewed soon
labels
May 14, 2024
ronald-cron-arm
approved these changes
May 14, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
gilles-peskine-arm
added
needs-review
Every commit must be reviewed by at least two team members,
and removed
needs-ci
Needs to pass CI tests
labels
May 14, 2024
Nightly outcomes vs outcomes for 0d16d812646c6a4116dc5c8cc04a1afb7711d454: the
|
paul-elliott-arm
approved these changes
May 15, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
paul-elliott-arm
added
approved
Design and code approved - may be waiting for CI or backports
and removed
needs-review
Every commit must be reviewed by at least two team members,
labels
May 15, 2024
4 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
approved
Design and code approved - may be waiting for CI or backports
component-tls
priority-high
High priority - will be reviewed soon
size-s
Estimated task size: small (~2d)
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport of incidental bug fixes and improvements from #9067 (the main issue doesn't apply in 2.28).
PR checklist
Please tick as appropriate and edit the reasons (e.g.: "backport: not needed because this is a new feature")