-
Notifications
You must be signed in to change notification settings - Fork 112
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FIPS compatibility for tests #740
Conversation
20e3686
to
f31b671
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 1 of 1 files at r1, 3 of 3 files at r2, 1 of 1 files at r3, 3 of 3 files at r4, 1 of 1 files at r5, 1 of 1 files at r6.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @tomato42)
scripts/test-certificate-verify-malformed-sig.py, line 168 at r2 (raw file):
conversations["sanity - {0}".format(hash_alg)] = conversation # place SHA-1 sig with SHA-256 indicator
Does this comment still hold, after adding the two additional cases (SHA-256 in SHA-1, SHA-384 in SHA-256)?
also allow the server to quickly close the connection right after the bad CV message
since server can abort right after Certificate or CertificateVerify it doesn't like then and close connection then, we may not be able to write to the socket, reporting a pipe error when in reality server did send an Alert message
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: 0 of 4 files reviewed, 1 unresolved discussion (waiting on @ueno)
scripts/test-certificate-verify-malformed-sig.py, line 168 at r2 (raw file):
Previously, ueno (Daiki Ueno) wrote…
Does this comment still hold, after adding the two additional cases (SHA-256 in SHA-1, SHA-384 in SHA-256)?
true, fixed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 4 of 4 files at r7, 3 of 3 files at r8, 3 of 3 files at r9, 1 of 1 files at r10, 1 of 1 files at r11.
Reviewable status: complete! all files reviewed, all discussions resolved
Description
Update
test-certificate-verify-malformed-sig.py
so that it doesn't require RSA key exchangeAlso fix the bug because of which it wasn't running the sanity cases
Motivation and Context
work towards #563
Checklist
tlslite-ng.json
andtlslite-ng-random-subset.json
This change is