FIPS compatibility for tests #740
Conversation
tomato42
force-pushed
the
fips-compat
branch
2 times, most recently
from
20e3686
to
f31b671
Compare
There was a problem hiding this comment.
Reviewed 1 of 1 files at r1, 3 of 3 files at r2, 1 of 1 files at r3, 3 of 3 files at r4, 1 of 1 files at r5, 1 of 1 files at r6.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @tomato42)
scripts/test-certificate-verify-malformed-sig.py, line 168 at r2 (raw file):
conversations["sanity - {0}".format(hash_alg)] = conversation # place SHA-1 sig with SHA-256 indicator
Does this comment still hold, after adding the two additional cases (SHA-256 in SHA-1, SHA-384 in SHA-256)?
also allow the server to quickly close the connection right after the bad CV message
since server can abort right after Certificate or CertificateVerify it doesn't like then and close connection then, we may not be able to write to the socket, reporting a pipe error when in reality server did send an Alert message
There was a problem hiding this comment.
Reviewable status: 0 of 4 files reviewed, 1 unresolved discussion (waiting on @ueno)
scripts/test-certificate-verify-malformed-sig.py, line 168 at r2 (raw file):
Previously, ueno (Daiki Ueno) wrote…
Does this comment still hold, after adding the two additional cases (SHA-256 in SHA-1, SHA-384 in SHA-256)?
true, fixed
There was a problem hiding this comment.
Reviewed 4 of 4 files at r7, 3 of 3 files at r8, 3 of 3 files at r9, 1 of 1 files at r10, 1 of 1 files at r11.
Reviewable status:complete! all files reviewed, all discussions resolved
Description
Update
test-certificate-verify-malformed-sig.pyso that it doesn't require RSA key exchangeAlso fix the bug because of which it wasn't running the sanity cases
Motivation and Context
work towards #563
Checklist
tlslite-ng.jsonandtlslite-ng-random-subset.jsonThis change is