Merge remote-tracking branch 'public/pr/2448' into development
* public/pr/2448: Reword changelog entry Update change log Reenable GnuTLS next based tests
This commit is contained in:
Simon Butcher
commit
700cbac98a
@ -53,6 +53,8 @@ Changes
|
|||||||
underlying OS actually guarantees.
|
underlying OS actually guarantees.
|
||||||
* Fix configuration queries in ssl-opt.h. #2030
|
* Fix configuration queries in ssl-opt.h. #2030
|
||||||
* Ensure that ssl-opt.h can be run in OS X. #2029
|
* Ensure that ssl-opt.h can be run in OS X. #2029
|
||||||
|
* Re-enable certain interoperability tests in ssl-opt.sh which had previously
|
||||||
|
been disabled for lack of a sufficiently recent version of GnuTLS on the CI.
|
||||||
|
|
||||||
= mbed TLS 2.16.0 branch released 2018-12-21
|
= mbed TLS 2.16.0 branch released 2018-12-21
|
||||||
|
|
||||||
|
|||||||
@ -7061,13 +7061,7 @@ run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
|
|||||||
-c "fragmenting handshake message" \
|
-c "fragmenting handshake message" \
|
||||||
-C "error"
|
-C "error"
|
||||||
|
|
||||||
## The two tests below are disabled due to a bug in GnuTLS client that causes
|
requires_gnutls_next
|
||||||
## handshake failures when the NewSessionTicket message is lost, see
|
|
||||||
## https://gitlab.com/gnutls/gnutls/issues/543
|
|
||||||
## We can re-enable them when a fixed version fo GnuTLS is available
|
|
||||||
## and installed in our CI system.
|
|
||||||
skip_next_test
|
|
||||||
requires_gnutls
|
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
requires_config_enabled MBEDTLS_ECDSA_C
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
@ -7079,12 +7073,11 @@ run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \
|
|||||||
crt_file=data_files/server7_int-ca.crt \
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
key_file=data_files/server7.key \
|
key_file=data_files/server7.key \
|
||||||
hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
|
hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
|
||||||
"$G_CLI -u --insecure 127.0.0.1" \
|
"$G_NEXT_CLI -u --insecure 127.0.0.1" \
|
||||||
0 \
|
0 \
|
||||||
-s "fragmenting handshake message"
|
-s "fragmenting handshake message"
|
||||||
|
|
||||||
skip_next_test
|
requires_gnutls_next
|
||||||
requires_gnutls
|
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
requires_config_enabled MBEDTLS_ECDSA_C
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
@ -7096,7 +7089,7 @@ run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.0" \
|
|||||||
crt_file=data_files/server7_int-ca.crt \
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
key_file=data_files/server7.key \
|
key_file=data_files/server7.key \
|
||||||
hs_timeout=250-60000 mtu=512 force_version=dtls1" \
|
hs_timeout=250-60000 mtu=512 force_version=dtls1" \
|
||||||
"$G_CLI -u --insecure 127.0.0.1" \
|
"$G_NEXT_CLI -u --insecure 127.0.0.1" \
|
||||||
0 \
|
0 \
|
||||||
-s "fragmenting handshake message"
|
-s "fragmenting handshake message"
|
||||||
|
|
||||||
@ -7666,29 +7659,23 @@ run_test "DTLS proxy: 3d, gnutls server" \
|
|||||||
-s "Extra-header:" \
|
-s "Extra-header:" \
|
||||||
-c "Extra-header:"
|
-c "Extra-header:"
|
||||||
|
|
||||||
# The next two test are disabled because they tend to trigger a bug in the
|
requires_gnutls_next
|
||||||
# version of GnuTLS that's currently installed on our CI. The bug occurs when
|
|
||||||
# different fragments of the same handshake message are received out-of-order
|
|
||||||
# by GnuTLS and results in a timeout. It's been fixed in GnuTLS 3.5.2.
|
|
||||||
skip_next_test
|
|
||||||
requires_gnutls
|
|
||||||
client_needs_more_time 8
|
client_needs_more_time 8
|
||||||
not_with_valgrind # risk of non-mbedtls peer timing out
|
not_with_valgrind # risk of non-mbedtls peer timing out
|
||||||
run_test "DTLS proxy: 3d, gnutls server, fragmentation" \
|
run_test "DTLS proxy: 3d, gnutls server, fragmentation" \
|
||||||
-p "$P_PXY drop=5 delay=5 duplicate=5" \
|
-p "$P_PXY drop=5 delay=5 duplicate=5" \
|
||||||
"$G_SRV -u --mtu 512" \
|
"$G_NEXT_SRV -u --mtu 512" \
|
||||||
"$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \
|
"$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \
|
||||||
0 \
|
0 \
|
||||||
-s "Extra-header:" \
|
-s "Extra-header:" \
|
||||||
-c "Extra-header:"
|
-c "Extra-header:"
|
||||||
|
|
||||||
skip_next_test
|
requires_gnutls_next
|
||||||
requires_gnutls
|
|
||||||
client_needs_more_time 8
|
client_needs_more_time 8
|
||||||
not_with_valgrind # risk of non-mbedtls peer timing out
|
not_with_valgrind # risk of non-mbedtls peer timing out
|
||||||
run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \
|
run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \
|
||||||
-p "$P_PXY drop=5 delay=5 duplicate=5" \
|
-p "$P_PXY drop=5 delay=5 duplicate=5" \
|
||||||
"$G_SRV -u --mtu 512" \
|
"$G_NEXT_SRV -u --mtu 512" \
|
||||||
"$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2" \
|
"$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2" \
|
||||||
0 \
|
0 \
|
||||||
-s "Extra-header:" \
|
-s "Extra-header:" \
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user