"tests",
"threads",
"tls",
- "tls13downgrade",
"ts",
"ubsan",
"ui-console",
"ssl3" => "default",
"ssl3-method" => "default",
"ubsan" => "default",
- "tls13downgrade" => "default",
"unit-test" => "default",
"weak-ssl-ciphers" => "default",
"zlib" => "default",
require additional system-dependent options! See "Note on
multi-threading" below.
- enable-tls13downgrade
- TODO(TLS1.3): Make this enabled by default and remove the
- option when TLSv1.3 is out of draft
- TLSv1.3 offers a downgrade protection mechanism. This is
- implemented but disabled by default. It should not typically
- be enabled except for testing purposes. Otherwise this could
- cause problems if a pre-RFC version of OpenSSL talks to an
- RFC implementation (it will erroneously be detected as a
- downgrade).
-
no-ts
Don't build Time Stamping Authority support.
} else {
ret = RAND_bytes(result, len);
}
-#ifndef OPENSSL_NO_TLS13DOWNGRADE
+
if (ret > 0) {
if (!ossl_assert(sizeof(tls11downgrade) < len)
|| !ossl_assert(sizeof(tls12downgrade) < len))
memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
sizeof(tls11downgrade));
}
-#endif
+
return ret;
}
if (s->version != vent->version)
continue;
-#ifndef OPENSSL_NO_TLS13DOWNGRADE
/* Check for downgrades */
if (s->version == TLS1_2_VERSION && highver > s->version) {
if (memcmp(tls12downgrade,
return 0;
}
}
-#endif
s->method = method;
return 1;
plan skip_all => "$test_name needs TLS1.3 and TLS1.2 enabled"
if disabled("tls1_3") || disabled("tls1_2");
-# TODO(TLS1.3): Enable this when TLSv1.3 comes out of draft
-plan skip_all => "$test_name not run in pre TLSv1.3 RFC implementation"
- if disabled("tls13downgrade");
-
$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
my $proxy = TLSProxy::Proxy->new(
projects / oweals / openssl.git / commitdiff