Re: Test suite and OpenSSL 1.1.1

Plus r1844425 which simplifies TestRequest.pm since IO::Socket::SSL has a working getline(). Am 20.10.2018 um 09:59 schrieb Rainer Jung: I now also added r1844396 to allow setting the CA for peer cert verification and used it in echo.t and nttp-like.t to unbreak their ssl testing (r1844397).

Re: Test suite and OpenSSL 1.1.1

Am 20.10.2018 um 13:26 schrieb Christophe JAILLET: Le 20/10/2018 à 11:00, Rainer Jung a écrit : Am 20.10.2018 um 10:27 schrieb Christophe JAILLET: Le 20/10/2018 à 09:56, Rainer Jung a écrit : Am 20.10.2018 um 09:39 schrieb Christophe JAILLET: Le 20/10/2018 à 06:28, Rainer Jung a écrit : Am

Re: Test suite and OpenSSL 1.1.1

Le 20/10/2018 à 11:00, Rainer Jung a écrit : Am 20.10.2018 um 10:27 schrieb Christophe JAILLET: Le 20/10/2018 à 09:56, Rainer Jung a écrit : Am 20.10.2018 um 09:39 schrieb Christophe JAILLET: Le 20/10/2018 à 06:28, Rainer Jung a écrit : Am 19.10.2018 um 23:31 schrieb Yann Ylavic: Could not

Re: Test suite and OpenSSL 1.1.1

Am 20.10.2018 um 10:27 schrieb Christophe JAILLET: Le 20/10/2018 à 09:56, Rainer Jung a écrit : Am 20.10.2018 um 09:39 schrieb Christophe JAILLET: Le 20/10/2018 à 06:28, Rainer Jung a écrit : Am 19.10.2018 um 23:31 schrieb Yann Ylavic: Could not make the test suite framework work with 1.1.1

Re: Test suite and OpenSSL 1.1.1

Le 20/10/2018 à 09:56, Rainer Jung a écrit : Hi, Am 20.10.2018 um 09:39 schrieb Christophe JAILLET: Le 20/10/2018 à 06:28, Rainer Jung a écrit : Am 19.10.2018 um 23:31 schrieb Yann Ylavic: Could not make the test suite framework work with 1.1.1 (cpan -u didn't help). Although the ssl tests

Re: Test suite and OpenSSL 1.1.1

I now also added r1844396 to allow setting the CA for peer cert verification and used it in echo.t and nttp-like.t to unbreak their ssl testing (r1844397). I didn't find more uses of the raw sockets. Regards, Rainer Am 20.10.2018 um 08:47 schrieb Rainer Jung: To make the raw TLS socket

Re: Test suite and OpenSSL 1.1.1

Hi, Am 20.10.2018 um 09:39 schrieb Christophe JAILLET: Le 20/10/2018 à 06:28, Rainer Jung a écrit : Am 19.10.2018 um 23:31 schrieb Yann Ylavic: Could not make the test suite framework work with 1.1.1 (cpan -u didn't help). Although the ssl tests report SUCCESS, httpd actually timeouts on

Re: Test suite and OpenSSL 1.1.1

Le 20/10/2018 à 06:28, Rainer Jung a écrit : Am 19.10.2018 um 23:31 schrieb Yann Ylavic: Could not make the test suite framework work with 1.1.1 (cpan -u didn't help). Although the ssl tests report SUCCESS, httpd actually timeouts on SSL_peek() (as already reported). Indeed I checked my test

Re: [VOTE] Release httpd-2.4.37

+1 FreeBSD 11.2-RELEASE-p4 amd64 openssl111-1.1.1_1 perl5-5.28.0 php72-7.2.11 Tested both prefork and event MPM -- Dennis

Re: Test suite and OpenSSL 1.1.1

To make the raw TLS socket tests work I added r1844393. Both, r1844389 and r1844393 are part of the /perl/Apache-Test/trunk/ external which gets pulled into our test framework. Regards, Rainer Am 20.10.2018 um 06:28 schrieb Rainer Jung: Am 19.10.2018 um 23:31 schrieb Yann Ylavic: Could not

t/security/CVE-2009-3555.t fails in 2.4.37 with TLS 1.3 - also false positive?

Test t/security/CVE-2009-3555.t (hardening against MITM SSL-renegotiation) fails in 2.4.37 when actually using TLS 1.3. It is not that easy to use TLS 1.3 for this test. The test uses a raw SSL socket created by Net::SSL, but that module is outdated and does not support TLS 1.3. I patched

OCSP with TLS 1.3 in 2.4.37 false positive?

After Yann's mail I double checked and fixed my setup to actually use TLS 1.3 in the test suite when OpenSSL 1.1.1 is available. I now see a new OCSP test failure, namely test 3 (revoked certificate). The revocation is correctly detected [Sat Oct 20 06:14:46.492343 2018] [ssl:error] [pid