Re: [openssl-dev] Enhancing ssltest_old.c?

2016-09-05 Thread Bill Cox
Sorry... stupid auto-send still happens on my Goobuntu latptop, even with tap-click disabled on the still poorly supported touchpad. Here's the current PR: https://github.com/openssl/openssl/pull/1538 My feeling is that if we put in the effort to upgrade the new SSL test harness to understand

Re: [openssl-dev] Enhancing ssltest_old.c?

2016-09-05 Thread Bill Cox
I took a quick look through the new SSL test framework, which looks pretty good. I created this pull request to show what I currently propose: On Mon, Sep 5, 2016 at 2:22 PM, Richard Levitte wrote: > I think it makes more sense to extend the new SSL test framework... > >

Re: [openssl-dev] Enhancing ssltest_old.c?

2016-09-05 Thread Richard Levitte
I think it makes more sense to extend the new SSL test framework... Cheers Richard Bill Cox skrev: (5 september 2016 19:14:22 CEST) >I wrote a simple change to custom extensions so that they can be >negotiated >on resume, which is needed by token binding. I put the

[openssl-dev] Enhancing ssltest_old.c?

2016-09-05 Thread Bill Cox
I wrote a simple change to custom extensions so that they can be negotiated on resume, which is needed by token binding. I put the test for this change in test/ssltest_old.c, which seems weird, but there are no custom extension tests in the new SSL tests AFAIK. Do we still extend the old tests

Re: [openssl-dev] FIPS validation

2016-09-05 Thread Steve Marquess
On 09/05/2016 02:09 AM, Leon Brits wrote: > The FIPS validation company says: > > > > “The tests I am most interested in are the failure cases, where you > induce an error in each of the power-on self-tests and conditional tests > (i.e, continuous RNG test, pairwise consistency test).” > >

Re: [openssl-dev] [openssl.org beetle 4668] Enhancement request: website: support proper titles

2016-09-05 Thread Steffen Nurpmeso
"Salz, Rich" wrote: |> Maybe you like it. I haven't tried it, but see no reason why it |> shouldn't work. It also adjusts headline tags in secpolicy.html, \ |> which don't |> comply to the rest of the site yet. | |It's good enough. None of us our web developers. I just

Re: [openssl-dev] Certificate torture test

2016-09-05 Thread David Woodhouse
On Fri, 2016-09-02 at 20:20 +, Salz, Rich wrote: > > I've started collecting a certificate torture test suite at > > http://git.infradead.org/users/dwmw2/openconnect.git/blob/HEAD:/tests/Makefile.am > > I think this is cool, and splitting it off is a good idea.  I think > some IETF folks

[openssl-dev] FIPS validation

2016-09-05 Thread Leon Brits
The FIPS validation company says: "The tests I am most interested in are the failure cases, where you induce an error in each of the power-on self-tests and conditional tests (i.e, continuous RNG test, pairwise consistency test)." Can anybody tell me how I can induce these errors? I do run