both from an ECH PEM file. Those can be used (by servers) to enable ECH for an
B<SSL_CTX> or B<SSL> connection. In addition to loading those values, the
application can also indicate via I<for_retry> which ECHConfig values are to be
-included in the I<retry_configs> fallback scheme defined by the ECH protocol.
+included in the I<retry_configs> fallback scheme defined by the ECH protocol.
An ECH PEM file may contain a private key and an ECHConfigList with more than
one ECHConfig, for example if different public keys, I<public_name> values, or
setup("test_ech_corrupt");
-# Seeing tls1_2 below may be unexpected but we include a test case
+# Seeing tls1_2 below may be unexpected but we include a test case
# where the inner CH is TLSv1.2 and the outer is TLSv1.3, but we
# don't get the expected error in builds where TLSv1.2 is not supported
# so we'll skip those
rm -f $bechfile
cat $resfile
success=`grep -c "Encrypted ClientHello: yes" $resfile`
-rm -f $resfile
+rm -f $resfile
# if success==1 we're good so exit with a zero for test success
exit $((success != 1))
if [ -f $LDIR/certutil ]
then
mkdir -p $SRCTOP/nss/ca
- LD_LIBRARY_PATH=$NLIB $LDIR/certutil -A \
+ LD_LIBRARY_PATH=$NLIB $LDIR/certutil -A \
-i $SRCTOP/test/certs/rootcert.pem \
-n "oe" -t "CT,C,C" -d $SRCTOP/nss/ca/
fi
| tail -n+2 | head -n+2 | tr -d '\n'`
NSSPARAMS="-Q -4 -b -d $SRCTOP/nss/ca"
-LD_LIBRARY_PATH="$NLIB" $LDIR/tstclnt $NSSPARAMS -h localhost -p 8443 -a $httphost -N $ECH
+LD_LIBRARY_PATH="$NLIB" $LDIR/tstclnt $NSSPARAMS -h localhost -p 8443 -a $httphost -N $ECH
res=$?
exit $res
-
if [ ! -d $SRCTOP/nss/server ]
then
mkdir -p $SRCTOP/nss/server
- LD_LIBRARY_PATH=$LLIB $LDIR/certutil -A \
+ LD_LIBRARY_PATH=$LLIB $LDIR/certutil -A \
-i $SRCTOP/test/certs/rootcert.pem \
-n "oe" -t "CT,C,C" -d $SRCTOP/nss/server/
sillypass="sillypass"
-in $SRCTOP/test/certs/echserver.pem \
-password "pass:$sillypass"
echo -n $sillypass >sillypassfile
- LD_LIBRARY_PATH=$LLIB $LDIR/pk12util \
- -i tmp.p12 -d $SRCTOP/nss/server -w sillypassfile
+ LD_LIBRARY_PATH=$LLIB $LDIR/pk12util \
+ -i tmp.p12 -d $SRCTOP/nss/server -w sillypassfile
cat sillypassfile
# rm -f sillypassfile tmp.p12
fi
echo " CWD: $PWD"
# Start an NSS server
-# We'll let the server generate the ECH key pair for now (see
+# We'll let the server generate the ECH key pair for now (see
# below for why).
# need to use ``stdbuf -o0`` so that we don't get buffering and
projects / thirdparty / openssl.git / commitdiff
