openbsd/src/regress/lib/libssl/interop/Makefile, branch libressl-v3.2.0

openbsd/src/regress/lib/libssl/interop/Makefile, branch libressl-v3.2.0 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.2.0 2020-01-25T16:10:32+00:00 Disable cert interop tests for now. 2020-01-25T16:10:32+00:00 jsing 2020-01-25T16:10:32+00:00 urn:sha1:7d21cbd7f1e56eb8ddf1d70461ed852a17e87e91 The libressl TLSv1.3 client and server currently lack client certificate authentication support and this test expects all clients can auth with all servers. We can likely turn this back on in the near future. Actually disable cipher interop tests. 2020-01-25T16:09:05+00:00 jsing 2020-01-25T16:09:05+00:00 urn:sha1:2de79ce59f152afc2bd7f8ebf2d6e99265f6df6f Disable the cipher interop tests. 2020-01-25T16:08:25+00:00 jsing 2020-01-25T16:08:25+00:00 urn:sha1:56946132136f68c15473210cddc908c241274b83 These make far too many assumptions about cipher suites - TLSv1.3 cipher suites can only be used with TLSv1.3 and there is tests using TLSv1.3 cipher suites with TLSv1.2 will not work. Likewise, expecting TLSv1.2 cipher suites to work with TLSv1.3 is futile. Additionally, eopenssl11 lists TLSv1.3 cipher suites with different names to libressl. Futher work will be necessary before this can be re-enabled. Test that all supported TLS ciphers actually work. Establish 2019-02-21T23:06:33+00:00 bluhm 2019-02-21T23:06:33+00:00 urn:sha1:375349e3dab4ad23aaba1771a89b29b9525e2c0c connections between client and server implemented with LibreSSL or OpenSSL with a fixed cipher on each side. Check the used cipher in the session print out. Reorganize libssl interop tests. Move netcat tests into separate 2018-11-11T00:15:04+00:00 bluhm 2018-11-11T00:15:04+00:00 urn:sha1:50da4d90eb521ba89a43af23da2b26ada631c4d1 directory. Keep all log files for easier debugging. Name regress target names consistently. Regress client and server can do session reuse now. Test this with 2018-11-10T08:33:45+00:00 bluhm 2018-11-10T08:33:45+00:00 urn:sha1:6bd0566375713b872fa7b3055181d18de32ba11b all combinations of LibreSSL, OpenSSL 1.0.2, and OpenSSL 1.1. It is currently disabled for TLS 1.3 as this needs more setup. The cert subdir is testing all combinations of certificate validation. 2018-11-09T06:30:41+00:00 bluhm 2018-11-09T06:30:41+00:00 urn:sha1:e3076365506f38e78df5fe822fa92f5279cc68ca Having the three libraries, client and server certificates, missing or invalid CA or certificates, and enforcing peer certificate results in 1944 new test cases. Add interop test with OpenSSL 1.1. TLS 1.3 should be used automatically 2018-11-07T19:09:01+00:00 bluhm 2018-11-07T19:09:01+00:00 urn:sha1:8f0e5908a3eda97ad8aa14cba6eae080ee759006 when it becomes available in LibreSSL. thanks to sthen@ for the new OpenSSL port Test TLS interoperability between LibreSSL and OpenSSL. 2018-11-07T01:08:49+00:00 bluhm 2018-11-07T01:08:49+00:00 urn:sha1:be03b61c1b8f59ccdd34dbe5f6c6b30de697d28b Implement simple SSL client and server in C. Create four binaries by linking them with LibreSSL or OpenSSL. This way API compatibility is tested. Connect and accept with netcat to test protocol compatibility with libtls. Currently OpenSSL 1.0.2p from ports is used. Plan is to move to OpenSSL 1.1 and and test TLS 1.3. idea from beck@; help from jsing@