openbsd/src/regress/lib/libssl/interop/libressl, branch OPENBSD_7_6

openbsd/src/regress/lib/libssl/interop/libressl, branch OPENBSD_7_6_BASE A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_6_BASE 2020-12-25T10:50:08+00:00 Add to *FLAGS and *ADD rather than overwriting them 2020-12-25T10:50:08+00:00 tb 2020-12-25T10:50:08+00:00 urn:sha1:2cc3e262414425825b3c19ff586f2c2cc20bccd2 This makes CFLAGS pick up -O2, which shaves a few seconds runtime off these very slow tests. Remove echo headlines. 2020-12-17T00:51:12+00:00 bluhm 2020-12-17T00:51:12+00:00 urn:sha1:c7cbfcf2a0ad5dc204129e5fbf99dd57cc33e72a Connect a client to a server. Both can be current libressl, or 2020-09-14T00:51:04+00:00 bluhm 2020-09-14T00:51:04+00:00 urn:sha1:407ed00262824449401bb81ab8981bc63ea02280 openssl 1.0.2, or openssl 1.1. Pin client or server to a fixed TLS version number. Incompatible versions must fail. Check that client and server have used correct version by grepping in their session print out. Revise regress for TLSv1.3 server being enabled. 2020-05-11T18:20:24+00:00 jsing 2020-05-11T18:20:24+00:00 urn:sha1:9cb614ecfae85e33f73e37c50b4b124384f3403e Reorganize libssl interop tests. Move netcat tests into separate 2018-11-11T00:15:04+00:00 bluhm 2018-11-11T00:15:04+00:00 urn:sha1:50da4d90eb521ba89a43af23da2b26ada631c4d1 directory. Keep all log files for easier debugging. Name regress target names consistently. The cert subdir is testing all combinations of certificate validation. 2018-11-09T06:30:41+00:00 bluhm 2018-11-09T06:30:41+00:00 urn:sha1:e3076365506f38e78df5fe822fa92f5279cc68ca Having the three libraries, client and server certificates, missing or invalid CA or certificates, and enforcing peer certificate results in 1944 new test cases. Add a self test for each SSL library by connecting client with 2018-11-07T20:46:28+00:00 bluhm 2018-11-07T20:46:28+00:00 urn:sha1:66e6452e3c0d468ff4c14e29943eaf35f06862fe server. Check that the highest available TLS version is selected. LibreSSL TLS 1.3 check is disabled until the feature becomes available. Print SSLeay, OpenSSL, and LibreSSL version strings. Make client 2018-11-07T06:29:26+00:00 bluhm 2018-11-07T06:29:26+00:00 urn:sha1:82e426606d31d6e2709a9ffcc5b7635d463a7c49 and server compile with OpenSSL 1.1. Check runtime version string of SSL library. Test TLS interoperability between LibreSSL and OpenSSL. 2018-11-07T01:08:49+00:00 bluhm 2018-11-07T01:08:49+00:00 urn:sha1:be03b61c1b8f59ccdd34dbe5f6c6b30de697d28b Implement simple SSL client and server in C. Create four binaries by linking them with LibreSSL or OpenSSL. This way API compatibility is tested. Connect and accept with netcat to test protocol compatibility with libtls. Currently OpenSSL 1.0.2p from ports is used. Plan is to move to OpenSSL 1.1 and and test TLS 1.3. idea from beck@; help from jsing@