diff options
| author | jsing <> | 2024-03-20 10:38:05 +0000 |
|---|---|---|
| committer | jsing <> | 2024-03-20 10:38:05 +0000 |
| commit | f6b358ce6c4545cef5d8bccff1ac051523dd4612 (patch) | |
| tree | ff74d9dcc88a419d6d88495e264a5ffc3742f64a | |
| parent | bf5599144609e046ba98f40a58158132af34faeb (diff) | |
| download | openbsd-f6b358ce6c4545cef5d8bccff1ac051523dd4612.tar.gz openbsd-f6b358ce6c4545cef5d8bccff1ac051523dd4612.tar.bz2 openbsd-f6b358ce6c4545cef5d8bccff1ac051523dd4612.zip | |
Use the new certificates/chains in regress.
The new certificates are more representative of the real world. The old
certificates use weak algorithms and expire in the very near future. Most
of our regress has already been switched over, this changes the remainder.
Thanks to Bernhard M. Wiedemann for reminding us of the upcoming expiry.
ok tb@
| -rw-r--r-- | src/regress/lib/libssl/dtls/Makefile | 9 | ||||
| -rw-r--r-- | src/regress/lib/libssl/quic/Makefile | 8 | ||||
| -rw-r--r-- | src/regress/lib/libssl/server/Makefile | 8 | ||||
| -rw-r--r-- | src/regress/lib/libssl/shutdown/Makefile | 8 | ||||
| -rw-r--r-- | src/regress/lib/libssl/tls/Makefile | 8 | ||||
| -rw-r--r-- | src/regress/lib/libssl/unit/ssl_get_shared_ciphers.c | 4 | ||||
| -rw-r--r-- | src/regress/lib/libtls/keypair/Makefile | 8 | ||||
| -rw-r--r-- | src/regress/lib/libtls/keypair/keypairtest.c | 4 | ||||
| -rw-r--r-- | src/regress/lib/libtls/tls/Makefile | 8 |
9 files changed, 33 insertions, 32 deletions
diff --git a/src/regress/lib/libssl/dtls/Makefile b/src/regress/lib/libssl/dtls/Makefile index 438cd5c7ff..b58dae61b6 100644 --- a/src/regress/lib/libssl/dtls/Makefile +++ b/src/regress/lib/libssl/dtls/Makefile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.3 2022/01/07 09:07:00 tb Exp $ | 1 | # $OpenBSD: Makefile,v 1.4 2024/03/20 10:38:05 jsing Exp $ |
| 2 | 2 | ||
| 3 | PROG= dtlstest | 3 | PROG= dtlstest |
| 4 | LDADD= ${SSL_INT} -lcrypto | 4 | LDADD= ${SSL_INT} -lcrypto |
| @@ -11,10 +11,11 @@ CFLAGS+= -I${.CURDIR}/../../../../lib/libssl | |||
| 11 | REGRESS_TARGETS= \ | 11 | REGRESS_TARGETS= \ |
| 12 | regress-dtlstest | 12 | regress-dtlstest |
| 13 | 13 | ||
| 14 | # XXX(jsing): use CA root and chain | ||
| 14 | regress-dtlstest: ${PROG} | 15 | regress-dtlstest: ${PROG} |
| 15 | ./dtlstest \ | 16 | ./dtlstest \ |
| 16 | ${.CURDIR}/../../libssl/certs/server.pem \ | 17 | ${.CURDIR}/../../libssl/certs/server1-rsa.pem \ |
| 17 | ${.CURDIR}/../../libssl/certs/server.pem \ | 18 | ${.CURDIR}/../../libssl/certs/server1-rsa.pem \ |
| 18 | ${.CURDIR}/../../libssl/certs/ca.pem | 19 | ${.CURDIR}/../../libssl/certs/ca-int-rsa.pem |
| 19 | 20 | ||
| 20 | .include <bsd.regress.mk> | 21 | .include <bsd.regress.mk> |
diff --git a/src/regress/lib/libssl/quic/Makefile b/src/regress/lib/libssl/quic/Makefile index a348b2df47..55fef6b257 100644 --- a/src/regress/lib/libssl/quic/Makefile +++ b/src/regress/lib/libssl/quic/Makefile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.2 2022/10/02 16:40:56 jsing Exp $ | 1 | # $OpenBSD: Makefile,v 1.3 2024/03/20 10:38:05 jsing Exp $ |
| 2 | 2 | ||
| 3 | PROG= quictest | 3 | PROG= quictest |
| 4 | LDADD= -lssl -lcrypto | 4 | LDADD= -lssl -lcrypto |
| @@ -12,8 +12,8 @@ REGRESS_TARGETS= \ | |||
| 12 | 12 | ||
| 13 | regress-quictest: ${PROG} | 13 | regress-quictest: ${PROG} |
| 14 | ./quictest \ | 14 | ./quictest \ |
| 15 | ${.CURDIR}/../../libssl/certs/server.pem \ | 15 | ${.CURDIR}/../../libssl/certs/server1-rsa.pem \ |
| 16 | ${.CURDIR}/../../libssl/certs/server.pem \ | 16 | ${.CURDIR}/../../libssl/certs/server1-rsa-chain.pem \ |
| 17 | ${.CURDIR}/../../libssl/certs/ca.pem | 17 | ${.CURDIR}/../../libssl/certs/ca-root-rsa.pem |
| 18 | 18 | ||
| 19 | .include <bsd.regress.mk> | 19 | .include <bsd.regress.mk> |
diff --git a/src/regress/lib/libssl/server/Makefile b/src/regress/lib/libssl/server/Makefile index 0621a5f243..be86dbb1ad 100644 --- a/src/regress/lib/libssl/server/Makefile +++ b/src/regress/lib/libssl/server/Makefile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.2 2020/05/11 18:18:21 jsing Exp $ | 1 | # $OpenBSD: Makefile,v 1.3 2024/03/20 10:38:05 jsing Exp $ |
| 2 | 2 | ||
| 3 | PROG= servertest | 3 | PROG= servertest |
| 4 | LDADD= ${SSL_INT} -lcrypto | 4 | LDADD= ${SSL_INT} -lcrypto |
| @@ -11,8 +11,8 @@ REGRESS_TARGETS= \ | |||
| 11 | 11 | ||
| 12 | regress-servertest: ${PROG} | 12 | regress-servertest: ${PROG} |
| 13 | ./servertest \ | 13 | ./servertest \ |
| 14 | ${.CURDIR}/../../libssl/certs/server.pem \ | 14 | ${.CURDIR}/../../libssl/certs/server1-rsa.pem \ |
| 15 | ${.CURDIR}/../../libssl/certs/server.pem \ | 15 | ${.CURDIR}/../../libssl/certs/server1-rsa-chain.pem \ |
| 16 | ${.CURDIR}/../../libssl/certs/ca.pem | 16 | ${.CURDIR}/../../libssl/certs/ca-root-rsa.pem |
| 17 | 17 | ||
| 18 | .include <bsd.regress.mk> | 18 | .include <bsd.regress.mk> |
diff --git a/src/regress/lib/libssl/shutdown/Makefile b/src/regress/lib/libssl/shutdown/Makefile index 51305012d6..d6a9a30544 100644 --- a/src/regress/lib/libssl/shutdown/Makefile +++ b/src/regress/lib/libssl/shutdown/Makefile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.1 2024/01/19 08:29:08 jsing Exp $ | 1 | # $OpenBSD: Makefile,v 1.2 2024/03/20 10:38:05 jsing Exp $ |
| 2 | 2 | ||
| 3 | PROG= shutdowntest | 3 | PROG= shutdowntest |
| 4 | LDADD= -lssl -lcrypto | 4 | LDADD= -lssl -lcrypto |
| @@ -11,8 +11,8 @@ REGRESS_TARGETS= \ | |||
| 11 | 11 | ||
| 12 | regress-shutdowntest: ${PROG} | 12 | regress-shutdowntest: ${PROG} |
| 13 | ./shutdowntest \ | 13 | ./shutdowntest \ |
| 14 | ${.CURDIR}/../../libssl/certs/server.pem \ | 14 | ${.CURDIR}/../../libssl/certs/server1-rsa.pem \ |
| 15 | ${.CURDIR}/../../libssl/certs/server.pem \ | 15 | ${.CURDIR}/../../libssl/certs/server1-rsa-chain.pem \ |
| 16 | ${.CURDIR}/../../libssl/certs/ca.pem | 16 | ${.CURDIR}/../../libssl/certs/ca-root-rsa.pem |
| 17 | 17 | ||
| 18 | .include <bsd.regress.mk> | 18 | .include <bsd.regress.mk> |
diff --git a/src/regress/lib/libssl/tls/Makefile b/src/regress/lib/libssl/tls/Makefile index a22cdcdeb2..315ac692c3 100644 --- a/src/regress/lib/libssl/tls/Makefile +++ b/src/regress/lib/libssl/tls/Makefile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.1 2021/10/23 14:34:10 jsing Exp $ | 1 | # $OpenBSD: Makefile,v 1.2 2024/03/20 10:38:05 jsing Exp $ |
| 2 | 2 | ||
| 3 | PROG= tlstest | 3 | PROG= tlstest |
| 4 | LDADD= -lssl -lcrypto | 4 | LDADD= -lssl -lcrypto |
| @@ -11,8 +11,8 @@ REGRESS_TARGETS= \ | |||
| 11 | 11 | ||
| 12 | regress-tlstest: ${PROG} | 12 | regress-tlstest: ${PROG} |
| 13 | ./tlstest \ | 13 | ./tlstest \ |
| 14 | ${.CURDIR}/../../libssl/certs/server.pem \ | 14 | ${.CURDIR}/../../libssl/certs/server1-rsa.pem \ |
| 15 | ${.CURDIR}/../../libssl/certs/server.pem \ | 15 | ${.CURDIR}/../../libssl/certs/server1-rsa-chain.pem \ |
| 16 | ${.CURDIR}/../../libssl/certs/ca.pem | 16 | ${.CURDIR}/../../libssl/certs/ca-root-rsa.pem |
| 17 | 17 | ||
| 18 | .include <bsd.regress.mk> | 18 | .include <bsd.regress.mk> |
diff --git a/src/regress/lib/libssl/unit/ssl_get_shared_ciphers.c b/src/regress/lib/libssl/unit/ssl_get_shared_ciphers.c index 33efc15f10..ff966900aa 100644 --- a/src/regress/lib/libssl/unit/ssl_get_shared_ciphers.c +++ b/src/regress/lib/libssl/unit/ssl_get_shared_ciphers.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_get_shared_ciphers.c,v 1.11 2022/02/05 18:19:39 tb Exp $ */ | 1 | /* $OpenBSD: ssl_get_shared_ciphers.c,v 1.12 2024/03/20 10:38:05 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2021 Theo Buehler <tb@openbsd.org> | 3 | * Copyright (c) 2021 Theo Buehler <tb@openbsd.org> |
| 4 | * | 4 | * |
| @@ -462,7 +462,7 @@ main(int argc, char **argv) | |||
| 462 | size_t i; | 462 | size_t i; |
| 463 | int failed = 0; | 463 | int failed = 0; |
| 464 | 464 | ||
| 465 | if (asprintf(&server_cert, "%s/server.pem", CERTSDIR) == -1) { | 465 | if (asprintf(&server_cert, "%s/server1-rsa.pem", CERTSDIR) == -1) { |
| 466 | fprintf(stderr, "asprintf server_cert failed\n"); | 466 | fprintf(stderr, "asprintf server_cert failed\n"); |
| 467 | failed = 1; | 467 | failed = 1; |
| 468 | goto err; | 468 | goto err; |
diff --git a/src/regress/lib/libtls/keypair/Makefile b/src/regress/lib/libtls/keypair/Makefile index d06109a26b..c3ea15d3bd 100644 --- a/src/regress/lib/libtls/keypair/Makefile +++ b/src/regress/lib/libtls/keypair/Makefile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.1 2018/02/08 10:06:52 jsing Exp $ | 1 | # $OpenBSD: Makefile,v 1.2 2024/03/20 10:38:05 jsing Exp $ |
| 2 | 2 | ||
| 3 | PROG= keypairtest | 3 | PROG= keypairtest |
| 4 | LDADD= -lcrypto -lssl ${TLS_INT} | 4 | LDADD= -lcrypto -lssl ${TLS_INT} |
| @@ -13,8 +13,8 @@ REGRESS_TARGETS= \ | |||
| 13 | 13 | ||
| 14 | regress-keypairtest: ${PROG} | 14 | regress-keypairtest: ${PROG} |
| 15 | ./keypairtest \ | 15 | ./keypairtest \ |
| 16 | ${.CURDIR}/../../libssl/certs/ca.pem \ | 16 | ${.CURDIR}/../../libssl/certs/ca-root-rsa.pem \ |
| 17 | ${.CURDIR}/../../libssl/certs/server.pem \ | 17 | ${.CURDIR}/../../libssl/certs/server1-rsa.pem \ |
| 18 | ${.CURDIR}/../../libssl/certs/server.pem | 18 | ${.CURDIR}/../../libssl/certs/server1-rsa.pem |
| 19 | 19 | ||
| 20 | .include <bsd.regress.mk> | 20 | .include <bsd.regress.mk> |
diff --git a/src/regress/lib/libtls/keypair/keypairtest.c b/src/regress/lib/libtls/keypair/keypairtest.c index 31bf7d6a5d..600e578f32 100644 --- a/src/regress/lib/libtls/keypair/keypairtest.c +++ b/src/regress/lib/libtls/keypair/keypairtest.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: keypairtest.c,v 1.6 2022/02/08 18:05:57 tb Exp $ */ | 1 | /* $OpenBSD: keypairtest.c,v 1.7 2024/03/20 10:38:05 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -29,7 +29,7 @@ | |||
| 29 | #include <tls_internal.h> | 29 | #include <tls_internal.h> |
| 30 | 30 | ||
| 31 | #define PUBKEY_HASH \ | 31 | #define PUBKEY_HASH \ |
| 32 | "SHA256:858d0f94beb0a08eb4f13871ba57bf0a2e081287d0efbaeb3bbac59dd8f1a8e5" | 32 | "SHA256:f03c535d374614e7356c0a4e6fd37fe94297b60ed86212adcba40e8e0b07bc9f" |
| 33 | 33 | ||
| 34 | char *cert_file, *key_file, *ocsp_staple_file; | 34 | char *cert_file, *key_file, *ocsp_staple_file; |
| 35 | 35 | ||
diff --git a/src/regress/lib/libtls/tls/Makefile b/src/regress/lib/libtls/tls/Makefile index 0fbd78481b..ecdc0393e7 100644 --- a/src/regress/lib/libtls/tls/Makefile +++ b/src/regress/lib/libtls/tls/Makefile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.2 2017/05/06 21:56:43 jsing Exp $ | 1 | # $OpenBSD: Makefile,v 1.3 2024/03/20 10:38:05 jsing Exp $ |
| 2 | 2 | ||
| 3 | PROG= tlstest | 3 | PROG= tlstest |
| 4 | LDADD= -lcrypto -lssl -ltls | 4 | LDADD= -lcrypto -lssl -ltls |
| @@ -12,8 +12,8 @@ REGRESS_TARGETS= \ | |||
| 12 | 12 | ||
| 13 | regress-tlstest: ${PROG} | 13 | regress-tlstest: ${PROG} |
| 14 | ./tlstest \ | 14 | ./tlstest \ |
| 15 | ${.CURDIR}/../../libssl/certs/ca.pem \ | 15 | ${.CURDIR}/../../libssl/certs/ca-root-rsa.pem \ |
| 16 | ${.CURDIR}/../../libssl/certs/server.pem \ | 16 | ${.CURDIR}/../../libssl/certs/server1-rsa-chain.pem \ |
| 17 | ${.CURDIR}/../../libssl/certs/server.pem | 17 | ${.CURDIR}/../../libssl/certs/server1-rsa.pem |
| 18 | 18 | ||
| 19 | .include <bsd.regress.mk> | 19 | .include <bsd.regress.mk> |