summaryrefslogtreecommitdiff
path: root/src/regress/lib/libssl/interop/cert
diff options
context:
space:
mode:
authorbluhm <>2018-11-09 06:30:41 +0000
committerbluhm <>2018-11-09 06:30:41 +0000
commitb88042ee7a2d2fc6e740c79270b86ab3fe455897 (patch)
tree645159c1ec7a09a740cc2fa32e1faad4aadb0291 /src/regress/lib/libssl/interop/cert
parentc6acb32cb24165396b53a48759e8cbc90cfc9b60 (diff)
downloadopenbsd-b88042ee7a2d2fc6e740c79270b86ab3fe455897.tar.gz
openbsd-b88042ee7a2d2fc6e740c79270b86ab3fe455897.tar.bz2
openbsd-b88042ee7a2d2fc6e740c79270b86ab3fe455897.zip
The cert subdir is testing all combinations of certificate validation.
Having the three libraries, client and server certificates, missing or invalid CA or certificates, and enforcing peer certificate results in 1944 new test cases.
Diffstat (limited to 'src/regress/lib/libssl/interop/cert')
-rw-r--r--src/regress/lib/libssl/interop/cert/Makefile70
1 files changed, 70 insertions, 0 deletions
diff --git a/src/regress/lib/libssl/interop/cert/Makefile b/src/regress/lib/libssl/interop/cert/Makefile
new file mode 100644
index 0000000000..dabc0441f0
--- /dev/null
+++ b/src/regress/lib/libssl/interop/cert/Makefile
@@ -0,0 +1,70 @@
1# $OpenBSD: Makefile,v 1.1 2018/11/09 06:30:41 bluhm Exp $
2
3.if ! exists(/usr/local/bin/eopenssl) || ! exists(/usr/local/bin/eopenssl11)
4regress:
5 # install openssl-1.0.2p and openssl-1.1.1 from ports
6 @echo SKIPPED
7.endif
8
9CLEANFILES += client.out server.out
10
11.for cca in noca ca fakeca
12.for sca in noca ca fakeca
13.for ccert in nocert cert
14.for scert in nocert cert
15.for cv in noverify verify
16.for sv in noverify verify certverify
17
18# remember when certificate verification should fail
19.if (("${cv}" == verify && "${cca}" == ca && "${scert}" == cert) || \
20 "${cv}" == noverify) && \
21 (("${sv}" == verify && "${ccert}" == nocert) || \
22 ("${sv}" == verify && "${sca}" == ca && "${ccert}" == cert) || \
23 ("${sv}" == certverify && "${sca}" == ca && "${ccert}" == cert) || \
24 "${sv}" == noverify)
25FAIL_${cca}_${sca}_${ccert}_${scert}_${cv}_${sv} =
26.else
27FAIL_${cca}_${sca}_${ccert}_${scert}_${cv}_${sv} = !
28.endif
29
30.for clib in libressl openssl openssl11
31.for slib in libressl openssl openssl11
32
33REGRESS_TARGETS += \
34run-client-${clib}-${cca}-${ccert}-${cv}-server-${slib}-${sca}-${scert}-${sv}
35
36run-client-${clib}-${cca}-${ccert}-${cv}-server-${slib}-${sca}-${scert}-${sv}:\
37 127.0.0.1.crt ca.crt fake-ca.crt client.crt server.crt \
38 ../${clib}/client ../${slib}/server
39 @echo '\n======== $@ ========'
40 LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
41 ../${slib}/server >server.out \
42 ${sca:S/^noca//:S/^fakeca/-C fake-ca.crt/:S/^ca/-C ca.crt/} \
43 ${scert:S/^nocert//:S/^cert/-c server.crt -k server.key/} \
44 ${sv:S/^noverify//:S/^verify/-v/:S/^certverify/-vv/} \
45 127.0.0.1 0
46 ${FAIL_${cca}_${sca}_${ccert}_${scert}_${cv}_${sv}} \
47 LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
48 ../${clib}/client >client.out \
49 ${cca:S/^noca//:S/^fakeca/-C fake-ca.crt/:S/^ca/-C ca.crt/} \
50 ${ccert:S/^nocert//:S/^cert/-c server.crt -k server.key/} \
51 ${cv:S/^noverify//:S/^verify/-v/} \
52 `sed -n 's/listen sock: //p' server.out`
53.if empty(${FAIL_${cca}_${sca}_${ccert}_${scert}_${cv}_${sv}})
54 grep '^success$$' server.out
55 grep '^success$$' client.out
56.elif ! ("${sv}" == certverify && "${ccert}" == nocert) || \
57 ("${cv}" == verify && "${scert}" != cert)
58 grep '^verify: fail' client.out server.out
59.endif
60
61.endfor
62.endfor
63.endfor
64.endfor
65.endfor
66.endfor
67.endfor
68.endfor
69
70.include <bsd.regress.mk>