diff options
author | bluhm <> | 2018-11-09 06:30:41 +0000 |
---|---|---|
committer | bluhm <> | 2018-11-09 06:30:41 +0000 |
commit | b88042ee7a2d2fc6e740c79270b86ab3fe455897 (patch) | |
tree | 645159c1ec7a09a740cc2fa32e1faad4aadb0291 /src/regress/lib/libssl/interop/cert | |
parent | c6acb32cb24165396b53a48759e8cbc90cfc9b60 (diff) | |
download | openbsd-b88042ee7a2d2fc6e740c79270b86ab3fe455897.tar.gz openbsd-b88042ee7a2d2fc6e740c79270b86ab3fe455897.tar.bz2 openbsd-b88042ee7a2d2fc6e740c79270b86ab3fe455897.zip |
The cert subdir is testing all combinations of certificate validation.
Having the three libraries, client and server certificates, missing
or invalid CA or certificates, and enforcing peer certificate results
in 1944 new test cases.
Diffstat (limited to 'src/regress/lib/libssl/interop/cert')
-rw-r--r-- | src/regress/lib/libssl/interop/cert/Makefile | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/src/regress/lib/libssl/interop/cert/Makefile b/src/regress/lib/libssl/interop/cert/Makefile new file mode 100644 index 0000000000..dabc0441f0 --- /dev/null +++ b/src/regress/lib/libssl/interop/cert/Makefile | |||
@@ -0,0 +1,70 @@ | |||
1 | # $OpenBSD: Makefile,v 1.1 2018/11/09 06:30:41 bluhm Exp $ | ||
2 | |||
3 | .if ! exists(/usr/local/bin/eopenssl) || ! exists(/usr/local/bin/eopenssl11) | ||
4 | regress: | ||
5 | # install openssl-1.0.2p and openssl-1.1.1 from ports | ||
6 | @echo SKIPPED | ||
7 | .endif | ||
8 | |||
9 | CLEANFILES += client.out server.out | ||
10 | |||
11 | .for cca in noca ca fakeca | ||
12 | .for sca in noca ca fakeca | ||
13 | .for ccert in nocert cert | ||
14 | .for scert in nocert cert | ||
15 | .for cv in noverify verify | ||
16 | .for sv in noverify verify certverify | ||
17 | |||
18 | # remember when certificate verification should fail | ||
19 | .if (("${cv}" == verify && "${cca}" == ca && "${scert}" == cert) || \ | ||
20 | "${cv}" == noverify) && \ | ||
21 | (("${sv}" == verify && "${ccert}" == nocert) || \ | ||
22 | ("${sv}" == verify && "${sca}" == ca && "${ccert}" == cert) || \ | ||
23 | ("${sv}" == certverify && "${sca}" == ca && "${ccert}" == cert) || \ | ||
24 | "${sv}" == noverify) | ||
25 | FAIL_${cca}_${sca}_${ccert}_${scert}_${cv}_${sv} = | ||
26 | .else | ||
27 | FAIL_${cca}_${sca}_${ccert}_${scert}_${cv}_${sv} = ! | ||
28 | .endif | ||
29 | |||
30 | .for clib in libressl openssl openssl11 | ||
31 | .for slib in libressl openssl openssl11 | ||
32 | |||
33 | REGRESS_TARGETS += \ | ||
34 | run-client-${clib}-${cca}-${ccert}-${cv}-server-${slib}-${sca}-${scert}-${sv} | ||
35 | |||
36 | run-client-${clib}-${cca}-${ccert}-${cv}-server-${slib}-${sca}-${scert}-${sv}:\ | ||
37 | 127.0.0.1.crt ca.crt fake-ca.crt client.crt server.crt \ | ||
38 | ../${clib}/client ../${slib}/server | ||
39 | @echo '\n======== $@ ========' | ||
40 | LD_LIBRARY_PATH=/usr/local/lib/e${slib} \ | ||
41 | ../${slib}/server >server.out \ | ||
42 | ${sca:S/^noca//:S/^fakeca/-C fake-ca.crt/:S/^ca/-C ca.crt/} \ | ||
43 | ${scert:S/^nocert//:S/^cert/-c server.crt -k server.key/} \ | ||
44 | ${sv:S/^noverify//:S/^verify/-v/:S/^certverify/-vv/} \ | ||
45 | 127.0.0.1 0 | ||
46 | ${FAIL_${cca}_${sca}_${ccert}_${scert}_${cv}_${sv}} \ | ||
47 | LD_LIBRARY_PATH=/usr/local/lib/e${clib} \ | ||
48 | ../${clib}/client >client.out \ | ||
49 | ${cca:S/^noca//:S/^fakeca/-C fake-ca.crt/:S/^ca/-C ca.crt/} \ | ||
50 | ${ccert:S/^nocert//:S/^cert/-c server.crt -k server.key/} \ | ||
51 | ${cv:S/^noverify//:S/^verify/-v/} \ | ||
52 | `sed -n 's/listen sock: //p' server.out` | ||
53 | .if empty(${FAIL_${cca}_${sca}_${ccert}_${scert}_${cv}_${sv}}) | ||
54 | grep '^success$$' server.out | ||
55 | grep '^success$$' client.out | ||
56 | .elif ! ("${sv}" == certverify && "${ccert}" == nocert) || \ | ||
57 | ("${cv}" == verify && "${scert}" != cert) | ||
58 | grep '^verify: fail' client.out server.out | ||
59 | .endif | ||
60 | |||
61 | .endfor | ||
62 | .endfor | ||
63 | .endfor | ||
64 | .endfor | ||
65 | .endfor | ||
66 | .endfor | ||
67 | .endfor | ||
68 | .endfor | ||
69 | |||
70 | .include <bsd.regress.mk> | ||