diff options
| author | tb <> | 2023-10-30 17:15:21 +0000 |
|---|---|---|
| committer | tb <> | 2023-10-30 17:15:21 +0000 |
| commit | ef5d46388987ae46b79c7f8da6d2d73458c3d294 (patch) | |
| tree | c5fce117c872d075f932d494bd786f9804e73c8c /src/regress/lib/libssl/interop/cipher | |
| parent | 0818a58d9b3218e98640cc0b19181d9015c432ea (diff) | |
| download | openbsd-ef5d46388987ae46b79c7f8da6d2d73458c3d294.tar.gz openbsd-ef5d46388987ae46b79c7f8da6d2d73458c3d294.tar.bz2 openbsd-ef5d46388987ae46b79c7f8da6d2d73458c3d294.zip | |
Add support for OpenSSL 3.1 interop tests
Until OpenSSL 3.1 has replaced OpenSSL 3.0 on most architectures, run
both tests. Installed packages of OpenSSL 3.0 will update automatically
to 3.1, so regress runners should not need to do anything.
Diffstat (limited to 'src/regress/lib/libssl/interop/cipher')
| -rw-r--r-- | src/regress/lib/libssl/interop/cipher/Makefile | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/src/regress/lib/libssl/interop/cipher/Makefile b/src/regress/lib/libssl/interop/cipher/Makefile index 85d927a92d..627cfc8f9f 100644 --- a/src/regress/lib/libssl/interop/cipher/Makefile +++ b/src/regress/lib/libssl/interop/cipher/Makefile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.12 2023/04/19 15:34:23 tb Exp $ | 1 | # $OpenBSD: Makefile,v 1.13 2023/10/30 17:15:21 tb Exp $ |
| 2 | 2 | ||
| 3 | # Connect a client to a server. Both can be current libressl, or | 3 | # Connect a client to a server. Both can be current libressl, or |
| 4 | # openssl 1.1 or 3.0. Create lists of supported ciphers | 4 | # openssl 1.1 or 3.0. Create lists of supported ciphers |
| @@ -24,6 +24,9 @@ LIBRARIES += openssl11 | |||
| 24 | .if exists(/usr/local/bin/eopenssl30) | 24 | .if exists(/usr/local/bin/eopenssl30) |
| 25 | LIBRARIES += openssl30 | 25 | LIBRARIES += openssl30 |
| 26 | .endif | 26 | .endif |
| 27 | .if exists(/usr/local/bin/eopenssl31) | ||
| 28 | LIBRARIES += openssl31 | ||
| 29 | .endif | ||
| 27 | 30 | ||
| 28 | CLEANFILES = *.tmp *.ciphers ciphers.mk | 31 | CLEANFILES = *.tmp *.ciphers ciphers.mk |
| 29 | 32 | ||
| @@ -53,7 +56,8 @@ client-${clib}-server-${slib}.ciphers: \ | |||
| 53 | # we are only interested in ciphers supported by libressl | 56 | # we are only interested in ciphers supported by libressl |
| 54 | sort $@ client-libressl.ciphers >$@.tmp | 57 | sort $@ client-libressl.ciphers >$@.tmp |
| 55 | . if "${clib}" == "openssl11" || "${slib}" == "openssl11" || \ | 58 | . if "${clib}" == "openssl11" || "${slib}" == "openssl11" || \ |
| 56 | "${clib}" == "openssl30" || "${slib}" == "openssl30" | 59 | "${clib}" == "openssl30" || "${slib}" == "openssl30" || \ |
| 60 | "${clib}" == "openssl31" || "${slib}" == "openssl31" | ||
| 57 | # OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers | 61 | # OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers |
| 58 | sed -i '/^TLS_/d' $@.tmp | 62 | sed -i '/^TLS_/d' $@.tmp |
| 59 | . endif | 63 | . endif |
| @@ -145,7 +149,7 @@ check-cipher-${cipher}-client-${clib}-server-${slib}: \ | |||
| 145 | . endif | 149 | . endif |
| 146 | . if "${clib}" == "libressl" | 150 | . if "${clib}" == "libressl" |
| 147 | # libressl client may prefer chacha-poly if aes-ni is not supported | 151 | # libressl client may prefer chacha-poly if aes-ni is not supported |
| 148 | . if "${slib}" == "openssl11" || "${slib}" == "openssl30" | 152 | . if "${slib}" == "openssl11" || "${slib}" == "openssl30" || "${slib}" == "openssl31" |
| 149 | egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out | 153 | egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out |
| 150 | . else | 154 | . else |
| 151 | egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out | 155 | egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out |