Connect a client to a server. Both can be current libressl, or

openssl 1.0.2, or openssl 1.1.  Pin client or server to a fixed TLS
version number.  Incompatible versions must fail.  Check that client
and server have used correct version by grepping in their session
print out.

1 files changed, 97 insertions, 0 deletions

diff --git a/src/regress/lib/libssl/interop/version/Makefile b/src/regress/lib/libssl/interop/version/Makefile
new file mode 100644
index 0000000000..0f1d891f34
--- /dev/null
+++ b/src/regress/lib/libssl/interop/version/Makefile
@@ -0,0 +1,97 @@
+# $OpenBSD: Makefile,v 1.1 2020/09/14 00:51:04 bluhm Exp $
+
+# Connect a client to a server.  Both can be current libressl, or
+# openssl 1.0.2, or openssl 1.1.  Pin client or server to a fixed TLS
+# version number.  Incompatible versions must fail.  Check that client 
+# and server have used correct version by grepping in their session
+# print out.
+
+LIBRARIES =             libressl
+.if exists(/usr/local/bin/eopenssl)
+LIBRARIES +=            openssl
+.endif
+.if exists(/usr/local/bin/eopenssl11)
+LIBRARIES +=            openssl11
+.endif
+
+VERSIONS =      any TLS1 TLS1_1 TLS1_2 TLS1_3
+
+.for cver in ${VERSIONS}
+.for sver in ${VERSIONS}
+
+.if "${cver}" == any || "${sver}" == any || "${cver}" == "${sver}"
+FAIL_${cver}_${sver} =
+.else
+FAIL_${cver}_${sver} = !
+.endif
+
+.for clib in ${LIBRARIES}
+.for slib in ${LIBRARIES}
+
+.if ("${clib}" != openssl && "${slib}" != openssl) || \
+    ("${cver}" != TLS1_3 && "${sver}" != TLS1_3)
+
+REGRESS_TARGETS +=      run-version-client-${clib}-${cver}-server-${slib}-${sver}
+
+run-version-client-${clib}-${cver}-server-${slib}-${sver} \
+client-version-client-${clib}-${cver}-server-${slib}-${sver}.out \
+server-version-client-${clib}-${cver}-server-${slib}-${sver}.out: \
+    127.0.0.1.crt ../${clib}/client ../${slib}/server
+        @echo '\n======== $@ ========'
+        LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
+            ../${slib}/server >${@:S/^run/server/}.out \
+            -c 127.0.0.1.crt -k 127.0.0.1.key \
+            ${sver:Nany:S/^/-V /} \
+            127.0.0.1 0
+        ${FAIL_${cver}_${sver}} \
+        LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
+            ../${clib}/client >${@:S/^run/client/}.out \
+            ${cver:Nany:S/^/-V /} \
+            `sed -n 's/listen sock: //p' ${@:S/^run/server/}.out`
+.if empty(${FAIL_${cver}_${sver}})
+        grep -q '^success$$' ${@:S/^run/server/}.out || \
+            { sleep 1; grep -q '^success$$' ${@:S/^run/server/}.out; }
+        grep -q '^success$$' ${@:S/^run/client/}.out
+.endif
+
+.if empty(${FAIL_${cver}_${sver}})
+
+REGRESS_TARGETS +=      check-version-client-${clib}-${cver}-server-${slib}-${sver}
+
+check-version-client-${clib}-${cver}-server-${slib}-${sver}: \
+    client-version-client-${clib}-${cver}-server-${slib}-${sver}.out \
+    server-version-client-${clib}-${cver}-server-${slib}-${sver}.out
+        @echo '\n======== $@ ========'
+        @grep ' Protocol *: ' ${@:S/^check/client/}.out
+        @grep ' Protocol *: ' ${@:S/^check/server/}.out
+.if "${cver}" == any
+.if "${sver}" == any
+.if "${clib}" == openssl || "${slib}" == openssl
+        grep -q ' Protocol *: TLSv1.2$$' ${@:S/^check/client/}.out
+        grep -q ' Protocol *: TLSv1.2$$' ${@:S/^check/server/}.out
+.else
+        grep -q ' Protocol *: TLSv1.3$$' ${@:S/^check/client/}.out
+        grep -q ' Protocol *: TLSv1.3$$' ${@:S/^check/server/}.out
+.endif
+.else
+        grep -q ' Protocol *: ${sver:S/TLS/TLSv/:S/_/./}$$' \
+            ${@:S/^check/client/}.out
+        grep -q ' Protocol *: ${sver:S/TLS/TLSv/:S/_/./}$$' \
+            ${@:S/^check/server/}.out
+.endif
+.else
+        grep -q ' Protocol *: ${cver:S/TLS/TLSv/:S/_/./}$$' \
+            ${@:S/^check/client/}.out
+        grep -q ' Protocol *: ${cver:S/TLS/TLSv/:S/_/./}$$' \
+            ${@:S/^check/server/}.out
+.endif
+.endif
+
+.endif
+
+.endfor
+.endfor
+.endfor
+.endfor
+
+.include <bsd.regress.mk>