Add a -tls1_2 option so we can force TLSv1.2 for testing.

author: jsing <> 2020-07-14 18:11:16 +0000
committer: jsing <> 2020-07-14 18:11:16 +0000
commit: 307bb197e7ac1d6f63a8847f065f376be91a0b92 (patch)
tree: 2b54abb65b5970f19e22f62b4d96cc4bfa8d64e3 /src/regress/lib/libssl/ssl/ssltest.c
parent: 4f1ef9d80a0607a37ef931241c14ed2da153094f (diff)
download: openbsd-307bb197e7ac1d6f63a8847f065f376be91a0b92.tar.gz
openbsd-307bb197e7ac1d6f63a8847f065f376be91a0b92.tar.bz2
openbsd-307bb197e7ac1d6f63a8847f065f376be91a0b92.zip
1 files changed, 9 insertions, 5 deletions
diff --git a/src/regress/lib/libssl/ssl/ssltest.c b/src/regress/lib/libssl/ssl/ssltest.c
index 837622816a..f405741887 100644
--- a/src/regress/lib/libssl/ssl/ssltest.c
+++ b/src/regress/lib/libssl/ssl/ssltest.c
@@ -348,6 +348,7 @@ sv_usage(void)
        fprintf(stderr, " -no_ecdhe     - disable ECDHE\n");
        fprintf(stderr, " -dtls1        - use DTLSv1\n");
        fprintf(stderr, " -tls1         - use TLSv1\n");
+        fprintf(stderr, " -tls1_2       - use TLSv1.2\n");
        fprintf(stderr, " -CApath arg   - PEM format directory of CA's\n");
        fprintf(stderr, " -CAfile arg   - PEM format file of CA's\n");
        fprintf(stderr, " -cert arg     - Server certificate file\n");
@@ -408,7 +409,7 @@ main(int argc, char *argv[])
        int badop = 0;
        int bio_pair = 0;
        int force = 0;
-        int tls1 = 0, dtls1 = 0, ret = 1;
+        int tls1 = 0, tls1_2 = 0, dtls1 = 0, ret = 1;
        int client_auth = 0;
        int server_auth = 0, i;
        struct app_verify_arg app_verify_arg =
@@ -476,6 +477,8 @@ main(int argc, char *argv[])
                        dtls1 = 1;
                else if (strcmp(*argv, "-tls1") == 0)
                        tls1 = 1;
+                else if (strcmp(*argv, "-tls1_2") == 0)
+                        tls1_2 = 1;
                else if (strncmp(*argv, "-num", 4) == 0) {
                        if (--argc < 1)
                                goto bad;
@@ -579,12 +582,11 @@ bad:
                goto end;
        }
-        if (!dtls1 && !tls1 &&
+        if (!dtls1 && !tls1 && !tls1_2 && number > 1 && !reuse && !force) {
-            number > 1 && !reuse && !force) {
                fprintf(stderr,
                    "This case cannot work.  Use -f to perform "
                    "the test anyway (and\n-d to see what happens), "
-                    "or add one of -dtls1, -tls1, -reuse\n"
+                    "or add one of -dtls1, -tls1, -tls1_2, -reuse\n"
                    "to avoid protocol mismatch.\n");
                exit(1);
        }
@@ -607,8 +609,10 @@ bad:
                meth = DTLSv1_method();
        else if (tls1)
                meth = TLSv1_method();
+        else if (tls1_2)
+                meth = TLSv1_2_method();
        else
-                meth = SSLv23_method();
+                meth = TLS_method();
        c_ctx = SSL_CTX_new(meth);
        s_ctx = SSL_CTX_new(meth);
author	jsing <>	2020-07-14 18:11:16 +0000
committer	jsing <>	2020-07-14 18:11:16 +0000
commit	307bb197e7ac1d6f63a8847f065f376be91a0b92 (patch)
tree	2b54abb65b5970f19e22f62b4d96cc4bfa8d64e3 /src/regress/lib/libssl/ssl/ssltest.c
parent	4f1ef9d80a0607a37ef931241c14ed2da153094f (diff)
download	openbsd-307bb197e7ac1d6f63a8847f065f376be91a0b92.tar.gz openbsd-307bb197e7ac1d6f63a8847f065f376be91a0b92.tar.bz2 openbsd-307bb197e7ac1d6f63a8847f065f376be91a0b92.zip