summaryrefslogtreecommitdiff
path: root/src/regress
diff options
context:
space:
mode:
authorbeck <>2023-07-02 06:37:27 +0000
committerbeck <>2023-07-02 06:37:27 +0000
commit5fa4afa0f3caaa43f2ba9d4ee6db352737839f89 (patch)
tree4bacb3a3d0ace64e696059ed29bf6c2df878b8b4 /src/regress
parent0ded9dcf305231c596837cf0e9a372d5fc79b18b (diff)
downloadopenbsd-5fa4afa0f3caaa43f2ba9d4ee6db352737839f89.tar.gz
openbsd-5fa4afa0f3caaa43f2ba9d4ee6db352737839f89.tar.bz2
openbsd-5fa4afa0f3caaa43f2ba9d4ee6db352737839f89.zip
Remove the ability to do tls 1.0 and 1.1 from libtls.
With this change any requests from configurations to request versions of tls before tls 1.2 will use tls 1.2. This prepares us to deprecate tls 1.0 and tls 1.1 support from libssl. ok tb@
Diffstat (limited to 'src/regress')
-rw-r--r--src/regress/lib/libtls/config/configtest.c23
-rw-r--r--src/regress/lib/libtls/gotls/tls.go2
-rw-r--r--src/regress/lib/libtls/gotls/tls_test.go8
3 files changed, 13 insertions, 20 deletions
diff --git a/src/regress/lib/libtls/config/configtest.c b/src/regress/lib/libtls/config/configtest.c
index 47aa03e826..5af5b56ffd 100644
--- a/src/regress/lib/libtls/config/configtest.c
+++ b/src/regress/lib/libtls/config/configtest.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: configtest.c,v 1.2 2020/01/20 08:40:16 jsing Exp $ */ 1/* $OpenBSD: configtest.c,v 1.3 2023/07/02 06:37:27 beck Exp $ */
2/* 2/*
3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -71,30 +71,27 @@ struct parse_protocols_test parse_protocols_tests[] = {
71 { 71 {
72 .protostr = "tlsv1.0:tlsv1.1:tlsv1.2:tlsv1.3", 72 .protostr = "tlsv1.0:tlsv1.1:tlsv1.2:tlsv1.3",
73 .want_return = 0, 73 .want_return = 0,
74 .want_protocols = TLS_PROTOCOL_TLSv1_0 | TLS_PROTOCOL_TLSv1_1 | 74 .want_protocols = TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3,
75 TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3,
76 }, 75 },
77 { 76 {
78 .protostr = "tlsv1.0,tlsv1.1,tlsv1.2,tlsv1.3", 77 .protostr = "tlsv1.0,tlsv1.1,tlsv1.2,tlsv1.3",
79 .want_return = 0, 78 .want_return = 0,
80 .want_protocols = TLS_PROTOCOL_TLSv1_0 | TLS_PROTOCOL_TLSv1_1 | 79 .want_protocols = TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3,
81 TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3,
82 }, 80 },
83 { 81 {
84 .protostr = "tlsv1.1,tlsv1.2,tlsv1.0", 82 .protostr = "tlsv1.1,tlsv1.2,tlsv1.0",
85 .want_return = 0, 83 .want_return = 0,
86 .want_protocols = TLS_PROTOCOL_TLSv1_0 | TLS_PROTOCOL_TLSv1_1 | 84 .want_protocols = TLS_PROTOCOL_TLSv1_2,
87 TLS_PROTOCOL_TLSv1_2,
88 }, 85 },
89 { 86 {
90 .protostr = "tlsv1.1,tlsv1.2,tlsv1.1", 87 .protostr = "tlsv1.1,tlsv1.2,tlsv1.1",
91 .want_return = 0, 88 .want_return = 0,
92 .want_protocols = TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2, 89 .want_protocols = TLS_PROTOCOL_TLSv1_2,
93 }, 90 },
94 { 91 {
95 .protostr = "tlsv1.1,tlsv1.2,!tlsv1.1", 92 .protostr = "tlsv1.1,tlsv1.2,!tlsv1.1",
96 .want_return = 0, 93 .want_return = 0,
97 .want_protocols = TLS_PROTOCOL_TLSv1_2, 94 .want_protocols = 0,
98 }, 95 },
99 { 96 {
100 .protostr = "unknown", 97 .protostr = "unknown",
@@ -114,19 +111,17 @@ struct parse_protocols_test parse_protocols_tests[] = {
114 { 111 {
115 .protostr = "all,!tlsv1.0", 112 .protostr = "all,!tlsv1.0",
116 .want_return = 0, 113 .want_return = 0,
117 .want_protocols = TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2 | \ 114 .want_protocols = TLS_PROTOCOL_TLSv1_3,
118 TLS_PROTOCOL_TLSv1_3,
119 }, 115 },
120 { 116 {
121 .protostr = "!tlsv1.0", 117 .protostr = "!tlsv1.0",
122 .want_return = 0, 118 .want_return = 0,
123 .want_protocols = TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2 | \ 119 .want_protocols = TLS_PROTOCOL_TLSv1_3,
124 TLS_PROTOCOL_TLSv1_3,
125 }, 120 },
126 { 121 {
127 .protostr = "!tlsv1.0,!tlsv1.1,!tlsv1.3", 122 .protostr = "!tlsv1.0,!tlsv1.1,!tlsv1.3",
128 .want_return = 0, 123 .want_return = 0,
129 .want_protocols = TLS_PROTOCOL_TLSv1_2, 124 .want_protocols = 0,
130 }, 125 },
131 { 126 {
132 .protostr = "!tlsv1.0,!tlsv1.1,tlsv1.2,!tlsv1.3", 127 .protostr = "!tlsv1.0,!tlsv1.1,tlsv1.2,!tlsv1.3",
diff --git a/src/regress/lib/libtls/gotls/tls.go b/src/regress/lib/libtls/gotls/tls.go
index cf3e84c030..3029d58c35 100644
--- a/src/regress/lib/libtls/gotls/tls.go
+++ b/src/regress/lib/libtls/gotls/tls.go
@@ -45,8 +45,6 @@ const (
45) 45)
46 46
47var protocolNames = map[ProtocolVersion]string{ 47var protocolNames = map[ProtocolVersion]string{
48 ProtocolTLSv10: "TLSv1",
49 ProtocolTLSv11: "TLSv1.1",
50 ProtocolTLSv12: "TLSv1.2", 48 ProtocolTLSv12: "TLSv1.2",
51 ProtocolTLSv13: "TLSv1.3", 49 ProtocolTLSv13: "TLSv1.3",
52 ProtocolsAll: "all", 50 ProtocolsAll: "all",
diff --git a/src/regress/lib/libtls/gotls/tls_test.go b/src/regress/lib/libtls/gotls/tls_test.go
index f6c6cfcdd5..2b7ce2c19e 100644
--- a/src/regress/lib/libtls/gotls/tls_test.go
+++ b/src/regress/lib/libtls/gotls/tls_test.go
@@ -251,11 +251,11 @@ func TestTLSVersions(t *testing.T) {
251 {tls.VersionSSL30, tls.VersionTLS12, ProtocolTLSv12, false}, 251 {tls.VersionSSL30, tls.VersionTLS12, ProtocolTLSv12, false},
252 {tls.VersionTLS10, tls.VersionTLS12, ProtocolTLSv12, false}, 252 {tls.VersionTLS10, tls.VersionTLS12, ProtocolTLSv12, false},
253 {tls.VersionTLS11, tls.VersionTLS12, ProtocolTLSv12, false}, 253 {tls.VersionTLS11, tls.VersionTLS12, ProtocolTLSv12, false},
254 {tls.VersionSSL30, tls.VersionTLS11, ProtocolTLSv11, false}, 254 {tls.VersionSSL30, tls.VersionTLS11, ProtocolTLSv11, true},
255 {tls.VersionSSL30, tls.VersionTLS10, ProtocolTLSv10, false}, 255 {tls.VersionSSL30, tls.VersionTLS10, ProtocolTLSv10, true},
256 {tls.VersionSSL30, tls.VersionSSL30, 0, true}, 256 {tls.VersionSSL30, tls.VersionSSL30, 0, true},
257 {tls.VersionTLS10, tls.VersionTLS10, ProtocolTLSv10, false}, 257 {tls.VersionTLS10, tls.VersionTLS10, ProtocolTLSv10, true},
258 {tls.VersionTLS11, tls.VersionTLS11, ProtocolTLSv11, false}, 258 {tls.VersionTLS11, tls.VersionTLS11, ProtocolTLSv11, true},
259 {tls.VersionTLS12, tls.VersionTLS12, ProtocolTLSv12, false}, 259 {tls.VersionTLS12, tls.VersionTLS12, ProtocolTLSv12, false},
260 } 260 }
261 for i, test := range tests { 261 for i, test := range tests {