Restrict to use up to TLSv1.2 for test_server_client in appstest.sh

Currently, only s_client has TLSv1.3 and s_server does not.
author: inoguchi <> 2020-01-26 12:37:06 +0000
committer: inoguchi <> 2020-01-26 12:37:06 +0000
commit: 40c0cf8d2d9e73e1585d8d7edcadd9dba42da81e (patch)
tree: a7687514bd87fdb9dab684efa8f384b17159b8c2 /src
parent: 41c804ce1e2ae16c6d4a5e7bc90e3d8fda8b3fe7 (diff)
download: openbsd-40c0cf8d2d9e73e1585d8d7edcadd9dba42da81e.tar.gz
openbsd-40c0cf8d2d9e73e1585d8d7edcadd9dba42da81e.tar.bz2
openbsd-40c0cf8d2d9e73e1585d8d7edcadd9dba42da81e.zip
1 files changed, 7 insertions, 7 deletions
diff --git a/src/regress/usr.bin/openssl/appstest.sh b/src/regress/usr.bin/openssl/appstest.sh
index 6c9265d2b8..ceefa0eccf 100755
--- a/src/regress/usr.bin/openssl/appstest.sh
+++ b/src/regress/usr.bin/openssl/appstest.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# $OpenBSD: appstest.sh,v 1.31 2019/11/25 12:45:45 inoguchi Exp $
+# $OpenBSD: appstest.sh,v 1.32 2020/01/26 12:37:06 inoguchi Exp $
 #
 # Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org>
 #
@@ -1374,14 +1374,14 @@ function test_server_client {
        
        s_ciph=$server_dir/s_ciph_${sc}
        if [ $s_id = "0" ] ; then
-                $s_bin ciphers -v ALL:!ECDSA:!kGOST | awk '{print $1}' > $s_ciph
+                $s_bin ciphers -v ALL:!ECDSA:!kGOST:!TLSv1.3 | awk '{print $1}' > $s_ciph
        else
                $s_bin ciphers -v | awk '{print $1}' > $s_ciph
        fi
        c_ciph=$user1_dir/c_ciph_${sc}
        if [ $c_id = "0" ] ; then
-                $c_bin ciphers -v ALL:!ECDSA:!kGOST | awk '{print $1}' > $c_ciph
+                $c_bin ciphers -v ALL:!ECDSA:!kGOST:!TLSv1.3 | awk '{print $1}' > $c_ciph
        else
                $c_bin ciphers -v | awk '{print $1}' > $c_ciph
        fi
@@ -1398,7 +1398,7 @@ function test_server_client {
                start_message "s_client ... connect to TLS/SSL test server with [ $cnstr ] $c"
                sleep $test_pause_sec
                $c_bin s_client -connect $host:$port -CAfile $ca_cert \
-                        -cipher $c \
+                        -tls1_2 -cipher $c \
                        -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
                check_exit_status $?
        
@@ -1416,7 +1416,7 @@ function test_server_client {
        start_message "s_client ... connect to TLS/SSL test server to get session id"
        sleep $test_pause_sec
        $c_bin s_client -connect $host:$port -CAfile $ca_cert \
-                -alpn "spdy/3,http/1.1" -sess_out $sess_dat \
+                -tls1_2 -alpn "spdy/3,http/1.1" -sess_out $sess_dat \
                -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
        check_exit_status $?
        
@@ -1433,7 +1433,7 @@ function test_server_client {
        start_message "s_client ... connect to TLS/SSL test server reusing session id"
        sleep $test_pause_sec
        $c_bin s_client -connect $host:$port -CAfile $ca_cert \
-                -sess_in $sess_dat \
+                -tls1_2 -sess_in $sess_dat \
                -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
        check_exit_status $?
        
@@ -1450,7 +1450,7 @@ function test_server_client {
        start_message "s_client ... connect to TLS/SSL test server but verify error"
        sleep $test_pause_sec
        $c_bin s_client -connect $host:$port -CAfile $ca_cert \
-                -showcerts -crl_check -issuer_checks -policy_check \
+                -tls1_2 -showcerts -crl_check -issuer_checks -policy_check \
                -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
        check_exit_status $?
author	inoguchi <>	2020-01-26 12:37:06 +0000
committer	inoguchi <>	2020-01-26 12:37:06 +0000
commit	40c0cf8d2d9e73e1585d8d7edcadd9dba42da81e (patch)
tree	a7687514bd87fdb9dab684efa8f384b17159b8c2 /src
parent	41c804ce1e2ae16c6d4a5e7bc90e3d8fda8b3fe7 (diff)
download	openbsd-40c0cf8d2d9e73e1585d8d7edcadd9dba42da81e.tar.gz openbsd-40c0cf8d2d9e73e1585d8d7edcadd9dba42da81e.tar.bz2 openbsd-40c0cf8d2d9e73e1585d8d7edcadd9dba42da81e.zip

diff --git a/src/regress/usr.bin/openssl/appstest.sh b/src/regress/usr.bin/openssl/appstest.sh index 6c9265d2b8..ceefa0eccf 100755 --- a/src/regress/usr.bin/openssl/appstest.sh +++ b/src/regress/usr.bin/openssl/appstest.sh
@@ -1,6 +1,6 @@
1	#!/bin/sh	1	#!/bin/sh
2	#	2	#
3	# $OpenBSD: appstest.sh,v 1.31 2019/11/25 12:45:45 inoguchi Exp $	3	# $OpenBSD: appstest.sh,v 1.32 2020/01/26 12:37:06 inoguchi Exp $
4	#	4	#
5	# Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org>	5	# Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org>
6	#	6	#
@@ -1374,14 +1374,14 @@ function test_server_client {
1374		1374
1375	s_ciph=$server_dir/s_ciph_${sc}	1375	s_ciph=$server_dir/s_ciph_${sc}
1376	if [ $s_id = "0" ] ; then	1376	if [ $s_id = "0" ] ; then
1377	$s_bin ciphers -v ALL:!ECDSA:!kGOST \| awk '{print $1}' > $s_ciph	1377	$s_bin ciphers -v ALL:!ECDSA:!kGOST:!TLSv1.3 \| awk '{print $1}' > $s_ciph
1378	else	1378	else
1379	$s_bin ciphers -v \| awk '{print $1}' > $s_ciph	1379	$s_bin ciphers -v \| awk '{print $1}' > $s_ciph
1380	fi	1380	fi
1381		1381
1382	c_ciph=$user1_dir/c_ciph_${sc}	1382	c_ciph=$user1_dir/c_ciph_${sc}
1383	if [ $c_id = "0" ] ; then	1383	if [ $c_id = "0" ] ; then
1384	$c_bin ciphers -v ALL:!ECDSA:!kGOST \| awk '{print $1}' > $c_ciph	1384	$c_bin ciphers -v ALL:!ECDSA:!kGOST:!TLSv1.3 \| awk '{print $1}' > $c_ciph
1385	else	1385	else
1386	$c_bin ciphers -v \| awk '{print $1}' > $c_ciph	1386	$c_bin ciphers -v \| awk '{print $1}' > $c_ciph
1387	fi	1387	fi
@@ -1398,7 +1398,7 @@ function test_server_client {
1398	start_message "s_client ... connect to TLS/SSL test server with [ $cnstr ] $c"	1398	start_message "s_client ... connect to TLS/SSL test server with [ $cnstr ] $c"
1399	sleep $test_pause_sec	1399	sleep $test_pause_sec
1400	$c_bin s_client -connect $host:$port -CAfile $ca_cert \	1400	$c_bin s_client -connect $host:$port -CAfile $ca_cert \
1401	-cipher $c \	1401	-tls1_2 -cipher $c \
1402	-msg -tlsextdebug < /dev/null > $s_client_out 2>&1	1402	-msg -tlsextdebug < /dev/null > $s_client_out 2>&1
1403	check_exit_status $?	1403	check_exit_status $?
1404		1404
@@ -1416,7 +1416,7 @@ function test_server_client {
1416	start_message "s_client ... connect to TLS/SSL test server to get session id"	1416	start_message "s_client ... connect to TLS/SSL test server to get session id"
1417	sleep $test_pause_sec	1417	sleep $test_pause_sec
1418	$c_bin s_client -connect $host:$port -CAfile $ca_cert \	1418	$c_bin s_client -connect $host:$port -CAfile $ca_cert \
1419	-alpn "spdy/3,http/1.1" -sess_out $sess_dat \	1419	-tls1_2 -alpn "spdy/3,http/1.1" -sess_out $sess_dat \
1420	-msg -tlsextdebug < /dev/null > $s_client_out 2>&1	1420	-msg -tlsextdebug < /dev/null > $s_client_out 2>&1
1421	check_exit_status $?	1421	check_exit_status $?
1422		1422
@@ -1433,7 +1433,7 @@ function test_server_client {
1433	start_message "s_client ... connect to TLS/SSL test server reusing session id"	1433	start_message "s_client ... connect to TLS/SSL test server reusing session id"
1434	sleep $test_pause_sec	1434	sleep $test_pause_sec
1435	$c_bin s_client -connect $host:$port -CAfile $ca_cert \	1435	$c_bin s_client -connect $host:$port -CAfile $ca_cert \
1436	-sess_in $sess_dat \	1436	-tls1_2 -sess_in $sess_dat \
1437	-msg -tlsextdebug < /dev/null > $s_client_out 2>&1	1437	-msg -tlsextdebug < /dev/null > $s_client_out 2>&1
1438	check_exit_status $?	1438	check_exit_status $?
1439		1439
@@ -1450,7 +1450,7 @@ function test_server_client {
1450	start_message "s_client ... connect to TLS/SSL test server but verify error"	1450	start_message "s_client ... connect to TLS/SSL test server but verify error"
1451	sleep $test_pause_sec	1451	sleep $test_pause_sec
1452	$c_bin s_client -connect $host:$port -CAfile $ca_cert \	1452	$c_bin s_client -connect $host:$port -CAfile $ca_cert \
1453	-showcerts -crl_check -issuer_checks -policy_check \	1453	-tls1_2 -showcerts -crl_check -issuer_checks -policy_check \
1454	-msg -tlsextdebug < /dev/null > $s_client_out 2>&1	1454	-msg -tlsextdebug < /dev/null > $s_client_out 2>&1
1455	check_exit_status $?	1455	check_exit_status $?
1456		1456