diff options
| author | tb <> | 2022-07-07 11:40:17 +0000 |
|---|---|---|
| committer | tb <> | 2022-07-07 11:40:17 +0000 |
| commit | 42eea85c684d57fd6947ac89719d3c7cb26cd34e (patch) | |
| tree | 7e0955c95fb9393ff775a9eb038303b517d9a75c /src | |
| parent | 002fa622c668664946f8042a8f090fbf06f50b48 (diff) | |
| download | openbsd-42eea85c684d57fd6947ac89719d3c7cb26cd34e.tar.gz openbsd-42eea85c684d57fd6947ac89719d3c7cb26cd34e.tar.bz2 openbsd-42eea85c684d57fd6947ac89719d3c7cb26cd34e.zip | |
Switch ssltest to using the newly generated certs that use SHA-256 instead
of SHA-1. This helps the switch to security-level aware ssltest.
From jsing
Diffstat (limited to 'src')
| -rw-r--r-- | src/regress/lib/libssl/ssl/Makefile | 6 | ||||
| -rw-r--r-- | src/regress/lib/libssl/ssl/ssltest.c | 8 |
2 files changed, 6 insertions, 8 deletions
diff --git a/src/regress/lib/libssl/ssl/Makefile b/src/regress/lib/libssl/ssl/Makefile index 582dd1c8af..91abaae85e 100644 --- a/src/regress/lib/libssl/ssl/Makefile +++ b/src/regress/lib/libssl/ssl/Makefile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.4 2021/10/15 16:49:12 jsing Exp $ | 1 | # $OpenBSD: Makefile,v 1.5 2022/07/07 11:40:17 tb Exp $ |
| 2 | 2 | ||
| 3 | PROG= ssltest | 3 | PROG= ssltest |
| 4 | LDADD= -lcrypto -lssl | 4 | LDADD= -lcrypto -lssl |
| @@ -11,7 +11,7 @@ REGRESS_TARGETS=regress-ssltest | |||
| 11 | 11 | ||
| 12 | regress-ssltest: ${PROG} | 12 | regress-ssltest: ${PROG} |
| 13 | sh ${.CURDIR}/testssl \ | 13 | sh ${.CURDIR}/testssl \ |
| 14 | ${.CURDIR}/../certs/server.pem ${.CURDIR}/../certs/server.pem \ | 14 | ${.CURDIR}/../certs/server1-rsa.pem ${.CURDIR}/../certs/server1-rsa-chain.pem \ |
| 15 | ${.CURDIR}/../certs/ca.pem | 15 | ${.CURDIR}/../certs/ca-root-rsa.pem |
| 16 | 16 | ||
| 17 | .include <bsd.regress.mk> | 17 | .include <bsd.regress.mk> |
diff --git a/src/regress/lib/libssl/ssl/ssltest.c b/src/regress/lib/libssl/ssl/ssltest.c index 32253844b2..0deac3e736 100644 --- a/src/regress/lib/libssl/ssl/ssltest.c +++ b/src/regress/lib/libssl/ssl/ssltest.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssltest.c,v 1.33 2021/11/21 21:40:45 tb Exp $ */ | 1 | /* $OpenBSD: ssltest.c,v 1.34 2022/07/07 11:40:17 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -659,8 +659,7 @@ bad: | |||
| 659 | EC_KEY_free(ecdh); | 659 | EC_KEY_free(ecdh); |
| 660 | } | 660 | } |
| 661 | 661 | ||
| 662 | if (!SSL_CTX_use_certificate_file(s_ctx, server_cert, | 662 | if (!SSL_CTX_use_certificate_chain_file(s_ctx, server_cert)) { |
| 663 | SSL_FILETYPE_PEM)) { | ||
| 664 | ERR_print_errors(bio_err); | 663 | ERR_print_errors(bio_err); |
| 665 | } else if (!SSL_CTX_use_PrivateKey_file(s_ctx, | 664 | } else if (!SSL_CTX_use_PrivateKey_file(s_ctx, |
| 666 | (server_key ? server_key : server_cert), SSL_FILETYPE_PEM)) { | 665 | (server_key ? server_key : server_cert), SSL_FILETYPE_PEM)) { |
| @@ -669,8 +668,7 @@ bad: | |||
| 669 | } | 668 | } |
| 670 | 669 | ||
| 671 | if (client_auth) { | 670 | if (client_auth) { |
| 672 | SSL_CTX_use_certificate_file(c_ctx, client_cert, | 671 | SSL_CTX_use_certificate_chain_file(c_ctx, client_cert); |
| 673 | SSL_FILETYPE_PEM); | ||
| 674 | SSL_CTX_use_PrivateKey_file(c_ctx, | 672 | SSL_CTX_use_PrivateKey_file(c_ctx, |
| 675 | (client_key ? client_key : client_cert), | 673 | (client_key ? client_key : client_cert), |
| 676 | SSL_FILETYPE_PEM); | 674 | SSL_FILETYPE_PEM); |