Adjust tls regress for protocol parsing fixes

This mostly reverts what was done by beck in Tallinn and adjust tlstest to add new test cases and now failing connection tests.
author: tb <> 2024-08-02 15:02:22 +0000
committer: tb <> 2024-08-02 15:02:22 +0000
commit: 5b0ba3dd881b60a691a93fccbc6a02076410d007 (patch)
tree: 0986a54a0b80c08ce3b8c36c055c022024b67639 /src
parent: b406bf2119594dc725dd7e537eb049151f94db87 (diff)
download: openbsd-5b0ba3dd881b60a691a93fccbc6a02076410d007.tar.gz
openbsd-5b0ba3dd881b60a691a93fccbc6a02076410d007.tar.bz2
openbsd-5b0ba3dd881b60a691a93fccbc6a02076410d007.zip
3 files changed, 22 insertions, 16 deletions
diff --git a/src/regress/lib/libtls/config/configtest.c b/src/regress/lib/libtls/config/configtest.c
index 5af5b56ffd..9e0df8a5eb 100644
--- a/src/regress/lib/libtls/config/configtest.c
+++ b/src/regress/lib/libtls/config/configtest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: configtest.c,v 1.3 2023/07/02 06:37:27 beck Exp $ */
+/* $OpenBSD: configtest.c,v 1.4 2024/08/02 15:02:22 tb Exp $ */
 /*
 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
 *
@@ -71,27 +71,30 @@ struct parse_protocols_test parse_protocols_tests[] = {
        {
                .protostr = "tlsv1.0:tlsv1.1:tlsv1.2:tlsv1.3",
                .want_return = 0,
-                .want_protocols = TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3,
+                .want_protocols = TLS_PROTOCOL_TLSv1_0 | TLS_PROTOCOL_TLSv1_1 |
+                    TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3,
        },
        {
                .protostr = "tlsv1.0,tlsv1.1,tlsv1.2,tlsv1.3",
                .want_return = 0,
-                .want_protocols = TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3,
+                .want_protocols = TLS_PROTOCOL_TLSv1_0 | TLS_PROTOCOL_TLSv1_1 |
+                    TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3,
        },
        {
                .protostr = "tlsv1.1,tlsv1.2,tlsv1.0",
                .want_return = 0,
-                .want_protocols = TLS_PROTOCOL_TLSv1_2,
+                .want_protocols = TLS_PROTOCOL_TLSv1_0 | TLS_PROTOCOL_TLSv1_1 |
+                    TLS_PROTOCOL_TLSv1_2,
        },
        {
                .protostr = "tlsv1.1,tlsv1.2,tlsv1.1",
                .want_return = 0,
-                .want_protocols = TLS_PROTOCOL_TLSv1_2,
+                .want_protocols = TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2,
        },
        {
                .protostr = "tlsv1.1,tlsv1.2,!tlsv1.1",
                .want_return = 0,
-                .want_protocols = 0,
+                .want_protocols = TLS_PROTOCOL_TLSv1_2,
        },
        {
                .protostr = "unknown",
@@ -111,17 +114,19 @@ struct parse_protocols_test parse_protocols_tests[] = {
        {
                .protostr = "all,!tlsv1.0",
                .want_return = 0,
-                .want_protocols = TLS_PROTOCOL_TLSv1_3,
+                .want_protocols = TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2 | \
+                        TLS_PROTOCOL_TLSv1_3,
        },
        {
                .protostr = "!tlsv1.0",
                .want_return = 0,
-                .want_protocols = TLS_PROTOCOL_TLSv1_3,
+                .want_protocols = TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2 | \
+                        TLS_PROTOCOL_TLSv1_3,
        },
        {
                .protostr = "!tlsv1.0,!tlsv1.1,!tlsv1.3",
                .want_return = 0,
-                .want_protocols = 0,
+                .want_protocols = TLS_PROTOCOL_TLSv1_2,
        },
        {
                .protostr = "!tlsv1.0,!tlsv1.1,tlsv1.2,!tlsv1.3",
diff --git a/src/regress/lib/libtls/gotls/tls.go b/src/regress/lib/libtls/gotls/tls.go
index 3029d58c35..cf3e84c030 100644
--- a/src/regress/lib/libtls/gotls/tls.go
+++ b/src/regress/lib/libtls/gotls/tls.go
@@ -45,6 +45,8 @@ const (
 )
 var protocolNames = map[ProtocolVersion]string{
+        ProtocolTLSv10: "TLSv1",
+        ProtocolTLSv11: "TLSv1.1",
        ProtocolTLSv12: "TLSv1.2",
        ProtocolTLSv13: "TLSv1.3",
        ProtocolsAll:   "all",
diff --git a/src/regress/lib/libtls/tls/tlstest.c b/src/regress/lib/libtls/tls/tlstest.c
index fb6649e83f..b675c798b4 100644
--- a/src/regress/lib/libtls/tls/tlstest.c
+++ b/src/regress/lib/libtls/tls/tlstest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tlstest.c,v 1.15 2022/07/16 07:46:08 tb Exp $ */
+/* $OpenBSD: tlstest.c,v 1.16 2024/08/02 15:02:22 tb Exp $ */
 /*
 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
 *
@@ -497,16 +497,15 @@ struct test_versions {
 static struct test_versions tls_test_versions[] = {
        {"tlsv1.3", "all"},
        {"tlsv1.2", "all"},
-        {"tlsv1.1", "all"},
-        {"tlsv1.0", "all"},
        {"all", "tlsv1.3"},
        {"all", "tlsv1.2"},
-        {"all", "tlsv1.1"},
+        {"all:!tlsv1.1", "tlsv1.2"},
-        {"all", "tlsv1.0"},
+        {"all:!tlsv1.2", "tlsv1.3"},
+        {"all:!tlsv1.3", "tlsv1.2"},
+        {"all:!tlsv1.2:!tlsv1.1", "tlsv1.3"},
+        {"all:!tlsv1.2:!tlsv1.1:!tlsv1.0", "tlsv1.3"},
        {"tlsv1.3", "tlsv1.3"},
        {"tlsv1.2", "tlsv1.2"},
-        {"tlsv1.1", "tlsv1.1"},
-        {"tlsv1.0", "tlsv1.0"},
 };
 #define N_TLS_VERSION_TESTS \
author	tb <>	2024-08-02 15:02:22 +0000
committer	tb <>	2024-08-02 15:02:22 +0000
commit	5b0ba3dd881b60a691a93fccbc6a02076410d007 (patch)
tree	0986a54a0b80c08ce3b8c36c055c022024b67639 /src
parent	b406bf2119594dc725dd7e537eb049151f94db87 (diff)
download	openbsd-5b0ba3dd881b60a691a93fccbc6a02076410d007.tar.gz openbsd-5b0ba3dd881b60a691a93fccbc6a02076410d007.tar.bz2 openbsd-5b0ba3dd881b60a691a93fccbc6a02076410d007.zip