Retire interop tests with OpenSSL 3.3 and 3.4

author: tb <> 2025-07-25 16:33:15 +0000
committer: tb <> 2025-07-25 16:33:15 +0000
commit: 6618a43ea7b02c5b0f466548f4b922be713de484 (patch)
tree: dcdb417ae88ba8f25672d4514f97b3396d5af79a /src
parent: 605720689b3799d669f8c06ef779fb95dba5c468 (diff)
download: openbsd-6618a43ea7b02c5b0f466548f4b922be713de484.tar.gz
openbsd-6618a43ea7b02c5b0f466548f4b922be713de484.tar.bz2
openbsd-6618a43ea7b02c5b0f466548f4b922be713de484.zip
9 files changed, 11 insertions, 141 deletions
diff --git a/src/regress/lib/libssl/interop/Makefile b/src/regress/lib/libssl/interop/Makefile
index acb5d18205..e1e9633d37 100644
--- a/src/regress/lib/libssl/interop/Makefile
+++ b/src/regress/lib/libssl/interop/Makefile
@@ -1,6 +1,6 @@
-# $OpenBSD: Makefile,v 1.22 2025/07/09 17:48:02 tb Exp $
+# $OpenBSD: Makefile,v 1.23 2025/07/25 16:33:15 tb Exp $
-SUBDIR =        libressl openssl33 openssl34 openssl35
+SUBDIR =        libressl openssl35
 # the above binaries must have been built before we can continue
 SUBDIR +=       netcat
diff --git a/src/regress/lib/libssl/interop/botan/Makefile b/src/regress/lib/libssl/interop/botan/Makefile
index 1464cf84a8..56bcdaf4bd 100644
--- a/src/regress/lib/libssl/interop/botan/Makefile
+++ b/src/regress/lib/libssl/interop/botan/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.11 2025/07/09 17:48:02 tb Exp $
+# $OpenBSD: Makefile,v 1.12 2025/07/25 16:33:15 tb Exp $
 .include <bsd.own.mk>
@@ -20,12 +20,6 @@ CXX = /usr/local/bin/eg++
 .endif
 LIBRARIES =             libressl
-.if exists(/usr/local/bin/eopenssl33)
-LIBRARIES +=            openssl33
-.endif
-.if exists(/usr/local/bin/eopenssl34)
-LIBRARIES +=            openssl34
-.endif
 .if exists(/usr/local/bin/eopenssl35)
 LIBRARIES +=            openssl35
 .endif
diff --git a/src/regress/lib/libssl/interop/cert/Makefile b/src/regress/lib/libssl/interop/cert/Makefile
index 8f05e3f84d..9698c56acd 100644
--- a/src/regress/lib/libssl/interop/cert/Makefile
+++ b/src/regress/lib/libssl/interop/cert/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.15 2025/07/09 17:48:02 tb Exp $
+# $OpenBSD: Makefile,v 1.16 2025/07/25 16:33:15 tb Exp $
 # Connect a client to a server.  Both can be current libressl, or
 # openssl 3.x.  Create client and server certificates
@@ -7,12 +7,6 @@
 # and check the result of certificate verification.
 LIBRARIES =             libressl
-.if exists(/usr/local/bin/eopenssl33)
-LIBRARIES +=            openssl33
-.endif
-.if exists(/usr/local/bin/eopenssl34)
-LIBRARIES +=            openssl34
-.endif
 .if exists(/usr/local/bin/eopenssl35)
 LIBRARIES +=            openssl35
 .endif
diff --git a/src/regress/lib/libssl/interop/cipher/Makefile b/src/regress/lib/libssl/interop/cipher/Makefile
index 6693b962d0..5bdc9089fe 100644
--- a/src/regress/lib/libssl/interop/cipher/Makefile
+++ b/src/regress/lib/libssl/interop/cipher/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.18 2025/07/09 17:48:02 tb Exp $
+# $OpenBSD: Makefile,v 1.19 2025/07/25 16:33:15 tb Exp $
 # Connect a client to a server.  Both can be current libressl, or
 # openssl 1.1 or 3.0.  Create lists of supported ciphers
@@ -7,12 +7,6 @@
 # have used correct cipher by grepping in their session print out.
 LIBRARIES =             libressl
-.if exists(/usr/local/bin/eopenssl33)
-LIBRARIES +=            openssl33
-.endif
-.if exists(/usr/local/bin/eopenssl34)
-LIBRARIES +=            openssl34
-.endif
 .if exists(/usr/local/bin/eopenssl35)
 LIBRARIES +=            openssl35
 .endif
@@ -44,9 +38,7 @@ client-${clib}-server-${slib}.ciphers: \
        uniq -d <$@.tmp >$@
        # we are only interested in ciphers supported by libressl
        sort $@ client-libressl.ciphers >$@.tmp
-. if "${clib}" == "openssl33" || "${slib}" == "openssl33" || \
+. if "${clib}" == "openssl35" || "${slib}" == "openssl35"
-        "${clib}" == "openssl34" || "${slib}" == "openssl34" || \
-        "${clib}" == "openssl35" || "${slib}" == "openssl35"
        # OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers
        sed -i '/^TLS_/d' $@.tmp
 . endif
@@ -74,8 +66,6 @@ regress: ciphers.mk
 .endif
 LEVEL_libressl =
-LEVEL_openssl33 = ,@SECLEVEL=0
-LEVEL_openssl34 = ,@SECLEVEL=0
 LEVEL_openssl35 = ,@SECLEVEL=0
 .for clib in ${LIBRARIES}
@@ -137,7 +127,7 @@ check-cipher-${cipher}-client-${clib}-server-${slib}: \
 . endif
 . if "${clib}" == "libressl"
        # libressl client may prefer chacha-poly if aes-ni is not supported
-.  if "${slib}" == "openssl33" || "${slib}" == "openssl34" || "${slib}" == "openssl35"
+.  if "${slib}" == "openssl35"
        egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
 .  else
        egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
diff --git a/src/regress/lib/libssl/interop/netcat/Makefile b/src/regress/lib/libssl/interop/netcat/Makefile
index 0f2864ccca..cff6b7ea76 100644
--- a/src/regress/lib/libssl/interop/netcat/Makefile
+++ b/src/regress/lib/libssl/interop/netcat/Makefile
@@ -1,12 +1,6 @@
-# $OpenBSD: Makefile,v 1.11 2025/07/09 17:48:02 tb Exp $
+# $OpenBSD: Makefile,v 1.12 2025/07/25 16:33:15 tb Exp $
 LIBRARIES =             libressl
-.if exists(/usr/local/bin/eopenssl33)
-LIBRARIES +=            openssl33
-.endif
-.if exists(/usr/local/bin/eopenssl34)
-LIBRARIES +=            openssl34
-.endif
 .if exists(/usr/local/bin/eopenssl35)
 LIBRARIES +=            openssl35
 .endif
diff --git a/src/regress/lib/libssl/interop/openssl33/Makefile b/src/regress/lib/libssl/interop/openssl33/Makefile
deleted file mode 100644
index e82d75c001..0000000000
--- a/src/regress/lib/libssl/interop/openssl33/Makefile
+++ /dev/null
@@ -1,44 +0,0 @@
-# $OpenBSD: Makefile,v 1.2 2025/06/23 07:22:32 anton Exp $
-.if ! exists(/usr/local/bin/eopenssl33)
-regress:
-        # install openssl-3.3 from ports for interop tests
-        @echo 'Run "pkg_add openssl--%3.3" to run tests against OpenSSL 3.3'
-        @echo SKIPPED
-.else
-PROGS =                 client server
-CFLAGS +=               -DOPENSSL_SUPPRESS_DEPRECATED
-CPPFLAGS =              -I /usr/local/include/eopenssl33
-LDFLAGS =               -L /usr/local/lib/eopenssl33
-LDADD =                 -lssl -lcrypto
-DPADD =                 /usr/local/lib/eopenssl33/libssl.a \
-                        /usr/local/lib/eopenssl33/libcrypto.a
-LD_LIBRARY_PATH =       /usr/local/lib/eopenssl33
-REGRESS_TARGETS =       run-self-client-server
-.for p in ${PROGS}
-REGRESS_TARGETS +=      run-ldd-$p run-version-$p run-protocol-$p
-.endfor
-.for p in ${PROGS}
-run-ldd-$p: ldd-$p.out
-        # check that $p is linked with OpenSSL 3.3
-        grep -q /usr/local/lib/eopenssl33/libcrypto.so ldd-$p.out
-        grep -q /usr/local/lib/eopenssl33/libssl.so ldd-$p.out
-        # check that $p is not linked with LibreSSL
-        ! grep -v -e libc.so -e libpthread.so ldd-$p.out | grep /usr/lib/
-run-version-$p: $p-self.out
-        # check that runtime version is OpenSSL 3.3
-        grep 'SSLEAY_VERSION: OpenSSL 3.3' $p-self.out
-run-protocol-$p: $p-self.out
-        # check that OpenSSL 3.3 protocol version is TLS 1.3
-        grep 'Protocol *: TLSv1.3' $p-self.out
-.endfor
-.endif # exists(/usr/local/bin/eopenssl33)
-.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/openssl34/Makefile b/src/regress/lib/libssl/interop/openssl34/Makefile
deleted file mode 100644
index 9c23553a74..0000000000
--- a/src/regress/lib/libssl/interop/openssl34/Makefile
+++ /dev/null
@@ -1,44 +0,0 @@
-# $OpenBSD: Makefile,v 1.2 2025/06/23 07:26:52 tb Exp $
-.if ! exists(/usr/local/bin/eopenssl34)
-regress:
-        # install openssl-3.4 from ports for interop tests
-        @echo 'Run "pkg_add openssl--%3.4" to run tests against OpenSSL 3.4'
-        @echo SKIPPED
-.else
-PROGS =                 client server
-CFLAGS +=               -DOPENSSL_SUPPRESS_DEPRECATED
-CPPFLAGS =              -I /usr/local/include/eopenssl34
-LDFLAGS =               -L /usr/local/lib/eopenssl34
-LDADD =                 -lssl -lcrypto
-DPADD =                 /usr/local/lib/eopenssl34/libssl.a \
-                        /usr/local/lib/eopenssl34/libcrypto.a
-LD_LIBRARY_PATH =       /usr/local/lib/eopenssl34
-REGRESS_TARGETS =       run-self-client-server
-.for p in ${PROGS}
-REGRESS_TARGETS +=      run-ldd-$p run-version-$p run-protocol-$p
-.endfor
-.for p in ${PROGS}
-run-ldd-$p: ldd-$p.out
-        # check that $p is linked with OpenSSL 3.4
-        grep -q /usr/local/lib/eopenssl34/libcrypto.so ldd-$p.out
-        grep -q /usr/local/lib/eopenssl34/libssl.so ldd-$p.out
-        # check that $p is not linked with LibreSSL
-        ! grep -v -e libc.so -e libpthread.so ldd-$p.out | grep /usr/lib/
-run-version-$p: $p-self.out
-        # check that runtime version is OpenSSL 3.4
-        grep 'SSLEAY_VERSION: OpenSSL 3.4' $p-self.out
-run-protocol-$p: $p-self.out
-        # check that OpenSSL 3.4 protocol version is TLS 1.3
-        grep 'Protocol *: TLSv1.3' $p-self.out
-.endfor
-.endif # exists(/usr/local/bin/eopenssl34)
-.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/session/Makefile b/src/regress/lib/libssl/interop/session/Makefile
index 4670240f9f..fff66b169b 100644
--- a/src/regress/lib/libssl/interop/session/Makefile
+++ b/src/regress/lib/libssl/interop/session/Makefile
@@ -1,12 +1,6 @@
-# $OpenBSD: Makefile,v 1.13 2025/07/09 17:48:02 tb Exp $
+# $OpenBSD: Makefile,v 1.14 2025/07/25 16:33:15 tb Exp $
 LIBRARIES =             libressl
-.if exists(/usr/local/bin/eopenssl33)
-#LIBRARIES +=           openssl33
-.endif
-.if exists(/usr/local/bin/eopenssl34)
-#LIBRARIES +=           openssl34
-.endif
 .if exists(/usr/local/bin/eopenssl35)
 #LIBRARIES +=           openssl35
 .endif
diff --git a/src/regress/lib/libssl/interop/version/Makefile b/src/regress/lib/libssl/interop/version/Makefile
index 133fc29629..5ee7d4c4f3 100644
--- a/src/regress/lib/libssl/interop/version/Makefile
+++ b/src/regress/lib/libssl/interop/version/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.11 2025/07/09 17:48:02 tb Exp $
+# $OpenBSD: Makefile,v 1.12 2025/07/25 16:33:15 tb Exp $
 # Connect a client to a server.  Both can be current libressl, or
 # openssl 1.1 or openssl 3.0.  Pin client or server to a fixed TLS
@@ -7,12 +7,6 @@
 # print out.
 LIBRARIES =             libressl
-.if exists(/usr/local/bin/eopenssl33)
-LIBRARIES +=            openssl33
-.endif
-.if exists(/usr/local/bin/eopenssl34)
-LIBRARIES +=            openssl34
-.endif
 .if exists(/usr/local/bin/eopenssl35)
 LIBRARIES +=            openssl35
 .endif
@@ -32,9 +26,7 @@ FAIL_${cver}_${sver} = !
 .for slib in ${LIBRARIES}
 .if ("${cver}" != TLS1_3 && "${sver}" != TLS1_3) && \
-    ((("${clib}" != openssl33 && "${slib}" != openssl33)) || \
+    ((("${clib}" != openssl35 && "${slib}" != openssl35)) || \
-    (("${clib}" != openssl34 && "${slib}" != openssl34)) || \
-    (("${clib}" != openssl35 && "${slib}" != openssl35)) || \
    (("${cver}" != any && "${sver}" != any) && \
    ("${cver}" != TLS1 && "${sver}" != TLS1) && \
    ("${cver}" != TLS1_1 && "${sver}" != TLS1_1)))
author	tb <>	2025-07-25 16:33:15 +0000
committer	tb <>	2025-07-25 16:33:15 +0000
commit	6618a43ea7b02c5b0f466548f4b922be713de484 (patch)
tree	dcdb417ae88ba8f25672d4514f97b3396d5af79a /src
parent	605720689b3799d669f8c06ef779fb95dba5c468 (diff)
download	openbsd-6618a43ea7b02c5b0f466548f4b922be713de484.tar.gz openbsd-6618a43ea7b02c5b0f466548f4b922be713de484.tar.bz2 openbsd-6618a43ea7b02c5b0f466548f4b922be713de484.zip

diff --git a/src/regress/lib/libssl/interop/Makefile b/src/regress/lib/libssl/interop/Makefile index acb5d18205..e1e9633d37 100644 --- a/src/regress/lib/libssl/interop/Makefile +++ b/src/regress/lib/libssl/interop/Makefile
@@ -1,6 +1,6 @@
1	# $OpenBSD: Makefile,v 1.22 2025/07/09 17:48:02 tb Exp $	1	# $OpenBSD: Makefile,v 1.23 2025/07/25 16:33:15 tb Exp $
2		2
3	SUBDIR = libressl openssl33 openssl34 openssl35	3	SUBDIR = libressl openssl35
4		4
5	# the above binaries must have been built before we can continue	5	# the above binaries must have been built before we can continue
6	SUBDIR += netcat	6	SUBDIR += netcat


diff --git a/src/regress/lib/libssl/interop/botan/Makefile b/src/regress/lib/libssl/interop/botan/Makefile index 1464cf84a8..56bcdaf4bd 100644 --- a/src/regress/lib/libssl/interop/botan/Makefile +++ b/src/regress/lib/libssl/interop/botan/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.11 2025/07/09 17:48:02 tb Exp $	1	# $OpenBSD: Makefile,v 1.12 2025/07/25 16:33:15 tb Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4		4
@@ -20,12 +20,6 @@ CXX = /usr/local/bin/eg++
20	.endif	20	.endif
21		21
22	LIBRARIES = libressl	22	LIBRARIES = libressl
23	.if exists(/usr/local/bin/eopenssl33)
24	LIBRARIES += openssl33
25	.endif
26	.if exists(/usr/local/bin/eopenssl34)
27	LIBRARIES += openssl34
28	.endif
29	.if exists(/usr/local/bin/eopenssl35)	23	.if exists(/usr/local/bin/eopenssl35)
30	LIBRARIES += openssl35	24	LIBRARIES += openssl35
31	.endif	25	.endif


diff --git a/src/regress/lib/libssl/interop/cert/Makefile b/src/regress/lib/libssl/interop/cert/Makefile index 8f05e3f84d..9698c56acd 100644 --- a/src/regress/lib/libssl/interop/cert/Makefile +++ b/src/regress/lib/libssl/interop/cert/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.15 2025/07/09 17:48:02 tb Exp $	1	# $OpenBSD: Makefile,v 1.16 2025/07/25 16:33:15 tb Exp $
2		2
3	# Connect a client to a server. Both can be current libressl, or	3	# Connect a client to a server. Both can be current libressl, or
4	# openssl 3.x. Create client and server certificates	4	# openssl 3.x. Create client and server certificates
@@ -7,12 +7,6 @@
7	# and check the result of certificate verification.	7	# and check the result of certificate verification.
8		8
9	LIBRARIES = libressl	9	LIBRARIES = libressl
10	.if exists(/usr/local/bin/eopenssl33)
11	LIBRARIES += openssl33
12	.endif
13	.if exists(/usr/local/bin/eopenssl34)
14	LIBRARIES += openssl34
15	.endif
16	.if exists(/usr/local/bin/eopenssl35)	10	.if exists(/usr/local/bin/eopenssl35)
17	LIBRARIES += openssl35	11	LIBRARIES += openssl35
18	.endif	12	.endif


diff --git a/src/regress/lib/libssl/interop/cipher/Makefile b/src/regress/lib/libssl/interop/cipher/Makefile index 6693b962d0..5bdc9089fe 100644 --- a/src/regress/lib/libssl/interop/cipher/Makefile +++ b/src/regress/lib/libssl/interop/cipher/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.18 2025/07/09 17:48:02 tb Exp $	1	# $OpenBSD: Makefile,v 1.19 2025/07/25 16:33:15 tb Exp $
2		2
3	# Connect a client to a server. Both can be current libressl, or	3	# Connect a client to a server. Both can be current libressl, or
4	# openssl 1.1 or 3.0. Create lists of supported ciphers	4	# openssl 1.1 or 3.0. Create lists of supported ciphers
@@ -7,12 +7,6 @@
7	# have used correct cipher by grepping in their session print out.	7	# have used correct cipher by grepping in their session print out.
8		8
9	LIBRARIES = libressl	9	LIBRARIES = libressl
10	.if exists(/usr/local/bin/eopenssl33)
11	LIBRARIES += openssl33
12	.endif
13	.if exists(/usr/local/bin/eopenssl34)
14	LIBRARIES += openssl34
15	.endif
16	.if exists(/usr/local/bin/eopenssl35)	10	.if exists(/usr/local/bin/eopenssl35)
17	LIBRARIES += openssl35	11	LIBRARIES += openssl35
18	.endif	12	.endif
@@ -44,9 +38,7 @@ client-${clib}-server-${slib}.ciphers: \
44	uniq -d <$@.tmp >$@	38	uniq -d <$@.tmp >$@
45	# we are only interested in ciphers supported by libressl	39	# we are only interested in ciphers supported by libressl
46	sort $@ client-libressl.ciphers >$@.tmp	40	sort $@ client-libressl.ciphers >$@.tmp
47	. if "${clib}" == "openssl33" \|\| "${slib}" == "openssl33" \|\| \	41	. if "${clib}" == "openssl35" \|\| "${slib}" == "openssl35"
48	"${clib}" == "openssl34" \|\| "${slib}" == "openssl34" \|\| \
49	"${clib}" == "openssl35" \|\| "${slib}" == "openssl35"
50	# OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers	42	# OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers
51	sed -i '/^TLS_/d' $@.tmp	43	sed -i '/^TLS_/d' $@.tmp
52	. endif	44	. endif
@@ -74,8 +66,6 @@ regress: ciphers.mk
74	.endif	66	.endif
75		67
76	LEVEL_libressl =	68	LEVEL_libressl =
77	LEVEL_openssl33 = ,@SECLEVEL=0
78	LEVEL_openssl34 = ,@SECLEVEL=0
79	LEVEL_openssl35 = ,@SECLEVEL=0	69	LEVEL_openssl35 = ,@SECLEVEL=0
80		70
81	.for clib in ${LIBRARIES}	71	.for clib in ${LIBRARIES}
@@ -137,7 +127,7 @@ check-cipher-${cipher}-client-${clib}-server-${slib}: \
137	. endif	127	. endif
138	. if "${clib}" == "libressl"	128	. if "${clib}" == "libressl"
139	# libressl client may prefer chacha-poly if aes-ni is not supported	129	# libressl client may prefer chacha-poly if aes-ni is not supported
140	. if "${slib}" == "openssl33" \|\| "${slib}" == "openssl34" \|\| "${slib}" == "openssl35"	130	. if "${slib}" == "openssl35"
141	egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384\|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out	131	egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384\|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
142	. else	132	. else
143	egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384\|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out	133	egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384\|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out


diff --git a/src/regress/lib/libssl/interop/netcat/Makefile b/src/regress/lib/libssl/interop/netcat/Makefile index 0f2864ccca..cff6b7ea76 100644 --- a/src/regress/lib/libssl/interop/netcat/Makefile +++ b/src/regress/lib/libssl/interop/netcat/Makefile
@@ -1,12 +1,6 @@
1	# $OpenBSD: Makefile,v 1.11 2025/07/09 17:48:02 tb Exp $	1	# $OpenBSD: Makefile,v 1.12 2025/07/25 16:33:15 tb Exp $
2		2
3	LIBRARIES = libressl	3	LIBRARIES = libressl
4	.if exists(/usr/local/bin/eopenssl33)
5	LIBRARIES += openssl33
6	.endif
7	.if exists(/usr/local/bin/eopenssl34)
8	LIBRARIES += openssl34
9	.endif
10	.if exists(/usr/local/bin/eopenssl35)	4	.if exists(/usr/local/bin/eopenssl35)
11	LIBRARIES += openssl35	5	LIBRARIES += openssl35
12	.endif	6	.endif


diff --git a/src/regress/lib/libssl/interop/openssl33/Makefile b/src/regress/lib/libssl/interop/openssl33/Makefile deleted file mode 100644 index e82d75c001..0000000000 --- a/src/regress/lib/libssl/interop/openssl33/Makefile +++ /dev/null
@@ -1,44 +0,0 @@
1	# $OpenBSD: Makefile,v 1.2 2025/06/23 07:22:32 anton Exp $
2
3	.if ! exists(/usr/local/bin/eopenssl33)
4	regress:
5	# install openssl-3.3 from ports for interop tests
6	@echo 'Run "pkg_add openssl--%3.3" to run tests against OpenSSL 3.3'
7	@echo SKIPPED
8	.else
9
10	PROGS = client server
11	CFLAGS += -DOPENSSL_SUPPRESS_DEPRECATED
12	CPPFLAGS = -I /usr/local/include/eopenssl33
13	LDFLAGS = -L /usr/local/lib/eopenssl33
14	LDADD = -lssl -lcrypto
15	DPADD = /usr/local/lib/eopenssl33/libssl.a \
16	/usr/local/lib/eopenssl33/libcrypto.a
17	LD_LIBRARY_PATH = /usr/local/lib/eopenssl33
18	REGRESS_TARGETS = run-self-client-server
19	.for p in ${PROGS}
20	REGRESS_TARGETS += run-ldd-$p run-version-$p run-protocol-$p
21	.endfor
22
23	.for p in ${PROGS}
24
25	run-ldd-$p: ldd-$p.out
26	# check that $p is linked with OpenSSL 3.3
27	grep -q /usr/local/lib/eopenssl33/libcrypto.so ldd-$p.out
28	grep -q /usr/local/lib/eopenssl33/libssl.so ldd-$p.out
29	# check that $p is not linked with LibreSSL
30	! grep -v -e libc.so -e libpthread.so ldd-$p.out \| grep /usr/lib/
31
32	run-version-$p: $p-self.out
33	# check that runtime version is OpenSSL 3.3
34	grep 'SSLEAY_VERSION: OpenSSL 3.3' $p-self.out
35
36	run-protocol-$p: $p-self.out
37	# check that OpenSSL 3.3 protocol version is TLS 1.3
38	grep 'Protocol *: TLSv1.3' $p-self.out
39
40	.endfor
41
42	.endif # exists(/usr/local/bin/eopenssl33)
43
44	.include <bsd.regress.mk>


diff --git a/src/regress/lib/libssl/interop/openssl34/Makefile b/src/regress/lib/libssl/interop/openssl34/Makefile deleted file mode 100644 index 9c23553a74..0000000000 --- a/src/regress/lib/libssl/interop/openssl34/Makefile +++ /dev/null
@@ -1,44 +0,0 @@
1	# $OpenBSD: Makefile,v 1.2 2025/06/23 07:26:52 tb Exp $
2
3	.if ! exists(/usr/local/bin/eopenssl34)
4	regress:
5	# install openssl-3.4 from ports for interop tests
6	@echo 'Run "pkg_add openssl--%3.4" to run tests against OpenSSL 3.4'
7	@echo SKIPPED
8	.else
9
10	PROGS = client server
11	CFLAGS += -DOPENSSL_SUPPRESS_DEPRECATED
12	CPPFLAGS = -I /usr/local/include/eopenssl34
13	LDFLAGS = -L /usr/local/lib/eopenssl34
14	LDADD = -lssl -lcrypto
15	DPADD = /usr/local/lib/eopenssl34/libssl.a \
16	/usr/local/lib/eopenssl34/libcrypto.a
17	LD_LIBRARY_PATH = /usr/local/lib/eopenssl34
18	REGRESS_TARGETS = run-self-client-server
19	.for p in ${PROGS}
20	REGRESS_TARGETS += run-ldd-$p run-version-$p run-protocol-$p
21	.endfor
22
23	.for p in ${PROGS}
24
25	run-ldd-$p: ldd-$p.out
26	# check that $p is linked with OpenSSL 3.4
27	grep -q /usr/local/lib/eopenssl34/libcrypto.so ldd-$p.out
28	grep -q /usr/local/lib/eopenssl34/libssl.so ldd-$p.out
29	# check that $p is not linked with LibreSSL
30	! grep -v -e libc.so -e libpthread.so ldd-$p.out \| grep /usr/lib/
31
32	run-version-$p: $p-self.out
33	# check that runtime version is OpenSSL 3.4
34	grep 'SSLEAY_VERSION: OpenSSL 3.4' $p-self.out
35
36	run-protocol-$p: $p-self.out
37	# check that OpenSSL 3.4 protocol version is TLS 1.3
38	grep 'Protocol *: TLSv1.3' $p-self.out
39
40	.endfor
41
42	.endif # exists(/usr/local/bin/eopenssl34)
43
44	.include <bsd.regress.mk>


diff --git a/src/regress/lib/libssl/interop/session/Makefile b/src/regress/lib/libssl/interop/session/Makefile index 4670240f9f..fff66b169b 100644 --- a/src/regress/lib/libssl/interop/session/Makefile +++ b/src/regress/lib/libssl/interop/session/Makefile
@@ -1,12 +1,6 @@
1	# $OpenBSD: Makefile,v 1.13 2025/07/09 17:48:02 tb Exp $	1	# $OpenBSD: Makefile,v 1.14 2025/07/25 16:33:15 tb Exp $
2		2
3	LIBRARIES = libressl	3	LIBRARIES = libressl
4	.if exists(/usr/local/bin/eopenssl33)
5	#LIBRARIES += openssl33
6	.endif
7	.if exists(/usr/local/bin/eopenssl34)
8	#LIBRARIES += openssl34
9	.endif
10	.if exists(/usr/local/bin/eopenssl35)	4	.if exists(/usr/local/bin/eopenssl35)
11	#LIBRARIES += openssl35	5	#LIBRARIES += openssl35
12	.endif	6	.endif


diff --git a/src/regress/lib/libssl/interop/version/Makefile b/src/regress/lib/libssl/interop/version/Makefile index 133fc29629..5ee7d4c4f3 100644 --- a/src/regress/lib/libssl/interop/version/Makefile +++ b/src/regress/lib/libssl/interop/version/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.11 2025/07/09 17:48:02 tb Exp $	1	# $OpenBSD: Makefile,v 1.12 2025/07/25 16:33:15 tb Exp $
2		2
3	# Connect a client to a server. Both can be current libressl, or	3	# Connect a client to a server. Both can be current libressl, or
4	# openssl 1.1 or openssl 3.0. Pin client or server to a fixed TLS	4	# openssl 1.1 or openssl 3.0. Pin client or server to a fixed TLS
@@ -7,12 +7,6 @@
7	# print out.	7	# print out.
8		8
9	LIBRARIES = libressl	9	LIBRARIES = libressl
10	.if exists(/usr/local/bin/eopenssl33)
11	LIBRARIES += openssl33
12	.endif
13	.if exists(/usr/local/bin/eopenssl34)
14	LIBRARIES += openssl34
15	.endif
16	.if exists(/usr/local/bin/eopenssl35)	10	.if exists(/usr/local/bin/eopenssl35)
17	LIBRARIES += openssl35	11	LIBRARIES += openssl35
18	.endif	12	.endif
@@ -32,9 +26,7 @@ FAIL_${cver}_${sver} = !
32	.for slib in ${LIBRARIES}	26	.for slib in ${LIBRARIES}
33		27
34	.if ("${cver}" != TLS1_3 && "${sver}" != TLS1_3) && \	28	.if ("${cver}" != TLS1_3 && "${sver}" != TLS1_3) && \
35	((("${clib}" != openssl33 && "${slib}" != openssl33)) \|\| \	29	((("${clib}" != openssl35 && "${slib}" != openssl35)) \|\| \
36	(("${clib}" != openssl34 && "${slib}" != openssl34)) \|\| \
37	(("${clib}" != openssl35 && "${slib}" != openssl35)) \|\| \
38	(("${cver}" != any && "${sver}" != any) && \	30	(("${cver}" != any && "${sver}" != any) && \
39	("${cver}" != TLS1 && "${sver}" != TLS1) && \	31	("${cver}" != TLS1 && "${sver}" != TLS1) && \
40	("${cver}" != TLS1_1 && "${sver}" != TLS1_1)))	32	("${cver}" != TLS1_1 && "${sver}" != TLS1_1)))