1 files changed, 46 insertions, 4 deletions
diff --git a/src/regress/lib/libssl/interop/client.c b/src/regress/lib/libssl/interop/client.c
index 6a85e35c92..a8e66c2876 100644
--- a/src/regress/lib/libssl/interop/client.c
+++ b/src/regress/lib/libssl/interop/client.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: client.c,v 1.9 2020/09/11 22:48:00 bluhm Exp $        */
+/*      $OpenBSD: client.c,v 1.10 2020/09/14 00:51:04 bluhm Exp $       */
 /*
 * Copyright (c) 2018-2019 Alexander Bluhm <bluhm@openbsd.org>
 *
@@ -35,7 +35,7 @@ void __dead
 usage(void)
 {
        fprintf(stderr, "usage: client [-Lsv] [-C CA] [-c crt -k key] "
-            "[-l ciphers] host port\n");
+            "[-l ciphers] [-V version] host port\n");
        exit(2);
 }
@@ -48,11 +48,12 @@ main(int argc, char *argv[])
        BIO *bio;
        SSL_SESSION *session = NULL;
        int ch, error, listciphers = 0, sessionreuse = 0, verify = 0;
+        int version = 0;
        char buf[256];
        char *ca = NULL, *crt = NULL, *key = NULL, *ciphers = NULL;
        char *host_port, *host = "127.0.0.1", *port = "0";
-        while ((ch = getopt(argc, argv, "C:c:k:Ll:sv")) != -1) {
+        while ((ch = getopt(argc, argv, "C:c:k:Ll:p:sV:v")) != -1) {
                switch (ch) {
                case 'C':
                        ca = optarg;
@@ -73,6 +74,21 @@ main(int argc, char *argv[])
                        /* multiple reueses are possible */
                        sessionreuse++;
                        break;
+                case 'V':
+                        if (strcmp(optarg, "TLS1") == 0) {
+                                version = TLS1_VERSION;
+                        } else if (strcmp(optarg, "TLS1_1") == 0) {
+                                version = TLS1_1_VERSION;
+                        } else if (strcmp(optarg, "TLS1_2") == 0) {
+                                version = TLS1_2_VERSION;
+#ifdef TLS1_3_VERSION
+                        } else if (strcmp(optarg, "TLS1_3") == 0) {
+                                version = TLS1_3_VERSION;
+#endif
+                        } else {
+                                errx(1, "unknown protocol version: %s", optarg);
+                        }
+                        break;
                case 'v':
                        verify = 1;
                        break;
@@ -104,7 +120,24 @@ main(int argc, char *argv[])
        if (method == NULL)
                err_ssl(1, "TLS_client_method");
 #else
-        method = SSLv23_client_method();
+        switch (version) {
+        case TLS1_VERSION:
+                method = TLSv1_client_method();
+                break;
+        case TLS1_1_VERSION:
+                method = TLSv1_1_client_method();
+                break;
+        case TLS1_2_VERSION:
+                method = TLSv1_2_client_method();
+                break;
+#ifdef TLS1_3_VERSION
+        case TLS1_3_VERSION:
+                err(1, "TLS1_3 not supported");
+#endif
+        default:
+                method = SSLv23_client_method();
+                break;
+        }
        if (method == NULL)
                err_ssl(1, "SSLv23_client_method");
 #endif
@@ -112,6 +145,15 @@ main(int argc, char *argv[])
        if (ctx == NULL)
                err_ssl(1, "SSL_CTX_new");
+#if OPENSSL_VERSION_NUMBER >= 0x1010000f
+        if (version) {
+                if (SSL_CTX_set_min_proto_version(ctx, version) != 1)
+                        err_ssl(1, "SSL_CTX_set_min_proto_version");
+                if (SSL_CTX_set_max_proto_version(ctx, version) != 1)
+                        err_ssl(1, "SSL_CTX_set_max_proto_version");
+        }
+#endif
        /* load client certificate */
        if (crt != NULL) {
                if (SSL_CTX_use_certificate_file(ctx, crt,

diff --git a/src/regress/lib/libssl/interop/client.c b/src/regress/lib/libssl/interop/client.c index 6a85e35c92..a8e66c2876 100644 --- a/src/regress/lib/libssl/interop/client.c +++ b/src/regress/lib/libssl/interop/client.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: client.c,v 1.9 2020/09/11 22:48:00 bluhm Exp $ */	1	/* $OpenBSD: client.c,v 1.10 2020/09/14 00:51:04 bluhm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018-2019 Alexander Bluhm <bluhm@openbsd.org>	3	* Copyright (c) 2018-2019 Alexander Bluhm <bluhm@openbsd.org>
4	*	4	*
@@ -35,7 +35,7 @@ void __dead
35	usage(void)	35	usage(void)
36	{	36	{
37	fprintf(stderr, "usage: client [-Lsv] [-C CA] [-c crt -k key] "	37	fprintf(stderr, "usage: client [-Lsv] [-C CA] [-c crt -k key] "
38	"[-l ciphers] host port\n");	38	"[-l ciphers] [-V version] host port\n");
39	exit(2);	39	exit(2);
40	}	40	}
41		41
@@ -48,11 +48,12 @@ main(int argc, char *argv[])
48	BIO *bio;	48	BIO *bio;
49	SSL_SESSION *session = NULL;	49	SSL_SESSION *session = NULL;
50	int ch, error, listciphers = 0, sessionreuse = 0, verify = 0;	50	int ch, error, listciphers = 0, sessionreuse = 0, verify = 0;
		51	int version = 0;
51	char buf[256];	52	char buf[256];
52	char ca = NULL, crt = NULL, key = NULL, ciphers = NULL;	53	char ca = NULL, crt = NULL, key = NULL, ciphers = NULL;
53	char host_port, host = "127.0.0.1", *port = "0";	54	char host_port, host = "127.0.0.1", *port = "0";
54		55
55	while ((ch = getopt(argc, argv, "C:c:k:Ll:sv")) != -1) {	56	while ((ch = getopt(argc, argv, "C:c:k:Ll:p:sV:v")) != -1) {
56	switch (ch) {	57	switch (ch) {
57	case 'C':	58	case 'C':
58	ca = optarg;	59	ca = optarg;
@@ -73,6 +74,21 @@ main(int argc, char *argv[])
73	/* multiple reueses are possible */	74	/* multiple reueses are possible */
74	sessionreuse++;	75	sessionreuse++;
75	break;	76	break;
		77	case 'V':
		78	if (strcmp(optarg, "TLS1") == 0) {
		79	version = TLS1_VERSION;
		80	} else if (strcmp(optarg, "TLS1_1") == 0) {
		81	version = TLS1_1_VERSION;
		82	} else if (strcmp(optarg, "TLS1_2") == 0) {
		83	version = TLS1_2_VERSION;
		84	#ifdef TLS1_3_VERSION
		85	} else if (strcmp(optarg, "TLS1_3") == 0) {
		86	version = TLS1_3_VERSION;
		87	#endif
		88	} else {
		89	errx(1, "unknown protocol version: %s", optarg);
		90	}
		91	break;
76	case 'v':	92	case 'v':
77	verify = 1;	93	verify = 1;
78	break;	94	break;
@@ -104,7 +120,24 @@ main(int argc, char *argv[])
104	if (method == NULL)	120	if (method == NULL)
105	err_ssl(1, "TLS_client_method");	121	err_ssl(1, "TLS_client_method");
106	#else	122	#else
107	method = SSLv23_client_method();	123	switch (version) {
		124	case TLS1_VERSION:
		125	method = TLSv1_client_method();
		126	break;
		127	case TLS1_1_VERSION:
		128	method = TLSv1_1_client_method();
		129	break;
		130	case TLS1_2_VERSION:
		131	method = TLSv1_2_client_method();
		132	break;
		133	#ifdef TLS1_3_VERSION
		134	case TLS1_3_VERSION:
		135	err(1, "TLS1_3 not supported");
		136	#endif
		137	default:
		138	method = SSLv23_client_method();
		139	break;
		140	}
108	if (method == NULL)	141	if (method == NULL)
109	err_ssl(1, "SSLv23_client_method");	142	err_ssl(1, "SSLv23_client_method");
110	#endif	143	#endif
@@ -112,6 +145,15 @@ main(int argc, char *argv[])
112	if (ctx == NULL)	145	if (ctx == NULL)
113	err_ssl(1, "SSL_CTX_new");	146	err_ssl(1, "SSL_CTX_new");
114		147
		148	#if OPENSSL_VERSION_NUMBER >= 0x1010000f
		149	if (version) {
		150	if (SSL_CTX_set_min_proto_version(ctx, version) != 1)
		151	err_ssl(1, "SSL_CTX_set_min_proto_version");
		152	if (SSL_CTX_set_max_proto_version(ctx, version) != 1)
		153	err_ssl(1, "SSL_CTX_set_max_proto_version");
		154	}
		155	#endif
		156
115	/* load client certificate */	157	/* load client certificate */
116	if (crt != NULL) {	158	if (crt != NULL) {
117	if (SSL_CTX_use_certificate_file(ctx, crt,	159	if (SSL_CTX_use_certificate_file(ctx, crt,