1 files changed, 46 insertions, 4 deletions
diff --git a/src/regress/lib/libssl/interop/server.c b/src/regress/lib/libssl/interop/server.c
index 6723817498..4b9dd0f506 100644
--- a/src/regress/lib/libssl/interop/server.c
+++ b/src/regress/lib/libssl/interop/server.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: server.c,v 1.8 2019/03/21 17:52:26 bluhm Exp $        */
+/*      $OpenBSD: server.c,v 1.9 2020/09/14 00:51:04 bluhm Exp $        */
 /*
 * Copyright (c) 2018-2019 Alexander Bluhm <bluhm@openbsd.org>
 *
@@ -36,7 +36,7 @@ void __dead
 usage(void)
 {
        fprintf(stderr, "usage: server [-Lsvv] [-C CA] [-c crt -k key] "
-            "[-l ciphers] [-p dhparam] [host port]\n");
+            "[-l ciphers] [-p dhparam] [-V version] [host port]\n");
        exit(2);
 }
@@ -49,11 +49,12 @@ main(int argc, char *argv[])
        BIO *abio, *cbio;
        SSL_SESSION *session;
        int ch, error, listciphers = 0, sessionreuse = 0, verify = 0;
+        int version = 0;
        char buf[256], *dhparam = NULL;
        char *ca = NULL, *crt = NULL, *key = NULL, *ciphers = NULL;
        char *host_port, *host = "127.0.0.1", *port = "0";
-        while ((ch = getopt(argc, argv, "C:c:k:Ll:p:sv")) != -1) {
+        while ((ch = getopt(argc, argv, "C:c:k:Ll:p:sV:v")) != -1) {
                switch (ch) {
                case 'C':
                        ca = optarg;
@@ -77,6 +78,21 @@ main(int argc, char *argv[])
                        /* multiple reueses are possible */
                        sessionreuse++;
                        break;
+                case 'V':
+                        if (strcmp(optarg, "TLS1") == 0) {
+                                version = TLS1_VERSION;
+                        } else if (strcmp(optarg, "TLS1_1") == 0) {
+                                version = TLS1_1_VERSION;
+                        } else if (strcmp(optarg, "TLS1_2") == 0) {
+                                version = TLS1_2_VERSION;
+#ifdef TLS1_3_VERSION
+                        } else if (strcmp(optarg, "TLS1_3") == 0) {
+                                version = TLS1_3_VERSION;
+#endif
+                        } else {
+                                errx(1, "unknown protocol version: %s", optarg);
+                        }
+                        break;
                case 'v':
                        /* use twice to force client cert */
                        verify++;
@@ -113,7 +129,24 @@ main(int argc, char *argv[])
        if (method == NULL)
                err_ssl(1, "TLS_server_method");
 #else
-        method = SSLv23_server_method();
+        switch (version) {
+        case TLS1_VERSION:
+                method = TLSv1_server_method();
+                break;
+        case TLS1_1_VERSION:
+                method = TLSv1_1_server_method();
+                break;
+        case TLS1_2_VERSION:
+                method = TLSv1_2_server_method();
+                break;
+#ifdef TLS1_3_VERSION
+        case TLS1_3_VERSION:
+                err(1, "TLS1_3 not supported");
+#endif
+        default:
+                method = SSLv23_server_method();
+                break;
+        }
        if (method == NULL)
                err_ssl(1, "SSLv23_server_method");
 #endif
@@ -121,6 +154,15 @@ main(int argc, char *argv[])
        if (ctx == NULL)
                err_ssl(1, "SSL_CTX_new");
+#if OPENSSL_VERSION_NUMBER >= 0x1010000f
+        if (version) {
+                if (SSL_CTX_set_min_proto_version(ctx, version) != 1)
+                        err_ssl(1, "SSL_CTX_set_min_proto_version");
+                if (SSL_CTX_set_max_proto_version(ctx, version) != 1)
+                        err_ssl(1, "SSL_CTX_set_max_proto_version");
+        }
+#endif
 #if OPENSSL_VERSION_NUMBER >= 0x10100000
        /* needed to use DHE cipher with libressl */
        if (SSL_CTX_set_dh_auto(ctx, 1) <= 0)

diff --git a/src/regress/lib/libssl/interop/server.c b/src/regress/lib/libssl/interop/server.c index 6723817498..4b9dd0f506 100644 --- a/src/regress/lib/libssl/interop/server.c +++ b/src/regress/lib/libssl/interop/server.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: server.c,v 1.8 2019/03/21 17:52:26 bluhm Exp $ */	1	/* $OpenBSD: server.c,v 1.9 2020/09/14 00:51:04 bluhm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018-2019 Alexander Bluhm <bluhm@openbsd.org>	3	* Copyright (c) 2018-2019 Alexander Bluhm <bluhm@openbsd.org>
4	*	4	*
@@ -36,7 +36,7 @@ void __dead
36	usage(void)	36	usage(void)
37	{	37	{
38	fprintf(stderr, "usage: server [-Lsvv] [-C CA] [-c crt -k key] "	38	fprintf(stderr, "usage: server [-Lsvv] [-C CA] [-c crt -k key] "
39	"[-l ciphers] [-p dhparam] [host port]\n");	39	"[-l ciphers] [-p dhparam] [-V version] [host port]\n");
40	exit(2);	40	exit(2);
41	}	41	}
42		42
@@ -49,11 +49,12 @@ main(int argc, char *argv[])
49	BIO abio, cbio;	49	BIO abio, cbio;
50	SSL_SESSION *session;	50	SSL_SESSION *session;
51	int ch, error, listciphers = 0, sessionreuse = 0, verify = 0;	51	int ch, error, listciphers = 0, sessionreuse = 0, verify = 0;
		52	int version = 0;
52	char buf[256], *dhparam = NULL;	53	char buf[256], *dhparam = NULL;
53	char ca = NULL, crt = NULL, key = NULL, ciphers = NULL;	54	char ca = NULL, crt = NULL, key = NULL, ciphers = NULL;
54	char host_port, host = "127.0.0.1", *port = "0";	55	char host_port, host = "127.0.0.1", *port = "0";
55		56
56	while ((ch = getopt(argc, argv, "C:c:k:Ll:p:sv")) != -1) {	57	while ((ch = getopt(argc, argv, "C:c:k:Ll:p:sV:v")) != -1) {
57	switch (ch) {	58	switch (ch) {
58	case 'C':	59	case 'C':
59	ca = optarg;	60	ca = optarg;
@@ -77,6 +78,21 @@ main(int argc, char *argv[])
77	/* multiple reueses are possible */	78	/* multiple reueses are possible */
78	sessionreuse++;	79	sessionreuse++;
79	break;	80	break;
		81	case 'V':
		82	if (strcmp(optarg, "TLS1") == 0) {
		83	version = TLS1_VERSION;
		84	} else if (strcmp(optarg, "TLS1_1") == 0) {
		85	version = TLS1_1_VERSION;
		86	} else if (strcmp(optarg, "TLS1_2") == 0) {
		87	version = TLS1_2_VERSION;
		88	#ifdef TLS1_3_VERSION
		89	} else if (strcmp(optarg, "TLS1_3") == 0) {
		90	version = TLS1_3_VERSION;
		91	#endif
		92	} else {
		93	errx(1, "unknown protocol version: %s", optarg);
		94	}
		95	break;
80	case 'v':	96	case 'v':
81	/* use twice to force client cert */	97	/* use twice to force client cert */
82	verify++;	98	verify++;
@@ -113,7 +129,24 @@ main(int argc, char *argv[])
113	if (method == NULL)	129	if (method == NULL)
114	err_ssl(1, "TLS_server_method");	130	err_ssl(1, "TLS_server_method");
115	#else	131	#else
116	method = SSLv23_server_method();	132	switch (version) {
		133	case TLS1_VERSION:
		134	method = TLSv1_server_method();
		135	break;
		136	case TLS1_1_VERSION:
		137	method = TLSv1_1_server_method();
		138	break;
		139	case TLS1_2_VERSION:
		140	method = TLSv1_2_server_method();
		141	break;
		142	#ifdef TLS1_3_VERSION
		143	case TLS1_3_VERSION:
		144	err(1, "TLS1_3 not supported");
		145	#endif
		146	default:
		147	method = SSLv23_server_method();
		148	break;
		149	}
117	if (method == NULL)	150	if (method == NULL)
118	err_ssl(1, "SSLv23_server_method");	151	err_ssl(1, "SSLv23_server_method");
119	#endif	152	#endif
@@ -121,6 +154,15 @@ main(int argc, char *argv[])
121	if (ctx == NULL)	154	if (ctx == NULL)
122	err_ssl(1, "SSL_CTX_new");	155	err_ssl(1, "SSL_CTX_new");
123		156
		157	#if OPENSSL_VERSION_NUMBER >= 0x1010000f
		158	if (version) {
		159	if (SSL_CTX_set_min_proto_version(ctx, version) != 1)
		160	err_ssl(1, "SSL_CTX_set_min_proto_version");
		161	if (SSL_CTX_set_max_proto_version(ctx, version) != 1)
		162	err_ssl(1, "SSL_CTX_set_max_proto_version");
		163	}
		164	#endif
		165
124	#if OPENSSL_VERSION_NUMBER >= 0x10100000	166	#if OPENSSL_VERSION_NUMBER >= 0x10100000
125	/* needed to use DHE cipher with libressl */	167	/* needed to use DHE cipher with libressl */
126	if (SSL_CTX_set_dh_auto(ctx, 1) <= 0)	168	if (SSL_CTX_set_dh_auto(ctx, 1) <= 0)