summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/regress/lib/libssl/interop/Makefile.inc57
-rw-r--r--src/regress/lib/libssl/interop/README4
-rw-r--r--src/regress/lib/libssl/interop/libressl/Makefile19
-rw-r--r--src/regress/lib/libssl/interop/openssl/Makefile13
-rw-r--r--src/regress/lib/libssl/interop/openssl11/Makefile18
5 files changed, 88 insertions, 23 deletions
diff --git a/src/regress/lib/libssl/interop/Makefile.inc b/src/regress/lib/libssl/interop/Makefile.inc
index f209bdbd91..1a1ef30ca6 100644
--- a/src/regress/lib/libssl/interop/Makefile.inc
+++ b/src/regress/lib/libssl/interop/Makefile.inc
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile.inc,v 1.2 2018/11/07 06:29:26 bluhm Exp $ 1# $OpenBSD: Makefile.inc,v 1.3 2018/11/07 20:46:28 bluhm Exp $
2 2
3.PATH: ${.CURDIR}/.. 3.PATH: ${.CURDIR}/..
4 4
@@ -18,43 +18,72 @@ ldd-$p.out: $p
18 18
19# run netcat server and connect with test client 19# run netcat server and connect with test client
20 20
21CLEANFILES += client.out netcat-l.out netcat-l.fstat 21CLEANFILES += nc-client.out netcat-l.out netcat-l.fstat
22REGRESS_TARGETS += run-client 22REGRESS_TARGETS += run-client
23client.out run-client: client 127.0.0.1.crt 23nc-client.out run-client: client 127.0.0.1.crt
24 @echo '\n======== $@ ========' 24 @echo '\n======== $@ ========'
25 echo "greeting" | nc -l -c -C 127.0.0.1.crt -K 127.0.0.1.key \ 25 echo "greeting" | nc -l -c -C 127.0.0.1.crt -K 127.0.0.1.key \
26 127.0.0.1 0 >netcat-l.out & \ 26 127.0.0.1 0 >netcat-l.out & \
27 sleep 1; fstat -p $$! >netcat-l.fstat 27 sleep 1; fstat -p $$! >netcat-l.fstat
28 LD_LIBRARY_PATH=${LD_LIBRARY_PATH} ./client \ 28 LD_LIBRARY_PATH=${LD_LIBRARY_PATH} ./client \
29 `sed -n 's/.* stream tcp .*:/127.0.0.1 /p' netcat-l.fstat` \ 29 `sed -n 's/.* stream tcp .*:/127.0.0.1 /p' netcat-l.fstat` \
30 >client.out 30 >nc-client.out
31 # check that the client run successfully to the end 31 # check that the client run successfully to the end
32 grep -q '^success$$' client.out 32 grep -q '^success$$' nc-client.out
33 # client must have read server greeting 33 # client must have read server greeting
34 grep -q '^<<< greeting$$' client.out 34 grep -q '^<<< greeting$$' nc-client.out
35 # netstat server must have read client hello 35 # netstat server must have read client hello
36 grep -q '^hello$$' netcat-l.out 36 grep -q '^hello$$' netcat-l.out
37 37
38# run test server and connect with netcat client 38# run test server and connect with netcat client
39 39
40CLEANFILES += server.out netcat.out 40CLEANFILES += nc-server.out netcat.out
41REGRESS_TARGETS += run-server 41REGRESS_TARGETS += run-server
42server.out run-server: server 127.0.0.1.crt 42nc-server.out run-server: server 127.0.0.1.crt
43 @echo '\n======== $@ ========' 43 @echo '\n======== $@ ========'
44 LD_LIBRARY_PATH=${LD_LIBRARY_PATH} ./server 127.0.0.1 0 >server.out 44 LD_LIBRARY_PATH=${LD_LIBRARY_PATH} ./server 127.0.0.1 0 \
45 >nc-server.out
45 echo "hello" | nc -c -T noverify \ 46 echo "hello" | nc -c -T noverify \
46 `sed -n 's/listen sock: //p' server.out` \ 47 `sed -n 's/listen sock: //p' nc-server.out` \
47 >netcat.out 48 >netcat.out
48 # check that the server child run successfully to the end 49 # check that the server child run successfully to the end
49 grep -q '^success$$' server.out 50 grep -q '^success$$' nc-server.out
50 # server must have read client hello 51 # server must have read client hello
51 grep -q '^<<< hello$$' server.out 52 grep -q '^<<< hello$$' nc-server.out
52 # client must have read server greeting 53 # client must have read server greeting
53 grep -q '^greeting$$' netcat.out 54 grep -q '^greeting$$' netcat.out
54 55
55# check that programs have used correct runtime library 56# run test server and with test client, self test the ssl library
56 57
57REGRESS_TARGETS += ${PROGS:S/^/run-version-/} 58CLEANFILES += self-client.out self-server.out
59REGRESS_TARGETS += run-self
60self-client.out self-server.out run-self: client server 127.0.0.1.crt
61 @echo '\n======== $@ ========'
62 LD_LIBRARY_PATH=${LD_LIBRARY_PATH} ./server 127.0.0.1 0 \
63 >self-server.out
64 LD_LIBRARY_PATH=${LD_LIBRARY_PATH} ./client \
65 `sed -n 's/listen sock: //p' self-server.out` \
66 >self-client.out
67 # check that the client run successfully to the end
68 grep -q '^success$$' self-client.out
69 # client must have read server greeting
70 grep -q '^<<< greeting$$' self-client.out
71 # check that the server child run successfully to the end
72 grep -q '^success$$' self-server.out
73 # server must have read client hello
74 grep -q '^<<< hello$$' self-server.out
75
76.for o in nc-client nc-server self-client self-server
77
78# check that client and server have used correct runtime library
79
80REGRESS_TARGETS += run-version-$o
81
82# check that client and server have used correct TLS protocol
83
84REGRESS_TARGETS += run-protocol-$o
85
86.endfor
58 87
59# create certificates for TLS 88# create certificates for TLS
60 89
diff --git a/src/regress/lib/libssl/interop/README b/src/regress/lib/libssl/interop/README
index d8847e5ef5..1bd418c9cc 100644
--- a/src/regress/lib/libssl/interop/README
+++ b/src/regress/lib/libssl/interop/README
@@ -5,6 +5,10 @@ by linking them with LibreSSL or OpenSSL 1.0.2 or OpenSSL 1.1. This
5way API compatibility is tested. Connect and accept with netcat 5way API compatibility is tested. Connect and accept with netcat
6to test protocol compatibility with libtls. 6to test protocol compatibility with libtls.
7 7
8To self test each SSL library, connect client with server. Check
9that the highest available TLS version is selected. LibreSSL TLS
101.3 check has to be enabled when the feature becomes available.
11
8Currently OpenSSL 1.0.2p and OpenSSL 1.1.1 from ports are used. As 12Currently OpenSSL 1.0.2p and OpenSSL 1.1.1 from ports are used. As
9soon as LibreSSL supports TLS 1.3, it should be used automatically 13soon as LibreSSL supports TLS 1.3, it should be used automatically
10when netcat is communicating with OpenSSL 1.1. 14when netcat is communicating with OpenSSL 1.1.
diff --git a/src/regress/lib/libssl/interop/libressl/Makefile b/src/regress/lib/libssl/interop/libressl/Makefile
index 5fce6c5c22..19557ffbc1 100644
--- a/src/regress/lib/libssl/interop/libressl/Makefile
+++ b/src/regress/lib/libssl/interop/libressl/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.2 2018/11/07 06:29:26 bluhm Exp $ 1# $OpenBSD: Makefile,v 1.3 2018/11/07 20:46:28 bluhm Exp $
2 2
3PROGS = client server 3PROGS = client server
4CPPFLAGS = 4CPPFLAGS =
@@ -7,6 +7,12 @@ LDADD = -lssl -lcrypto
7DPADD = ${LIBSSL} ${LIBCRYPTO} 7DPADD = ${LIBSSL} ${LIBCRYPTO}
8LD_LIBRARY_PATH = 8LD_LIBRARY_PATH =
9 9
10run-protocol-self-client run-protocol-self-server \
11run-protocol-nc-client run-protocol-nc-server:
12 @echo '\n======== $@ ========'
13 # LibreSSL does not support TLS 1.3 yet
14 @echo DISABLED
15
10.for p in ${PROGS} 16.for p in ${PROGS}
11run-ldd-$p: ldd-$p.out 17run-ldd-$p: ldd-$p.out
12 @echo '\n======== $@ ========' 18 @echo '\n======== $@ ========'
@@ -15,11 +21,18 @@ run-ldd-$p: ldd-$p.out
15 grep -q /usr/lib/libssl.so ldd-$p.out 21 grep -q /usr/lib/libssl.so ldd-$p.out
16 # check that $p is not linked with OpenSSL 22 # check that $p is not linked with OpenSSL
17 ! grep /usr/local/lib/ ldd-$p.out 23 ! grep /usr/local/lib/ ldd-$p.out
24.endfor
18 25
19run-version-$p: $p.out 26.for o in nc-client nc-server self-client self-server
27run-version-$o: $o.out
20 @echo '\n======== $@ ========' 28 @echo '\n======== $@ ========'
21 # check that runtime version is LibreSSL 29 # check that runtime version is LibreSSL
22 grep 'SSLEAY_VERSION: LibreSSL' $p.out 30 grep 'SSLEAY_VERSION: LibreSSL' $o.out
31
32run-protocol-$o: $o.out
33 @echo '\n======== $@ ========'
34 # check that protocol version is TLS 1.3
35 grep 'Protocol *: TLSv1.3' $o.out
23.endfor 36.endfor
24 37
25.include <bsd.regress.mk> 38.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/openssl/Makefile b/src/regress/lib/libssl/interop/openssl/Makefile
index 9661767d7b..ad0c7288ca 100644
--- a/src/regress/lib/libssl/interop/openssl/Makefile
+++ b/src/regress/lib/libssl/interop/openssl/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.2 2018/11/07 06:29:26 bluhm Exp $ 1# $OpenBSD: Makefile,v 1.3 2018/11/07 20:46:28 bluhm Exp $
2 2
3.if ! exists(/usr/local/bin/eopenssl) 3.if ! exists(/usr/local/bin/eopenssl)
4regress: 4regress:
@@ -22,11 +22,18 @@ run-ldd-$p: ldd-$p.out
22 grep -q /usr/local/lib/eopenssl/libssl.so ldd-$p.out 22 grep -q /usr/local/lib/eopenssl/libssl.so ldd-$p.out
23 # check that $p is not linked with LibreSSL 23 # check that $p is not linked with LibreSSL
24 ! grep -v libc.so ldd-$p.out | grep /usr/lib/ 24 ! grep -v libc.so ldd-$p.out | grep /usr/lib/
25.endfor
25 26
26run-version-$p: $p.out 27.for o in nc-client nc-server self-client self-server
28run-version-$o: $o.out
27 @echo '\n======== $@ ========' 29 @echo '\n======== $@ ========'
28 # check that runtime version is OpenSSL 1.0 30 # check that runtime version is OpenSSL 1.0
29 grep 'SSLEAY_VERSION: OpenSSL 1.0' $p.out 31 grep 'SSLEAY_VERSION: OpenSSL 1.0' $o.out
32
33run-protocol-$o: $o.out
34 @echo '\n======== $@ ========'
35 # check that protocol version is TLS 1.2
36 grep 'Protocol *: TLSv1.2' $o.out
30.endfor 37.endfor
31 38
32.include <bsd.regress.mk> 39.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/openssl11/Makefile b/src/regress/lib/libssl/interop/openssl11/Makefile
index b11e08488a..e7257a3976 100644
--- a/src/regress/lib/libssl/interop/openssl11/Makefile
+++ b/src/regress/lib/libssl/interop/openssl11/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.1 2018/11/07 19:09:01 bluhm Exp $ 1# $OpenBSD: Makefile,v 1.2 2018/11/07 20:46:28 bluhm Exp $
2 2
3.if ! exists(/usr/local/bin/eopenssl11) 3.if ! exists(/usr/local/bin/eopenssl11)
4regress: 4regress:
@@ -14,6 +14,11 @@ DPADD = /usr/local/lib/eopenssl11/libssl.a \
14 /usr/local/lib/eopenssl11/libcrypto.a 14 /usr/local/lib/eopenssl11/libcrypto.a
15LD_LIBRARY_PATH = /usr/local/lib/eopenssl11 15LD_LIBRARY_PATH = /usr/local/lib/eopenssl11
16 16
17run-protocol-nc-client run-protocol-nc-server:
18 @echo '\n======== $@ ========'
19 # LibreSSL does not support TLS 1.3 yet
20 @echo DISABLED
21
17.for p in ${PROGS} 22.for p in ${PROGS}
18run-ldd-$p: ldd-$p.out 23run-ldd-$p: ldd-$p.out
19 @echo '\n======== $@ ========' 24 @echo '\n======== $@ ========'
@@ -22,11 +27,18 @@ run-ldd-$p: ldd-$p.out
22 grep -q /usr/local/lib/eopenssl11/libssl.so ldd-$p.out 27 grep -q /usr/local/lib/eopenssl11/libssl.so ldd-$p.out
23 # check that $p is not linked with LibreSSL 28 # check that $p is not linked with LibreSSL
24 ! grep -v libc.so ldd-$p.out | grep /usr/lib/ 29 ! grep -v libc.so ldd-$p.out | grep /usr/lib/
30.endfor
25 31
26run-version-$p: $p.out 32.for o in nc-client nc-server self-client self-server
33run-version-$o: $o.out
27 @echo '\n======== $@ ========' 34 @echo '\n======== $@ ========'
28 # check that runtime version is OpenSSL 1.1 35 # check that runtime version is OpenSSL 1.1
29 grep 'SSLEAY_VERSION: OpenSSL 1.1' $p.out 36 grep 'SSLEAY_VERSION: OpenSSL 1.1' $o.out
37
38run-protocol-$o: $o.out
39 @echo '\n======== $@ ========'
40 # check that protocol version is TLS 1.3
41 grep 'Protocol *: TLSv1.3' $o.out
30.endfor 42.endfor
31 43
32.include <bsd.regress.mk> 44.include <bsd.regress.mk>
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-07 19:27:58 +0000