| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
OpenSSL 1.1 and 3.2 will be removed from the ports tree, so test the two
remaining versions. Unfortunately, this requires a lot more manual
massaging than there should be.
|
| |
|
|
|
| |
The openssl 3.0 port was removed nearly a year ago shortly after the 7.4
release.
|
| | |
|
| |
|
|
|
|
| |
Until OpenSSL 3.1 has replaced OpenSSL 3.0 on most architectures, run
both tests. Installed packages of OpenSSL 3.0 will update automatically
to 3.1, so regress runners should not need to do anything.
|
| |
|
|
|
|
| |
Now that the OpenSSL 1.0.2 port is gone, there's no need to keep the
interop tests anymore. anton's and bluhm's regress tests will switch
to testing interoperability with OpenSSL 3.0.
|
| |
|
|
|
|
|
|
|
|
| |
The plan is to retire the 1.0.2 interop tests soon so as to be able to
drop the dead and dangerous OpenSSL 1.0.2 port.
The cert part is extremely slow on arm64: the whole interop test on an m1
is about 10x slower (~45 min!) than on a modern amd64 laptop, so people
running regress may want to wait a bit with adding OpenSSL 3 to their test
boxes until this is sorted out.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
2) Reorder the interop tests so the really slow "cert" test is at the end
3) Change the cert tests to use REGRESS_SLOW_TARGETS when testing combination
of client and server that does not involve libressl. This way we can
skip testing openssl to openssl11 when running these manually by
setting REGRESS_SKIP_SLOW to "yet" in mk.conf
ok jsing@
|
| | |
|
| |
|
|
|
|
|
| |
openssl 1.0.2, or openssl 1.1. Pin client or server to a fixed TLS
version number. Incompatible versions must fail. Check that client
and server have used correct version by grepping in their session
print out.
|
| |
|
|
|
|
|
|
| |
been fixed to work with libressl TLS 1.3. Both libressl and openssl11
replace obsolete TLS 1.2 ciphers with AEAD-AES256-GCM-SHA384 or
TLS_AES_256_GCM_SHA384 in TLS 1.3 respectively. The test expects
that now. Currently GOST does not work with libressl and TLS 1.3
and is disabled.
|
| |
|
|
|
|
|
|
| |
The libressl TLSv1.3 client and server currently lack client certificate
authentication support and this test expects all clients can auth with
all servers.
We can likely turn this back on in the near future.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
These make far too many assumptions about cipher suites - TLSv1.3 cipher
suites can only be used with TLSv1.3 and there is tests using TLSv1.3
cipher suites with TLSv1.2 will not work. Likewise, expecting TLSv1.2
cipher suites to work with TLSv1.3 is futile. Additionally, eopenssl11
lists TLSv1.3 cipher suites with different names to libressl.
Futher work will be necessary before this can be re-enabled.
|
| |
|
|
|
|
| |
connections between client and server implemented with LibreSSL or
OpenSSL with a fixed cipher on each side. Check the used cipher
in the session print out.
|
| |
|
|
|
| |
directory. Keep all log files for easier debugging. Name regress
target names consistently.
|
| |
|
|
|
| |
all combinations of LibreSSL, OpenSSL 1.0.2, and OpenSSL 1.1. It
is currently disabled for TLS 1.3 as this needs more setup.
|
| |
|
|
|
|
| |
Having the three libraries, client and server certificates, missing
or invalid CA or certificates, and enforcing peer certificate results
in 1944 new test cases.
|
| |
|
|
|
| |
when it becomes available in LibreSSL.
thanks to sthen@ for the new OpenSSL port
|
|
|
Implement simple SSL client and server in C. Create four binaries
by linking them with LibreSSL or OpenSSL. This way API compatibility
is tested. Connect and accept with netcat to test protocol
compatibility with libtls.
Currently OpenSSL 1.0.2p from ports is used. Plan is to move to
OpenSSL 1.1 and and test TLS 1.3.
idea from beck@; help from jsing@
|
