From 13765826e4b6ab4b743501175301bb9fdc8108f4 Mon Sep 17 00:00:00 2001 From: bluhm <> Date: Wed, 7 Nov 2018 19:09:01 +0000 Subject: Add interop test with OpenSSL 1.1. TLS 1.3 should be used automatically when it becomes available in LibreSSL. thanks to sthen@ for the new OpenSSL port --- src/regress/lib/libssl/interop/Makefile | 4 +-- src/regress/lib/libssl/interop/README | 13 ++++----- src/regress/lib/libssl/interop/client.c | 8 +++++- src/regress/lib/libssl/interop/openssl11/Makefile | 32 +++++++++++++++++++++++ src/regress/lib/libssl/interop/server.c | 8 +++++- 5 files changed, 55 insertions(+), 10 deletions(-) create mode 100644 src/regress/lib/libssl/interop/openssl11/Makefile diff --git a/src/regress/lib/libssl/interop/Makefile b/src/regress/lib/libssl/interop/Makefile index 997cad2949..d89376aaf6 100644 --- a/src/regress/lib/libssl/interop/Makefile +++ b/src/regress/lib/libssl/interop/Makefile @@ -1,5 +1,5 @@ -# $OpenBSD: Makefile,v 1.1.1.1 2018/11/07 01:08:49 bluhm Exp $ +# $OpenBSD: Makefile,v 1.2 2018/11/07 19:09:01 bluhm Exp $ -SUBDIR = libressl openssl +SUBDIR = libressl openssl openssl11 .include diff --git a/src/regress/lib/libssl/interop/README b/src/regress/lib/libssl/interop/README index d1ecc7e683..d8847e5ef5 100644 --- a/src/regress/lib/libssl/interop/README +++ b/src/regress/lib/libssl/interop/README @@ -1,9 +1,10 @@ Test TLS interoperability between LibreSSL and OpenSSL. -Implement simple SSL client and server in C. Create four binaries -by linking them with LibreSSL or OpenSSL. This way API compatibility -is tested. Connect and accept with netcat to test protocol -compatibility with libtls. +Implement simple SSL client and server in C. Create six binaries +by linking them with LibreSSL or OpenSSL 1.0.2 or OpenSSL 1.1. This +way API compatibility is tested. Connect and accept with netcat +to test protocol compatibility with libtls. -Currently OpenSSL 1.0.2p from ports is used. Plan is to move to -OpenSSL 1.1 and and test TLS 1.3. +Currently OpenSSL 1.0.2p and OpenSSL 1.1.1 from ports are used. As +soon as LibreSSL supports TLS 1.3, it should be used automatically +when netcat is communicating with OpenSSL 1.1. diff --git a/src/regress/lib/libssl/interop/client.c b/src/regress/lib/libssl/interop/client.c index 9d56182932..60fb718fdb 100644 --- a/src/regress/lib/libssl/interop/client.c +++ b/src/regress/lib/libssl/interop/client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: client.c,v 1.2 2018/11/07 06:29:26 bluhm Exp $ */ +/* $OpenBSD: client.c,v 1.3 2018/11/07 19:09:01 bluhm Exp $ */ /* * Copyright (c) 2018 Alexander Bluhm * @@ -65,9 +65,15 @@ main(int argc, char *argv[]) print_version(); /* setup method and context */ +#if OPENSSL_VERSION_NUMBER >= 0x1010000f + method = TLS_client_method(); + if (method == NULL) + err_ssl(1, "TLS_client_method"); +#else method = SSLv23_client_method(); if (method == NULL) err_ssl(1, "SSLv23_client_method"); +#endif ctx = SSL_CTX_new(method); if (ctx == NULL) err_ssl(1, "SSL_CTX_new"); diff --git a/src/regress/lib/libssl/interop/openssl11/Makefile b/src/regress/lib/libssl/interop/openssl11/Makefile new file mode 100644 index 0000000000..b11e08488a --- /dev/null +++ b/src/regress/lib/libssl/interop/openssl11/Makefile @@ -0,0 +1,32 @@ +# $OpenBSD: Makefile,v 1.1 2018/11/07 19:09:01 bluhm Exp $ + +.if ! exists(/usr/local/bin/eopenssl11) +regress: + # install openssl-1.1.1 from ports for interop tests + @echo SKIPPED +.endif + +PROGS = client server +CPPFLAGS = -I /usr/local/include/eopenssl11 +LDFLAGS = -L /usr/local/lib/eopenssl11 +LDADD = -lssl -lcrypto +DPADD = /usr/local/lib/eopenssl11/libssl.a \ + /usr/local/lib/eopenssl11/libcrypto.a +LD_LIBRARY_PATH = /usr/local/lib/eopenssl11 + +.for p in ${PROGS} +run-ldd-$p: ldd-$p.out + @echo '\n======== $@ ========' + # check that $p is linked with OpenSSL 1.1 + grep -q /usr/local/lib/eopenssl11/libcrypto.so ldd-$p.out + grep -q /usr/local/lib/eopenssl11/libssl.so ldd-$p.out + # check that $p is not linked with LibreSSL + ! grep -v libc.so ldd-$p.out | grep /usr/lib/ + +run-version-$p: $p.out + @echo '\n======== $@ ========' + # check that runtime version is OpenSSL 1.1 + grep 'SSLEAY_VERSION: OpenSSL 1.1' $p.out +.endfor + +.include diff --git a/src/regress/lib/libssl/interop/server.c b/src/regress/lib/libssl/interop/server.c index 6f40c4899c..0aece87583 100644 --- a/src/regress/lib/libssl/interop/server.c +++ b/src/regress/lib/libssl/interop/server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: server.c,v 1.2 2018/11/07 06:29:26 bluhm Exp $ */ +/* $OpenBSD: server.c,v 1.3 2018/11/07 19:09:01 bluhm Exp $ */ /* * Copyright (c) 2018 Alexander Bluhm * @@ -69,9 +69,15 @@ main(int argc, char *argv[]) print_version(); /* setup method and context */ +#if OPENSSL_VERSION_NUMBER >= 0x1010000f + method = TLS_server_method(); + if (method == NULL) + err_ssl(1, "TLS_server_method"); +#else method = SSLv23_server_method(); if (method == NULL) err_ssl(1, "SSLv23_server_method"); +#endif ctx = SSL_CTX_new(method); if (ctx == NULL) err_ssl(1, "SSL_CTX_new"); -- cgit v1.2.3-55-g6feb