From f6b358ce6c4545cef5d8bccff1ac051523dd4612 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Wed, 20 Mar 2024 10:38:05 +0000 Subject: Use the new certificates/chains in regress. The new certificates are more representative of the real world. The old certificates use weak algorithms and expire in the very near future. Most of our regress has already been switched over, this changes the remainder. Thanks to Bernhard M. Wiedemann for reminding us of the upcoming expiry. ok tb@ --- src/regress/lib/libssl/dtls/Makefile | 9 +++++---- src/regress/lib/libssl/quic/Makefile | 8 ++++---- src/regress/lib/libssl/server/Makefile | 8 ++++---- src/regress/lib/libssl/shutdown/Makefile | 8 ++++---- src/regress/lib/libssl/tls/Makefile | 8 ++++---- src/regress/lib/libssl/unit/ssl_get_shared_ciphers.c | 4 ++-- src/regress/lib/libtls/keypair/Makefile | 8 ++++---- src/regress/lib/libtls/keypair/keypairtest.c | 4 ++-- src/regress/lib/libtls/tls/Makefile | 8 ++++---- 9 files changed, 33 insertions(+), 32 deletions(-) diff --git a/src/regress/lib/libssl/dtls/Makefile b/src/regress/lib/libssl/dtls/Makefile index 438cd5c7ff..b58dae61b6 100644 --- a/src/regress/lib/libssl/dtls/Makefile +++ b/src/regress/lib/libssl/dtls/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.3 2022/01/07 09:07:00 tb Exp $ +# $OpenBSD: Makefile,v 1.4 2024/03/20 10:38:05 jsing Exp $ PROG= dtlstest LDADD= ${SSL_INT} -lcrypto @@ -11,10 +11,11 @@ CFLAGS+= -I${.CURDIR}/../../../../lib/libssl REGRESS_TARGETS= \ regress-dtlstest +# XXX(jsing): use CA root and chain regress-dtlstest: ${PROG} ./dtlstest \ - ${.CURDIR}/../../libssl/certs/server.pem \ - ${.CURDIR}/../../libssl/certs/server.pem \ - ${.CURDIR}/../../libssl/certs/ca.pem + ${.CURDIR}/../../libssl/certs/server1-rsa.pem \ + ${.CURDIR}/../../libssl/certs/server1-rsa.pem \ + ${.CURDIR}/../../libssl/certs/ca-int-rsa.pem .include diff --git a/src/regress/lib/libssl/quic/Makefile b/src/regress/lib/libssl/quic/Makefile index a348b2df47..55fef6b257 100644 --- a/src/regress/lib/libssl/quic/Makefile +++ b/src/regress/lib/libssl/quic/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.2 2022/10/02 16:40:56 jsing Exp $ +# $OpenBSD: Makefile,v 1.3 2024/03/20 10:38:05 jsing Exp $ PROG= quictest LDADD= -lssl -lcrypto @@ -12,8 +12,8 @@ REGRESS_TARGETS= \ regress-quictest: ${PROG} ./quictest \ - ${.CURDIR}/../../libssl/certs/server.pem \ - ${.CURDIR}/../../libssl/certs/server.pem \ - ${.CURDIR}/../../libssl/certs/ca.pem + ${.CURDIR}/../../libssl/certs/server1-rsa.pem \ + ${.CURDIR}/../../libssl/certs/server1-rsa-chain.pem \ + ${.CURDIR}/../../libssl/certs/ca-root-rsa.pem .include diff --git a/src/regress/lib/libssl/server/Makefile b/src/regress/lib/libssl/server/Makefile index 0621a5f243..be86dbb1ad 100644 --- a/src/regress/lib/libssl/server/Makefile +++ b/src/regress/lib/libssl/server/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.2 2020/05/11 18:18:21 jsing Exp $ +# $OpenBSD: Makefile,v 1.3 2024/03/20 10:38:05 jsing Exp $ PROG= servertest LDADD= ${SSL_INT} -lcrypto @@ -11,8 +11,8 @@ REGRESS_TARGETS= \ regress-servertest: ${PROG} ./servertest \ - ${.CURDIR}/../../libssl/certs/server.pem \ - ${.CURDIR}/../../libssl/certs/server.pem \ - ${.CURDIR}/../../libssl/certs/ca.pem + ${.CURDIR}/../../libssl/certs/server1-rsa.pem \ + ${.CURDIR}/../../libssl/certs/server1-rsa-chain.pem \ + ${.CURDIR}/../../libssl/certs/ca-root-rsa.pem .include diff --git a/src/regress/lib/libssl/shutdown/Makefile b/src/regress/lib/libssl/shutdown/Makefile index 51305012d6..d6a9a30544 100644 --- a/src/regress/lib/libssl/shutdown/Makefile +++ b/src/regress/lib/libssl/shutdown/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.1 2024/01/19 08:29:08 jsing Exp $ +# $OpenBSD: Makefile,v 1.2 2024/03/20 10:38:05 jsing Exp $ PROG= shutdowntest LDADD= -lssl -lcrypto @@ -11,8 +11,8 @@ REGRESS_TARGETS= \ regress-shutdowntest: ${PROG} ./shutdowntest \ - ${.CURDIR}/../../libssl/certs/server.pem \ - ${.CURDIR}/../../libssl/certs/server.pem \ - ${.CURDIR}/../../libssl/certs/ca.pem + ${.CURDIR}/../../libssl/certs/server1-rsa.pem \ + ${.CURDIR}/../../libssl/certs/server1-rsa-chain.pem \ + ${.CURDIR}/../../libssl/certs/ca-root-rsa.pem .include diff --git a/src/regress/lib/libssl/tls/Makefile b/src/regress/lib/libssl/tls/Makefile index a22cdcdeb2..315ac692c3 100644 --- a/src/regress/lib/libssl/tls/Makefile +++ b/src/regress/lib/libssl/tls/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.1 2021/10/23 14:34:10 jsing Exp $ +# $OpenBSD: Makefile,v 1.2 2024/03/20 10:38:05 jsing Exp $ PROG= tlstest LDADD= -lssl -lcrypto @@ -11,8 +11,8 @@ REGRESS_TARGETS= \ regress-tlstest: ${PROG} ./tlstest \ - ${.CURDIR}/../../libssl/certs/server.pem \ - ${.CURDIR}/../../libssl/certs/server.pem \ - ${.CURDIR}/../../libssl/certs/ca.pem + ${.CURDIR}/../../libssl/certs/server1-rsa.pem \ + ${.CURDIR}/../../libssl/certs/server1-rsa-chain.pem \ + ${.CURDIR}/../../libssl/certs/ca-root-rsa.pem .include diff --git a/src/regress/lib/libssl/unit/ssl_get_shared_ciphers.c b/src/regress/lib/libssl/unit/ssl_get_shared_ciphers.c index 33efc15f10..ff966900aa 100644 --- a/src/regress/lib/libssl/unit/ssl_get_shared_ciphers.c +++ b/src/regress/lib/libssl/unit/ssl_get_shared_ciphers.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_get_shared_ciphers.c,v 1.11 2022/02/05 18:19:39 tb Exp $ */ +/* $OpenBSD: ssl_get_shared_ciphers.c,v 1.12 2024/03/20 10:38:05 jsing Exp $ */ /* * Copyright (c) 2021 Theo Buehler * @@ -462,7 +462,7 @@ main(int argc, char **argv) size_t i; int failed = 0; - if (asprintf(&server_cert, "%s/server.pem", CERTSDIR) == -1) { + if (asprintf(&server_cert, "%s/server1-rsa.pem", CERTSDIR) == -1) { fprintf(stderr, "asprintf server_cert failed\n"); failed = 1; goto err; diff --git a/src/regress/lib/libtls/keypair/Makefile b/src/regress/lib/libtls/keypair/Makefile index d06109a26b..c3ea15d3bd 100644 --- a/src/regress/lib/libtls/keypair/Makefile +++ b/src/regress/lib/libtls/keypair/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.1 2018/02/08 10:06:52 jsing Exp $ +# $OpenBSD: Makefile,v 1.2 2024/03/20 10:38:05 jsing Exp $ PROG= keypairtest LDADD= -lcrypto -lssl ${TLS_INT} @@ -13,8 +13,8 @@ REGRESS_TARGETS= \ regress-keypairtest: ${PROG} ./keypairtest \ - ${.CURDIR}/../../libssl/certs/ca.pem \ - ${.CURDIR}/../../libssl/certs/server.pem \ - ${.CURDIR}/../../libssl/certs/server.pem + ${.CURDIR}/../../libssl/certs/ca-root-rsa.pem \ + ${.CURDIR}/../../libssl/certs/server1-rsa.pem \ + ${.CURDIR}/../../libssl/certs/server1-rsa.pem .include diff --git a/src/regress/lib/libtls/keypair/keypairtest.c b/src/regress/lib/libtls/keypair/keypairtest.c index 31bf7d6a5d..600e578f32 100644 --- a/src/regress/lib/libtls/keypair/keypairtest.c +++ b/src/regress/lib/libtls/keypair/keypairtest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: keypairtest.c,v 1.6 2022/02/08 18:05:57 tb Exp $ */ +/* $OpenBSD: keypairtest.c,v 1.7 2024/03/20 10:38:05 jsing Exp $ */ /* * Copyright (c) 2018 Joel Sing * @@ -29,7 +29,7 @@ #include #define PUBKEY_HASH \ - "SHA256:858d0f94beb0a08eb4f13871ba57bf0a2e081287d0efbaeb3bbac59dd8f1a8e5" + "SHA256:f03c535d374614e7356c0a4e6fd37fe94297b60ed86212adcba40e8e0b07bc9f" char *cert_file, *key_file, *ocsp_staple_file; diff --git a/src/regress/lib/libtls/tls/Makefile b/src/regress/lib/libtls/tls/Makefile index 0fbd78481b..ecdc0393e7 100644 --- a/src/regress/lib/libtls/tls/Makefile +++ b/src/regress/lib/libtls/tls/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.2 2017/05/06 21:56:43 jsing Exp $ +# $OpenBSD: Makefile,v 1.3 2024/03/20 10:38:05 jsing Exp $ PROG= tlstest LDADD= -lcrypto -lssl -ltls @@ -12,8 +12,8 @@ REGRESS_TARGETS= \ regress-tlstest: ${PROG} ./tlstest \ - ${.CURDIR}/../../libssl/certs/ca.pem \ - ${.CURDIR}/../../libssl/certs/server.pem \ - ${.CURDIR}/../../libssl/certs/server.pem + ${.CURDIR}/../../libssl/certs/ca-root-rsa.pem \ + ${.CURDIR}/../../libssl/certs/server1-rsa-chain.pem \ + ${.CURDIR}/../../libssl/certs/server1-rsa.pem .include -- cgit v1.2.3-55-g6feb