From f9dbc90145487245088b16c223cdd3a15fcaf9c2 Mon Sep 17 00:00:00 2001 From: bluhm <> Date: Wed, 7 Nov 2018 06:29:26 +0000 Subject: Print SSLeay, OpenSSL, and LibreSSL version strings. Make client and server compile with OpenSSL 1.1. Check runtime version string of SSL library. --- src/regress/lib/libssl/interop/Makefile.inc | 10 ++++-- src/regress/lib/libssl/interop/client.c | 5 +-- src/regress/lib/libssl/interop/libressl/Makefile | 7 +++- src/regress/lib/libssl/interop/openssl/Makefile | 7 +++- src/regress/lib/libssl/interop/server.c | 5 +-- src/regress/lib/libssl/interop/util.c | 46 ++++++++++++++++++++++-- src/regress/lib/libssl/interop/util.h | 3 +- 7 files changed, 71 insertions(+), 12 deletions(-) diff --git a/src/regress/lib/libssl/interop/Makefile.inc b/src/regress/lib/libssl/interop/Makefile.inc index fc282bea88..f209bdbd91 100644 --- a/src/regress/lib/libssl/interop/Makefile.inc +++ b/src/regress/lib/libssl/interop/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.1.1.1 2018/11/07 01:08:49 bluhm Exp $ +# $OpenBSD: Makefile.inc,v 1.2 2018/11/07 06:29:26 bluhm Exp $ .PATH: ${.CURDIR}/.. @@ -20,7 +20,7 @@ ldd-$p.out: $p CLEANFILES += client.out netcat-l.out netcat-l.fstat REGRESS_TARGETS += run-client -run-client: client 127.0.0.1.crt +client.out run-client: client 127.0.0.1.crt @echo '\n======== $@ ========' echo "greeting" | nc -l -c -C 127.0.0.1.crt -K 127.0.0.1.key \ 127.0.0.1 0 >netcat-l.out & \ @@ -39,7 +39,7 @@ run-client: client 127.0.0.1.crt CLEANFILES += server.out netcat.out REGRESS_TARGETS += run-server -run-server: server 127.0.0.1.crt +server.out run-server: server 127.0.0.1.crt @echo '\n======== $@ ========' LD_LIBRARY_PATH=${LD_LIBRARY_PATH} ./server 127.0.0.1 0 >server.out echo "hello" | nc -c -T noverify \ @@ -52,6 +52,10 @@ run-server: server 127.0.0.1.crt # client must have read server greeting grep -q '^greeting$$' netcat.out +# check that programs have used correct runtime library + +REGRESS_TARGETS += ${PROGS:S/^/run-version-/} + # create certificates for TLS CLEANFILES += 127.0.0.1.crt 127.0.0.1.key diff --git a/src/regress/lib/libssl/interop/client.c b/src/regress/lib/libssl/interop/client.c index d4d4f1e94d..9d56182932 100644 --- a/src/regress/lib/libssl/interop/client.c +++ b/src/regress/lib/libssl/interop/client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: client.c,v 1.1.1.1 2018/11/07 01:08:49 bluhm Exp $ */ +/* $OpenBSD: client.c,v 1.2 2018/11/07 06:29:26 bluhm Exp $ */ /* * Copyright (c) 2018 Alexander Bluhm * @@ -21,6 +21,7 @@ #include #include #include +#include #include #include @@ -61,6 +62,7 @@ main(int argc, char *argv[]) SSL_library_init(); SSL_load_error_strings(); + print_version(); /* setup method and context */ method = SSLv23_client_method(); @@ -77,7 +79,6 @@ main(int argc, char *argv[]) bio = BIO_new_connect(host_port); if (bio == NULL) err_ssl(1, "BIO_new_connect"); - print_ciphers(SSL_get_ciphers(ssl)); /* connect */ diff --git a/src/regress/lib/libssl/interop/libressl/Makefile b/src/regress/lib/libssl/interop/libressl/Makefile index 2d8ef78922..5fce6c5c22 100644 --- a/src/regress/lib/libssl/interop/libressl/Makefile +++ b/src/regress/lib/libssl/interop/libressl/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.1.1.1 2018/11/07 01:08:49 bluhm Exp $ +# $OpenBSD: Makefile,v 1.2 2018/11/07 06:29:26 bluhm Exp $ PROGS = client server CPPFLAGS = @@ -15,6 +15,11 @@ run-ldd-$p: ldd-$p.out grep -q /usr/lib/libssl.so ldd-$p.out # check that $p is not linked with OpenSSL ! grep /usr/local/lib/ ldd-$p.out + +run-version-$p: $p.out + @echo '\n======== $@ ========' + # check that runtime version is LibreSSL + grep 'SSLEAY_VERSION: LibreSSL' $p.out .endfor .include diff --git a/src/regress/lib/libssl/interop/openssl/Makefile b/src/regress/lib/libssl/interop/openssl/Makefile index 26095d0019..9661767d7b 100644 --- a/src/regress/lib/libssl/interop/openssl/Makefile +++ b/src/regress/lib/libssl/interop/openssl/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.1.1.1 2018/11/07 01:08:49 bluhm Exp $ +# $OpenBSD: Makefile,v 1.2 2018/11/07 06:29:26 bluhm Exp $ .if ! exists(/usr/local/bin/eopenssl) regress: @@ -22,6 +22,11 @@ run-ldd-$p: ldd-$p.out grep -q /usr/local/lib/eopenssl/libssl.so ldd-$p.out # check that $p is not linked with LibreSSL ! grep -v libc.so ldd-$p.out | grep /usr/lib/ + +run-version-$p: $p.out + @echo '\n======== $@ ========' + # check that runtime version is OpenSSL 1.0 + grep 'SSLEAY_VERSION: OpenSSL 1.0' $p.out .endfor .include diff --git a/src/regress/lib/libssl/interop/server.c b/src/regress/lib/libssl/interop/server.c index 862ca21fcb..6f40c4899c 100644 --- a/src/regress/lib/libssl/interop/server.c +++ b/src/regress/lib/libssl/interop/server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: server.c,v 1.1.1.1 2018/11/07 01:08:49 bluhm Exp $ */ +/* $OpenBSD: server.c,v 1.2 2018/11/07 06:29:26 bluhm Exp $ */ /* * Copyright (c) 2018 Alexander Bluhm * @@ -21,6 +21,7 @@ #include #include #include +#include #include #include @@ -65,6 +66,7 @@ main(int argc, char *argv[]) SSL_library_init(); SSL_load_error_strings(); + print_version(); /* setup method and context */ method = SSLv23_server_method(); @@ -93,7 +95,6 @@ main(int argc, char *argv[]) bio = BIO_new_accept(host_port); if (bio == NULL) err_ssl(1, "BIO_new_accept"); - print_ciphers(SSL_get_ciphers(ssl)); /* bind, listen */ diff --git a/src/regress/lib/libssl/interop/util.c b/src/regress/lib/libssl/interop/util.c index 3f1c221d51..b012d73193 100644 --- a/src/regress/lib/libssl/interop/util.c +++ b/src/regress/lib/libssl/interop/util.c @@ -1,4 +1,4 @@ -/* $OpenBSD: util.c,v 1.1.1.1 2018/11/07 01:08:49 bluhm Exp $ */ +/* $OpenBSD: util.c,v 1.2 2018/11/07 06:29:26 bluhm Exp $ */ /* * Copyright (c) 2018 Alexander Bluhm * @@ -24,13 +24,55 @@ #include #include +#include +#include #include "util.h" +void +print_version(void) +{ +#ifdef OPENSSL_VERSION_NUMBER + printf("OPENSSL_VERSION_NUMBER: %#08lx\n", OPENSSL_VERSION_NUMBER); +#endif +#ifdef LIBRESSL_VERSION_NUMBER + printf("LIBRESSL_VERSION_NUMBER: %#08lx\n", LIBRESSL_VERSION_NUMBER); +#endif +#ifdef LIBRESSL_VERSION_TEXT + printf("LIBRESSL_VERSION_TEXT: %s\n", LIBRESSL_VERSION_TEXT); +#endif +#if OPENSSL_VERSION_NUMBER >= 0x1010000f + printf("OpenSSL_version_num: %#08lx\n", OpenSSL_version_num()); + printf("OpenSSL_version OPENSSL_VERSION: %s\n", + OpenSSL_version(OPENSSL_VERSION)); + printf("OpenSSL_version OPENSSL_CFLAGS: %s\n", + OpenSSL_version(OPENSSL_CFLAGS)); + printf("OpenSSL_version OPENSSL_BUILT_ON: %s\n", + OpenSSL_version(OPENSSL_BUILT_ON)); + printf("OpenSSL_version OPENSSL_PLATFORM: %s\n", + OpenSSL_version(OPENSSL_PLATFORM)); + printf("OpenSSL_version OPENSSL_DIR: %s\n", + OpenSSL_version(OPENSSL_DIR)); + printf("OpenSSL_version OPENSSL_ENGINES_DIR: %s\n", + OpenSSL_version(OPENSSL_ENGINES_DIR)); +#endif + printf("SSLeay: %#08lx\n", SSLeay()); + printf("SSLeay_version SSLEAY_VERSION: %s\n", + SSLeay_version(SSLEAY_VERSION)); + printf("SSLeay_version SSLEAY_CFLAGS: %s\n", + SSLeay_version(SSLEAY_CFLAGS)); + printf("SSLeay_version SSLEAY_BUILT_ON: %s\n", + SSLeay_version(SSLEAY_BUILT_ON)); + printf("SSLeay_version SSLEAY_PLATFORM: %s\n", + SSLeay_version(SSLEAY_PLATFORM)); + printf("SSLeay_version SSLEAY_DIR: %s\n", + SSLeay_version(SSLEAY_DIR)); +} + void print_ciphers(STACK_OF(SSL_CIPHER) *cstack) { - SSL_CIPHER *cipher; + const SSL_CIPHER *cipher; int i; for (i = 0; (cipher = sk_SSL_CIPHER_value(cstack, i)) != NULL; i++) diff --git a/src/regress/lib/libssl/interop/util.h b/src/regress/lib/libssl/interop/util.h index 2fdebf34b3..78f7bb63b6 100644 --- a/src/regress/lib/libssl/interop/util.h +++ b/src/regress/lib/libssl/interop/util.h @@ -1,4 +1,4 @@ -/* $OpenBSD: util.h,v 1.1.1.1 2018/11/07 01:08:49 bluhm Exp $ */ +/* $OpenBSD: util.h,v 1.2 2018/11/07 06:29:26 bluhm Exp $ */ /* * Copyright (c) 2018 Alexander Bluhm * @@ -15,6 +15,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +void print_version(void); void print_ciphers(STACK_OF(SSL_CIPHER) *); void print_sockname(BIO *); void print_peername(BIO *); -- cgit v1.2.3-55-g6feb