From 8d90809bb33041e7fc7b10bc81d57f61e20daec2 Mon Sep 17 00:00:00 2001 From: bluhm <> Date: Thu, 21 Feb 2019 23:06:33 +0000 Subject: Test that all supported TLS ciphers actually work. Establish connections between client and server implemented with LibreSSL or OpenSSL with a fixed cipher on each side. Check the used cipher in the session print out. --- src/regress/lib/libssl/interop/client.c | 39 ++++++++++++++++++++++++--------- 1 file changed, 29 insertions(+), 10 deletions(-) (limited to 'src/regress/lib/libssl/interop/client.c') diff --git a/src/regress/lib/libssl/interop/client.c b/src/regress/lib/libssl/interop/client.c index 6f14837895..136dc38d09 100644 --- a/src/regress/lib/libssl/interop/client.c +++ b/src/regress/lib/libssl/interop/client.c @@ -1,6 +1,6 @@ -/* $OpenBSD: client.c,v 1.6 2019/02/11 12:22:44 bluhm Exp $ */ +/* $OpenBSD: client.c,v 1.7 2019/02/21 23:06:33 bluhm Exp $ */ /* - * Copyright (c) 2018 Alexander Bluhm + * Copyright (c) 2018-2019 Alexander Bluhm * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -34,8 +34,8 @@ void __dead usage(void); void __dead usage(void) { - fprintf(stderr, - "usage: client [-sv] [-C CA] [-c crt -k key] host port"); + fprintf(stderr, "usage: client [-Lsv] [-C CA] [-c crt -k key] " + "[-l cipers] host port\n"); exit(2); } @@ -47,12 +47,13 @@ main(int argc, char *argv[]) SSL *ssl; BIO *bio; SSL_SESSION *session = NULL; - int ch, error, sessionreuse = 0, verify = 0; + int ch, error, listciphers = 0, sessionreuse = 0, verify = 0; char buf[256]; - char *ca = NULL, *crt = NULL, *key = NULL; - char *host_port, *host, *port; + char *ca = NULL, *crt = NULL, *key = NULL, *ciphers = NULL; + char *host_port, *host = "127.0.0.1", *port = "0"; - while ((ch = getopt(argc, argv, "C:c:k:sv")) != -1) { + + while ((ch = getopt(argc, argv, "C:c:k:Ll:sv")) != -1) { switch (ch) { case 'C': ca = optarg; @@ -63,6 +64,12 @@ main(int argc, char *argv[]) case 'k': key = optarg; break; + case 'L': + listciphers = 1; + break; + case 'l': + ciphers = optarg; + break; case 's': /* multiple reueses are possible */ sessionreuse++; @@ -79,7 +86,7 @@ main(int argc, char *argv[]) if (argc == 2) { host = argv[0]; port = argv[1]; - } else { + } else if (!listciphers) { usage(); } if (asprintf(&host_port, strchr(host, ':') ? "[%s]:%s" : "%s:%s", @@ -130,6 +137,19 @@ main(int argc, char *argv[]) SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT); } + if (ciphers) { + if (SSL_CTX_set_cipher_list(ctx, ciphers) <= 0) + err_ssl(1, "SSL_CTX_set_cipher_list"); + } + + if (listciphers) { + ssl = SSL_new(ctx); + if (ssl == NULL) + err_ssl(1, "SSL_new"); + print_ciphers(SSL_get_ciphers(ssl)); + return 0; + } + do { /* setup bio for socket operations */ bio = BIO_new_connect(host_port); @@ -148,7 +168,6 @@ main(int argc, char *argv[]) ssl = SSL_new(ctx); if (ssl == NULL) err_ssl(1, "SSL_new"); - print_ciphers(SSL_get_ciphers(ssl)); SSL_set_bio(ssl, bio, bio); /* resuse session if possible */ if (session != NULL) { -- cgit v1.2.3-55-g6feb