From 6618a43ea7b02c5b0f466548f4b922be713de484 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Fri, 25 Jul 2025 16:33:15 +0000
Subject: Retire interop tests with OpenSSL 3.3 and 3.4

---
 src/regress/lib/libssl/interop/Makefile           |  4 +--
 src/regress/lib/libssl/interop/botan/Makefile     |  8 +----
 src/regress/lib/libssl/interop/cert/Makefile      |  8 +----
 src/regress/lib/libssl/interop/cipher/Makefile    | 16 ++-------
 src/regress/lib/libssl/interop/netcat/Makefile    |  8 +----
 src/regress/lib/libssl/interop/openssl33/Makefile | 44 -----------------------
 src/regress/lib/libssl/interop/openssl34/Makefile | 44 -----------------------
 src/regress/lib/libssl/interop/session/Makefile   |  8 +----
 src/regress/lib/libssl/interop/version/Makefile   | 12 ++-----
 9 files changed, 11 insertions(+), 141 deletions(-)
 delete mode 100644 src/regress/lib/libssl/interop/openssl33/Makefile
 delete mode 100644 src/regress/lib/libssl/interop/openssl34/Makefile

(limited to 'src')

diff --git a/src/regress/lib/libssl/interop/Makefile b/src/regress/lib/libssl/interop/Makefile
index acb5d18205..e1e9633d37 100644
--- a/src/regress/lib/libssl/interop/Makefile
+++ b/src/regress/lib/libssl/interop/Makefile
@@ -1,6 +1,6 @@
-# $OpenBSD: Makefile,v 1.22 2025/07/09 17:48:02 tb Exp $
+# $OpenBSD: Makefile,v 1.23 2025/07/25 16:33:15 tb Exp $
 
-SUBDIR =	libressl openssl33 openssl34 openssl35
+SUBDIR =	libressl openssl35
 
 # the above binaries must have been built before we can continue
 SUBDIR +=	netcat
diff --git a/src/regress/lib/libssl/interop/botan/Makefile b/src/regress/lib/libssl/interop/botan/Makefile
index 1464cf84a8..56bcdaf4bd 100644
--- a/src/regress/lib/libssl/interop/botan/Makefile
+++ b/src/regress/lib/libssl/interop/botan/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.11 2025/07/09 17:48:02 tb Exp $
+# $OpenBSD: Makefile,v 1.12 2025/07/25 16:33:15 tb Exp $
 
 .include <bsd.own.mk>
 
@@ -20,12 +20,6 @@ CXX = /usr/local/bin/eg++
 .endif
 
 LIBRARIES =		libressl
-.if exists(/usr/local/bin/eopenssl33)
-LIBRARIES +=		openssl33
-.endif
-.if exists(/usr/local/bin/eopenssl34)
-LIBRARIES +=		openssl34
-.endif
 .if exists(/usr/local/bin/eopenssl35)
 LIBRARIES +=		openssl35
 .endif
diff --git a/src/regress/lib/libssl/interop/cert/Makefile b/src/regress/lib/libssl/interop/cert/Makefile
index 8f05e3f84d..9698c56acd 100644
--- a/src/regress/lib/libssl/interop/cert/Makefile
+++ b/src/regress/lib/libssl/interop/cert/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.15 2025/07/09 17:48:02 tb Exp $
+# $OpenBSD: Makefile,v 1.16 2025/07/25 16:33:15 tb Exp $
 
 # Connect a client to a server.  Both can be current libressl, or
 # openssl 3.x.  Create client and server certificates
@@ -7,12 +7,6 @@
 # and check the result of certificate verification.
 
 LIBRARIES =		libressl
-.if exists(/usr/local/bin/eopenssl33)
-LIBRARIES +=		openssl33
-.endif
-.if exists(/usr/local/bin/eopenssl34)
-LIBRARIES +=		openssl34
-.endif
 .if exists(/usr/local/bin/eopenssl35)
 LIBRARIES +=		openssl35
 .endif
diff --git a/src/regress/lib/libssl/interop/cipher/Makefile b/src/regress/lib/libssl/interop/cipher/Makefile
index 6693b962d0..5bdc9089fe 100644
--- a/src/regress/lib/libssl/interop/cipher/Makefile
+++ b/src/regress/lib/libssl/interop/cipher/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.18 2025/07/09 17:48:02 tb Exp $
+# $OpenBSD: Makefile,v 1.19 2025/07/25 16:33:15 tb Exp $
 
 # Connect a client to a server.  Both can be current libressl, or
 # openssl 1.1 or 3.0.  Create lists of supported ciphers
@@ -7,12 +7,6 @@
 # have used correct cipher by grepping in their session print out.
 
 LIBRARIES =		libressl
-.if exists(/usr/local/bin/eopenssl33)
-LIBRARIES +=		openssl33
-.endif
-.if exists(/usr/local/bin/eopenssl34)
-LIBRARIES +=		openssl34
-.endif
 .if exists(/usr/local/bin/eopenssl35)
 LIBRARIES +=		openssl35
 .endif
@@ -44,9 +38,7 @@ client-${clib}-server-${slib}.ciphers: \
 	uniq -d <$@.tmp >$@
 	# we are only interested in ciphers supported by libressl
 	sort $@ client-libressl.ciphers >$@.tmp
-. if "${clib}" == "openssl33" || "${slib}" == "openssl33" || \
-	"${clib}" == "openssl34" || "${slib}" == "openssl34" || \
-	"${clib}" == "openssl35" || "${slib}" == "openssl35"
+. if "${clib}" == "openssl35" || "${slib}" == "openssl35"
 	# OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers
 	sed -i '/^TLS_/d' $@.tmp
 . endif
@@ -74,8 +66,6 @@ regress: ciphers.mk
 .endif
 
 LEVEL_libressl =
-LEVEL_openssl33 = ,@SECLEVEL=0
-LEVEL_openssl34 = ,@SECLEVEL=0
 LEVEL_openssl35 = ,@SECLEVEL=0
 
 .for clib in ${LIBRARIES}
@@ -137,7 +127,7 @@ check-cipher-${cipher}-client-${clib}-server-${slib}: \
 . endif
 . if "${clib}" == "libressl"
 	# libressl client may prefer chacha-poly if aes-ni is not supported
-.  if "${slib}" == "openssl33" || "${slib}" == "openssl34" || "${slib}" == "openssl35"
+.  if "${slib}" == "openssl35"
 	egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
 .  else
 	egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
diff --git a/src/regress/lib/libssl/interop/netcat/Makefile b/src/regress/lib/libssl/interop/netcat/Makefile
index 0f2864ccca..cff6b7ea76 100644
--- a/src/regress/lib/libssl/interop/netcat/Makefile
+++ b/src/regress/lib/libssl/interop/netcat/Makefile
@@ -1,12 +1,6 @@
-# $OpenBSD: Makefile,v 1.11 2025/07/09 17:48:02 tb Exp $
+# $OpenBSD: Makefile,v 1.12 2025/07/25 16:33:15 tb Exp $
 
 LIBRARIES =		libressl
-.if exists(/usr/local/bin/eopenssl33)
-LIBRARIES +=		openssl33
-.endif
-.if exists(/usr/local/bin/eopenssl34)
-LIBRARIES +=		openssl34
-.endif
 .if exists(/usr/local/bin/eopenssl35)
 LIBRARIES +=		openssl35
 .endif
diff --git a/src/regress/lib/libssl/interop/openssl33/Makefile b/src/regress/lib/libssl/interop/openssl33/Makefile
deleted file mode 100644
index e82d75c001..0000000000
--- a/src/regress/lib/libssl/interop/openssl33/Makefile
+++ /dev/null
@@ -1,44 +0,0 @@
-# $OpenBSD: Makefile,v 1.2 2025/06/23 07:22:32 anton Exp $
-
-.if ! exists(/usr/local/bin/eopenssl33)
-regress:
-	# install openssl-3.3 from ports for interop tests
-	@echo 'Run "pkg_add openssl--%3.3" to run tests against OpenSSL 3.3'
-	@echo SKIPPED
-.else
-
-PROGS =			client server
-CFLAGS +=		-DOPENSSL_SUPPRESS_DEPRECATED
-CPPFLAGS =		-I /usr/local/include/eopenssl33
-LDFLAGS =		-L /usr/local/lib/eopenssl33
-LDADD =			-lssl -lcrypto
-DPADD =			/usr/local/lib/eopenssl33/libssl.a \
-			/usr/local/lib/eopenssl33/libcrypto.a
-LD_LIBRARY_PATH =	/usr/local/lib/eopenssl33
-REGRESS_TARGETS =	run-self-client-server
-.for p in ${PROGS}
-REGRESS_TARGETS +=	run-ldd-$p run-version-$p run-protocol-$p
-.endfor
-
-.for p in ${PROGS}
-
-run-ldd-$p: ldd-$p.out
-	# check that $p is linked with OpenSSL 3.3
-	grep -q /usr/local/lib/eopenssl33/libcrypto.so ldd-$p.out
-	grep -q /usr/local/lib/eopenssl33/libssl.so ldd-$p.out
-	# check that $p is not linked with LibreSSL
-	! grep -v -e libc.so -e libpthread.so ldd-$p.out | grep /usr/lib/
-
-run-version-$p: $p-self.out
-	# check that runtime version is OpenSSL 3.3
-	grep 'SSLEAY_VERSION: OpenSSL 3.3' $p-self.out
-
-run-protocol-$p: $p-self.out
-	# check that OpenSSL 3.3 protocol version is TLS 1.3
-	grep 'Protocol *: TLSv1.3' $p-self.out
-
-.endfor
-
-.endif # exists(/usr/local/bin/eopenssl33)
-
-.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/openssl34/Makefile b/src/regress/lib/libssl/interop/openssl34/Makefile
deleted file mode 100644
index 9c23553a74..0000000000
--- a/src/regress/lib/libssl/interop/openssl34/Makefile
+++ /dev/null
@@ -1,44 +0,0 @@
-# $OpenBSD: Makefile,v 1.2 2025/06/23 07:26:52 tb Exp $
-
-.if ! exists(/usr/local/bin/eopenssl34)
-regress:
-	# install openssl-3.4 from ports for interop tests
-	@echo 'Run "pkg_add openssl--%3.4" to run tests against OpenSSL 3.4'
-	@echo SKIPPED
-.else
-
-PROGS =			client server
-CFLAGS +=		-DOPENSSL_SUPPRESS_DEPRECATED
-CPPFLAGS =		-I /usr/local/include/eopenssl34
-LDFLAGS =		-L /usr/local/lib/eopenssl34
-LDADD =			-lssl -lcrypto
-DPADD =			/usr/local/lib/eopenssl34/libssl.a \
-			/usr/local/lib/eopenssl34/libcrypto.a
-LD_LIBRARY_PATH =	/usr/local/lib/eopenssl34
-REGRESS_TARGETS =	run-self-client-server
-.for p in ${PROGS}
-REGRESS_TARGETS +=	run-ldd-$p run-version-$p run-protocol-$p
-.endfor
-
-.for p in ${PROGS}
-
-run-ldd-$p: ldd-$p.out
-	# check that $p is linked with OpenSSL 3.4
-	grep -q /usr/local/lib/eopenssl34/libcrypto.so ldd-$p.out
-	grep -q /usr/local/lib/eopenssl34/libssl.so ldd-$p.out
-	# check that $p is not linked with LibreSSL
-	! grep -v -e libc.so -e libpthread.so ldd-$p.out | grep /usr/lib/
-
-run-version-$p: $p-self.out
-	# check that runtime version is OpenSSL 3.4
-	grep 'SSLEAY_VERSION: OpenSSL 3.4' $p-self.out
-
-run-protocol-$p: $p-self.out
-	# check that OpenSSL 3.4 protocol version is TLS 1.3
-	grep 'Protocol *: TLSv1.3' $p-self.out
-
-.endfor
-
-.endif # exists(/usr/local/bin/eopenssl34)
-
-.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/session/Makefile b/src/regress/lib/libssl/interop/session/Makefile
index 4670240f9f..fff66b169b 100644
--- a/src/regress/lib/libssl/interop/session/Makefile
+++ b/src/regress/lib/libssl/interop/session/Makefile
@@ -1,12 +1,6 @@
-# $OpenBSD: Makefile,v 1.13 2025/07/09 17:48:02 tb Exp $
+# $OpenBSD: Makefile,v 1.14 2025/07/25 16:33:15 tb Exp $
 
 LIBRARIES =		libressl
-.if exists(/usr/local/bin/eopenssl33)
-#LIBRARIES +=		openssl33
-.endif
-.if exists(/usr/local/bin/eopenssl34)
-#LIBRARIES +=		openssl34
-.endif
 .if exists(/usr/local/bin/eopenssl35)
 #LIBRARIES +=		openssl35
 .endif
diff --git a/src/regress/lib/libssl/interop/version/Makefile b/src/regress/lib/libssl/interop/version/Makefile
index 133fc29629..5ee7d4c4f3 100644
--- a/src/regress/lib/libssl/interop/version/Makefile
+++ b/src/regress/lib/libssl/interop/version/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.11 2025/07/09 17:48:02 tb Exp $
+# $OpenBSD: Makefile,v 1.12 2025/07/25 16:33:15 tb Exp $
 
 # Connect a client to a server.  Both can be current libressl, or
 # openssl 1.1 or openssl 3.0.  Pin client or server to a fixed TLS
@@ -7,12 +7,6 @@
 # print out.
 
 LIBRARIES =		libressl
-.if exists(/usr/local/bin/eopenssl33)
-LIBRARIES +=		openssl33
-.endif
-.if exists(/usr/local/bin/eopenssl34)
-LIBRARIES +=		openssl34
-.endif
 .if exists(/usr/local/bin/eopenssl35)
 LIBRARIES +=		openssl35
 .endif
@@ -32,9 +26,7 @@ FAIL_${cver}_${sver} = !
 .for slib in ${LIBRARIES}
 
 .if ("${cver}" != TLS1_3 && "${sver}" != TLS1_3) && \
-    ((("${clib}" != openssl33 && "${slib}" != openssl33)) || \
-    (("${clib}" != openssl34 && "${slib}" != openssl34)) || \
-    (("${clib}" != openssl35 && "${slib}" != openssl35)) || \
+    ((("${clib}" != openssl35 && "${slib}" != openssl35)) || \
     (("${cver}" != any && "${sver}" != any) && \
     ("${cver}" != TLS1 && "${sver}" != TLS1) && \
     ("${cver}" != TLS1_1 && "${sver}" != TLS1_1)))
-- 
cgit v1.2.3-55-g6feb