diff options
| author | Doug Hogan <doug@cvs.openbsd.org> | 2015-08-27 07:19:18 +0000 |
|---|---|---|
| committer | Doug Hogan <doug@cvs.openbsd.org> | 2015-08-27 07:19:18 +0000 |
| commit | 4b7e54f374eb5e0b565c1378c3f9387ad0bb01f1 (patch) | |
| tree | 85704522b06e234460f2bed024904fcd111dd219 | |
| parent | f039c973e9a4240e22e1709d2bed1e15065ab8c6 (diff) | |
Remove SSLv3 support from LibreSSL regression tests.
| -rw-r--r-- | regress/lib/libssl/ciphers/cipherstest.c | 4 | ||||
| -rw-r--r-- | regress/lib/libssl/ssl/ssltest.c | 25 | ||||
| -rw-r--r-- | regress/lib/libssl/ssl/testssl | 32 |
3 files changed, 5 insertions, 56 deletions
diff --git a/regress/lib/libssl/ciphers/cipherstest.c b/regress/lib/libssl/ciphers/cipherstest.c index b20ec8bd528..d76fbfc8c03 100644 --- a/regress/lib/libssl/ciphers/cipherstest.c +++ b/regress/lib/libssl/ciphers/cipherstest.c @@ -87,10 +87,6 @@ cipher_get_put_tests(void) failed |= get_put_test("SSLv23_client", SSLv23_client_method()); failed |= get_put_test("SSLv23_server", SSLv23_server_method()); - failed |= get_put_test("SSLv3", SSLv3_method()); - failed |= get_put_test("SSLv3_client", SSLv3_client_method()); - failed |= get_put_test("SSLv3_server", SSLv3_server_method()); - failed |= get_put_test("TLSv1", TLSv1_method()); failed |= get_put_test("TLSv1_client", TLSv1_client_method()); failed |= get_put_test("TLSv1_server", TLSv1_server_method()); diff --git a/regress/lib/libssl/ssl/ssltest.c b/regress/lib/libssl/ssl/ssltest.c index 5b03e0e0b8e..712e2ca1848 100644 --- a/regress/lib/libssl/ssl/ssltest.c +++ b/regress/lib/libssl/ssl/ssltest.c @@ -431,7 +431,6 @@ sv_usage(void) fprintf(stderr, " -no_dhe - disable DHE\n"); fprintf(stderr, " -no_ecdhe - disable ECDHE\n"); fprintf(stderr, " -dtls1 - use DTLSv1\n"); - fprintf(stderr, " -ssl3 - use SSLv3\n"); fprintf(stderr, " -tls1 - use TLSv1\n"); fprintf(stderr, " -CApath arg - PEM format directory of CA's\n"); fprintf(stderr, " -CAfile arg - PEM format file of CA's\n"); @@ -550,7 +549,7 @@ main(int argc, char *argv[]) int badop = 0; int bio_pair = 0; int force = 0; - int tls1 = 0, ssl3 = 0, dtls1 = 0, ret = 1; + int tls1 = 0, dtls1 = 0, ret = 1; int client_auth = 0; int server_auth = 0, i; struct app_verify_arg app_verify_arg = @@ -618,8 +617,6 @@ main(int argc, char *argv[]) no_ecdhe = 1; else if (strcmp(*argv, "-dtls1") == 0) dtls1 = 1; - else if (strcmp(*argv, "-ssl3") == 0) - ssl3 = 1; else if (strcmp(*argv, "-tls1") == 0) tls1 = 1; else if (strncmp(*argv, "-num", 4) == 0) { @@ -733,12 +730,12 @@ bad: goto end; } - if (!dtls1 && !ssl3 && !tls1 && + if (!dtls1 && !tls1 && number > 1 && !reuse && !force) { fprintf(stderr, "This case cannot work. Use -f to perform " "the test anyway (and\n-d to see what happens), " - "or add one of -dtls1, -ssl3, -tls1, -reuse\n" + "or add one of -dtls1, -tls1, -reuse\n" "to avoid protocol mismatch.\n"); exit(1); } @@ -761,8 +758,6 @@ bad: meth = DTLSv1_method(); else if (tls1) meth = TLSv1_method(); - else if (ssl3) - meth = SSLv3_method(); else meth = SSLv23_method(); @@ -2169,20 +2164,6 @@ do_test_cipherlist(void) const SSL_METHOD *meth; const SSL_CIPHER *ci, *tci = NULL; - fprintf(stderr, "testing SSLv3 cipher list order: "); - meth = SSLv3_method(); - tci = NULL; - while ((ci = meth->get_cipher(i++)) != NULL) { - if (tci != NULL) { - if (ci->id >= tci->id) { - fprintf(stderr, - "failed %lx vs. %lx\n", ci->id, tci->id); - return 0; - } - } - tci = ci; - } - fprintf(stderr, "ok\n"); fprintf(stderr, "testing TLSv1 cipher list order: "); meth = TLSv1_method(); tci = NULL; diff --git a/regress/lib/libssl/ssl/testssl b/regress/lib/libssl/ssl/testssl index 04f82a9da1d..756f8e73fa2 100644 --- a/regress/lib/libssl/ssl/testssl +++ b/regress/lib/libssl/ssl/testssl @@ -15,18 +15,6 @@ fi ############################################################################# -echo test sslv3 -$ssltest -ssl3 $extra || exit 1 - -echo test sslv3 with server authentication -$ssltest -ssl3 -server_auth $CA $extra || exit 1 - -echo test sslv3 with client authentication -$ssltest -ssl3 -client_auth $CA $extra || exit 1 - -echo test sslv3 with both client and server authentication -$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1 - echo test sslv2/sslv3 $ssltest $extra || exit 1 @@ -39,18 +27,6 @@ $ssltest -client_auth $CA $extra || exit 1 echo test sslv2/sslv3 with both client and server authentication $ssltest -server_auth -client_auth $CA $extra || exit 1 -echo test sslv3 via BIO pair -$ssltest -bio_pair -ssl3 $extra || exit 1 - -echo test sslv3 with server authentication via BIO pair -$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1 - -echo test sslv3 with client authentication via BIO pair -$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1 - -echo test sslv3 with both client and server authentication via BIO pair -$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1 - echo test sslv2/sslv3 via BIO pair $ssltest $extra || exit 1 @@ -75,15 +51,11 @@ echo test sslv2/sslv3 with both client and server authentication via BIO pair an $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1 echo "Testing ciphersuites" -for protocol in SSLv3 TLSv1.2; do +for protocol in TLSv1.2; do echo "Testing ciphersuites for $protocol" for cipher in `$openssl ciphers "$protocol+aRSA" | tr ':' ' '`; do echo "Testing $cipher" - prot="" - if [ $protocol = "SSLv3" ] ; then - prot="-ssl3" - fi - $ssltest -cipher $cipher $prot + $ssltest -cipher $cipher if [ $? -ne 0 ] ; then echo "Failed $cipher" exit 1 |