Adjust tls regress for protocol parsing fixes

This mostly reverts what was done by beck in Tallinn and adjust tlstest
to add new test cases and now failing connection tests.

3 files changed, 22 insertions, 16 deletions

diff --git a/regress/lib/libtls/config/configtest.c b/regress/lib/libtls/config/configtest.c
index 5af5b56ffd4..9e0df8a5ebc 100644
--- a/regress/lib/libtls/config/configtest.c
+++ b/regress/lib/libtls/config/configtest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: configtest.c,v 1.3 2023/07/02 06:37:27 beck Exp $ */
+/* $OpenBSD: configtest.c,v 1.4 2024/08/02 15:02:22 tb Exp $ */
 /*
  * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
  *
@@ -71,27 +71,30 @@ struct parse_protocols_test parse_protocols_tests[] = {
 	{
 		.protostr = "tlsv1.0:tlsv1.1:tlsv1.2:tlsv1.3",
 		.want_return = 0,
-		.want_protocols = TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3,
+		.want_protocols = TLS_PROTOCOL_TLSv1_0 | TLS_PROTOCOL_TLSv1_1 |
+		    TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3,
 	},
 	{
 		.protostr = "tlsv1.0,tlsv1.1,tlsv1.2,tlsv1.3",
 		.want_return = 0,
-		.want_protocols = TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3,
+		.want_protocols = TLS_PROTOCOL_TLSv1_0 | TLS_PROTOCOL_TLSv1_1 |
+		    TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3,
 	},
 	{
 		.protostr = "tlsv1.1,tlsv1.2,tlsv1.0",
 		.want_return = 0,
-		.want_protocols = TLS_PROTOCOL_TLSv1_2,
+		.want_protocols = TLS_PROTOCOL_TLSv1_0 | TLS_PROTOCOL_TLSv1_1 |
+		    TLS_PROTOCOL_TLSv1_2,
 	},
 	{
 		.protostr = "tlsv1.1,tlsv1.2,tlsv1.1",
 		.want_return = 0,
-		.want_protocols = TLS_PROTOCOL_TLSv1_2,
+		.want_protocols = TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2,
 	},
 	{
 		.protostr = "tlsv1.1,tlsv1.2,!tlsv1.1",
 		.want_return = 0,
-		.want_protocols = 0,
+		.want_protocols = TLS_PROTOCOL_TLSv1_2,
 	},
 	{
 		.protostr = "unknown",
@@ -111,17 +114,19 @@ struct parse_protocols_test parse_protocols_tests[] = {
 	{
 		.protostr = "all,!tlsv1.0",
 		.want_return = 0,
-		.want_protocols = TLS_PROTOCOL_TLSv1_3,
+		.want_protocols = TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2 | \
+			TLS_PROTOCOL_TLSv1_3,
 	},
 	{
 		.protostr = "!tlsv1.0",
 		.want_return = 0,
-		.want_protocols = TLS_PROTOCOL_TLSv1_3,
+		.want_protocols = TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2 | \
+			TLS_PROTOCOL_TLSv1_3,
 	},
 	{
 		.protostr = "!tlsv1.0,!tlsv1.1,!tlsv1.3",
 		.want_return = 0,
-		.want_protocols = 0,
+		.want_protocols = TLS_PROTOCOL_TLSv1_2,
 	},
 	{
 		.protostr = "!tlsv1.0,!tlsv1.1,tlsv1.2,!tlsv1.3",
diff --git a/regress/lib/libtls/gotls/tls.go b/regress/lib/libtls/gotls/tls.go
index 3029d58c357..cf3e84c0309 100644
--- a/regress/lib/libtls/gotls/tls.go
+++ b/regress/lib/libtls/gotls/tls.go
@@ -45,6 +45,8 @@ const (
 )
 
 var protocolNames = map[ProtocolVersion]string{
+	ProtocolTLSv10: "TLSv1",
+	ProtocolTLSv11: "TLSv1.1",
 	ProtocolTLSv12: "TLSv1.2",
 	ProtocolTLSv13: "TLSv1.3",
 	ProtocolsAll:   "all",
diff --git a/regress/lib/libtls/tls/tlstest.c b/regress/lib/libtls/tls/tlstest.c
index fb6649e83fa..b675c798b42 100644
--- a/regress/lib/libtls/tls/tlstest.c
+++ b/regress/lib/libtls/tls/tlstest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tlstest.c,v 1.15 2022/07/16 07:46:08 tb Exp $ */
+/* $OpenBSD: tlstest.c,v 1.16 2024/08/02 15:02:22 tb Exp $ */
 /*
  * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
  *
@@ -497,16 +497,15 @@ struct test_versions {
 static struct test_versions tls_test_versions[] = {
 	{"tlsv1.3", "all"},
 	{"tlsv1.2", "all"},
-	{"tlsv1.1", "all"},
-	{"tlsv1.0", "all"},
 	{"all", "tlsv1.3"},
 	{"all", "tlsv1.2"},
-	{"all", "tlsv1.1"},
-	{"all", "tlsv1.0"},
+	{"all:!tlsv1.1", "tlsv1.2"},
+	{"all:!tlsv1.2", "tlsv1.3"},
+	{"all:!tlsv1.3", "tlsv1.2"},
+	{"all:!tlsv1.2:!tlsv1.1", "tlsv1.3"},
+	{"all:!tlsv1.2:!tlsv1.1:!tlsv1.0", "tlsv1.3"},
 	{"tlsv1.3", "tlsv1.3"},
 	{"tlsv1.2", "tlsv1.2"},
-	{"tlsv1.1", "tlsv1.1"},
-	{"tlsv1.0", "tlsv1.0"},
 };
 
 #define N_TLS_VERSION_TESTS \