summaryrefslogtreecommitdiff
path: root/regress
diff options
context:
space:
mode:
authorDoug Hogan <doug@cvs.openbsd.org>2015-08-27 07:19:18 +0000
committerDoug Hogan <doug@cvs.openbsd.org>2015-08-27 07:19:18 +0000
commit4b7e54f374eb5e0b565c1378c3f9387ad0bb01f1 (patch)
tree85704522b06e234460f2bed024904fcd111dd219 /regress
parentf039c973e9a4240e22e1709d2bed1e15065ab8c6 (diff)
Remove SSLv3 support from LibreSSL regression tests.
Diffstat (limited to 'regress')
-rw-r--r--regress/lib/libssl/ciphers/cipherstest.c4
-rw-r--r--regress/lib/libssl/ssl/ssltest.c25
-rw-r--r--regress/lib/libssl/ssl/testssl32
3 files changed, 5 insertions, 56 deletions
diff --git a/regress/lib/libssl/ciphers/cipherstest.c b/regress/lib/libssl/ciphers/cipherstest.c
index b20ec8bd528..d76fbfc8c03 100644
--- a/regress/lib/libssl/ciphers/cipherstest.c
+++ b/regress/lib/libssl/ciphers/cipherstest.c
@@ -87,10 +87,6 @@ cipher_get_put_tests(void)
failed |= get_put_test("SSLv23_client", SSLv23_client_method());
failed |= get_put_test("SSLv23_server", SSLv23_server_method());
- failed |= get_put_test("SSLv3", SSLv3_method());
- failed |= get_put_test("SSLv3_client", SSLv3_client_method());
- failed |= get_put_test("SSLv3_server", SSLv3_server_method());
-
failed |= get_put_test("TLSv1", TLSv1_method());
failed |= get_put_test("TLSv1_client", TLSv1_client_method());
failed |= get_put_test("TLSv1_server", TLSv1_server_method());
diff --git a/regress/lib/libssl/ssl/ssltest.c b/regress/lib/libssl/ssl/ssltest.c
index 5b03e0e0b8e..712e2ca1848 100644
--- a/regress/lib/libssl/ssl/ssltest.c
+++ b/regress/lib/libssl/ssl/ssltest.c
@@ -431,7 +431,6 @@ sv_usage(void)
fprintf(stderr, " -no_dhe - disable DHE\n");
fprintf(stderr, " -no_ecdhe - disable ECDHE\n");
fprintf(stderr, " -dtls1 - use DTLSv1\n");
- fprintf(stderr, " -ssl3 - use SSLv3\n");
fprintf(stderr, " -tls1 - use TLSv1\n");
fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
fprintf(stderr, " -CAfile arg - PEM format file of CA's\n");
@@ -550,7 +549,7 @@ main(int argc, char *argv[])
int badop = 0;
int bio_pair = 0;
int force = 0;
- int tls1 = 0, ssl3 = 0, dtls1 = 0, ret = 1;
+ int tls1 = 0, dtls1 = 0, ret = 1;
int client_auth = 0;
int server_auth = 0, i;
struct app_verify_arg app_verify_arg =
@@ -618,8 +617,6 @@ main(int argc, char *argv[])
no_ecdhe = 1;
else if (strcmp(*argv, "-dtls1") == 0)
dtls1 = 1;
- else if (strcmp(*argv, "-ssl3") == 0)
- ssl3 = 1;
else if (strcmp(*argv, "-tls1") == 0)
tls1 = 1;
else if (strncmp(*argv, "-num", 4) == 0) {
@@ -733,12 +730,12 @@ bad:
goto end;
}
- if (!dtls1 && !ssl3 && !tls1 &&
+ if (!dtls1 && !tls1 &&
number > 1 && !reuse && !force) {
fprintf(stderr,
"This case cannot work. Use -f to perform "
"the test anyway (and\n-d to see what happens), "
- "or add one of -dtls1, -ssl3, -tls1, -reuse\n"
+ "or add one of -dtls1, -tls1, -reuse\n"
"to avoid protocol mismatch.\n");
exit(1);
}
@@ -761,8 +758,6 @@ bad:
meth = DTLSv1_method();
else if (tls1)
meth = TLSv1_method();
- else if (ssl3)
- meth = SSLv3_method();
else
meth = SSLv23_method();
@@ -2169,20 +2164,6 @@ do_test_cipherlist(void)
const SSL_METHOD *meth;
const SSL_CIPHER *ci, *tci = NULL;
- fprintf(stderr, "testing SSLv3 cipher list order: ");
- meth = SSLv3_method();
- tci = NULL;
- while ((ci = meth->get_cipher(i++)) != NULL) {
- if (tci != NULL) {
- if (ci->id >= tci->id) {
- fprintf(stderr,
- "failed %lx vs. %lx\n", ci->id, tci->id);
- return 0;
- }
- }
- tci = ci;
- }
- fprintf(stderr, "ok\n");
fprintf(stderr, "testing TLSv1 cipher list order: ");
meth = TLSv1_method();
tci = NULL;
diff --git a/regress/lib/libssl/ssl/testssl b/regress/lib/libssl/ssl/testssl
index 04f82a9da1d..756f8e73fa2 100644
--- a/regress/lib/libssl/ssl/testssl
+++ b/regress/lib/libssl/ssl/testssl
@@ -15,18 +15,6 @@ fi
#############################################################################
-echo test sslv3
-$ssltest -ssl3 $extra || exit 1
-
-echo test sslv3 with server authentication
-$ssltest -ssl3 -server_auth $CA $extra || exit 1
-
-echo test sslv3 with client authentication
-$ssltest -ssl3 -client_auth $CA $extra || exit 1
-
-echo test sslv3 with both client and server authentication
-$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1
-
echo test sslv2/sslv3
$ssltest $extra || exit 1
@@ -39,18 +27,6 @@ $ssltest -client_auth $CA $extra || exit 1
echo test sslv2/sslv3 with both client and server authentication
$ssltest -server_auth -client_auth $CA $extra || exit 1
-echo test sslv3 via BIO pair
-$ssltest -bio_pair -ssl3 $extra || exit 1
-
-echo test sslv3 with server authentication via BIO pair
-$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1
-
-echo test sslv3 with client authentication via BIO pair
-$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1
-
-echo test sslv3 with both client and server authentication via BIO pair
-$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1
-
echo test sslv2/sslv3 via BIO pair
$ssltest $extra || exit 1
@@ -75,15 +51,11 @@ echo test sslv2/sslv3 with both client and server authentication via BIO pair an
$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
echo "Testing ciphersuites"
-for protocol in SSLv3 TLSv1.2; do
+for protocol in TLSv1.2; do
echo "Testing ciphersuites for $protocol"
for cipher in `$openssl ciphers "$protocol+aRSA" | tr ':' ' '`; do
echo "Testing $cipher"
- prot=""
- if [ $protocol = "SSLv3" ] ; then
- prot="-ssl3"
- fi
- $ssltest -cipher $cipher $prot
+ $ssltest -cipher $cipher
if [ $? -ne 0 ] ; then
echo "Failed $cipher"
exit 1