Revise regress for TLSv1.3 server being enabled.

4 files changed, 17 insertions, 14 deletions

diff --git a/regress/lib/libssl/interop/libressl/Makefile b/regress/lib/libssl/interop/libressl/Makefile
index 868c3c146f0..16ec8cf086e 100644
--- a/regress/lib/libssl/interop/libressl/Makefile
+++ b/regress/lib/libssl/interop/libressl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.5 2018/11/11 00:15:04 bluhm Exp $
+# $OpenBSD: Makefile,v 1.6 2020/05/11 18:20:24 jsing Exp $
 
 PROGS =			client server
 CPPFLAGS =
@@ -28,9 +28,8 @@ run-version-$p: $p-self.out
 
 run-protocol-$p: $p-self.out
 	@echo '\n======== $@ ========'
-	# check that LibreSSL protocol version is TLS 1.2
-	# XXX adapt when LibreSSL supports TLS 1.3
-	grep 'Protocol *: TLSv1.2' $p-self.out
+	# check that LibreSSL protocol version is TLS 1.3
+	grep 'Protocol *: TLSv1.3' $p-self.out
 
 .endfor
 
diff --git a/regress/lib/libssl/interop/netcat/Makefile b/regress/lib/libssl/interop/netcat/Makefile
index a9947e600c9..ef51d0597e5 100644
--- a/regress/lib/libssl/interop/netcat/Makefile
+++ b/regress/lib/libssl/interop/netcat/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.3 2020/01/25 16:03:31 jsing Exp $
+# $OpenBSD: Makefile,v 1.4 2020/05/11 18:20:24 jsing Exp $
 
 LIBRARIES =		libressl
 .if exists(/usr/local/bin/eopenssl)
@@ -69,9 +69,8 @@ REGRESS_TARGETS +=	run-protocol-client-${clib}
 
 run-protocol-client-${clib}: client-netcat-client-${clib}-server-nc.out
 	@echo '\n======== $@ ========'
-	# check that LibTLS protocol version is TLS 1.2
-	# XXX adapt when LibreSSL supports TLS 1.3
-	grep 'Protocol *: TLSv1.2' client-netcat-client-${clib}-server-nc.out
+	# check that LibTLS protocol version is TLS 1.2 or TLS 1.3
+	grep 'Protocol *: TLSv1.[23]' client-netcat-client-${clib}-server-nc.out
 
 .endfor
 
diff --git a/regress/lib/libssl/interop/session/Makefile b/regress/lib/libssl/interop/session/Makefile
index 72062ddaca1..a99ab008a62 100644
--- a/regress/lib/libssl/interop/session/Makefile
+++ b/regress/lib/libssl/interop/session/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.4 2020/01/25 16:01:43 jsing Exp $
+# $OpenBSD: Makefile,v 1.5 2020/05/11 18:20:24 jsing Exp $
 
 LIBRARIES =		libressl
 .if exists(/usr/local/bin/eopenssl)
@@ -8,7 +8,9 @@ LIBRARIES +=		openssl
 LIBRARIES +=		openssl11
 .endif
 
+run-session-client-libressl-server-libressl \
 run-session-client-libressl-server-openssl11 \
+run-session-client-openssl11-server-libressl \
 run-session-client-openssl11-server-openssl11:
 	@echo '\n======== $@ ========'
 	# TLS 1.3 needs some extra setup for session reuse
diff --git a/regress/lib/libssl/tlsext/tlsexttest.c b/regress/lib/libssl/tlsext/tlsexttest.c
index eb8cef7ef54..3d03c2c0d39 100644
--- a/regress/lib/libssl/tlsext/tlsexttest.c
+++ b/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tlsexttest.c,v 1.35 2020/04/17 17:24:03 jsing Exp $ */
+/* $OpenBSD: tlsexttest.c,v 1.36 2020/05/11 18:20:01 jsing Exp $ */
 /*
  * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -1407,6 +1407,7 @@ test_tlsext_ri_server(void)
 	if ((ssl = SSL_new(ssl_ctx)) == NULL)
 		errx(1, "failed to create SSL");
 
+	ssl->version = TLS1_2_VERSION;
 	if (tlsext_ri_server_needs(ssl)) {
 		FAIL("server should not need RI\n");
 		goto err;
@@ -2812,12 +2813,14 @@ test_tlsext_clienthello_build(void)
 	return (failure);
 }
 
-unsigned char tlsext_serverhello_default[] = {};
+unsigned char tlsext_serverhello_default[] = {
+	0x00, 0x06, 0x00, 0x2b, 0x00, 0x02, 0x03, 0x04,
+};
 
 unsigned char tlsext_serverhello_enabled[] = {
-	0x00, 0x13, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00,
-	0x05, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01,
-	0x00, 0x00, 0x23, 0x00, 0x00,
+	0x00, 0x10, 0x00, 0x2b, 0x00, 0x02, 0x03, 0x04,
+	0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23,
+	0x00, 0x00,
 };
 
 static int