From ea48348f1d6370400f3a716ea5d2e34fa7b6ae0d Mon Sep 17 00:00:00 2001 From: Joel Sing Date: Mon, 11 May 2020 18:20:25 +0000 Subject: Revise regress for TLSv1.3 server being enabled. --- regress/lib/libssl/interop/libressl/Makefile | 7 +++---- regress/lib/libssl/interop/netcat/Makefile | 7 +++---- regress/lib/libssl/interop/session/Makefile | 4 +++- regress/lib/libssl/tlsext/tlsexttest.c | 13 ++++++++----- 4 files changed, 17 insertions(+), 14 deletions(-) (limited to 'regress') diff --git a/regress/lib/libssl/interop/libressl/Makefile b/regress/lib/libssl/interop/libressl/Makefile index 868c3c146f0..16ec8cf086e 100644 --- a/regress/lib/libssl/interop/libressl/Makefile +++ b/regress/lib/libssl/interop/libressl/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.5 2018/11/11 00:15:04 bluhm Exp $ +# $OpenBSD: Makefile,v 1.6 2020/05/11 18:20:24 jsing Exp $ PROGS = client server CPPFLAGS = @@ -28,9 +28,8 @@ run-version-$p: $p-self.out run-protocol-$p: $p-self.out @echo '\n======== $@ ========' - # check that LibreSSL protocol version is TLS 1.2 - # XXX adapt when LibreSSL supports TLS 1.3 - grep 'Protocol *: TLSv1.2' $p-self.out + # check that LibreSSL protocol version is TLS 1.3 + grep 'Protocol *: TLSv1.3' $p-self.out .endfor diff --git a/regress/lib/libssl/interop/netcat/Makefile b/regress/lib/libssl/interop/netcat/Makefile index a9947e600c9..ef51d0597e5 100644 --- a/regress/lib/libssl/interop/netcat/Makefile +++ b/regress/lib/libssl/interop/netcat/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.3 2020/01/25 16:03:31 jsing Exp $ +# $OpenBSD: Makefile,v 1.4 2020/05/11 18:20:24 jsing Exp $ LIBRARIES = libressl .if exists(/usr/local/bin/eopenssl) @@ -69,9 +69,8 @@ REGRESS_TARGETS += run-protocol-client-${clib} run-protocol-client-${clib}: client-netcat-client-${clib}-server-nc.out @echo '\n======== $@ ========' - # check that LibTLS protocol version is TLS 1.2 - # XXX adapt when LibreSSL supports TLS 1.3 - grep 'Protocol *: TLSv1.2' client-netcat-client-${clib}-server-nc.out + # check that LibTLS protocol version is TLS 1.2 or TLS 1.3 + grep 'Protocol *: TLSv1.[23]' client-netcat-client-${clib}-server-nc.out .endfor diff --git a/regress/lib/libssl/interop/session/Makefile b/regress/lib/libssl/interop/session/Makefile index 72062ddaca1..a99ab008a62 100644 --- a/regress/lib/libssl/interop/session/Makefile +++ b/regress/lib/libssl/interop/session/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.4 2020/01/25 16:01:43 jsing Exp $ +# $OpenBSD: Makefile,v 1.5 2020/05/11 18:20:24 jsing Exp $ LIBRARIES = libressl .if exists(/usr/local/bin/eopenssl) @@ -8,7 +8,9 @@ LIBRARIES += openssl LIBRARIES += openssl11 .endif +run-session-client-libressl-server-libressl \ run-session-client-libressl-server-openssl11 \ +run-session-client-openssl11-server-libressl \ run-session-client-openssl11-server-openssl11: @echo '\n======== $@ ========' # TLS 1.3 needs some extra setup for session reuse diff --git a/regress/lib/libssl/tlsext/tlsexttest.c b/regress/lib/libssl/tlsext/tlsexttest.c index eb8cef7ef54..3d03c2c0d39 100644 --- a/regress/lib/libssl/tlsext/tlsexttest.c +++ b/regress/lib/libssl/tlsext/tlsexttest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tlsexttest.c,v 1.35 2020/04/17 17:24:03 jsing Exp $ */ +/* $OpenBSD: tlsexttest.c,v 1.36 2020/05/11 18:20:01 jsing Exp $ */ /* * Copyright (c) 2017 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -1407,6 +1407,7 @@ test_tlsext_ri_server(void) if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); + ssl->version = TLS1_2_VERSION; if (tlsext_ri_server_needs(ssl)) { FAIL("server should not need RI\n"); goto err; @@ -2812,12 +2813,14 @@ test_tlsext_clienthello_build(void) return (failure); } -unsigned char tlsext_serverhello_default[] = {}; +unsigned char tlsext_serverhello_default[] = { + 0x00, 0x06, 0x00, 0x2b, 0x00, 0x02, 0x03, 0x04, +}; unsigned char tlsext_serverhello_enabled[] = { - 0x00, 0x13, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, - 0x05, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, - 0x00, 0x00, 0x23, 0x00, 0x00, + 0x00, 0x10, 0x00, 0x2b, 0x00, 0x02, 0x03, 0x04, + 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, + 0x00, 0x00, }; static int -- cgit v1.2.3