Use the new certificates/chains in regress.
authorjsing <jsing@openbsd.org>
Wed, 20 Mar 2024 10:38:05 +0000 (10:38 +0000)
committerjsing <jsing@openbsd.org>
Wed, 20 Mar 2024 10:38:05 +0000 (10:38 +0000)
The new certificates are more representative of the real world. The old
certificates use weak algorithms and expire in the very near future. Most
of our regress has already been switched over, this changes the remainder.

Thanks to Bernhard M. Wiedemann for reminding us of the upcoming expiry.

ok tb@

regress/lib/libssl/dtls/Makefile
regress/lib/libssl/quic/Makefile
regress/lib/libssl/server/Makefile
regress/lib/libssl/shutdown/Makefile
regress/lib/libssl/tls/Makefile
regress/lib/libssl/unit/ssl_get_shared_ciphers.c
regress/lib/libtls/keypair/Makefile
regress/lib/libtls/keypair/keypairtest.c
regress/lib/libtls/tls/Makefile

index 438cd5c..b58dae6 100644 (file)
@@ -1,4 +1,4 @@
-#      $OpenBSD: Makefile,v 1.3 2022/01/07 09:07:00 tb Exp $
+#      $OpenBSD: Makefile,v 1.4 2024/03/20 10:38:05 jsing Exp $
 
 PROG=          dtlstest
 LDADD=         ${SSL_INT} -lcrypto
@@ -11,10 +11,11 @@ CFLAGS+=    -I${.CURDIR}/../../../../lib/libssl
 REGRESS_TARGETS= \
        regress-dtlstest
 
+# XXX(jsing): use CA root and chain
 regress-dtlstest: ${PROG}
        ./dtlstest \
-           ${.CURDIR}/../../libssl/certs/server.pem \
-           ${.CURDIR}/../../libssl/certs/server.pem \
-           ${.CURDIR}/../../libssl/certs/ca.pem
+           ${.CURDIR}/../../libssl/certs/server1-rsa.pem \
+           ${.CURDIR}/../../libssl/certs/server1-rsa.pem \
+           ${.CURDIR}/../../libssl/certs/ca-int-rsa.pem
 
 .include <bsd.regress.mk>
index a348b2d..55fef6b 100644 (file)
@@ -1,4 +1,4 @@
-#      $OpenBSD: Makefile,v 1.2 2022/10/02 16:40:56 jsing Exp $
+#      $OpenBSD: Makefile,v 1.3 2024/03/20 10:38:05 jsing Exp $
 
 PROG=  quictest
 LDADD= -lssl -lcrypto
@@ -12,8 +12,8 @@ REGRESS_TARGETS= \
 
 regress-quictest: ${PROG}
        ./quictest \
-           ${.CURDIR}/../../libssl/certs/server.pem \
-           ${.CURDIR}/../../libssl/certs/server.pem \
-           ${.CURDIR}/../../libssl/certs/ca.pem
+           ${.CURDIR}/../../libssl/certs/server1-rsa.pem \
+           ${.CURDIR}/../../libssl/certs/server1-rsa-chain.pem \
+           ${.CURDIR}/../../libssl/certs/ca-root-rsa.pem
 
 .include <bsd.regress.mk>
index 0621a5f..be86dbb 100644 (file)
@@ -1,4 +1,4 @@
-#      $OpenBSD: Makefile,v 1.2 2020/05/11 18:18:21 jsing Exp $
+#      $OpenBSD: Makefile,v 1.3 2024/03/20 10:38:05 jsing Exp $
 
 PROG=  servertest
 LDADD= ${SSL_INT} -lcrypto
@@ -11,8 +11,8 @@ REGRESS_TARGETS= \
 
 regress-servertest: ${PROG}
        ./servertest \
-           ${.CURDIR}/../../libssl/certs/server.pem \
-           ${.CURDIR}/../../libssl/certs/server.pem \
-           ${.CURDIR}/../../libssl/certs/ca.pem
+           ${.CURDIR}/../../libssl/certs/server1-rsa.pem \
+           ${.CURDIR}/../../libssl/certs/server1-rsa-chain.pem \
+           ${.CURDIR}/../../libssl/certs/ca-root-rsa.pem
 
 .include <bsd.regress.mk>
index 5130501..d6a9a30 100644 (file)
@@ -1,4 +1,4 @@
-#      $OpenBSD: Makefile,v 1.1 2024/01/19 08:29:08 jsing Exp $
+#      $OpenBSD: Makefile,v 1.2 2024/03/20 10:38:05 jsing Exp $
 
 PROG=  shutdowntest
 LDADD= -lssl -lcrypto
@@ -11,8 +11,8 @@ REGRESS_TARGETS= \
 
 regress-shutdowntest: ${PROG}
        ./shutdowntest \
-           ${.CURDIR}/../../libssl/certs/server.pem \
-           ${.CURDIR}/../../libssl/certs/server.pem \
-           ${.CURDIR}/../../libssl/certs/ca.pem
+           ${.CURDIR}/../../libssl/certs/server1-rsa.pem \
+           ${.CURDIR}/../../libssl/certs/server1-rsa-chain.pem \
+           ${.CURDIR}/../../libssl/certs/ca-root-rsa.pem
 
 .include <bsd.regress.mk>
index a22cdcd..315ac69 100644 (file)
@@ -1,4 +1,4 @@
-#      $OpenBSD: Makefile,v 1.1 2021/10/23 14:34:10 jsing Exp $
+#      $OpenBSD: Makefile,v 1.2 2024/03/20 10:38:05 jsing Exp $
 
 PROG=  tlstest
 LDADD= -lssl -lcrypto
@@ -11,8 +11,8 @@ REGRESS_TARGETS= \
 
 regress-tlstest: ${PROG}
        ./tlstest \
-           ${.CURDIR}/../../libssl/certs/server.pem \
-           ${.CURDIR}/../../libssl/certs/server.pem \
-           ${.CURDIR}/../../libssl/certs/ca.pem
+           ${.CURDIR}/../../libssl/certs/server1-rsa.pem \
+           ${.CURDIR}/../../libssl/certs/server1-rsa-chain.pem \
+           ${.CURDIR}/../../libssl/certs/ca-root-rsa.pem
 
 .include <bsd.regress.mk>
index 33efc15..ff96690 100644 (file)
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ssl_get_shared_ciphers.c,v 1.11 2022/02/05 18:19:39 tb Exp $ */
+/*     $OpenBSD: ssl_get_shared_ciphers.c,v 1.12 2024/03/20 10:38:05 jsing Exp $ */
 /*
  * Copyright (c) 2021 Theo Buehler <tb@openbsd.org>
  *
@@ -462,7 +462,7 @@ main(int argc, char **argv)
        size_t i;
        int failed = 0;
 
-       if (asprintf(&server_cert, "%s/server.pem", CERTSDIR) == -1) {
+       if (asprintf(&server_cert, "%s/server1-rsa.pem", CERTSDIR) == -1) {
                fprintf(stderr, "asprintf server_cert failed\n");
                failed = 1;
                goto err;
index d06109a..c3ea15d 100644 (file)
@@ -1,4 +1,4 @@
-#      $OpenBSD: Makefile,v 1.1 2018/02/08 10:06:52 jsing Exp $
+#      $OpenBSD: Makefile,v 1.2 2024/03/20 10:38:05 jsing Exp $
 
 PROG=  keypairtest
 LDADD= -lcrypto -lssl ${TLS_INT}
@@ -13,8 +13,8 @@ REGRESS_TARGETS= \
 
 regress-keypairtest: ${PROG}
        ./keypairtest \
-           ${.CURDIR}/../../libssl/certs/ca.pem \
-           ${.CURDIR}/../../libssl/certs/server.pem \
-           ${.CURDIR}/../../libssl/certs/server.pem
+           ${.CURDIR}/../../libssl/certs/ca-root-rsa.pem \
+           ${.CURDIR}/../../libssl/certs/server1-rsa.pem \
+           ${.CURDIR}/../../libssl/certs/server1-rsa.pem
 
 .include <bsd.regress.mk>
index 31bf7d6..600e578 100644 (file)
@@ -1,4 +1,4 @@
-/* $OpenBSD: keypairtest.c,v 1.6 2022/02/08 18:05:57 tb Exp $ */
+/* $OpenBSD: keypairtest.c,v 1.7 2024/03/20 10:38:05 jsing Exp $ */
 /*
  * Copyright (c) 2018 Joel Sing <jsing@openbsd.org>
  *
@@ -29,7 +29,7 @@
 #include <tls_internal.h>
 
 #define PUBKEY_HASH \
-    "SHA256:858d0f94beb0a08eb4f13871ba57bf0a2e081287d0efbaeb3bbac59dd8f1a8e5"
+    "SHA256:f03c535d374614e7356c0a4e6fd37fe94297b60ed86212adcba40e8e0b07bc9f"
 
 char *cert_file, *key_file, *ocsp_staple_file;
 
index 0fbd784..ecdc039 100644 (file)
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.2 2017/05/06 21:56:43 jsing Exp $
+# $OpenBSD: Makefile,v 1.3 2024/03/20 10:38:05 jsing Exp $
 
 PROG=  tlstest
 LDADD= -lcrypto -lssl -ltls
@@ -12,8 +12,8 @@ REGRESS_TARGETS= \
 
 regress-tlstest: ${PROG}
        ./tlstest \
-           ${.CURDIR}/../../libssl/certs/ca.pem \
-           ${.CURDIR}/../../libssl/certs/server.pem \
-           ${.CURDIR}/../../libssl/certs/server.pem
+           ${.CURDIR}/../../libssl/certs/ca-root-rsa.pem \
+           ${.CURDIR}/../../libssl/certs/server1-rsa-chain.pem \
+           ${.CURDIR}/../../libssl/certs/server1-rsa.pem
 
 .include <bsd.regress.mk>