Make the ssltest security level aware.

author tb <tb@openbsd.org>

Thu, 7 Jul 2022 13:10:22 +0000 (13:10 +0000)

committer tb <tb@openbsd.org>

Thu, 7 Jul 2022 13:10:22 +0000 (13:10 +0000)
author tb <tb@openbsd.org>
Thu, 7 Jul 2022 13:10:22 +0000 (13:10 +0000)
committer tb <tb@openbsd.org>
Thu, 7 Jul 2022 13:10:22 +0000 (13:10 +0000)
diff --git a/regress/lib/libssl/ssl/ssltest.c b/regress/lib/libssl/ssl/ssltest.c

index 0deac3e..ff5a584 100644 (file)
--- a/regress/lib/libssl/ssl/ssltest.c
+++ b/regress/lib/libssl/ssl/ssltest.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ssltest.c,v 1.34 2022/07/07 11:40:17 tb Exp $ */
+/*     $OpenBSD: ssltest.c,v 1.35 2022/07/07 13:10:22 tb Exp $ */
  /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
   * All rights reserved.
   *
@@ -434,6 +434,7 @@ main(int argc, char *argv[])
         const SSL_METHOD *meth = NULL;
         SSL *c_ssl, *s_ssl;
         int number = 1, reuse = 0;
+       int seclevel = 0;
         long bytes = 256L;
         DH *dh;
         int dhe1024dsa = 0;
@@ -494,6 +495,10 @@ main(int argc, char *argv[])
                         number = atoi(*(++argv));
                         if (number == 0)
                                 number = 1;
+               } else if (strncmp(*argv, "-seclevel", 9) == 0) {
+                       if (--argc < 1)
+                               goto bad;
+                       seclevel = atoi(*(++argv));
                 } else if (strcmp(*argv, "-bytes") == 0) {
                         if (--argc < 1)
                                 goto bad;
@@ -620,6 +625,9 @@ bad:
                 goto end;
         }
  
+       SSL_CTX_set_security_level(c_ctx, seclevel);
+       SSL_CTX_set_security_level(s_ctx, seclevel);
+
         if (cipher != NULL) {
                 SSL_CTX_set_cipher_list(c_ctx, cipher);
                 SSL_CTX_set_cipher_list(s_ctx, cipher);
author	tb <tb@openbsd.org>
	Thu, 7 Jul 2022 13:10:22 +0000 (13:10 +0000)
committer	tb <tb@openbsd.org>
	Thu, 7 Jul 2022 13:10:22 +0000 (13:10 +0000)