artulab
projects / openbsd / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 434c625)
Switch ssltest to using the newly generated certs that use SHA-256 instead
authortb <tb@openbsd.org>
Thu, 7 Jul 2022 11:40:17 +0000 (11:40 +0000)
committertb <tb@openbsd.org>
Thu, 7 Jul 2022 11:40:17 +0000 (11:40 +0000)
of SHA-1. This helps the switch to security-level aware ssltest.

From jsing

regress/lib/libssl/ssl/Makefile patch | blob | history
regress/lib/libssl/ssl/ssltest.c patch | blob | history

diff --git a/regress/lib/libssl/ssl/Makefile b/regress/lib/libssl/ssl/Makefile
index 582dd1c..91abaae 100644 (file)
--- a/regress/lib/libssl/ssl/Makefile
+++ b/regress/lib/libssl/ssl/Makefile
@@ -1,4 +1,4 @@
-#      $OpenBSD: Makefile,v 1.4 2021/10/15 16:49:12 jsing Exp $
+#      $OpenBSD: Makefile,v 1.5 2022/07/07 11:40:17 tb Exp $
 
 PROG=  ssltest
 LDADD= -lcrypto -lssl
@@ -11,7 +11,7 @@ REGRESS_TARGETS=regress-ssltest
 
 regress-ssltest: ${PROG}
        sh ${.CURDIR}/testssl \
-         ${.CURDIR}/../certs/server.pem ${.CURDIR}/../certs/server.pem \
-         ${.CURDIR}/../certs/ca.pem
+         ${.CURDIR}/../certs/server1-rsa.pem ${.CURDIR}/../certs/server1-rsa-chain.pem \
+         ${.CURDIR}/../certs/ca-root-rsa.pem
 
 .include <bsd.regress.mk>
diff --git a/regress/lib/libssl/ssl/ssltest.c b/regress/lib/libssl/ssl/ssltest.c
index 3225384..0deac3e 100644 (file)
--- a/regress/lib/libssl/ssl/ssltest.c
+++ b/regress/lib/libssl/ssl/ssltest.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ssltest.c,v 1.33 2021/11/21 21:40:45 tb Exp $ */
+/*     $OpenBSD: ssltest.c,v 1.34 2022/07/07 11:40:17 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -659,8 +659,7 @@ bad:
                EC_KEY_free(ecdh);
        }
 
-       if (!SSL_CTX_use_certificate_file(s_ctx, server_cert,
-           SSL_FILETYPE_PEM)) {
+       if (!SSL_CTX_use_certificate_chain_file(s_ctx, server_cert)) {
                ERR_print_errors(bio_err);
        } else if (!SSL_CTX_use_PrivateKey_file(s_ctx,
            (server_key ? server_key : server_cert), SSL_FILETYPE_PEM)) {
@@ -669,8 +668,7 @@ bad:
        }
 
        if (client_auth) {
-               SSL_CTX_use_certificate_file(c_ctx, client_cert,
-                   SSL_FILETYPE_PEM);
+               SSL_CTX_use_certificate_chain_file(c_ctx, client_cert);
                SSL_CTX_use_PrivateKey_file(c_ctx,
                    (client_key ? client_key : client_cert),
                    SSL_FILETYPE_PEM);
OpenBSD src
by Ahmet Artu Yildirim