Hook up the the x509 policy regression tests to x509 regress.

These were adapted from BoringSSL's regress tests for x509
policy. They are currently marked as expected to fail as
we have not enabled LIBRESSL_HAS_POLICY_DAG by default yet, and
the old tree based policy code from OpenSSL is special.

These tests pass when we build with LIBRESSL_HAS_POLICY_DAG.

diff --git a/regress/lib/libcrypto/x509/Makefile b/regress/lib/libcrypto/x509/Makefile
index d6c94f3..a8796eb 100644 (file)
--- a/regress/lib/libcrypto/x509/Makefile
+++ b/regress/lib/libcrypto/x509/Makefile
@@ -1,4 +1,4 @@
-#      $OpenBSD: Makefile,v 1.18 2023/04/26 08:58:03 job Exp $
+#      $OpenBSD: Makefile,v 1.19 2023/04/28 09:11:35 beck Exp $
 
 PROGS =        constraints verify x509attribute x509name x509req_ext callback
 PROGS += expirecallback callbackfailures x509_asn1
@@ -13,7 +13,7 @@ CFLAGS +=     -DLIBRESSL_INTERNAL -Wall -Werror
 CFLAGS +=      -I${.CURDIR}/../../../../lib/libcrypto/x509
 CFLAGS +=      -I${.CURDIR}/../../../../lib/libcrypto/bytestring
 
-SUBDIR += bettertls rfc3779
+SUBDIR += bettertls rfc3779 policy
 
 CLEANFILES +=  x509name.result callback.out
 

diff --git a/regress/lib/libcrypto/x509/policy/Makefile b/regress/lib/libcrypto/x509/policy/Makefile
index b365499..89de5a4 100644 (file)
--- a/regress/lib/libcrypto/x509/policy/Makefile
+++ b/regress/lib/libcrypto/x509/policy/Makefile
@@ -1,4 +1,4 @@
-#      $OpenBSD: Makefile,v 1.1 2023/04/27 12:23:31 beck Exp $
+#      $OpenBSD: Makefile,v 1.2 2023/04/28 09:11:35 beck Exp $
 
 PROGS =                policy
 
@@ -14,6 +14,7 @@ CFLAGS +=     -I${.CURDIR}/../../../../../lib/libcrypto/bytestring
 CFLAGS +=      -DCERTSDIR=\"${.CURDIR}/../../../libcrypto/x509/policy\"
 
 REGRESS_TARGETS =  policy-test
+REGRESS_EXPECTED_FAILURES =  policy-test
 
 policy-test:   policy
        ./policy