-/* $OpenBSD: ssl_versions.c,v 1.10 2021/01/09 12:39:23 tb Exp $ */
+/* $OpenBSD: ssl_versions.c,v 1.11 2021/02/20 09:45:14 jsing Exp $ */
/*
* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
*
int failed = 1;
size_t i;
+ fprintf(stderr, "INFO: starting enabled version range tests...\n");
+
if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) {
fprintf(stderr, "SSL_CTX_new() returned NULL\n");
goto failure;
failed = 0;
+ fprintf(stderr, "INFO: starting max shared version tests...\n");
+
for (i = 0; i < N_SHARED_VERSION_TESTS; i++) {
svt = &shared_version_tests[i];
const uint16_t maxver;
const uint16_t want_minver;
const uint16_t want_maxver;
+ const int want_min_fail;
+ const int want_max_fail;
};
static struct min_max_version_test min_max_version_tests[] = {
.ssl_method = TLS_method,
.minver = 0,
.maxver = 0,
- .want_minver = TLS1_VERSION,
- .want_maxver = TLS1_3_VERSION,
+ .want_minver = 0,
+ .want_maxver = 0,
},
{
.ssl_method = TLS_method,
.minver = TLS1_VERSION,
.maxver = 0,
.want_minver = TLS1_VERSION,
- .want_maxver = TLS1_3_VERSION,
+ .want_maxver = 0,
},
{
.ssl_method = TLS_method,
.minver = 0,
.maxver = TLS1_2_VERSION,
- .want_minver = TLS1_VERSION,
+ .want_minver = 0,
.want_maxver = TLS1_2_VERSION,
},
{
.ssl_method = TLS_method,
.minver = 0,
.maxver = TLS1_3_VERSION,
- .want_minver = TLS1_VERSION,
+ .want_minver = 0,
.want_maxver = TLS1_3_VERSION,
},
{
.minver = TLS1_1_VERSION,
.maxver = 0,
.want_minver = TLS1_1_VERSION,
- .want_maxver = TLS1_3_VERSION,
+ .want_maxver = 0,
},
{
.ssl_method = TLS_method,
.minver = TLS1_2_VERSION,
.maxver = 0,
.want_minver = TLS1_2_VERSION,
- .want_maxver = TLS1_3_VERSION,
+ .want_maxver = 0,
},
{
.ssl_method = TLS_method,
.minver = 0x0300,
.maxver = 0,
.want_minver = TLS1_VERSION,
- .want_maxver = TLS1_3_VERSION,
+ .want_maxver = 0,
},
{
.ssl_method = TLS_method,
.minver = 0x0305,
.maxver = 0,
- .want_minver = 0,
- .want_maxver = 0,
+ .want_min_fail = 1,
},
{
.ssl_method = TLS_method,
.minver = 0,
.maxver = 0x0305,
- .want_minver = TLS1_VERSION,
+ .want_minver = 0,
.want_maxver = TLS1_3_VERSION,
},
{
.ssl_method = TLS_method,
.minver = 0,
.maxver = TLS1_1_VERSION,
- .want_minver = TLS1_VERSION,
+ .want_minver = 0,
.want_maxver = TLS1_1_VERSION,
},
{
.ssl_method = TLS_method,
.minver = 0,
.maxver = TLS1_VERSION,
- .want_minver = TLS1_VERSION,
+ .want_minver = 0,
.want_maxver = TLS1_VERSION,
},
{
.ssl_method = TLS_method,
.minver = 0,
.maxver = 0x0300,
- .want_minver = 0,
- .want_maxver = 0,
+ .want_max_fail = 1,
},
{
.ssl_method = TLS_method,
.maxver = TLS1_1_VERSION,
.want_minver = TLS1_2_VERSION,
.want_maxver = 0,
+ .want_max_fail = 1,
},
{
.ssl_method = TLSv1_1_method,
.minver = 0,
.maxver = 0,
- .want_minver = TLS1_1_VERSION,
- .want_maxver = TLS1_1_VERSION,
+ .want_minver = 0,
+ .want_maxver = 0,
},
{
.ssl_method = TLSv1_1_method,
.maxver = 0,
.want_minver = 0,
.want_maxver = 0,
+ .want_min_fail = 1,
},
{
.ssl_method = TLSv1_1_method,
.maxver = TLS1_VERSION,
.want_minver = 0,
.want_maxver = 0,
+ .want_max_fail = 1,
},
{
.ssl_method = DTLSv1_method,
.minver = 0,
.maxver = 0,
- .want_minver = DTLS1_VERSION,
- .want_maxver = DTLS1_VERSION,
+ .want_minver = 0,
+ .want_maxver = 0,
},
{
.ssl_method = DTLSv1_method,
.minver = DTLS1_VERSION,
.maxver = 0,
.want_minver = DTLS1_VERSION,
- .want_maxver = DTLS1_VERSION,
+ .want_maxver = 0,
},
{
.ssl_method = DTLSv1_method,
.minver = 0,
.maxver = DTLS1_VERSION,
- .want_minver = DTLS1_VERSION,
+ .want_minver = 0,
.want_maxver = DTLS1_VERSION,
},
{
.maxver = TLS1_2_VERSION,
.want_minver = 0,
.want_maxver = 0,
+ .want_min_fail = 1,
+ .want_max_fail = 1,
},
};
failed = 0;
+ fprintf(stderr, "INFO: starting min max version tests...\n");
+
for (i = 0; i < N_MIN_MAX_VERSION_TESTS; i++) {
mmvt = &min_max_version_tests[i];
return 1;
}
- if (SSL_CTX_set_min_proto_version(ssl_ctx, mmvt->minver) != 1) {
- if (mmvt->want_minver != 0) {
+ if (!SSL_CTX_set_min_proto_version(ssl_ctx, mmvt->minver)) {
+ if (!mmvt->want_min_fail) {
fprintf(stderr, "FAIL: test %zu - failed to set "
"SSL_CTX min version\n", i);
failed++;
}
goto next;
}
- if (SSL_CTX_set_max_proto_version(ssl_ctx, mmvt->maxver) != 1) {
- if (mmvt->want_maxver != 0) {
+ if (!SSL_CTX_set_max_proto_version(ssl_ctx, mmvt->maxver)) {
+ if (!mmvt->want_max_fail) {
fprintf(stderr, "FAIL: test %zu - failed to set "
"SSL_CTX min version\n", i);
failed++;
goto next;
}
- if (mmvt->want_minver == 0) {
+ if (mmvt->want_min_fail) {
fprintf(stderr, "FAIL: test %zu - successfully set "
"SSL_CTX min version, should have failed\n", i);
failed++;
goto next;
}
- if (mmvt->want_maxver == 0) {
+ if (mmvt->want_max_fail) {
fprintf(stderr, "FAIL: test %zu - successfully set "
"SSL_CTX max version, should have failed\n", i);
failed++;
goto next;
}
- if (SSL_set_min_proto_version(ssl, mmvt->minver) != 1) {
- if (mmvt->want_minver != 0) {
+ if (!SSL_set_min_proto_version(ssl, mmvt->minver)) {
+ if (mmvt->want_min_fail) {
fprintf(stderr, "FAIL: test %zu - failed to set "
"SSL min version\n", i);
failed++;
}
goto next;
}
- if (SSL_set_max_proto_version(ssl, mmvt->maxver) != 1) {
- if (mmvt->want_maxver != 0) {
+ if (!SSL_set_max_proto_version(ssl, mmvt->maxver)) {
+ if (mmvt->want_max_fail) {
fprintf(stderr, "FAIL: test %zu - failed to set "
"SSL min version\n", i);
failed++;
goto next;
}
- if (mmvt->want_minver == 0) {
+ if (mmvt->want_min_fail) {
fprintf(stderr, "FAIL: test %zu - successfully set SSL "
"min version, should have failed\n", i);
failed++;
goto next;
}
- if (mmvt->want_maxver == 0) {
+ if (mmvt->want_max_fail) {
fprintf(stderr, "FAIL: test %zu - successfully set SSL "
"max version, should have failed\n", i);
failed++;
projects / openbsd / commitdiff