-# $OpenBSD: Makefile,v 1.17 2023/02/01 14:39:09 tb Exp $
+# $OpenBSD: Makefile,v 1.18 2023/10/30 17:15:21 tb Exp $
-SUBDIR = libressl openssl11 openssl30
+SUBDIR = libressl openssl11 openssl30 openssl31
# the above binaries must have been built before we can continue
SUBDIR += netcat
-# $OpenBSD: Makefile,v 1.6 2023/02/01 15:58:20 tb Exp $
+# $OpenBSD: Makefile,v 1.7 2023/10/30 17:15:21 tb Exp $
.include <bsd.own.mk>
.if exists(/usr/local/bin/eopenssl30)
LIBRARIES += openssl30
.endif
+.if exists(/usr/local/bin/eopenssl31)
+LIBRARIES += openssl31
+.endif
PROGS = client
SRCS_client = client.cpp
-# $OpenBSD: Makefile,v 1.10 2023/04/19 15:34:23 tb Exp $
+# $OpenBSD: Makefile,v 1.11 2023/10/30 17:15:21 tb Exp $
# Connect a client to a server. Both can be current libressl, or
# openssl 1.1 or 3.0. Create client and server certificates
.if exists(/usr/local/bin/eopenssl30)
LIBRARIES += openssl30
.endif
+.if exists(/usr/local/bin/eopenssl31)
+LIBRARIES += openssl31
+.endif
.for cca in noca ca fakeca
.for sca in noca ca fakeca
-# $OpenBSD: Makefile,v 1.12 2023/04/19 15:34:23 tb Exp $
+# $OpenBSD: Makefile,v 1.13 2023/10/30 17:15:21 tb Exp $
# Connect a client to a server. Both can be current libressl, or
# openssl 1.1 or 3.0. Create lists of supported ciphers
.if exists(/usr/local/bin/eopenssl30)
LIBRARIES += openssl30
.endif
+.if exists(/usr/local/bin/eopenssl31)
+LIBRARIES += openssl31
+.endif
CLEANFILES = *.tmp *.ciphers ciphers.mk
# we are only interested in ciphers supported by libressl
sort $@ client-libressl.ciphers >$@.tmp
. if "${clib}" == "openssl11" || "${slib}" == "openssl11" || \
- "${clib}" == "openssl30" || "${slib}" == "openssl30"
+ "${clib}" == "openssl30" || "${slib}" == "openssl30" || \
+ "${clib}" == "openssl31" || "${slib}" == "openssl31"
# OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers
sed -i '/^TLS_/d' $@.tmp
. endif
. endif
. if "${clib}" == "libressl"
# libressl client may prefer chacha-poly if aes-ni is not supported
-. if "${slib}" == "openssl11" || "${slib}" == "openssl30"
+. if "${slib}" == "openssl11" || "${slib}" == "openssl30" || "${slib}" == "openssl31"
egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
. else
egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
-# $OpenBSD: Makefile,v 1.6 2023/02/01 15:38:57 tb Exp $
+# $OpenBSD: Makefile,v 1.7 2023/10/30 17:15:21 tb Exp $
LIBRARIES = libressl
.if exists(/usr/local/bin/eopenssl11)
.if exists(/usr/local/bin/eopenssl30)
LIBRARIES += openssl30
.endif
+.if exists(/usr/local/bin/eopenssl31)
+LIBRARIES += openssl31
+.endif
# run netcat server and connect with test client
--- /dev/null
+# $OpenBSD: Makefile,v 1.1 2023/10/30 17:15:21 tb Exp $
+
+.if !exists(/usr/local/bin/eopenssl31)
+regress:
+ # install openssl-3.1 from ports for interop tests
+ @echo 'Run "pkg_add openssl--%3.1" to run tests against OpenSSL 3.1'
+ @echo SKIPPED
+.else
+
+PROGS = client server
+CPPFLAGS = -I /usr/local/include/eopenssl31
+LDFLAGS = -L /usr/local/lib/eopenssl31
+LDADD = -lssl -lcrypto
+DPADD = /usr/local/lib/eopenssl31/libssl.a \
+ /usr/local/lib/eopenssl31/libcrypto.a
+LD_LIBRARY_PATH = /usr/local/lib/eopenssl31
+REGRESS_TARGETS = run-self-client-server
+.for p in ${PROGS}
+REGRESS_TARGETS += run-ldd-$p run-version-$p run-protocol-$p
+.endfor
+
+.for p in ${PROGS}
+
+run-ldd-$p: ldd-$p.out
+ # check that $p is linked with OpenSSL 3.1
+ grep -q /usr/local/lib/eopenssl31/libcrypto.so ldd-$p.out
+ grep -q /usr/local/lib/eopenssl31/libssl.so ldd-$p.out
+ # check that $p is not linked with LibreSSL
+ ! grep -v libc.so ldd-$p.out | grep /usr/lib/
+
+run-version-$p: $p-self.out
+ # check that runtime version is OpenSSL 3.1
+ grep 'SSLEAY_VERSION: OpenSSL 3.1' $p-self.out
+
+run-protocol-$p: $p-self.out
+ # check that OpenSSL 3.1 protocol version is TLS 1.3
+ grep 'Protocol *: TLSv1.3' $p-self.out
+
+.endfor
+
+.endif # exists(/usr/local/bin/eopenssl31)
+
+.include <bsd.regress.mk>
-# $OpenBSD: Makefile,v 1.8 2023/02/01 16:03:47 tb Exp $
+# $OpenBSD: Makefile,v 1.9 2023/10/30 17:15:21 tb Exp $
LIBRARIES = libressl
.if exists(/usr/local/bin/eopenssl11)
.if exists(/usr/local/bin/eopenssl30)
#LIBRARIES += openssl30
.endif
+.if exists(/usr/local/bin/eopenssl31)
+#LIBRARIES += openssl31
+.endif
run-session-client-libressl-server-libressl \
run-session-client-libressl-server-openssl11 \
-# $OpenBSD: Makefile,v 1.7 2023/07/02 17:21:32 beck Exp $
+# $OpenBSD: Makefile,v 1.8 2023/10/30 17:15:21 tb Exp $
# Connect a client to a server. Both can be current libressl, or
# openssl 1.1 or openssl 3.0. Pin client or server to a fixed TLS
.if exists(/usr/local/bin/eopenssl30)
LIBRARIES += openssl30
.endif
+.if exists(/usr/local/bin/eopenssl31)
+LIBRARIES += openssl31
+.endif
VERSIONS = any TLS1_2 TLS1_3
.for slib in ${LIBRARIES}
.if ("${cver}" != TLS1_3 && "${sver}" != TLS1_3) && \
- (("${clib}" != openssl30 && "${slib}" != openssl30) || \
+ ((("${clib}" != openssl30 && "${slib}" != openssl30) && \
+ ("${clib}" != openssl31 && "${slib}" != openssl31)) || \
(("${cver}" != any && "${sver}" != any) && \
("${cver}" != TLS1 && "${sver}" != TLS1) && \
("${cver}" != TLS1_1 && "${sver}" != TLS1_1)))
projects / openbsd / commitdiff