From 0ba45550bfdb217ee30cddf6b559a5f2588c053e Mon Sep 17 00:00:00 2001 From: jsing Date: Wed, 20 Mar 2024 10:38:05 +0000 Subject: [PATCH] Use the new certificates/chains in regress. The new certificates are more representative of the real world. The old certificates use weak algorithms and expire in the very near future. Most of our regress has already been switched over, this changes the remainder. Thanks to Bernhard M. Wiedemann for reminding us of the upcoming expiry. ok tb@ --- regress/lib/libssl/dtls/Makefile | 9 +++++---- regress/lib/libssl/quic/Makefile | 8 ++++---- regress/lib/libssl/server/Makefile | 8 ++++---- regress/lib/libssl/shutdown/Makefile | 8 ++++---- regress/lib/libssl/tls/Makefile | 8 ++++---- regress/lib/libssl/unit/ssl_get_shared_ciphers.c | 4 ++-- regress/lib/libtls/keypair/Makefile | 8 ++++---- regress/lib/libtls/keypair/keypairtest.c | 4 ++-- regress/lib/libtls/tls/Makefile | 8 ++++---- 9 files changed, 33 insertions(+), 32 deletions(-) diff --git a/regress/lib/libssl/dtls/Makefile b/regress/lib/libssl/dtls/Makefile index 438cd5c7ff5..b58dae61b6a 100644 --- a/regress/lib/libssl/dtls/Makefile +++ b/regress/lib/libssl/dtls/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.3 2022/01/07 09:07:00 tb Exp $ +# $OpenBSD: Makefile,v 1.4 2024/03/20 10:38:05 jsing Exp $ PROG= dtlstest LDADD= ${SSL_INT} -lcrypto @@ -11,10 +11,11 @@ CFLAGS+= -I${.CURDIR}/../../../../lib/libssl REGRESS_TARGETS= \ regress-dtlstest +# XXX(jsing): use CA root and chain regress-dtlstest: ${PROG} ./dtlstest \ - ${.CURDIR}/../../libssl/certs/server.pem \ - ${.CURDIR}/../../libssl/certs/server.pem \ - ${.CURDIR}/../../libssl/certs/ca.pem + ${.CURDIR}/../../libssl/certs/server1-rsa.pem \ + ${.CURDIR}/../../libssl/certs/server1-rsa.pem \ + ${.CURDIR}/../../libssl/certs/ca-int-rsa.pem .include diff --git a/regress/lib/libssl/quic/Makefile b/regress/lib/libssl/quic/Makefile index a348b2df471..55fef6b257f 100644 --- a/regress/lib/libssl/quic/Makefile +++ b/regress/lib/libssl/quic/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.2 2022/10/02 16:40:56 jsing Exp $ +# $OpenBSD: Makefile,v 1.3 2024/03/20 10:38:05 jsing Exp $ PROG= quictest LDADD= -lssl -lcrypto @@ -12,8 +12,8 @@ REGRESS_TARGETS= \ regress-quictest: ${PROG} ./quictest \ - ${.CURDIR}/../../libssl/certs/server.pem \ - ${.CURDIR}/../../libssl/certs/server.pem \ - ${.CURDIR}/../../libssl/certs/ca.pem + ${.CURDIR}/../../libssl/certs/server1-rsa.pem \ + ${.CURDIR}/../../libssl/certs/server1-rsa-chain.pem \ + ${.CURDIR}/../../libssl/certs/ca-root-rsa.pem .include diff --git a/regress/lib/libssl/server/Makefile b/regress/lib/libssl/server/Makefile index 0621a5f2433..be86dbb1ade 100644 --- a/regress/lib/libssl/server/Makefile +++ b/regress/lib/libssl/server/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.2 2020/05/11 18:18:21 jsing Exp $ +# $OpenBSD: Makefile,v 1.3 2024/03/20 10:38:05 jsing Exp $ PROG= servertest LDADD= ${SSL_INT} -lcrypto @@ -11,8 +11,8 @@ REGRESS_TARGETS= \ regress-servertest: ${PROG} ./servertest \ - ${.CURDIR}/../../libssl/certs/server.pem \ - ${.CURDIR}/../../libssl/certs/server.pem \ - ${.CURDIR}/../../libssl/certs/ca.pem + ${.CURDIR}/../../libssl/certs/server1-rsa.pem \ + ${.CURDIR}/../../libssl/certs/server1-rsa-chain.pem \ + ${.CURDIR}/../../libssl/certs/ca-root-rsa.pem .include diff --git a/regress/lib/libssl/shutdown/Makefile b/regress/lib/libssl/shutdown/Makefile index 51305012d6f..d6a9a305440 100644 --- a/regress/lib/libssl/shutdown/Makefile +++ b/regress/lib/libssl/shutdown/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.1 2024/01/19 08:29:08 jsing Exp $ +# $OpenBSD: Makefile,v 1.2 2024/03/20 10:38:05 jsing Exp $ PROG= shutdowntest LDADD= -lssl -lcrypto @@ -11,8 +11,8 @@ REGRESS_TARGETS= \ regress-shutdowntest: ${PROG} ./shutdowntest \ - ${.CURDIR}/../../libssl/certs/server.pem \ - ${.CURDIR}/../../libssl/certs/server.pem \ - ${.CURDIR}/../../libssl/certs/ca.pem + ${.CURDIR}/../../libssl/certs/server1-rsa.pem \ + ${.CURDIR}/../../libssl/certs/server1-rsa-chain.pem \ + ${.CURDIR}/../../libssl/certs/ca-root-rsa.pem .include diff --git a/regress/lib/libssl/tls/Makefile b/regress/lib/libssl/tls/Makefile index a22cdcdeb2b..315ac692c35 100644 --- a/regress/lib/libssl/tls/Makefile +++ b/regress/lib/libssl/tls/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.1 2021/10/23 14:34:10 jsing Exp $ +# $OpenBSD: Makefile,v 1.2 2024/03/20 10:38:05 jsing Exp $ PROG= tlstest LDADD= -lssl -lcrypto @@ -11,8 +11,8 @@ REGRESS_TARGETS= \ regress-tlstest: ${PROG} ./tlstest \ - ${.CURDIR}/../../libssl/certs/server.pem \ - ${.CURDIR}/../../libssl/certs/server.pem \ - ${.CURDIR}/../../libssl/certs/ca.pem + ${.CURDIR}/../../libssl/certs/server1-rsa.pem \ + ${.CURDIR}/../../libssl/certs/server1-rsa-chain.pem \ + ${.CURDIR}/../../libssl/certs/ca-root-rsa.pem .include diff --git a/regress/lib/libssl/unit/ssl_get_shared_ciphers.c b/regress/lib/libssl/unit/ssl_get_shared_ciphers.c index 33efc15f10d..ff966900aa4 100644 --- a/regress/lib/libssl/unit/ssl_get_shared_ciphers.c +++ b/regress/lib/libssl/unit/ssl_get_shared_ciphers.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_get_shared_ciphers.c,v 1.11 2022/02/05 18:19:39 tb Exp $ */ +/* $OpenBSD: ssl_get_shared_ciphers.c,v 1.12 2024/03/20 10:38:05 jsing Exp $ */ /* * Copyright (c) 2021 Theo Buehler * @@ -462,7 +462,7 @@ main(int argc, char **argv) size_t i; int failed = 0; - if (asprintf(&server_cert, "%s/server.pem", CERTSDIR) == -1) { + if (asprintf(&server_cert, "%s/server1-rsa.pem", CERTSDIR) == -1) { fprintf(stderr, "asprintf server_cert failed\n"); failed = 1; goto err; diff --git a/regress/lib/libtls/keypair/Makefile b/regress/lib/libtls/keypair/Makefile index d06109a26b1..c3ea15d3bd3 100644 --- a/regress/lib/libtls/keypair/Makefile +++ b/regress/lib/libtls/keypair/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.1 2018/02/08 10:06:52 jsing Exp $ +# $OpenBSD: Makefile,v 1.2 2024/03/20 10:38:05 jsing Exp $ PROG= keypairtest LDADD= -lcrypto -lssl ${TLS_INT} @@ -13,8 +13,8 @@ REGRESS_TARGETS= \ regress-keypairtest: ${PROG} ./keypairtest \ - ${.CURDIR}/../../libssl/certs/ca.pem \ - ${.CURDIR}/../../libssl/certs/server.pem \ - ${.CURDIR}/../../libssl/certs/server.pem + ${.CURDIR}/../../libssl/certs/ca-root-rsa.pem \ + ${.CURDIR}/../../libssl/certs/server1-rsa.pem \ + ${.CURDIR}/../../libssl/certs/server1-rsa.pem .include diff --git a/regress/lib/libtls/keypair/keypairtest.c b/regress/lib/libtls/keypair/keypairtest.c index 31bf7d6a5d0..600e578f32c 100644 --- a/regress/lib/libtls/keypair/keypairtest.c +++ b/regress/lib/libtls/keypair/keypairtest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: keypairtest.c,v 1.6 2022/02/08 18:05:57 tb Exp $ */ +/* $OpenBSD: keypairtest.c,v 1.7 2024/03/20 10:38:05 jsing Exp $ */ /* * Copyright (c) 2018 Joel Sing * @@ -29,7 +29,7 @@ #include #define PUBKEY_HASH \ - "SHA256:858d0f94beb0a08eb4f13871ba57bf0a2e081287d0efbaeb3bbac59dd8f1a8e5" + "SHA256:f03c535d374614e7356c0a4e6fd37fe94297b60ed86212adcba40e8e0b07bc9f" char *cert_file, *key_file, *ocsp_staple_file; diff --git a/regress/lib/libtls/tls/Makefile b/regress/lib/libtls/tls/Makefile index 0fbd78481b8..ecdc0393e7c 100644 --- a/regress/lib/libtls/tls/Makefile +++ b/regress/lib/libtls/tls/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.2 2017/05/06 21:56:43 jsing Exp $ +# $OpenBSD: Makefile,v 1.3 2024/03/20 10:38:05 jsing Exp $ PROG= tlstest LDADD= -lcrypto -lssl -ltls @@ -12,8 +12,8 @@ REGRESS_TARGETS= \ regress-tlstest: ${PROG} ./tlstest \ - ${.CURDIR}/../../libssl/certs/ca.pem \ - ${.CURDIR}/../../libssl/certs/server.pem \ - ${.CURDIR}/../../libssl/certs/server.pem + ${.CURDIR}/../../libssl/certs/ca-root-rsa.pem \ + ${.CURDIR}/../../libssl/certs/server1-rsa-chain.pem \ + ${.CURDIR}/../../libssl/certs/server1-rsa.pem .include -- 2.20.1