xref: /openbsd/regress/lib/libssl/interop/cert/Makefile (revision 510d2225) 
1# $OpenBSD: Makefile,v 1.11 2023/10/30 17:15:21 tb Exp $
2
3# Connect a client to a server.  Both can be current libressl, or
4# openssl 1.1 or 3.0.  Create client and server certificates
5# that are signed by a CA and not signed by a fake CA.  Try all
6# combinations with, without, and with wrong CA for client and server
7# and check the result of certificate verification.
8
9LIBRARIES =		libressl
10.if exists(/usr/local/bin/eopenssl11)
11LIBRARIES +=		openssl11
12.endif
13.if exists(/usr/local/bin/eopenssl30)
14LIBRARIES +=		openssl30
15.endif
16.if exists(/usr/local/bin/eopenssl31)
17LIBRARIES +=		openssl31
18.endif
19
20.for cca in noca ca fakeca
21.for sca in noca ca fakeca
22.for ccert in nocert cert
23.for scert in nocert cert
24.for cv in noverify verify
25.for sv in noverify verify certverify
26
27# remember when certificate verification should fail
28.if (("${cv}" == verify && "${cca}" == ca && "${scert}" == cert) || \
29    "${cv}" == noverify) && \
30    (("${sv}" == verify && "${ccert}" == nocert) || \
31    ("${sv}" == verify && "${sca}" == ca && "${ccert}" == cert) || \
32    ("${sv}" == certverify && "${sca}" == ca && "${ccert}" == cert) || \
33    "${sv}" == noverify)
34FAIL_${cca}_${sca}_${ccert}_${scert}_${cv}_${sv} =
35.else
36FAIL_${cca}_${sca}_${ccert}_${scert}_${cv}_${sv} = !
37.endif
38
39.for clib in ${LIBRARIES}
40.for slib in ${LIBRARIES}
41
42.if ("${clib}" == "libressl" || "${slib}" == "libressl")
43REGRESS_TARGETS +=	run-cert-client-${clib}-${cca}-${ccert}-${cv}-server-${slib}-${sca}-${scert}-${sv}
44.else
45# Don't use REGRESS_SLOW_TARGETS since its handling in bsd.regress.mk is slow.
46SLOW_TARGETS +=	run-cert-client-${clib}-${cca}-${ccert}-${cv}-server-${slib}-${sca}-${scert}-${sv}
47.endif
48
49run-cert-client-${clib}-${cca}-${ccert}-${cv}-server-${slib}-${sca}-${scert}-${sv}: \
50    127.0.0.1.crt ca.crt fake-ca.crt client.crt server.crt \
51    ../${clib}/client ../${slib}/server
52	LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
53	    ../${slib}/server >${@:S/^run/server/}.out \
54	    ${sca:S/^noca//:S/^fakeca/-C fake-ca.crt/:S/^ca/-C ca.crt/} \
55	    ${scert:S/^nocert//:S/^cert/-c server.crt -k server.key/} \
56	    ${sv:S/^noverify//:S/^verify/-v/:S/^certverify/-vv/} \
57	    127.0.0.1 0
58	${FAIL_${cca}_${sca}_${ccert}_${scert}_${cv}_${sv}} \
59	    LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
60	    ../${clib}/client >${@:S/^run/client/}.out \
61	    ${cca:S/^noca//:S/^fakeca/-C fake-ca.crt/:S/^ca/-C ca.crt/} \
62	    ${ccert:S/^nocert//:S/^cert/-c server.crt -k server.key/} \
63	    ${cv:S/^noverify//:S/^verify/-v/} \
64	    `sed -n 's/listen sock: //p' ${@:S/^run/server/}.out`
65.if empty(${FAIL_${cca}_${sca}_${ccert}_${scert}_${cv}_${sv}})
66	grep '^success$$' ${@:S/^run/server/}.out || \
67	    { sleep 1; grep '^success$$' ${@:S/^run/server/}.out; }
68	grep '^success$$' ${@:S/^run/client/}.out
69.elif ! ("${sv}" == certverify && "${ccert}" == nocert) || \
70    ("${cv}" == verify && "${scert}" != cert)
71	grep '^verify: fail' ${@:S/^run/client/}.out ${@:S/^run/server/}.out
72.endif
73
74.endfor
75.endfor
76.endfor
77.endfor
78.endfor
79.endfor
80.endfor
81.endfor
82
83.include <bsd.own.mk>
84REGRESS_SKIP_SLOW ?= no
85.if ${REGRESS_SKIP_SLOW:L} != "yes"
86REGRESS_TARGETS += ${SLOW_TARGETS}
87.endif
88
89REGRESS_TARGETS +=	run-bob
90run-bob:
91	@echo Bob, be happy!  Tests finished.
92
93# argument list too long for a single rm *
94
95clean: _SUBDIRUSE
96	rm -f client-*.out
97	rm -f server-*.out
98	rm -f a.out [Ee]rrs mklog *.core y.tab.h \
99	    ${PROG} ${PROGS} ${OBJS} ${_LEXINTM} ${_YACCINTM} ${CLEANFILES}
100
101.include <bsd.regress.mk>
102