1# $OpenBSD: Makefile,v 1.10 2025/01/15 10:54:17 tb Exp $
2
3# Connect a client to a server.  Both can be current libressl, or
4# openssl 1.1 or openssl 3.0.  Pin client or server to a fixed TLS
5# version number.  Incompatible versions must fail.  Check that client
6# and server have used correct version by grepping in their session
7# print out.
8
9LIBRARIES =		libressl
10.if exists(/usr/local/bin/eopenssl33)
11LIBRARIES +=		openssl33
12.endif
13.if exists(/usr/local/bin/eopenssl34)
14LIBRARIES +=		openssl34
15.endif
16
17VERSIONS =	any TLS1_2 TLS1_3
18
19.for cver in ${VERSIONS}
20.for sver in ${VERSIONS}
21
22.if "${cver}" == any || "${sver}" == any || "${cver}" == "${sver}"
23FAIL_${cver}_${sver} =
24.else
25FAIL_${cver}_${sver} = !
26.endif
27
28.for clib in ${LIBRARIES}
29.for slib in ${LIBRARIES}
30
31.if ("${cver}" != TLS1_3 && "${sver}" != TLS1_3) && \
32    ((("${clib}" != openssl33 && "${slib}" != openssl33)) || \
33    (("${clib}" != openssl34 && "${slib}" != openssl34)) || \
34    (("${cver}" != any && "${sver}" != any) && \
35    ("${cver}" != TLS1 && "${sver}" != TLS1) && \
36    ("${cver}" != TLS1_1 && "${sver}" != TLS1_1)))
37
38.if ("${clib}" == "libressl" || "${slib}" == "libressl")
39REGRESS_TARGETS +=	run-version-client-${clib}-${cver}-server-${slib}-${sver}
40.else
41# Don't use REGRESS_SLOW_TARGETS since its handling in bsd.regress.mk is slow.
42SLOW_TARGETS +=	run-version-client-${clib}-${cver}-server-${slib}-${sver}
43.endif
44
45run-version-client-${clib}-${cver}-server-${slib}-${sver} \
46client-version-client-${clib}-${cver}-server-${slib}-${sver}.out \
47server-version-client-${clib}-${cver}-server-${slib}-${sver}.out: \
48    127.0.0.1.crt ../${clib}/client ../${slib}/server
49	LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
50	    ../${slib}/server >${@:S/^run/server/}.out \
51	    -c 127.0.0.1.crt -k 127.0.0.1.key \
52	    ${sver:Nany:S/^/-V /} \
53	    127.0.0.1 0
54	${FAIL_${cver}_${sver}} \
55	LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
56	    ../${clib}/client >${@:S/^run/client/}.out \
57	    ${cver:Nany:S/^/-V /} \
58	    `sed -n 's/listen sock: //p' ${@:S/^run/server/}.out`
59.if empty(${FAIL_${cver}_${sver}})
60	grep -q '^success$$' ${@:S/^run/server/}.out || \
61	    { sleep 1; grep -q '^success$$' ${@:S/^run/server/}.out; }
62	grep -q '^success$$' ${@:S/^run/client/}.out
63.endif
64
65.if empty(${FAIL_${cver}_${sver}})
66
67.if ("${clib}" == "libressl" || "${slib}" == "libressl")
68REGRESS_TARGETS +=	check-version-client-${clib}-${cver}-server-${slib}-${sver}
69.else
70# Don't use REGRESS_SLOW_TARGETS since its handling in bsd.regress.mk is slow.
71SLOW_TARGETS +=	check-version-client-${clib}-${cver}-server-${slib}-${sver}
72.endif
73
74check-version-client-${clib}-${cver}-server-${slib}-${sver}: \
75    client-version-client-${clib}-${cver}-server-${slib}-${sver}.out \
76    server-version-client-${clib}-${cver}-server-${slib}-${sver}.out
77	@grep ' Protocol *: ' ${@:S/^check/client/}.out
78	@grep ' Protocol *: ' ${@:S/^check/server/}.out
79.if "${cver}" == any
80.if "${sver}" == any
81	grep -q ' Protocol *: TLSv1.3$$' ${@:S/^check/client/}.out
82	grep -q ' Protocol *: TLSv1.3$$' ${@:S/^check/server/}.out
83.else
84	grep -q ' Protocol *: ${sver:S/TLS/TLSv/:S/_/./}$$' \
85	    ${@:S/^check/client/}.out
86	grep -q ' Protocol *: ${sver:S/TLS/TLSv/:S/_/./}$$' \
87	    ${@:S/^check/server/}.out
88.endif
89.else
90	grep -q ' Protocol *: ${cver:S/TLS/TLSv/:S/_/./}$$' \
91	    ${@:S/^check/client/}.out
92	grep -q ' Protocol *: ${cver:S/TLS/TLSv/:S/_/./}$$' \
93	    ${@:S/^check/server/}.out
94.endif
95.endif
96
97.endif
98
99.endfor
100.endfor
101.endfor
102.endfor
103
104.include <bsd.own.mk>
105REGRESS_SKIP_SLOW ?= no
106.if ${REGRESS_SKIP_SLOW:L} != "yes"
107REGRESS_TARGETS += ${SLOW_TARGETS}
108.endif
109
110.include <bsd.regress.mk>
111