1# $OpenBSD: Makefile,v 1.3 2020/12/17 00:51:12 bluhm Exp $
2
3# Connect a client to a server.  Both can be current libressl, or
4# openssl 1.0.2, or openssl 1.1.  Pin client or server to a fixed TLS
5# version number.  Incompatible versions must fail.  Check that client
6# and server have used correct version by grepping in their session
7# print out.
8
9LIBRARIES =		libressl
10.if exists(/usr/local/bin/eopenssl)
11LIBRARIES +=		openssl
12.endif
13.if exists(/usr/local/bin/eopenssl11)
14LIBRARIES +=		openssl11
15.endif
16
17VERSIONS =	any TLS1 TLS1_1 TLS1_2 TLS1_3
18
19.for cver in ${VERSIONS}
20.for sver in ${VERSIONS}
21
22.if "${cver}" == any || "${sver}" == any || "${cver}" == "${sver}"
23FAIL_${cver}_${sver} =
24.else
25FAIL_${cver}_${sver} = !
26.endif
27
28.for clib in ${LIBRARIES}
29.for slib in ${LIBRARIES}
30
31.if ("${clib}" != openssl && "${slib}" != openssl) || \
32    ("${cver}" != TLS1_3 && "${sver}" != TLS1_3)
33
34.if ("${clib}" == "libressl" || "${slib}" == "libressl")
35REGRESS_TARGETS +=	run-version-client-${clib}-${cver}-server-${slib}-${sver}
36.else
37REGRESS_SLOW_TARGETS +=	run-version-client-${clib}-${cver}-server-${slib}-${sver}
38.endif
39
40run-version-client-${clib}-${cver}-server-${slib}-${sver} \
41client-version-client-${clib}-${cver}-server-${slib}-${sver}.out \
42server-version-client-${clib}-${cver}-server-${slib}-${sver}.out: \
43    127.0.0.1.crt ../${clib}/client ../${slib}/server
44	LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
45	    ../${slib}/server >${@:S/^run/server/}.out \
46	    -c 127.0.0.1.crt -k 127.0.0.1.key \
47	    ${sver:Nany:S/^/-V /} \
48	    127.0.0.1 0
49	${FAIL_${cver}_${sver}} \
50	LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
51	    ../${clib}/client >${@:S/^run/client/}.out \
52	    ${cver:Nany:S/^/-V /} \
53	    `sed -n 's/listen sock: //p' ${@:S/^run/server/}.out`
54.if empty(${FAIL_${cver}_${sver}})
55	grep -q '^success$$' ${@:S/^run/server/}.out || \
56	    { sleep 1; grep -q '^success$$' ${@:S/^run/server/}.out; }
57	grep -q '^success$$' ${@:S/^run/client/}.out
58.endif
59
60.if empty(${FAIL_${cver}_${sver}})
61
62.if ("${clib}" == "libressl" || "${slib}" == "libressl")
63REGRESS_TARGETS +=	check-version-client-${clib}-${cver}-server-${slib}-${sver}
64.else
65REGRESS_SLOW_TARGETS +=	check-version-client-${clib}-${cver}-server-${slib}-${sver}
66.endif
67
68check-version-client-${clib}-${cver}-server-${slib}-${sver}: \
69    client-version-client-${clib}-${cver}-server-${slib}-${sver}.out \
70    server-version-client-${clib}-${cver}-server-${slib}-${sver}.out
71	@grep ' Protocol *: ' ${@:S/^check/client/}.out
72	@grep ' Protocol *: ' ${@:S/^check/server/}.out
73.if "${cver}" == any
74.if "${sver}" == any
75.if "${clib}" == openssl || "${slib}" == openssl
76	grep -q ' Protocol *: TLSv1.2$$' ${@:S/^check/client/}.out
77	grep -q ' Protocol *: TLSv1.2$$' ${@:S/^check/server/}.out
78.else
79	grep -q ' Protocol *: TLSv1.3$$' ${@:S/^check/client/}.out
80	grep -q ' Protocol *: TLSv1.3$$' ${@:S/^check/server/}.out
81.endif
82.else
83	grep -q ' Protocol *: ${sver:S/TLS/TLSv/:S/_/./}$$' \
84	    ${@:S/^check/client/}.out
85	grep -q ' Protocol *: ${sver:S/TLS/TLSv/:S/_/./}$$' \
86	    ${@:S/^check/server/}.out
87.endif
88.else
89	grep -q ' Protocol *: ${cver:S/TLS/TLSv/:S/_/./}$$' \
90	    ${@:S/^check/client/}.out
91	grep -q ' Protocol *: ${cver:S/TLS/TLSv/:S/_/./}$$' \
92	    ${@:S/^check/server/}.out
93.endif
94.endif
95
96.endif
97
98.endfor
99.endfor
100.endfor
101.endfor
102
103.include <bsd.regress.mk>
104