diff options
| author |   inoguchi <inoguchi@openbsd.org> | 2020-01-26 12:37:06 +0000 |
|---|---|---|
| committer | inoguchi <inoguchi@openbsd.org> | 2020-01-26 12:37:06 +0000 |
| commit | a0fb37283472b0aeaa9458c7a46aba4e3cbb9e51 (patch) | |
| tree | 89b75c39e0214768a90ea00cec48d60331249be0 | |
| parent | simplify logic in compat engine, we can set ABORTED directly instead of (diff) | |
| download | wireguard-openbsd-a0fb37283472b0aeaa9458c7a46aba4e3cbb9e51.tar.xz wireguard-openbsd-a0fb37283472b0aeaa9458c7a46aba4e3cbb9e51.zip | |
Restrict to use up to TLSv1.2 for test_server_client in appstest.sh
Currently, only s_client has TLSv1.3 and s_server does not.
| -rwxr-xr-x | regress/usr.bin/openssl/appstest.sh | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/regress/usr.bin/openssl/appstest.sh b/regress/usr.bin/openssl/appstest.sh index 6c9265d2b8f..ceefa0eccfa 100755 --- a/regress/usr.bin/openssl/appstest.sh +++ b/regress/usr.bin/openssl/appstest.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# $OpenBSD: appstest.sh,v 1.31 2019/11/25 12:45:45 inoguchi Exp $ +# $OpenBSD: appstest.sh,v 1.32 2020/01/26 12:37:06 inoguchi Exp $ # # Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org> # @@ -1374,14 +1374,14 @@ function test_server_client { s_ciph=$server_dir/s_ciph_${sc} if [ $s_id = "0" ] ; then - $s_bin ciphers -v ALL:!ECDSA:!kGOST | awk '{print $1}' > $s_ciph + $s_bin ciphers -v ALL:!ECDSA:!kGOST:!TLSv1.3 | awk '{print $1}' > $s_ciph else $s_bin ciphers -v | awk '{print $1}' > $s_ciph fi c_ciph=$user1_dir/c_ciph_${sc} if [ $c_id = "0" ] ; then - $c_bin ciphers -v ALL:!ECDSA:!kGOST | awk '{print $1}' > $c_ciph + $c_bin ciphers -v ALL:!ECDSA:!kGOST:!TLSv1.3 | awk '{print $1}' > $c_ciph else $c_bin ciphers -v | awk '{print $1}' > $c_ciph fi @@ -1398,7 +1398,7 @@ function test_server_client { start_message "s_client ... connect to TLS/SSL test server with [ $cnstr ] $c" sleep $test_pause_sec $c_bin s_client -connect $host:$port -CAfile $ca_cert \ - -cipher $c \ + -tls1_2 -cipher $c \ -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 check_exit_status $? @@ -1416,7 +1416,7 @@ function test_server_client { start_message "s_client ... connect to TLS/SSL test server to get session id" sleep $test_pause_sec $c_bin s_client -connect $host:$port -CAfile $ca_cert \ - -alpn "spdy/3,http/1.1" -sess_out $sess_dat \ + -tls1_2 -alpn "spdy/3,http/1.1" -sess_out $sess_dat \ -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 check_exit_status $? @@ -1433,7 +1433,7 @@ function test_server_client { start_message "s_client ... connect to TLS/SSL test server reusing session id" sleep $test_pause_sec $c_bin s_client -connect $host:$port -CAfile $ca_cert \ - -sess_in $sess_dat \ + -tls1_2 -sess_in $sess_dat \ -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 check_exit_status $? @@ -1450,7 +1450,7 @@ function test_server_client { start_message "s_client ... connect to TLS/SSL test server but verify error" sleep $test_pause_sec $c_bin s_client -connect $host:$port -CAfile $ca_cert \ - -showcerts -crl_check -issuer_checks -policy_check \ + -tls1_2 -showcerts -crl_check -issuer_checks -policy_check \ -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 check_exit_status $? |