Reinstate a test that was accidentally removed in previous

Unhook some gost tests

Add 'openssl x509 -new' functionality to the libcrypto CLI utility

The ability to generate a new certificate is useful for testing and
experimentation with rechaining PKIs.

While there, alias '-key' to '-signkey' for compatibility.

with and OK tb@

appstest: Zap a trailing tab added in previous

Add -force_pubkey -multivalue-rdn -set_issuer -set_subject -utf8 to x509 app

The -set_issuer, -set_subject, and -force_pubkey features can be used to
'rechain' PKIs, for more information see https://labs.apnic.net/nro-ta/
and https://blog.apnic.net/2023/12/14/models-of-trust-for-the-rpki/

OK tb@

remove errstr -stats test

reminded by anton

Stop testing tls 1.0 and 1.1

They have gone behind the barn.

Garbage collect test using the nseq command

reminded by anton

Only run the client connection test with supported ciphers. Avoids test
breakage also noted by anton.

Adapt appstest.sh for the new TLS_ names.

Drop two uses of the terrible asn1 kludge spotted by anton

Fix appstest.sh for testing with OpenSSL 3.0

- Fix 'Server Temp Key' check to work with both words "P-384" and "secp384r1".
- Test TLSv1 and TLSv1.1 only if OpenSSL version is 1.x.

Add GnuTLS interoperability test in appstest.sh

Modify cms test in appstest.sh to work with ec cert/key

Add DTLS test in appstest.sh

Remove "-4" option treatment and use it always on s_server test in appstest.sh

zap spades of trailing whitespace

Replace hostname underscore with hyphen in appstest.sh

Add checks for SH downgrade sentinel and HRR hash in appstest.sh

Add -status and -servername test for s_server and s_client in appstest.sh

Add -groups test for s_server and s_client in appstest.sh

Add client certificate test in appstest.sh

Rename variables for key, csr, pass, cert

Add GOST certificate test in appstest.sh

Enabled by -g option, and default to disabled (RSA certificate is used)

Suppress display output and reduce s_time to 1 sec in appstest.sh

Fix server client test with TLSv1.3 in appstest.sh

Factor out session reuse test and verification test

Factor out the test for all available ciphers and add TLSv1.3 case

Add ECDSA certificate test in appstest.sh

Enabled by -e option, and default to disabled (RSA certificate is used)

Skip protocol version message check in appstest.sh

- OpenSSL1.1.1 with TLSv1.3 does not call SSL_SESSION_print() until NewSessionTicket arrival
- Shorten function name

Factor out the protocol version test in appstest.sh

OTHER_OPENSSL default to eopenssl11

Restrict to use up to TLSv1.2 for test_server_client in appstest.sh

Currently, only s_client has TLSv1.3 and s_server does not.

Add option for cms test in appstest.sh

Add test for cms operations in appstest.sh

Add test for cms -keyopt in appstest.sh

Add test for req -addext in appstest.sh

Remove trailing space in appstest.sh

Add test for cms in appstest.sh

Add RSA-PSS test for genpkey in appstest.sh

Add RSA OAEP test for pkeyutl in appstest.sh

Update appstest.sh

- Add -modulus for dsa sub command
- Remove -nextprotoneg

Add more option tests to req, ts, x509 and verify in appstest.sh

Add more options test to ocsp in appstest.sh

Add more option test to dgst in appstest.sh

Add more option tests to ca in appstest.sh

Add more options to pkcs12 and smime in appstest.sh

Add pkcs12 options and smime tests for appstest.sh

- Add some options to pkcs12 test.
- Add smime tests for encrypt, decrypt and pk7out.

Add tests for pkeyutl

Modify regress appstest.sh for interoperability testing with OpenSSL 1.1.x

- add sleep before s_client instead of removing -pause option
- change check words for s_client output messages
- replace CAfile to CApath for s_time
- remove -prexit from s_client
- confirm openssl command path is executable

Add interoperability test mode for regress appstest.sh

- test s_server and s_client between different version by option -i
- indicate other version by defining OTHER_OPENSSL environment variable
- fix "SSL/TLS" to "TLS/SSL", since TLS is correct as technical term
- s/SKIPPNG/SKIPPING/

Fix indent and adjust line fit to 80 columns.

Split test blocks into a function. Test contents are not changed.

Test more ciphers and randomize the order in regress appstest.sh

- change test target ciphers
- randomize the test ciphers order
- display test cipher count

tests all available TLSv1.2 ciphers

Add protocol and cipher patterns in regress appstest.sh

Stop s_server if error occurs in regress appstest.sh

Add license header.

Check reusing SSL/TLS session ticket by regression test

- Added checking for session ticket reusing with using openssl(1) s_server and
s_client command in appstest.sh
- Confirm certificate verification status.
- Save s_server message to log file.

ok tb@ and jsing@

tweak usage()

Add a -q (for quick) mode to apptest.sh, and use it by default.
this means that running the regression test doesn't take forever
because we run a huge dhparam test and openssl speed tests.

ok inoguchi@

Respect the OPENSSL make variable everywhere so that

make OPENSSL=/usr/src/usr.bin/openssl/obj/openssl

actually does the expected thing instead of running a mixture of both the
openssl below /usr/obj and the one below /usr/bin. Found the hard way via
backtraces that made no sense whatsoever.

ok jsing

More s/OSCP/OCSP/ typos

ok jmc@

Add regress test script for openssl command.
ok beck@

Add 'openssl x509 -new' functionality to the libcrypto CLI utility

The ability to generate a new certificate is useful for testing and
experimentation with rechaining PKIs.

While there, alias '-key' to '-signkey' for compatibility.

with and OK tb@

appstest: Zap a trailing tab added in previous

Add -force_pubkey -multivalue-rdn -set_issuer -set_subject -utf8 to x509 app

The -set_issuer, -set_subject, and -force_pubkey features can be used to
'rechain' PKIs, for more information see https://labs.apnic.net/nro-ta/
and https://blog.apnic.net/2023/12/14/models-of-trust-for-the-rpki/

OK tb@

remove errstr -stats test

reminded by anton

Stop testing tls 1.0 and 1.1

They have gone behind the barn.

Garbage collect test using the nseq command

reminded by anton

Only run the client connection test with supported ciphers. Avoids test
breakage also noted by anton.

Adapt appstest.sh for the new TLS_ names.

Drop two uses of the terrible asn1 kludge spotted by anton

Fix appstest.sh for testing with OpenSSL 3.0

- Fix 'Server Temp Key' check to work with both words "P-384" and "secp384r1".
- Test TLSv1 and TLSv1.1 only if OpenSSL version is 1.x.

Add GnuTLS interoperability test in appstest.sh

Modify cms test in appstest.sh to work with ec cert/key

Add DTLS test in appstest.sh

Remove "-4" option treatment and use it always on s_server test in appstest.sh

zap spades of trailing whitespace

Replace hostname underscore with hyphen in appstest.sh

Add checks for SH downgrade sentinel and HRR hash in appstest.sh

Add -status and -servername test for s_server and s_client in appstest.sh

Add -groups test for s_server and s_client in appstest.sh

Add client certificate test in appstest.sh

Rename variables for key, csr, pass, cert

Add GOST certificate test in appstest.sh

Enabled by -g option, and default to disabled (RSA certificate is used)

Suppress display output and reduce s_time to 1 sec in appstest.sh

Fix server client test with TLSv1.3 in appstest.sh

Factor out session reuse test and verification test

Factor out the test for all available ciphers and add TLSv1.3 case

Add ECDSA certificate test in appstest.sh

Enabled by -e option, and default to disabled (RSA certificate is used)

Skip protocol version message check in appstest.sh

- OpenSSL1.1.1 with TLSv1.3 does not call SSL_SESSION_print() until NewSessionTicket arrival
- Shorten function name

Factor out the protocol version test in appstest.sh

OTHER_OPENSSL default to eopenssl11

Restrict to use up to TLSv1.2 for test_server_client in appstest.sh

Currently, only s_client has TLSv1.3 and s_server does not.

Add option for cms test in appstest.sh

Add test for cms operations in appstest.sh

Add test for cms -keyopt in appstest.sh

Add test for req -addext in appstest.sh

Remove trailing space in appstest.sh

Add test for cms in appstest.sh

Add RSA-PSS test for genpkey in appstest.sh

Add RSA OAEP test for pkeyutl in appstest.sh

Update appstest.sh

- Add -modulus for dsa sub command
- Remove -nextprotoneg

Add more option tests to req, ts, x509 and verify in appstest.sh

Add more options test to ocsp in appstest.sh

Add more option test to dgst in appstest.sh

Add more option tests to ca in appstest.sh

Add more options to pkcs12 and smime in appstest.sh

Add pkcs12 options and smime tests for appstest.sh

- Add some options to pkcs12 test.
- Add smime tests for encrypt, decrypt and pk7out.

Add tests for pkeyutl

Modify regress appstest.sh for interoperability testing with OpenSSL 1.1.x

- add sleep before s_client instead of removing -pause option
- change check words for s_client output messages
- replace CAfile to CApath for s_time
- remove -prexit from s_client
- confirm openssl command path is executable

Add interoperability test mode for regress appstest.sh

- test s_server and s_client between different version by option -i
- indicate other version by defining OTHER_OPENSSL environment variable
- fix "SSL/TLS" to "TLS/SSL", since TLS is correct as technical term
- s/SKIPPNG/SKIPPING/

Fix indent and adjust line fit to 80 columns.

Split test blocks into a function. Test contents are not changed.

Test more ciphers and randomize the order in regress appstest.sh

- change test target ciphers
- randomize the test ciphers order
- display test cipher count

tests all available TLSv1.2 ciphers

Add protocol and cipher patterns in regress appstest.sh

Stop s_server if error occurs in regress appstest.sh

Add license header.

Check reusing SSL/TLS session ticket by regression test

- Added checking for session ticket reusing with using openssl(1) s_server and
s_client command in appstest.sh
- Confirm certificate verification status.
- Save s_server message to log file.

ok tb@ and jsing@

tweak usage()

Add a -q (for quick) mode to apptest.sh, and use it by default.
this means that running the regression test doesn't take forever
because we run a huge dhparam test and openssl speed tests.

ok inoguchi@

Respect the OPENSSL make variable everywhere so that

make OPENSSL=/usr/src/usr.bin/openssl/obj/openssl

actually does the expected thing instead of running a mixture of both the
openssl below /usr/obj and the one below /usr/bin. Found the hard way via
backtraces that made no sense whatsoever.

ok jsing

More s/OSCP/OCSP/ typos

ok jmc@

Add regress test script for openssl command.
ok beck@

appstest: Zap a trailing tab added in previous

Add -force_pubkey -multivalue-rdn -set_issuer -set_subject -utf8 to x509 app

The -set_issuer, -set_subject, and -force_pubkey features can be used to
'rechain' PKIs, for more information see https://labs.apnic.net/nro-ta/
and https://blog.apnic.net/2023/12/14/models-of-trust-for-the-rpki/

OK tb@

remove errstr -stats test

reminded by anton

Stop testing tls 1.0 and 1.1

They have gone behind the barn.

Garbage collect test using the nseq command

reminded by anton

Only run the client connection test with supported ciphers. Avoids test
breakage also noted by anton.

Adapt appstest.sh for the new TLS_ names.

Drop two uses of the terrible asn1 kludge spotted by anton

Fix appstest.sh for testing with OpenSSL 3.0

- Fix 'Server Temp Key' check to work with both words "P-384" and "secp384r1".
- Test TLSv1 and TLSv1.1 only if OpenSSL version is 1.x.

Add GnuTLS interoperability test in appstest.sh

Modify cms test in appstest.sh to work with ec cert/key

Add DTLS test in appstest.sh

Remove "-4" option treatment and use it always on s_server test in appstest.sh

zap spades of trailing whitespace

Replace hostname underscore with hyphen in appstest.sh

Add checks for SH downgrade sentinel and HRR hash in appstest.sh

Add -status and -servername test for s_server and s_client in appstest.sh

Add -groups test for s_server and s_client in appstest.sh

Add client certificate test in appstest.sh

Rename variables for key, csr, pass, cert

Add GOST certificate test in appstest.sh

Enabled by -g option, and default to disabled (RSA certificate is used)

Suppress display output and reduce s_time to 1 sec in appstest.sh

Fix server client test with TLSv1.3 in appstest.sh

Factor out session reuse test and verification test

Factor out the test for all available ciphers and add TLSv1.3 case

Add ECDSA certificate test in appstest.sh

Enabled by -e option, and default to disabled (RSA certificate is used)

Skip protocol version message check in appstest.sh

- OpenSSL1.1.1 with TLSv1.3 does not call SSL_SESSION_print() until NewSessionTicket arrival
- Shorten function name

Factor out the protocol version test in appstest.sh

OTHER_OPENSSL default to eopenssl11

Restrict to use up to TLSv1.2 for test_server_client in appstest.sh

Currently, only s_client has TLSv1.3 and s_server does not.

Add option for cms test in appstest.sh

Add test for cms operations in appstest.sh

Add test for cms -keyopt in appstest.sh

Add test for req -addext in appstest.sh

Remove trailing space in appstest.sh

Add test for cms in appstest.sh

Add RSA-PSS test for genpkey in appstest.sh

Add RSA OAEP test for pkeyutl in appstest.sh

Update appstest.sh

- Add -modulus for dsa sub command
- Remove -nextprotoneg

Add more option tests to req, ts, x509 and verify in appstest.sh

Add more options test to ocsp in appstest.sh

Add more option test to dgst in appstest.sh

Add more option tests to ca in appstest.sh

Add more options to pkcs12 and smime in appstest.sh

Add pkcs12 options and smime tests for appstest.sh

- Add some options to pkcs12 test.
- Add smime tests for encrypt, decrypt and pk7out.

Add tests for pkeyutl

Modify regress appstest.sh for interoperability testing with OpenSSL 1.1.x

- add sleep before s_client instead of removing -pause option
- change check words for s_client output messages
- replace CAfile to CApath for s_time
- remove -prexit from s_client
- confirm openssl command path is executable

Add interoperability test mode for regress appstest.sh

- test s_server and s_client between different version by option -i
- indicate other version by defining OTHER_OPENSSL environment variable
- fix "SSL/TLS" to "TLS/SSL", since TLS is correct as technical term
- s/SKIPPNG/SKIPPING/

Fix indent and adjust line fit to 80 columns.

Split test blocks into a function. Test contents are not changed.

Test more ciphers and randomize the order in regress appstest.sh

- change test target ciphers
- randomize the test ciphers order
- display test cipher count

tests all available TLSv1.2 ciphers

Add protocol and cipher patterns in regress appstest.sh

Stop s_server if error occurs in regress appstest.sh

Add license header.

Check reusing SSL/TLS session ticket by regression test

- Added checking for session ticket reusing with using openssl(1) s_server and
s_client command in appstest.sh
- Confirm certificate verification status.
- Save s_server message to log file.

ok tb@ and jsing@

tweak usage()

Add a -q (for quick) mode to apptest.sh, and use it by default.
this means that running the regression test doesn't take forever
because we run a huge dhparam test and openssl speed tests.

ok inoguchi@

Respect the OPENSSL make variable everywhere so that

make OPENSSL=/usr/src/usr.bin/openssl/obj/openssl

actually does the expected thing instead of running a mixture of both the
openssl below /usr/obj and the one below /usr/bin. Found the hard way via
backtraces that made no sense whatsoever.

ok jsing

More s/OSCP/OCSP/ typos

ok jmc@

Add regress test script for openssl command.
ok beck@

remove errstr -stats test

reminded by anton

Stop testing tls 1.0 and 1.1

They have gone behind the barn.

Garbage collect test using the nseq command

reminded by anton

Only run the client connection test with supported ciphers. Avoids test
breakage also noted by anton.

Adapt appstest.sh for the new TLS_ names.

Drop two uses of the terrible asn1 kludge spotted by anton

Fix appstest.sh for testing with OpenSSL 3.0

- Fix 'Server Temp Key' check to work with both words "P-384" and "secp384r1".
- Test TLSv1 and TLSv1.1 only if OpenSSL version is 1.x.

Add GnuTLS interoperability test in appstest.sh

Modify cms test in appstest.sh to work with ec cert/key

Add DTLS test in appstest.sh

Remove "-4" option treatment and use it always on s_server test in appstest.sh

zap spades of trailing whitespace

Replace hostname underscore with hyphen in appstest.sh

Add checks for SH downgrade sentinel and HRR hash in appstest.sh

Add -status and -servername test for s_server and s_client in appstest.sh

Add -groups test for s_server and s_client in appstest.sh

Add client certificate test in appstest.sh

Rename variables for key, csr, pass, cert

Add GOST certificate test in appstest.sh

Enabled by -g option, and default to disabled (RSA certificate is used)

Suppress display output and reduce s_time to 1 sec in appstest.sh

Fix server client test with TLSv1.3 in appstest.sh

Factor out session reuse test and verification test

Factor out the test for all available ciphers and add TLSv1.3 case

Add ECDSA certificate test in appstest.sh

Enabled by -e option, and default to disabled (RSA certificate is used)

Skip protocol version message check in appstest.sh

- OpenSSL1.1.1 with TLSv1.3 does not call SSL_SESSION_print() until NewSessionTicket arrival
- Shorten function name

Factor out the protocol version test in appstest.sh

OTHER_OPENSSL default to eopenssl11

Restrict to use up to TLSv1.2 for test_server_client in appstest.sh

Currently, only s_client has TLSv1.3 and s_server does not.

Add option for cms test in appstest.sh

Add test for cms operations in appstest.sh

Add test for cms -keyopt in appstest.sh

Add test for req -addext in appstest.sh

Remove trailing space in appstest.sh

Add test for cms in appstest.sh

Add RSA-PSS test for genpkey in appstest.sh

Add RSA OAEP test for pkeyutl in appstest.sh

Update appstest.sh

- Add -modulus for dsa sub command
- Remove -nextprotoneg

Add more option tests to req, ts, x509 and verify in appstest.sh

Add more options test to ocsp in appstest.sh

Add more option test to dgst in appstest.sh

Add more option tests to ca in appstest.sh

Add more options to pkcs12 and smime in appstest.sh

Add pkcs12 options and smime tests for appstest.sh

- Add some options to pkcs12 test.
- Add smime tests for encrypt, decrypt and pk7out.

Add tests for pkeyutl

Modify regress appstest.sh for interoperability testing with OpenSSL 1.1.x

- add sleep before s_client instead of removing -pause option
- change check words for s_client output messages
- replace CAfile to CApath for s_time
- remove -prexit from s_client
- confirm openssl command path is executable

Add interoperability test mode for regress appstest.sh

- test s_server and s_client between different version by option -i
- indicate other version by defining OTHER_OPENSSL environment variable
- fix "SSL/TLS" to "TLS/SSL", since TLS is correct as technical term
- s/SKIPPNG/SKIPPING/

Fix indent and adjust line fit to 80 columns.

Split test blocks into a function. Test contents are not changed.

Test more ciphers and randomize the order in regress appstest.sh

- change test target ciphers
- randomize the test ciphers order
- display test cipher count

tests all available TLSv1.2 ciphers

Add protocol and cipher patterns in regress appstest.sh

Stop s_server if error occurs in regress appstest.sh

Add license header.

Check reusing SSL/TLS session ticket by regression test

- Added checking for session ticket reusing with using openssl(1) s_server and
s_client command in appstest.sh
- Confirm certificate verification status.
- Save s_server message to log file.

ok tb@ and jsing@

tweak usage()

Add a -q (for quick) mode to apptest.sh, and use it by default.
this means that running the regression test doesn't take forever
because we run a huge dhparam test and openssl speed tests.

ok inoguchi@

Respect the OPENSSL make variable everywhere so that

make OPENSSL=/usr/src/usr.bin/openssl/obj/openssl

actually does the expected thing instead of running a mixture of both the
openssl below /usr/obj and the one below /usr/bin. Found the hard way via
backtraces that made no sense whatsoever.

ok jsing

More s/OSCP/OCSP/ typos

ok jmc@

Add regress test script for openssl command.
ok beck@

Stop testing tls 1.0 and 1.1

They have gone behind the barn.

Garbage collect test using the nseq command

reminded by anton

Only run the client connection test with supported ciphers. Avoids test
breakage also noted by anton.

Adapt appstest.sh for the new TLS_ names.

Drop two uses of the terrible asn1 kludge spotted by anton

Fix appstest.sh for testing with OpenSSL 3.0

- Fix 'Server Temp Key' check to work with both words "P-384" and "secp384r1".
- Test TLSv1 and TLSv1.1 only if OpenSSL version is 1.x.

Add GnuTLS interoperability test in appstest.sh

Modify cms test in appstest.sh to work with ec cert/key

Add DTLS test in appstest.sh

Remove "-4" option treatment and use it always on s_server test in appstest.sh

zap spades of trailing whitespace

Replace hostname underscore with hyphen in appstest.sh

Add checks for SH downgrade sentinel and HRR hash in appstest.sh

Add -status and -servername test for s_server and s_client in appstest.sh

Add -groups test for s_server and s_client in appstest.sh

Add client certificate test in appstest.sh

Rename variables for key, csr, pass, cert

Add GOST certificate test in appstest.sh

Enabled by -g option, and default to disabled (RSA certificate is used)

Suppress display output and reduce s_time to 1 sec in appstest.sh

Fix server client test with TLSv1.3 in appstest.sh

Factor out session reuse test and verification test

Factor out the test for all available ciphers and add TLSv1.3 case

Add ECDSA certificate test in appstest.sh

Enabled by -e option, and default to disabled (RSA certificate is used)

Skip protocol version message check in appstest.sh

- OpenSSL1.1.1 with TLSv1.3 does not call SSL_SESSION_print() until NewSessionTicket arrival
- Shorten function name

Factor out the protocol version test in appstest.sh

OTHER_OPENSSL default to eopenssl11

Restrict to use up to TLSv1.2 for test_server_client in appstest.sh

Currently, only s_client has TLSv1.3 and s_server does not.

Add option for cms test in appstest.sh

Add test for cms operations in appstest.sh

Add test for cms -keyopt in appstest.sh

Add test for req -addext in appstest.sh

Remove trailing space in appstest.sh

Add test for cms in appstest.sh

Add RSA-PSS test for genpkey in appstest.sh

Add RSA OAEP test for pkeyutl in appstest.sh

Update appstest.sh

- Add -modulus for dsa sub command
- Remove -nextprotoneg

Add more option tests to req, ts, x509 and verify in appstest.sh

Add more options test to ocsp in appstest.sh

Add more option test to dgst in appstest.sh

Add more option tests to ca in appstest.sh

Add more options to pkcs12 and smime in appstest.sh

Add pkcs12 options and smime tests for appstest.sh

- Add some options to pkcs12 test.
- Add smime tests for encrypt, decrypt and pk7out.

Add tests for pkeyutl

Modify regress appstest.sh for interoperability testing with OpenSSL 1.1.x

- add sleep before s_client instead of removing -pause option
- change check words for s_client output messages
- replace CAfile to CApath for s_time
- remove -prexit from s_client
- confirm openssl command path is executable

Add interoperability test mode for regress appstest.sh

- test s_server and s_client between different version by option -i
- indicate other version by defining OTHER_OPENSSL environment variable
- fix "SSL/TLS" to "TLS/SSL", since TLS is correct as technical term
- s/SKIPPNG/SKIPPING/

Fix indent and adjust line fit to 80 columns.

Split test blocks into a function. Test contents are not changed.

Test more ciphers and randomize the order in regress appstest.sh

- change test target ciphers
- randomize the test ciphers order
- display test cipher count

tests all available TLSv1.2 ciphers

Add protocol and cipher patterns in regress appstest.sh

Stop s_server if error occurs in regress appstest.sh

Add license header.

Check reusing SSL/TLS session ticket by regression test

- Added checking for session ticket reusing with using openssl(1) s_server and
s_client command in appstest.sh
- Confirm certificate verification status.
- Save s_server message to log file.

ok tb@ and jsing@

tweak usage()

Add a -q (for quick) mode to apptest.sh, and use it by default.
this means that running the regression test doesn't take forever
because we run a huge dhparam test and openssl speed tests.

ok inoguchi@

Respect the OPENSSL make variable everywhere so that

make OPENSSL=/usr/src/usr.bin/openssl/obj/openssl

actually does the expected thing instead of running a mixture of both the
openssl below /usr/obj and the one below /usr/bin. Found the hard way via
backtraces that made no sense whatsoever.

ok jsing

More s/OSCP/OCSP/ typos

ok jmc@

Add regress test script for openssl command.
ok beck@

Garbage collect test using the nseq command

reminded by anton

Only run the client connection test with supported ciphers. Avoids test
breakage also noted by anton.

Adapt appstest.sh for the new TLS_ names.

Drop two uses of the terrible asn1 kludge spotted by anton

Fix appstest.sh for testing with OpenSSL 3.0

- Fix 'Server Temp Key' check to work with both words "P-384" and "secp384r1".
- Test TLSv1 and TLSv1.1 only if OpenSSL version is 1.x.

Add GnuTLS interoperability test in appstest.sh

Modify cms test in appstest.sh to work with ec cert/key

Add DTLS test in appstest.sh

Remove "-4" option treatment and use it always on s_server test in appstest.sh

zap spades of trailing whitespace

Replace hostname underscore with hyphen in appstest.sh

Add checks for SH downgrade sentinel and HRR hash in appstest.sh

Add -status and -servername test for s_server and s_client in appstest.sh

Add -groups test for s_server and s_client in appstest.sh

Add client certificate test in appstest.sh

Rename variables for key, csr, pass, cert

Add GOST certificate test in appstest.sh

Enabled by -g option, and default to disabled (RSA certificate is used)

Suppress display output and reduce s_time to 1 sec in appstest.sh

Fix server client test with TLSv1.3 in appstest.sh

Factor out session reuse test and verification test

Factor out the test for all available ciphers and add TLSv1.3 case

Add ECDSA certificate test in appstest.sh

Enabled by -e option, and default to disabled (RSA certificate is used)

Skip protocol version message check in appstest.sh

- OpenSSL1.1.1 with TLSv1.3 does not call SSL_SESSION_print() until NewSessionTicket arrival
- Shorten function name

Factor out the protocol version test in appstest.sh

OTHER_OPENSSL default to eopenssl11

Restrict to use up to TLSv1.2 for test_server_client in appstest.sh

Currently, only s_client has TLSv1.3 and s_server does not.

Add option for cms test in appstest.sh

Add test for cms operations in appstest.sh

Add test for cms -keyopt in appstest.sh

Add test for req -addext in appstest.sh

Remove trailing space in appstest.sh

Add test for cms in appstest.sh

Add RSA-PSS test for genpkey in appstest.sh

Add RSA OAEP test for pkeyutl in appstest.sh

Update appstest.sh

- Add -modulus for dsa sub command
- Remove -nextprotoneg

Add more option tests to req, ts, x509 and verify in appstest.sh

Add more options test to ocsp in appstest.sh

Add more option test to dgst in appstest.sh

Add more option tests to ca in appstest.sh

Add more options to pkcs12 and smime in appstest.sh

Add pkcs12 options and smime tests for appstest.sh

- Add some options to pkcs12 test.
- Add smime tests for encrypt, decrypt and pk7out.

Add tests for pkeyutl

Modify regress appstest.sh for interoperability testing with OpenSSL 1.1.x

- add sleep before s_client instead of removing -pause option
- change check words for s_client output messages
- replace CAfile to CApath for s_time
- remove -prexit from s_client
- confirm openssl command path is executable

Add interoperability test mode for regress appstest.sh

- test s_server and s_client between different version by option -i
- indicate other version by defining OTHER_OPENSSL environment variable
- fix "SSL/TLS" to "TLS/SSL", since TLS is correct as technical term
- s/SKIPPNG/SKIPPING/

Fix indent and adjust line fit to 80 columns.

Split test blocks into a function. Test contents are not changed.

Test more ciphers and randomize the order in regress appstest.sh

- change test target ciphers
- randomize the test ciphers order
- display test cipher count

tests all available TLSv1.2 ciphers

Add protocol and cipher patterns in regress appstest.sh

Stop s_server if error occurs in regress appstest.sh

Add license header.

Check reusing SSL/TLS session ticket by regression test

- Added checking for session ticket reusing with using openssl(1) s_server and
s_client command in appstest.sh
- Confirm certificate verification status.
- Save s_server message to log file.

ok tb@ and jsing@

tweak usage()

Add a -q (for quick) mode to apptest.sh, and use it by default.
this means that running the regression test doesn't take forever
because we run a huge dhparam test and openssl speed tests.

ok inoguchi@

Respect the OPENSSL make variable everywhere so that

make OPENSSL=/usr/src/usr.bin/openssl/obj/openssl

actually does the expected thing instead of running a mixture of both the
openssl below /usr/obj and the one below /usr/bin. Found the hard way via
backtraces that made no sense whatsoever.

ok jsing

More s/OSCP/OCSP/ typos

ok jmc@

Add regress test script for openssl command.
ok beck@

Only run the client connection test with supported ciphers. Avoids test
breakage also noted by anton.

Adapt appstest.sh for the new TLS_ names.

Drop two uses of the terrible asn1 kludge spotted by anton

Fix appstest.sh for testing with OpenSSL 3.0

- Fix 'Server Temp Key' check to work with both words "P-384" and "secp384r1".
- Test TLSv1 and TLSv1.1 only if OpenSSL version is 1.x.

Add GnuTLS interoperability test in appstest.sh

Modify cms test in appstest.sh to work with ec cert/key

Add DTLS test in appstest.sh

Remove "-4" option treatment and use it always on s_server test in appstest.sh

zap spades of trailing whitespace

Replace hostname underscore with hyphen in appstest.sh

Add checks for SH downgrade sentinel and HRR hash in appstest.sh

Add -status and -servername test for s_server and s_client in appstest.sh

Add -groups test for s_server and s_client in appstest.sh

Add client certificate test in appstest.sh

Rename variables for key, csr, pass, cert

Add GOST certificate test in appstest.sh

Enabled by -g option, and default to disabled (RSA certificate is used)

Suppress display output and reduce s_time to 1 sec in appstest.sh

Fix server client test with TLSv1.3 in appstest.sh

Factor out session reuse test and verification test

Factor out the test for all available ciphers and add TLSv1.3 case

Add ECDSA certificate test in appstest.sh

Enabled by -e option, and default to disabled (RSA certificate is used)

Skip protocol version message check in appstest.sh

- OpenSSL1.1.1 with TLSv1.3 does not call SSL_SESSION_print() until NewSessionTicket arrival
- Shorten function name

Factor out the protocol version test in appstest.sh

OTHER_OPENSSL default to eopenssl11

Restrict to use up to TLSv1.2 for test_server_client in appstest.sh

Currently, only s_client has TLSv1.3 and s_server does not.

Add option for cms test in appstest.sh

Add test for cms operations in appstest.sh

Add test for cms -keyopt in appstest.sh

Add test for req -addext in appstest.sh

Remove trailing space in appstest.sh

Add test for cms in appstest.sh

Add RSA-PSS test for genpkey in appstest.sh

Add RSA OAEP test for pkeyutl in appstest.sh

Update appstest.sh

- Add -modulus for dsa sub command
- Remove -nextprotoneg

Add more option tests to req, ts, x509 and verify in appstest.sh

Add more options test to ocsp in appstest.sh

Add more option test to dgst in appstest.sh

Add more option tests to ca in appstest.sh

Add more options to pkcs12 and smime in appstest.sh

Add pkcs12 options and smime tests for appstest.sh

- Add some options to pkcs12 test.
- Add smime tests for encrypt, decrypt and pk7out.

Add tests for pkeyutl

Modify regress appstest.sh for interoperability testing with OpenSSL 1.1.x

- add sleep before s_client instead of removing -pause option
- change check words for s_client output messages
- replace CAfile to CApath for s_time
- remove -prexit from s_client
- confirm openssl command path is executable

Add interoperability test mode for regress appstest.sh

- test s_server and s_client between different version by option -i
- indicate other version by defining OTHER_OPENSSL environment variable
- fix "SSL/TLS" to "TLS/SSL", since TLS is correct as technical term
- s/SKIPPNG/SKIPPING/

Fix indent and adjust line fit to 80 columns.

Split test blocks into a function. Test contents are not changed.

Test more ciphers and randomize the order in regress appstest.sh

- change test target ciphers
- randomize the test ciphers order
- display test cipher count

tests all available TLSv1.2 ciphers

Add protocol and cipher patterns in regress appstest.sh

Stop s_server if error occurs in regress appstest.sh

Add license header.

Check reusing SSL/TLS session ticket by regression test

- Added checking for session ticket reusing with using openssl(1) s_server and
s_client command in appstest.sh
- Confirm certificate verification status.
- Save s_server message to log file.

ok tb@ and jsing@

tweak usage()

Add a -q (for quick) mode to apptest.sh, and use it by default.
this means that running the regression test doesn't take forever
because we run a huge dhparam test and openssl speed tests.

ok inoguchi@

Respect the OPENSSL make variable everywhere so that

make OPENSSL=/usr/src/usr.bin/openssl/obj/openssl

actually does the expected thing instead of running a mixture of both the
openssl below /usr/obj and the one below /usr/bin. Found the hard way via
backtraces that made no sense whatsoever.

ok jsing

More s/OSCP/OCSP/ typos

ok jmc@

Add regress test script for openssl command.
ok beck@

Adapt appstest.sh for the new TLS_ names.

Drop two uses of the terrible asn1 kludge spotted by anton

Fix appstest.sh for testing with OpenSSL 3.0

- Fix 'Server Temp Key' check to work with both words "P-384" and "secp384r1".
- Test TLSv1 and TLSv1.1 only if OpenSSL version is 1.x.

Add GnuTLS interoperability test in appstest.sh

Modify cms test in appstest.sh to work with ec cert/key

Add DTLS test in appstest.sh

Remove "-4" option treatment and use it always on s_server test in appstest.sh

zap spades of trailing whitespace

Replace hostname underscore with hyphen in appstest.sh

Add checks for SH downgrade sentinel and HRR hash in appstest.sh

Add -status and -servername test for s_server and s_client in appstest.sh

Add -groups test for s_server and s_client in appstest.sh

Add client certificate test in appstest.sh

Rename variables for key, csr, pass, cert

Add GOST certificate test in appstest.sh

Enabled by -g option, and default to disabled (RSA certificate is used)

Suppress display output and reduce s_time to 1 sec in appstest.sh

Fix server client test with TLSv1.3 in appstest.sh

Factor out session reuse test and verification test

Factor out the test for all available ciphers and add TLSv1.3 case

Add ECDSA certificate test in appstest.sh

Enabled by -e option, and default to disabled (RSA certificate is used)

Skip protocol version message check in appstest.sh

- OpenSSL1.1.1 with TLSv1.3 does not call SSL_SESSION_print() until NewSessionTicket arrival
- Shorten function name

Factor out the protocol version test in appstest.sh

OTHER_OPENSSL default to eopenssl11

Restrict to use up to TLSv1.2 for test_server_client in appstest.sh

Currently, only s_client has TLSv1.3 and s_server does not.

Add option for cms test in appstest.sh

Add test for cms operations in appstest.sh

Add test for cms -keyopt in appstest.sh

Add test for req -addext in appstest.sh

Remove trailing space in appstest.sh

Add test for cms in appstest.sh

Add RSA-PSS test for genpkey in appstest.sh

Add RSA OAEP test for pkeyutl in appstest.sh

Update appstest.sh

- Add -modulus for dsa sub command
- Remove -nextprotoneg

Add more option tests to req, ts, x509 and verify in appstest.sh

Add more options test to ocsp in appstest.sh

Add more option test to dgst in appstest.sh

Add more option tests to ca in appstest.sh

Add more options to pkcs12 and smime in appstest.sh

Add pkcs12 options and smime tests for appstest.sh

- Add some options to pkcs12 test.
- Add smime tests for encrypt, decrypt and pk7out.

Add tests for pkeyutl

Modify regress appstest.sh for interoperability testing with OpenSSL 1.1.x

- add sleep before s_client instead of removing -pause option
- change check words for s_client output messages
- replace CAfile to CApath for s_time
- remove -prexit from s_client
- confirm openssl command path is executable

Add interoperability test mode for regress appstest.sh

- test s_server and s_client between different version by option -i
- indicate other version by defining OTHER_OPENSSL environment variable
- fix "SSL/TLS" to "TLS/SSL", since TLS is correct as technical term
- s/SKIPPNG/SKIPPING/

Fix indent and adjust line fit to 80 columns.

Split test blocks into a function. Test contents are not changed.

Test more ciphers and randomize the order in regress appstest.sh

- change test target ciphers
- randomize the test ciphers order
- display test cipher count

tests all available TLSv1.2 ciphers

Add protocol and cipher patterns in regress appstest.sh

Stop s_server if error occurs in regress appstest.sh

Add license header.

Check reusing SSL/TLS session ticket by regression test

- Added checking for session ticket reusing with using openssl(1) s_server and
s_client command in appstest.sh
- Confirm certificate verification status.
- Save s_server message to log file.

ok tb@ and jsing@

tweak usage()

Add a -q (for quick) mode to apptest.sh, and use it by default.
this means that running the regression test doesn't take forever
because we run a huge dhparam test and openssl speed tests.

ok inoguchi@

Respect the OPENSSL make variable everywhere so that

make OPENSSL=/usr/src/usr.bin/openssl/obj/openssl

actually does the expected thing instead of running a mixture of both the
openssl below /usr/obj and the one below /usr/bin. Found the hard way via
backtraces that made no sense whatsoever.

ok jsing

More s/OSCP/OCSP/ typos

ok jmc@

Add regress test script for openssl command.
ok beck@

Drop two uses of the terrible asn1 kludge spotted by anton

Fix appstest.sh for testing with OpenSSL 3.0

- Fix 'Server Temp Key' check to work with both words "P-384" and "secp384r1".
- Test TLSv1 and TLSv1.1 only if OpenSSL version is 1.x.

Add GnuTLS interoperability test in appstest.sh

Modify cms test in appstest.sh to work with ec cert/key

Add DTLS test in appstest.sh

Remove "-4" option treatment and use it always on s_server test in appstest.sh