1# $OpenBSD: Makefile.inc,v 1.10 2024/02/03 15:58:34 beck Exp $ 2 3.PATH: ${.CURDIR}/.. 4 5SRCS_client ?= client.c util.c 6SRCS_server ?= server.c util.c 7WARNINGS = yes 8CLEANFILES += *.out *.fstat 9 10.for p in ${PROGS} 11ldd-$p.out: $p 12 # programs must be linked with correct libraries 13 LD_LIBRARY_PATH=${LD_LIBRARY_PATH} ldd $p >$@ 14.endfor 15 16client-self.out server-self.out: run-self-client-server 17 18run-self-client-server: client server 127.0.0.1.crt 19 # check that tls client and server work together 20 LD_LIBRARY_PATH=${LD_LIBRARY_PATH} \ 21 ./server >server-self.out \ 22 127.0.0.1 0 23 LD_LIBRARY_PATH=${LD_LIBRARY_PATH} \ 24 ./client >client-self.out \ 25 `sed -n 's/listen sock: //p' server-self.out` 26 # wait for server to terminate 27 -sed -n 's/listen sock: //p' server-self.out | xargs nc 2>/dev/null 28 # check that the client run successfully to the end 29 grep -q '^success$$' client-self.out 30 # client must have read server greeting 31 grep -q '^<<< greeting$$' client-self.out 32 # check that the server child run successfully to the end 33 grep -q '^success$$' server-self.out 34 # server must have read client hello 35 grep -q '^<<< hello$$' server-self.out 36 37# create certificates for TLS 38 39CLEANFILES += 127.0.0.1.{crt,key} \ 40 ca.{crt,key,srl} fake-ca.{crt,key} \ 41 {client,server}.{req,crt,key} \ 42 {dsa,ec,rsa}.{key,req,crt} \ 43 dh.param 44 45127.0.0.1.crt: 46 openssl req -batch -new \ 47 -subj /L=OpenBSD/O=tls-regress/OU=server/CN=${@:R}/ \ 48 -nodes -newkey rsa -keyout ${@:R}.key -x509 -out $@ 49 50ca.crt fake-ca.crt: 51 openssl req -batch -new \ 52 -subj /L=OpenBSD/O=tls-regress/OU=ca/CN=root/ \ 53 -nodes -newkey rsa -keyout ${@:R}.key -x509 -out $@ 54 55client.req server.req: 56 openssl req -batch -new \ 57 -subj /L=OpenBSD/O=tls-regress/OU=${@:R}/CN=localhost/ \ 58 -nodes -newkey rsa -keyout ${@:R}.key -out $@ 59 60client.crt server.crt: ca.crt ${@:R}.req 61 openssl x509 -CAcreateserial -CAkey ca.key -CA ca.crt \ 62 -req -in ${@:R}.req -out $@ 63 64dh.param: 65 openssl dhparam -out $@ 1024 66 67dsa.key: 68 openssl dsaparam -genkey -out $@ 2048 69 70ec.key: 71 openssl ecparam -genkey -name secp256r1 -out $@ 72 73rsa.key: 74 openssl genrsa -out $@ 2048 75 76dsa.req ec.req rsa.req: ${@:R}.key 77 openssl req -batch -new \ 78 -subj /L=OpenBSD/O=tls-regress/OU=${@:R}/CN=localhost/ \ 79 -nodes -key ${@:R}.key -out $@ 80 81dsa.crt ec.crt rsa.crt: ca.crt ${@:R}.req 82 openssl x509 -CAcreateserial -CAkey ca.key -CA ca.crt \ 83 -req -in ${@:R}.req -out $@ 84