From 611c4acdddab9d702d235c2bcfe3b69002e93569 Mon Sep 17 00:00:00 2001
From: Garrett D'Amore <garrett@damore.org>
Date: Sun, 19 Oct 2025 10:40:26 -0700
Subject: Add support for OpenSSL v3.5 and newer.

We are *only* supporting 3.5 (or newer 3.x releases) as its the newest LTS version of OpenSSL.

This supports the full set of TLS features with NNG, including DTLS, PSK, TLS 1.3, etc.

Future work will explore making using of the QUIC support in OpenSSL.

Note that this OpenSSL work sits on top of NNG's TCP streams, so it cannot benefit from
Linux in-kernel TLS or other features such as TCP fast open at this time.
---
 src/sp/transport/tls/tls_tran_test.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

(limited to 'src/sp')

diff --git a/src/sp/transport/tls/tls_tran_test.c b/src/sp/transport/tls/tls_tran_test.c
index 3a5e6805..e32d4b09 100644
--- a/src/sp/transport/tls/tls_tran_test.c
+++ b/src/sp/transport/tls/tls_tran_test.c
@@ -80,8 +80,9 @@ test_tls_port_zero_bind(void)
 	nng_dialer      d;
 	const nng_url  *url;
 
-	c1 = tls_server_config();
-	c2 = tls_client_config();
+	NUTS_ENABLE_LOG(NNG_LOG_DEBUG);
+	c1 = tls_server_config_ecdsa();
+	c2 = tls_client_config_ecdsa();
 	NUTS_OPEN(s1);
 	NUTS_OPEN(s2);
 	NUTS_PASS(nng_listener_create(&l, s1, "tls+tcp://127.0.0.1:0"));
@@ -113,10 +114,10 @@ test_tls_bad_cert_mutual(void)
 	nng_dialer      d;
 	const nng_url  *url;
 
+	NUTS_ENABLE_LOG(NNG_LOG_DEBUG);
 	c1 = tls_server_config();
 	c2 = tls_client_config();
 
-	NUTS_ENABLE_LOG(NNG_LOG_DEBUG);
 	NUTS_OPEN(s1);
 	NUTS_OPEN(s2);
 	NUTS_PASS(nng_tls_config_auth_mode(c1, NNG_TLS_AUTH_MODE_REQUIRED));
@@ -157,10 +158,10 @@ test_tls_cert_mutual(void)
 	nng_dialer      d;
 	const nng_url  *url;
 
+	NUTS_ENABLE_LOG(NNG_LOG_DEBUG);
 	c1 = tls_server_config_ecdsa();
 	c2 = tls_client_config_ecdsa();
 
-	NUTS_ENABLE_LOG(NNG_LOG_DEBUG);
 	NUTS_OPEN(s1);
 	NUTS_OPEN(s2);
 	NUTS_PASS(nng_tls_config_auth_mode(c1, NNG_TLS_AUTH_MODE_REQUIRED));
@@ -198,10 +199,10 @@ test_tls_pipe_details(void)
 	nng_pipe        p;
 	const nng_url  *url;
 
+	NUTS_ENABLE_LOG(NNG_LOG_DEBUG);
 	c1 = tls_server_config_ecdsa();
 	c2 = tls_client_config_ecdsa();
 
-	NUTS_ENABLE_LOG(NNG_LOG_DEBUG);
 	NUTS_OPEN(s1);
 	NUTS_OPEN(s2);
 	NUTS_PASS(nng_tls_config_auth_mode(c1, NNG_TLS_AUTH_MODE_REQUIRED));
-- 
cgit v1.2.3-70-g09d2