source-git / mingw-gnutls

Clone
Source Code
GIT

Blame src/cli-debug.c

c8 master
  1.   549fdc7405a5e7ca67955d006f34d2abdcff8b67
  2.   src
  3.   cli-debug.c
Blob History Raw
Packit 549fdc 
/*
Packit 549fdc 
 * Copyright (C) 2000-2012 Free Software Foundation, Inc.
Packit 549fdc 
 * Copyright (C) 2017 Red Hat, Inc.
Packit 549fdc 
 *
Packit 549fdc 
 * This file is part of GnuTLS.
Packit 549fdc 
 *
Packit 549fdc 
 * GnuTLS is free software: you can redistribute it and/or modify it
Packit 549fdc 
 * under the terms of the GNU General Public License as published by
Packit 549fdc 
 * the Free Software Foundation, either version 3 of the License, or
Packit 549fdc 
 * (at your option) any later version.
Packit 549fdc 
 *
Packit 549fdc 
 * GnuTLS is distributed in the hope that it will be useful, but
Packit 549fdc 
 * WITHOUT ANY WARRANTY; without even the implied warranty of
Packit 549fdc 
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
Packit 549fdc 
 * General Public License for more details.
Packit 549fdc 
 *
Packit 549fdc 
 * You should have received a copy of the GNU General Public License
Packit 549fdc 
 * along with this program.  If not, see
Packit 549fdc 
 * <http://www.gnu.org/licenses/>.
Packit 549fdc 
 */
Packit 549fdc
Packit 549fdc 
#include <config.h>
Packit 549fdc 
#include <stdio.h>
Packit 549fdc 
#include <errno.h>
Packit 549fdc 
#include <stdlib.h>
Packit 549fdc 
#include <sys/types.h>
Packit 549fdc 
#include <string.h>
Packit 549fdc 
#include <gnutls/gnutls.h>
Packit 549fdc 
#include <sys/time.h>
Packit 549fdc 
#if HAVE_SYS_SOCKET_H
Packit 549fdc 
#include <sys/socket.h>
Packit 549fdc 
#elif HAVE_WS2TCPIP_H
Packit 549fdc 
#include <ws2tcpip.h>
Packit 549fdc 
#endif
Packit 549fdc 
#include <tests.h>
Packit 549fdc 
#include <common.h>
Packit 549fdc 
#include <ctype.h>
Packit 549fdc 
#include <cli-debug-args.h>
Packit 549fdc 
#include <socket.h>
Packit 549fdc
Packit 549fdc 
/* Gnulib portability files. */
Packit 549fdc 
#include "sockets.h"
Packit 549fdc
Packit 549fdc 
static void cmd_parser(int argc, char **argv);
Packit 549fdc
Packit 549fdc 
/* global stuff here */
Packit 549fdc 
int resume;
Packit 549fdc 
char *hostname = NULL;
Packit 549fdc 
int port;
Packit 549fdc 
int record_max_size;
Packit 549fdc 
int fingerprint;
Packit 549fdc 
static int debug = 0;
Packit 549fdc
Packit 549fdc 
gnutls_srp_client_credentials_t srp_cred;
Packit 549fdc 
gnutls_anon_client_credentials_t anon_cred;
Packit 549fdc 
gnutls_certificate_credentials_t xcred;
Packit 549fdc
Packit 549fdc 
/* end of global stuff */
Packit 549fdc
Packit 549fdc 
unsigned int verbose = 0;
Packit 549fdc
Packit 549fdc 
extern int tls1_ok;
Packit 549fdc 
extern int tls1_1_ok;
Packit 549fdc 
extern int tls1_2_ok;
Packit 549fdc 
extern int ssl3_ok;
Packit 549fdc 
extern const char *ext_text;
Packit 549fdc
Packit 549fdc 
static void tls_log_func(int level, const char *str)
Packit 549fdc 
{
Packit 549fdc 
	fprintf(stderr, "|<%d>| %s", level, str);
Packit 549fdc 
}
Packit 549fdc
Packit 549fdc 
typedef test_code_t(*TEST_FUNC) (gnutls_session_t);
Packit 549fdc
Packit 549fdc 
typedef struct {
Packit 549fdc 
	const char *test_name;
Packit 549fdc 
	TEST_FUNC func;
Packit 549fdc 
	const char *suc_str;
Packit 549fdc 
	const char *fail_str;
Packit 549fdc 
	const char *unsure_str;
Packit 549fdc 
	unsigned https_only;
Packit 549fdc 
} TLS_TEST;
Packit 549fdc
Packit 549fdc 
static const TLS_TEST tls_tests[] = {
Packit 549fdc 
	{"for SSL 3.0 (RFC6101) support", test_ssl3, "yes", "no", "dunno"},
Packit 549fdc 
	/* The following tests will disable TLS 1.x if the server is
Packit 549fdc 
	 * buggy */
Packit 549fdc 
	{"whether we need to disable TLS 1.2", test_tls_disable2, "no",
Packit 549fdc 
	 "yes", "dunno"},
Packit 549fdc 
	{"whether we need to disable TLS 1.1", test_tls_disable1, "no",
Packit 549fdc 
	 "yes", "dunno"},
Packit 549fdc 
	{"whether we need to disable TLS 1.0", test_tls_disable0, "no",
Packit 549fdc 
	 "yes", "dunno"},
Packit 549fdc 
	{"whether \%NO_EXTENSIONS is required", test_no_extensions, "no", "yes",
Packit 549fdc 
	 "dunno"},
Packit 549fdc 
	{"whether \%COMPAT is required", test_record_padding, "no", "yes",
Packit 549fdc 
	 "dunno"},
Packit 549fdc 
	{"for TLS 1.0 (RFC2246) support", test_tls1, "yes", "no", "dunno"},
Packit 549fdc 
	{"for TLS 1.0 (RFC2246) support with TLS 1.0 record version", test_tls1_nossl3, "yes", "no", "dunno"},
Packit 549fdc 
	{"for TLS 1.1 (RFC4346) support", test_tls1_1, "yes", "no", "dunno"},
Packit 549fdc 
	{"fallback from TLS 1.1 to", test_tls1_1_fallback, "TLS 1.0",
Packit 549fdc 
	 "failed",
Packit 549fdc 
	 "SSL 3.0"},
Packit 549fdc 
	{"for TLS 1.2 (RFC5246) support", test_tls1_2, "yes", "no", "dunno"},
Packit 549fdc 
	{"fallback from TLS 1.6 to", test_tls1_6_fallback, NULL,
Packit 549fdc 
	 "failed (server requires fallback dance)", "dunno"},
Packit 549fdc 
	{"for inappropriate fallback (RFC7507) support", test_rfc7507, "yes", "no", "dunno"},
Packit 549fdc 
	{"for HTTPS server name", test_server, NULL, "failed", "not checked", 1},
Packit 549fdc 
	{"for certificate information", test_certificate, NULL, "", ""},
Packit 549fdc 
	{"for certificate chain order", test_chain_order, "sorted", "unsorted", "unknown"},
Packit 549fdc 
	{"for trusted CAs", test_server_cas, NULL, "", ""},
Packit 549fdc 
	{"for safe renegotiation (RFC5746) support", test_safe_renegotiation, "yes",
Packit 549fdc 
	 "no", "dunno"},
Packit 549fdc 
	{"for Safe renegotiation support (SCSV)",
Packit 549fdc 
	 test_safe_renegotiation_scsv,
Packit 549fdc 
	 "yes", "no", "dunno"},
Packit 549fdc 
	{"for encrypt-then-MAC (RFC7366) support", test_etm, "yes", "no", "dunno"},
Packit 549fdc 
	{"for ext master secret (RFC7627) support", test_ext_master_secret, "yes", "no", "dunno"},
Packit 549fdc 
	{"for heartbeat (RFC6520) support", test_heartbeat_extension, "yes", "no", "dunno"},
Packit 549fdc 
	{"for version rollback bug in RSA PMS", test_rsa_pms, "no", "yes",
Packit 549fdc 
	 "dunno"},
Packit 549fdc 
	{"for version rollback bug in Client Hello", test_version_rollback,
Packit 549fdc 
	 "no", "yes", "dunno"},
Packit 549fdc 
	{"whether the server ignores the RSA PMS version",
Packit 549fdc 
	 test_rsa_pms_version_check, "yes", "no", "dunno"},
Packit 549fdc 
	{"whether small records (512 bytes) are tolerated on handshake",
Packit 549fdc 
	 test_small_records, "yes", "no", "dunno"},
Packit 549fdc 
	{"whether cipher suites not in SSL 3.0 spec are accepted",
Packit 549fdc 
	 test_unknown_ciphersuites, "yes", "no", "dunno"},
Packit 549fdc 
	{"whether a bogus TLS record version in the client hello is accepted", test_version_oob, "yes", "no", "dunno"},
Packit 549fdc 
	{"whether the server understands TLS closure alerts", test_bye,
Packit 549fdc 
	 "yes", "no", "partially"},
Packit 549fdc 
	/* the fact that is after the closure alert test does matter.
Packit 549fdc 
	 */
Packit 549fdc 
	{"whether the server supports session resumption",
Packit 549fdc 
	 test_session_resume2, "yes", "no", "dunno"},
Packit 549fdc 
#ifdef ENABLE_ANON
Packit 549fdc 
	{"for anonymous authentication support", test_anonymous, "yes",
Packit 549fdc 
	 "no",
Packit 549fdc 
	 "dunno"},
Packit 549fdc 
	{"anonymous Diffie-Hellman group info", test_dhe_group, NULL, "N/A",
Packit 549fdc 
	 "N/A"},
Packit 549fdc 
#endif
Packit 549fdc 
	{"for ephemeral Diffie-Hellman support", test_dhe, "yes", "no",
Packit 549fdc 
	 "dunno"},
Packit 549fdc 
	{"for RFC7919 Diffie-Hellman support", test_rfc7919, "yes", "no",
Packit 549fdc 
	 "dunno"},
Packit 549fdc 
	{"ephemeral Diffie-Hellman group info", test_dhe_group, NULL, "N/A",
Packit 549fdc 
	 "N/A"},
Packit 549fdc 
	{"for ephemeral EC Diffie-Hellman support", test_ecdhe, "yes",
Packit 549fdc 
	 "no",
Packit 549fdc 
	 "dunno"},
Packit 549fdc 
	{"for curve SECP256r1 (RFC4492)", test_ecdhe_secp256r1, "yes", "no", "dunno"},
Packit 549fdc 
	{"for curve SECP384r1 (RFC4492)", test_ecdhe_secp384r1, "yes", "no", "dunno"},
Packit 549fdc 
	{"for curve SECP521r1 (RFC4492)", test_ecdhe_secp521r1, "yes", "no", "dunno"},
Packit 549fdc 
	{"for curve X25519 (draft-ietf-tls-rfc4492bis-07)", test_ecdhe_x25519, "yes", "no", "dunno"},
Packit 549fdc 
	{"for AES-128-GCM cipher (RFC5288) support", test_aes_gcm, "yes", "no",
Packit 549fdc 
	 "dunno"},
Packit 549fdc 
	{"for AES-128-CCM cipher (RFC6655) support", test_aes_ccm, "yes", "no",
Packit 549fdc 
	 "dunno"},
Packit 549fdc 
	{"for AES-128-CCM-8 cipher (RFC6655) support", test_aes_ccm_8, "yes", "no",
Packit 549fdc 
	 "dunno"},
Packit 549fdc 
	{"for AES-128-CBC cipher (RFC3268) support", test_aes, "yes", "no",
Packit 549fdc 
	 "dunno"},
Packit 549fdc 
	{"for CAMELLIA-128-GCM cipher (RFC6367) support", test_camellia_gcm, "yes", "no",
Packit 549fdc 
	 "dunno"},
Packit 549fdc 
	{"for CAMELLIA-128-CBC cipher (RFC5932) support", test_camellia_cbc, "yes", "no",
Packit 549fdc 
	 "dunno"},
Packit 549fdc 
	{"for 3DES-CBC cipher (RFC2246) support", test_3des, "yes", "no", "dunno"},
Packit 549fdc 
	{"for ARCFOUR 128 cipher (RFC2246) support", test_arcfour, "yes", "no",
Packit 549fdc 
	 "dunno"},
Packit 549fdc 
	{"for CHACHA20-POLY1305 cipher (RFC7905) support", test_chacha20, "yes", "no",
Packit 549fdc 
	 "dunno"},
Packit 549fdc 
	{"for MD5 MAC support", test_md5, "yes", "no", "dunno"},
Packit 549fdc 
	{"for SHA1 MAC support", test_sha, "yes", "no", "dunno"},
Packit 549fdc 
	{"for SHA256 MAC support", test_sha256, "yes", "no", "dunno"},
Packit 549fdc 
#ifdef HAVE_LIBZ
Packit 549fdc 
	{"for ZLIB compression support", test_zlib, "yes",
Packit 549fdc 
	 "no", "dunno"},
Packit 549fdc 
#endif
Packit 549fdc 
	{"for max record size (RFC6066) support", test_max_record_size, "yes",
Packit 549fdc 
	 "no", "dunno"},
Packit 549fdc 
#ifdef ENABLE_OCSP
Packit 549fdc 
	{"for OCSP status response (RFC6066) support", test_ocsp_status, "yes",
Packit 549fdc 
	 "no", "dunno"},
Packit 549fdc 
#endif
Packit 549fdc 
	{"for OpenPGP authentication (RFC6091) support", test_openpgp1,
Packit 549fdc 
	 "yes", "no", "dunno"},
Packit 549fdc 
	{NULL, NULL, NULL, NULL, NULL}
Packit 549fdc 
};
Packit 549fdc
Packit 549fdc 
const char *ip;
Packit 549fdc
Packit 549fdc 
gnutls_session_t init_tls_session(const char *host)
Packit 549fdc 
{
Packit 549fdc 
	gnutls_session_t state = NULL;
Packit 549fdc 
	gnutls_init(&state, GNUTLS_CLIENT | GNUTLS_NO_EXTENSIONS);
Packit 549fdc
Packit 549fdc 
	set_read_funcs(state);
Packit 549fdc 
	if (host && is_ip(host) == 0)
Packit 549fdc 
		gnutls_server_name_set(state, GNUTLS_NAME_DNS,
Packit 549fdc 
				       host, strlen(host));
Packit 549fdc
Packit 549fdc 
	return state;
Packit 549fdc 
}
Packit 549fdc
Packit 549fdc 
int do_handshake(socket_st * socket)
Packit 549fdc 
{
Packit 549fdc 
	return 0; /* we do it locally */
Packit 549fdc 
}
Packit 549fdc
Packit 549fdc 
int main(int argc, char **argv)
Packit 549fdc 
{
Packit 549fdc 
	int ret;
Packit 549fdc 
	int i;
Packit 549fdc 
	char portname[6];
Packit 549fdc 
	socket_st hd;
Packit 549fdc 
	char app_proto[32] = "";
Packit 549fdc
Packit 549fdc 
	cmd_parser(argc, argv);
Packit 549fdc
Packit 549fdc 
#ifndef _WIN32
Packit 549fdc 
	signal(SIGPIPE, SIG_IGN);
Packit 549fdc 
#endif
Packit 549fdc
Packit 549fdc 
	sockets_init();
Packit 549fdc
Packit 549fdc 
	if (gnutls_global_init() < 0) {
Packit 549fdc 
		fprintf(stderr, "global state initialization error\n");
Packit 549fdc 
		exit(1);
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	gnutls_global_set_log_function(tls_log_func);
Packit 549fdc 
	gnutls_global_set_log_level(debug);
Packit 549fdc
Packit 549fdc 
	/* get server name */
Packit 549fdc 
	snprintf(portname, sizeof(portname), "%d", port);
Packit 549fdc
Packit 549fdc 
	/* X509 stuff */
Packit 549fdc 
	if (gnutls_certificate_allocate_credentials(&xcred) < 0) {	/* space for 2 certificates */
Packit 549fdc 
		fprintf(stderr, "memory error\n");
Packit 549fdc 
		exit(1);
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	/* SRP stuff */
Packit 549fdc 
#ifdef ENABLE_SRP
Packit 549fdc 
	if (gnutls_srp_allocate_client_credentials(&srp_cred) < 0) {
Packit 549fdc 
		fprintf(stderr, "memory error\n");
Packit 549fdc 
		exit(1);
Packit 549fdc 
	}
Packit 549fdc 
#endif
Packit 549fdc
Packit 549fdc 
#ifdef ENABLE_ANON
Packit 549fdc 
	/* ANON stuff */
Packit 549fdc 
	if (gnutls_anon_allocate_client_credentials(&anon_cred) < 0) {
Packit 549fdc 
		fprintf(stderr, "memory error\n");
Packit 549fdc 
		exit(1);
Packit 549fdc 
	}
Packit 549fdc 
#endif
Packit 549fdc
Packit 549fdc 
	if (HAVE_OPT(STARTTLS_PROTO)) {
Packit 549fdc 
		snprintf(app_proto, sizeof(app_proto), "%s", OPT_ARG(STARTTLS_PROTO));
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	if (app_proto[0] == 0) {
Packit 549fdc 
		snprintf(app_proto, sizeof(app_proto), "%s", port_to_service(portname, "tcp"));
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	sockets_init();
Packit 549fdc
Packit 549fdc 
	i = 0;
Packit 549fdc
Packit 549fdc 
	printf("GnuTLS debug client %s\n", gnutls_check_version(NULL));
Packit 549fdc
Packit 549fdc 
	canonicalize_host(hostname, portname, sizeof(portname));
Packit 549fdc 
	printf("Checking %s:%s\n", hostname, portname);
Packit 549fdc 
	do {
Packit 549fdc
Packit 549fdc 
		if (tls_tests[i].test_name == NULL)
Packit 549fdc 
			break;	/* finished */
Packit 549fdc
Packit 549fdc 
		/* if neither of SSL3 and TLSv1 are supported, exit
Packit 549fdc 
		 */
Packit 549fdc 
		if (i > 10 && tls1_2_ok == 0 && tls1_1_ok == 0 && tls1_ok == 0
Packit 549fdc 
		    && ssl3_ok == 0) {
Packit 549fdc 
			fprintf(stderr,
Packit 549fdc 
				"\nServer does not support any of SSL 3.0, TLS 1.0 and TLS 1.1 and TLS 1.2\n");
Packit 549fdc 
			break;
Packit 549fdc 
		}
Packit 549fdc
Packit 549fdc 
		socket_open(&hd, hostname, portname, app_proto, SOCKET_FLAG_STARTTLS|SOCKET_FLAG_RAW, NULL, NULL);
Packit 549fdc 
		hd.verbose = verbose;
Packit 549fdc
Packit 549fdc 
		do {
Packit 549fdc 
			if (strcmp(app_proto, "https") != 0 && tls_tests[i].https_only != 0) {
Packit 549fdc 
				i++;
Packit 549fdc 
				break;
Packit 549fdc 
			}
Packit 549fdc
Packit 549fdc 
			ret = tls_tests[i].func(hd.session);
Packit 549fdc
Packit 549fdc 
			if (ret != TEST_IGNORE && ret != TEST_IGNORE2) {
Packit 549fdc 
				printf("%58s...", tls_tests[i].test_name);
Packit 549fdc 
				fflush(stdout);
Packit 549fdc 
			}
Packit 549fdc
Packit 549fdc 
			if (ret == TEST_SUCCEED) {
Packit 549fdc 
				if (tls_tests[i].suc_str == NULL)
Packit 549fdc 
					printf(" %s\n", ext_text);
Packit 549fdc 
				else
Packit 549fdc 
					printf(" %s\n", tls_tests[i].suc_str);
Packit 549fdc 
			} else if (ret == TEST_FAILED)
Packit 549fdc 
				printf(" %s\n", tls_tests[i].fail_str);
Packit 549fdc 
			else if (ret == TEST_UNSURE)
Packit 549fdc 
				printf(" %s\n", tls_tests[i].unsure_str);
Packit 549fdc 
			else if (ret == TEST_IGNORE) {
Packit 549fdc 
				if (tls_tests[i+1].test_name)
Packit 549fdc 
					i++;
Packit 549fdc 
				else
Packit 549fdc 
					break;
Packit 549fdc 
			}
Packit 549fdc 
		}
Packit 549fdc 
		while (ret == TEST_IGNORE
Packit 549fdc 
		       && tls_tests[i].test_name != NULL);
Packit 549fdc
Packit 549fdc 
		socket_bye(&hd, 1);
Packit 549fdc
Packit 549fdc 
		i++;
Packit 549fdc 
	}
Packit 549fdc 
	while (1);
Packit 549fdc
Packit 549fdc 
#ifdef ENABLE_SRP
Packit 549fdc 
	gnutls_srp_free_client_credentials(srp_cred);
Packit 549fdc 
#endif
Packit 549fdc 
	gnutls_certificate_free_credentials(xcred);
Packit 549fdc 
#ifdef ENABLE_ANON
Packit 549fdc 
	gnutls_anon_free_client_credentials(anon_cred);
Packit 549fdc 
#endif
Packit 549fdc 
	gnutls_global_deinit();
Packit 549fdc
Packit 549fdc 
	return 0;
Packit 549fdc 
}
Packit 549fdc
Packit 549fdc 
static void cmd_parser(int argc, char **argv)
Packit 549fdc 
{
Packit 549fdc 
	char *rest = NULL;
Packit 549fdc 
	static char lh[] = "localhost";
Packit 549fdc 
	int optct = optionProcess(&gnutls_cli_debugOptions, argc, argv);
Packit 549fdc 
	argc -= optct;
Packit 549fdc 
	argv += optct;
Packit 549fdc
Packit 549fdc 
	if (rest == NULL && argc > 0)
Packit 549fdc 
		rest = argv[0];
Packit 549fdc
Packit 549fdc 
	if (HAVE_OPT(PORT))
Packit 549fdc 
		port = OPT_VALUE_PORT;
Packit 549fdc 
	else {
Packit 549fdc 
		if (HAVE_OPT(STARTTLS_PROTO))
Packit 549fdc 
			port = starttls_proto_to_port(OPT_ARG(STARTTLS_PROTO));
Packit 549fdc 
		else
Packit 549fdc 
			port = 443;
Packit 549fdc 
	}
Packit 549fdc
Packit 549fdc 
	if (rest == NULL)
Packit 549fdc 
		hostname = lh;
Packit 549fdc 
	else
Packit 549fdc 
		hostname = rest;
Packit 549fdc
Packit 549fdc 
	if (HAVE_OPT(DEBUG))
Packit 549fdc 
		debug = OPT_VALUE_DEBUG;
Packit 549fdc
Packit 549fdc 
	if (HAVE_OPT(VERBOSE))
Packit 549fdc 
		verbose++;
Packit 549fdc
Packit 549fdc 
}

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation