|
Packit |
549fdc |
/*
|
|
Packit |
549fdc |
* Copyright (C) 2000-2012 Free Software Foundation, Inc.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* This file is part of GnuTLS.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* GnuTLS is free software: you can redistribute it and/or modify it
|
|
Packit |
549fdc |
* under the terms of the GNU General Public License as published by
|
|
Packit |
549fdc |
* the Free Software Foundation, either version 3 of the License, or
|
|
Packit |
549fdc |
* (at your option) any later version.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* GnuTLS is distributed in the hope that it will be useful, but
|
|
Packit |
549fdc |
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
549fdc |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
549fdc |
* General Public License for more details.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* You should have received a copy of the GNU General Public License
|
|
Packit |
549fdc |
* along with this program. If not, see
|
|
Packit |
549fdc |
* <http://www.gnu.org/licenses/>.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#include <config.h>
|
|
Packit |
549fdc |
#include <gnutls/gnutls.h>
|
|
Packit |
549fdc |
#include <gnutls/x509.h>
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#ifndef _WIN32
|
|
Packit |
549fdc |
#include <unistd.h>
|
|
Packit |
549fdc |
#include <signal.h>
|
|
Packit |
549fdc |
#else
|
|
Packit |
549fdc |
#include <errno.h>
|
|
Packit |
549fdc |
#endif
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#include <stdio.h>
|
|
Packit |
549fdc |
#include <stdlib.h>
|
|
Packit |
549fdc |
#include <string.h>
|
|
Packit |
549fdc |
#include <common.h>
|
|
Packit |
549fdc |
#include <tests.h>
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
void _gnutls_record_set_default_version(gnutls_session_t session,
|
|
Packit |
549fdc |
unsigned char major,
|
|
Packit |
549fdc |
unsigned char minor);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
void _gnutls_hello_set_default_version(gnutls_session_t session,
|
|
Packit |
549fdc |
unsigned char major,
|
|
Packit |
549fdc |
unsigned char minor);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
extern gnutls_srp_client_credentials_t srp_cred;
|
|
Packit |
549fdc |
extern gnutls_anon_client_credentials_t anon_cred;
|
|
Packit |
549fdc |
extern gnutls_certificate_credentials_t xcred;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
extern unsigned int verbose;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
const char *ext_text = "";
|
|
Packit |
549fdc |
int tls_ext_ok = 1;
|
|
Packit |
549fdc |
int tls1_ok = 0;
|
|
Packit |
549fdc |
int ssl3_ok = 0;
|
|
Packit |
549fdc |
int tls1_1_ok = 0;
|
|
Packit |
549fdc |
int tls1_2_ok = 0;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* keep session info */
|
|
Packit |
549fdc |
static char *session_data = NULL;
|
|
Packit |
549fdc |
static char session_id[32];
|
|
Packit |
549fdc |
static size_t session_data_size = 0, session_id_size = 0;
|
|
Packit |
549fdc |
static int sfree = 0;
|
|
Packit |
549fdc |
static int handshake_output = 0;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
static int do_handshake(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret, alert;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
do {
|
|
Packit |
549fdc |
ret = gnutls_handshake(session);
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
handshake_output = ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (ret < 0 && verbose > 1) {
|
|
Packit |
549fdc |
if (ret == GNUTLS_E_FATAL_ALERT_RECEIVED) {
|
|
Packit |
549fdc |
alert = gnutls_alert_get(session);
|
|
Packit |
549fdc |
printf("\n");
|
|
Packit |
549fdc |
printf("*** Received alert [%d]: %s\n",
|
|
Packit |
549fdc |
alert, gnutls_alert_get_name(alert));
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (ret < 0)
|
|
Packit |
549fdc |
return TEST_FAILED;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_session_get_data(session, NULL, &session_data_size);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (sfree != 0) {
|
|
Packit |
549fdc |
free(session_data);
|
|
Packit |
549fdc |
sfree = 0;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
session_data = malloc(session_data_size);
|
|
Packit |
549fdc |
sfree = 1;
|
|
Packit |
549fdc |
if (session_data == NULL) {
|
|
Packit |
549fdc |
fprintf(stderr, "Memory error\n");
|
|
Packit |
549fdc |
exit(1);
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
gnutls_session_get_data(session, session_data, &session_data_size);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
session_id_size = sizeof(session_id);
|
|
Packit |
549fdc |
gnutls_session_get_id(session, session_id, &session_id_size);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return TEST_SUCCEED;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
char protocol_str[] =
|
|
Packit |
549fdc |
"+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0";
|
|
Packit |
549fdc |
char protocol_all_str[] =
|
|
Packit |
549fdc |
"+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0";
|
|
Packit |
549fdc |
char prio_str[512] = "";
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#define ALL_CIPHERS "+AES-128-GCM:+CAMELLIA-128-GCM:+AES-128-CBC:+CAMELLIA-128-CBC:+3DES-CBC:+ARCFOUR-128"
|
|
Packit |
549fdc |
#define BLOCK_CIPHERS "+3DES-CBC:+AES-128-CBC:+CAMELLIA-128-CBC"
|
|
Packit |
549fdc |
#define ALL_COMP "+COMP-NULL"
|
|
Packit |
549fdc |
#define ALL_MACS "+SHA1:+MD5:+AEAD"
|
|
Packit |
549fdc |
#define ALL_CERTTYPES "+CTYPE-X509"
|
|
Packit |
549fdc |
#define ALL_KX "+RSA:+DHE-RSA:+DHE-DSS:+ANON-DH:+ECDHE-RSA:+ECDHE-ECDSA:+ANON-ECDH"
|
|
Packit |
549fdc |
#define INIT_STR "NONE:"
|
|
Packit |
549fdc |
char rest[128] = "%UNSAFE_RENEGOTIATION:+SIGN-ALL:+CURVE-ALL";
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
static inline void
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(gnutls_session_t session, const char *str)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
const char *err;
|
|
Packit |
549fdc |
int ret = gnutls_priority_set_direct(session, str, &err;;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (ret < 0) {
|
|
Packit |
549fdc |
fprintf(stderr, "Error with string %s\n", str);
|
|
Packit |
549fdc |
fprintf(stderr, "Error at %s: %s\n", err,
|
|
Packit |
549fdc |
gnutls_strerror(ret));
|
|
Packit |
549fdc |
exit(1);
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_server(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret, i = 0;
|
|
Packit |
549fdc |
static char buf[5 * 1024];
|
|
Packit |
549fdc |
char *p;
|
|
Packit |
549fdc |
const char snd_buf[] = "GET / HTTP/1.0\r\n\r\n";
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
buf[sizeof(buf) - 1] = 0;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str, INIT_STR
|
|
Packit |
549fdc |
ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
|
|
Packit |
549fdc |
":" ALL_KX ":" "%s", protocol_str, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
if (ret != TEST_SUCCEED)
|
|
Packit |
549fdc |
return TEST_FAILED;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_record_send(session, snd_buf, sizeof(snd_buf) - 1);
|
|
Packit |
549fdc |
ret = gnutls_record_recv(session, buf, sizeof(buf) - 1);
|
|
Packit |
549fdc |
if (ret < 0)
|
|
Packit |
549fdc |
return TEST_FAILED;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ext_text = "unknown";
|
|
Packit |
549fdc |
p = strstr(buf, "Server:");
|
|
Packit |
549fdc |
if (p != NULL) {
|
|
Packit |
549fdc |
p+=7;
|
|
Packit |
549fdc |
if (*p == ' ') p++;
|
|
Packit |
549fdc |
ext_text = p;
|
|
Packit |
549fdc |
while (*p != 0 && *p != '\r' && *p != '\n') {
|
|
Packit |
549fdc |
p++;
|
|
Packit |
549fdc |
i++;
|
|
Packit |
549fdc |
if (i > 128)
|
|
Packit |
549fdc |
break;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
*p = 0;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return TEST_SUCCEED;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
static gnutls_datum_t pubkey = { NULL, 0 };
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_dhe(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
#ifdef ENABLE_DHE
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str, INIT_STR
|
|
Packit |
549fdc |
ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
|
|
Packit |
549fdc |
":+DHE-RSA:+DHE-DSS:%s", protocol_str, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_dh_get_pubkey(session, &pubkey);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
#endif
|
|
Packit |
549fdc |
return TEST_IGNORE;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_rfc7919(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
#ifdef ENABLE_DHE
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str, INIT_STR
|
|
Packit |
549fdc |
ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
|
|
Packit |
549fdc |
":+DHE-RSA:+DHE-DSS:+GROUP-ALL:%s", protocol_str, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (ret != TEST_FAILED && (gnutls_session_get_flags(session) & GNUTLS_SFLAGS_RFC7919))
|
|
Packit |
549fdc |
return TEST_SUCCEED;
|
|
Packit |
549fdc |
else
|
|
Packit |
549fdc |
return TEST_FAILED;
|
|
Packit |
549fdc |
#endif
|
|
Packit |
549fdc |
return TEST_IGNORE;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_ecdhe(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (tls_ext_ok == 0)
|
|
Packit |
549fdc |
return TEST_IGNORE;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str, INIT_STR
|
|
Packit |
549fdc |
ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
|
|
Packit |
549fdc |
":+ECDHE-RSA:+ECDHE-ECDSA:+CURVE-ALL:%s", protocol_all_str,
|
|
Packit |
549fdc |
rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (ret < 0)
|
|
Packit |
549fdc |
return TEST_FAILED;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
static
|
|
Packit |
549fdc |
test_code_t test_ecdhe_curve(gnutls_session_t session, const char *curve, unsigned id)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (tls_ext_ok == 0)
|
|
Packit |
549fdc |
return TEST_IGNORE;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* We always enable all the curves but set our selected as first. That is
|
|
Packit |
549fdc |
* because list of curves may be also used by the server to select a cert. */
|
|
Packit |
549fdc |
sprintf(prio_str, INIT_STR
|
|
Packit |
549fdc |
ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
|
|
Packit |
549fdc |
":+ECDHE-RSA:+ECDHE-ECDSA:%s:%s", protocol_all_str, curve, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (ret < 0)
|
|
Packit |
549fdc |
return TEST_FAILED;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (gnutls_ecc_curve_get(session) != id)
|
|
Packit |
549fdc |
return TEST_FAILED;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return TEST_SUCCEED;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_ecdhe_secp256r1(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
return test_ecdhe_curve(session, "+CURVE-SECP256R1", GNUTLS_ECC_CURVE_SECP256R1);
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_ecdhe_secp384r1(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
return test_ecdhe_curve(session, "+CURVE-SECP384R1", GNUTLS_ECC_CURVE_SECP384R1);
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_ecdhe_secp521r1(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
return test_ecdhe_curve(session, "+CURVE-SECP521R1", GNUTLS_ECC_CURVE_SECP521R1);
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_ecdhe_x25519(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
return test_ecdhe_curve(session, "+CURVE-X25519", GNUTLS_ECC_CURVE_X25519);
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_rfc7507(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
const char *pstr = NULL;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (tls1_2_ok && tls1_1_ok)
|
|
Packit |
549fdc |
pstr = "-VERS-TLS-ALL:+VERS-TLS1.1:%FALLBACK_SCSV";
|
|
Packit |
549fdc |
else if (tls1_1_ok && tls1_ok)
|
|
Packit |
549fdc |
pstr = "-VERS-TLS-ALL:+VERS-TLS1.0:%FALLBACK_SCSV";
|
|
Packit |
549fdc |
else if (tls1_ok && ssl3_ok)
|
|
Packit |
549fdc |
pstr = "-VERS-TLS-ALL:+VERS-SSL3.0:%FALLBACK_SCSV";
|
|
Packit |
549fdc |
else
|
|
Packit |
549fdc |
return TEST_IGNORE;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str, INIT_STR
|
|
Packit |
549fdc |
ALL_CIPHERS ":" ALL_COMP ":%s:" ALL_MACS
|
|
Packit |
549fdc |
":"ALL_KX":%s", pstr, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
if (ret < 0)
|
|
Packit |
549fdc |
return TEST_IGNORE2;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (handshake_output < 0)
|
|
Packit |
549fdc |
return TEST_SUCCEED;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return TEST_FAILED;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_safe_renegotiation(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (tls_ext_ok == 0)
|
|
Packit |
549fdc |
return TEST_IGNORE;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str, INIT_STR
|
|
Packit |
549fdc |
ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
|
|
Packit |
549fdc |
":" ALL_KX ":%s:%%SAFE_RENEGOTIATION", rest, protocol_str);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#ifdef ENABLE_OCSP
|
|
Packit |
549fdc |
test_code_t test_ocsp_status(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
gnutls_datum_t resp;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (tls_ext_ok == 0)
|
|
Packit |
549fdc |
return TEST_IGNORE;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str, INIT_STR
|
|
Packit |
549fdc |
ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
|
|
Packit |
549fdc |
":" ALL_KX":%s", protocol_str, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_ocsp_status_request_enable_client(session, NULL, 0, NULL);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (ret < 0)
|
|
Packit |
549fdc |
return TEST_FAILED;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = gnutls_ocsp_status_request_get(session, &resp);
|
|
Packit |
549fdc |
if (ret == 0)
|
|
Packit |
549fdc |
return TEST_SUCCEED;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return TEST_FAILED;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#endif
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_ext_master_secret(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (tls_ext_ok == 0)
|
|
Packit |
549fdc |
return TEST_IGNORE;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str, INIT_STR
|
|
Packit |
549fdc |
ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
|
|
Packit |
549fdc |
":%s:" ALL_KX, rest, protocol_str);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (ret < 0)
|
|
Packit |
549fdc |
return TEST_FAILED;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (gnutls_session_ext_master_secret_status(session) != 0)
|
|
Packit |
549fdc |
return TEST_SUCCEED;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return TEST_FAILED;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_etm(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (tls_ext_ok == 0)
|
|
Packit |
549fdc |
return TEST_IGNORE;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str, INIT_STR
|
|
Packit |
549fdc |
ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
|
|
Packit |
549fdc |
":%s:" ALL_KX, rest, protocol_str);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (ret < 0)
|
|
Packit |
549fdc |
return TEST_FAILED;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (gnutls_session_etm_status(session) != 0)
|
|
Packit |
549fdc |
return TEST_SUCCEED;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return TEST_FAILED;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_safe_renegotiation_scsv(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (ssl3_ok == 0)
|
|
Packit |
549fdc |
return TEST_IGNORE;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str, INIT_STR
|
|
Packit |
549fdc |
ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":+VERS-SSL3.0:"
|
|
Packit |
549fdc |
ALL_MACS ":" ALL_KX ":%%SAFE_RENEGOTIATION");
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_dhe_group(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret, ret2;
|
|
Packit |
549fdc |
gnutls_datum_t gen, prime, pubkey2;
|
|
Packit |
549fdc |
const char *print;
|
|
Packit |
549fdc |
FILE *fp;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
(void)remove("debug-dh.out");
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (verbose == 0 || pubkey.data == NULL)
|
|
Packit |
549fdc |
return TEST_IGNORE;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str, INIT_STR
|
|
Packit |
549fdc |
ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
|
|
Packit |
549fdc |
":+DHE-RSA:+DHE-DSS:%s", protocol_str, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret2 = gnutls_dh_get_group(session, &gen, &prime);
|
|
Packit |
549fdc |
if (ret2 >= 0) {
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
fp = fopen("debug-dh.out", "w");
|
|
Packit |
549fdc |
if (fp == NULL)
|
|
Packit |
549fdc |
return TEST_FAILED;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ext_text = "saved in debug-dh.out";
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
print = raw_to_string(gen.data, gen.size);
|
|
Packit |
549fdc |
if (print) {
|
|
Packit |
549fdc |
fprintf(fp, " Generator [%d bits]: %s\n", gen.size * 8,
|
|
Packit |
549fdc |
print);
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
print = raw_to_string(prime.data, prime.size);
|
|
Packit |
549fdc |
if (print) {
|
|
Packit |
549fdc |
fprintf(fp, " Prime [%d bits]: %s\n", prime.size * 8,
|
|
Packit |
549fdc |
print);
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_dh_get_pubkey(session, &pubkey2);
|
|
Packit |
549fdc |
print = raw_to_string(pubkey2.data, pubkey2.size);
|
|
Packit |
549fdc |
if (print) {
|
|
Packit |
549fdc |
fprintf(fp, " Pubkey [%d bits]: %s\n", pubkey2.size * 8,
|
|
Packit |
549fdc |
print);
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (pubkey2.data && pubkey2.size == pubkey.size &&
|
|
Packit |
549fdc |
memcmp(pubkey.data, pubkey2.data, pubkey.size) == 0) {
|
|
Packit |
549fdc |
fprintf
|
|
Packit |
549fdc |
(fp, " (public key seems to be static among sessions)\n");
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
/* save the PKCS #3 params */
|
|
Packit |
549fdc |
gnutls_dh_params_t dhp;
|
|
Packit |
549fdc |
gnutls_datum_t p3;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret2 = gnutls_dh_params_init(&dhp;;
|
|
Packit |
549fdc |
if (ret2 < 0)
|
|
Packit |
549fdc |
return TEST_FAILED;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret2 = gnutls_dh_params_import_raw(dhp, &prime, &gen;;
|
|
Packit |
549fdc |
if (ret2 < 0)
|
|
Packit |
549fdc |
return TEST_FAILED;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret2 = gnutls_dh_params_export2_pkcs3(dhp, GNUTLS_X509_FMT_PEM, &p3;;
|
|
Packit |
549fdc |
if (ret2 < 0)
|
|
Packit |
549fdc |
return TEST_FAILED;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
fprintf(fp, "\n%s\n", p3.data);
|
|
Packit |
549fdc |
gnutls_free(p3.data);
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
fclose(fp);
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_ssl3(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
sprintf(prio_str, INIT_STR
|
|
Packit |
549fdc |
ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":+VERS-SSL3.0:"
|
|
Packit |
549fdc |
ALL_MACS ":" ALL_KX ":%s", rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
if (ret == TEST_SUCCEED)
|
|
Packit |
549fdc |
ssl3_ok = 1;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
static int alrm = 0;
|
|
Packit |
549fdc |
static void got_alarm(int k)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
alrm = 1;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_bye(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
char data[20];
|
|
Packit |
549fdc |
int secs = 6;
|
|
Packit |
549fdc |
#ifndef _WIN32
|
|
Packit |
549fdc |
int old;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
signal(SIGALRM, got_alarm);
|
|
Packit |
549fdc |
#endif
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str, INIT_STR
|
|
Packit |
549fdc |
ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
|
|
Packit |
549fdc |
":" ALL_KX ":%s", protocol_str, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
if (ret == TEST_FAILED)
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = gnutls_bye(session, GNUTLS_SHUT_WR);
|
|
Packit |
549fdc |
if (ret < 0)
|
|
Packit |
549fdc |
return TEST_FAILED;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#ifndef _WIN32
|
|
Packit |
549fdc |
old = siginterrupt(SIGALRM, 1);
|
|
Packit |
549fdc |
alarm(secs);
|
|
Packit |
549fdc |
#else
|
|
Packit |
549fdc |
setsockopt((int) gnutls_transport_get_ptr(session), SOL_SOCKET,
|
|
Packit |
549fdc |
SO_RCVTIMEO, (char *) &secs, sizeof(int));
|
|
Packit |
549fdc |
#endif
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
do {
|
|
Packit |
549fdc |
ret = gnutls_record_recv(session, data, sizeof(data));
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
while (ret > 0);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#ifndef _WIN32
|
|
Packit |
549fdc |
siginterrupt(SIGALRM, old);
|
|
Packit |
549fdc |
#else
|
|
Packit |
549fdc |
if (WSAGetLastError() == WSAETIMEDOUT ||
|
|
Packit |
549fdc |
WSAGetLastError() == WSAECONNABORTED)
|
|
Packit |
549fdc |
alrm = 1;
|
|
Packit |
549fdc |
#endif
|
|
Packit |
549fdc |
if (ret == 0)
|
|
Packit |
549fdc |
return TEST_SUCCEED;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (alrm == 0)
|
|
Packit |
549fdc |
return TEST_UNSURE;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return TEST_FAILED;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_aes(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str, INIT_STR
|
|
Packit |
549fdc |
"+AES-128-CBC:" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
|
|
Packit |
549fdc |
":" ALL_KX ":%s", protocol_str, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_aes_gcm(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str, INIT_STR
|
|
Packit |
549fdc |
"+AES-128-GCM:+AES-256-GCM:" ALL_COMP ":"
|
|
Packit |
549fdc |
ALL_CERTTYPES ":%s:" ALL_MACS ":" ALL_KX ":%s",
|
|
Packit |
549fdc |
protocol_all_str, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_aes_ccm(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str, INIT_STR
|
|
Packit |
549fdc |
"+AES-128-CCM:+AES-256-CCM:" ALL_COMP ":"
|
|
Packit |
549fdc |
ALL_CERTTYPES ":%s:" ALL_MACS ":" ALL_KX ":%s",
|
|
Packit |
549fdc |
protocol_all_str, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_aes_ccm_8(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str, INIT_STR
|
|
Packit |
549fdc |
"+AES-128-CCM-8:+AES-256-CCM-8:" ALL_COMP ":"
|
|
Packit |
549fdc |
ALL_CERTTYPES ":%s:" ALL_MACS ":" ALL_KX ":%s",
|
|
Packit |
549fdc |
protocol_all_str, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_camellia_cbc(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (gnutls_fips140_mode_enabled())
|
|
Packit |
549fdc |
return TEST_IGNORE;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str,
|
|
Packit |
549fdc |
INIT_STR "+CAMELLIA-128-CBC:" ALL_COMP ":" ALL_CERTTYPES
|
|
Packit |
549fdc |
":%s:" ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_camellia_gcm(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (gnutls_fips140_mode_enabled())
|
|
Packit |
549fdc |
return TEST_IGNORE;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str,
|
|
Packit |
549fdc |
INIT_STR "+CAMELLIA-128-GCM:" ALL_COMP ":" ALL_CERTTYPES
|
|
Packit |
549fdc |
":%s:" ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_openpgp1(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (tls_ext_ok == 0)
|
|
Packit |
549fdc |
return TEST_IGNORE;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str,
|
|
Packit |
549fdc |
INIT_STR ALL_CIPHERS ":" ALL_COMP ":+CTYPE-OPENPGP:%s:"
|
|
Packit |
549fdc |
ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
if (ret == TEST_FAILED)
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (gnutls_certificate_type_get(session) == GNUTLS_CRT_OPENPGP)
|
|
Packit |
549fdc |
return TEST_SUCCEED;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return TEST_FAILED;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_unknown_ciphersuites(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str,
|
|
Packit |
549fdc |
INIT_STR "+AES-128-CBC:" ALL_CIPHERS ":" ALL_COMP ":"
|
|
Packit |
549fdc |
ALL_CERTTYPES ":%s:" ALL_MACS ":" ALL_KX ":%s",
|
|
Packit |
549fdc |
protocol_str, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_md5(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (gnutls_fips140_mode_enabled())
|
|
Packit |
549fdc |
return TEST_IGNORE;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str,
|
|
Packit |
549fdc |
INIT_STR "+AES-128-CBC:" ALL_CIPHERS ":" ALL_COMP ":"
|
|
Packit |
549fdc |
ALL_CERTTYPES ":%s:+MD5:" ALL_KX ":%s", protocol_str,
|
|
Packit |
549fdc |
rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#ifdef HAVE_LIBZ
|
|
Packit |
549fdc |
test_code_t test_zlib(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str,
|
|
Packit |
549fdc |
INIT_STR ALL_CIPHERS ":+COMP-DEFLATE:" ALL_CERTTYPES ":%s:"
|
|
Packit |
549fdc |
ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
#endif
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_sha(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str,
|
|
Packit |
549fdc |
INIT_STR "+AES-128-CBC:" ALL_CIPHERS ":" ALL_COMP ":"
|
|
Packit |
549fdc |
ALL_CERTTYPES ":%s:+SHA1:" ALL_KX ":%s", protocol_str,
|
|
Packit |
549fdc |
rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_sha256(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str,
|
|
Packit |
549fdc |
INIT_STR "+AES-128-CBC:" ALL_CIPHERS ":" ALL_COMP ":"
|
|
Packit |
549fdc |
ALL_CERTTYPES ":%s:+SHA256:" ALL_KX ":%s",
|
|
Packit |
549fdc |
protocol_all_str, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_3des(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str,
|
|
Packit |
549fdc |
INIT_STR "+3DES-CBC:" ALL_COMP ":" ALL_CERTTYPES ":%s:"
|
|
Packit |
549fdc |
ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_arcfour(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (gnutls_fips140_mode_enabled())
|
|
Packit |
549fdc |
return TEST_IGNORE;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str,
|
|
Packit |
549fdc |
INIT_STR "+ARCFOUR-128:" ALL_COMP ":" ALL_CERTTYPES ":%s:"
|
|
Packit |
549fdc |
ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_chacha20(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (gnutls_fips140_mode_enabled())
|
|
Packit |
549fdc |
return TEST_IGNORE;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str,
|
|
Packit |
549fdc |
INIT_STR "+CHACHA20-POLY1305:" ALL_COMP ":" ALL_CERTTYPES ":%s:"
|
|
Packit |
549fdc |
ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_tls1(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str,
|
|
Packit |
549fdc |
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
|
|
Packit |
549fdc |
":+VERS-TLS1.0:%%SSL3_RECORD_VERSION:" ALL_MACS ":" ALL_KX ":%s", rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
if (ret == TEST_SUCCEED)
|
|
Packit |
549fdc |
tls1_ok = 1;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_tls1_nossl3(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (tls1_ok != 0)
|
|
Packit |
549fdc |
return TEST_IGNORE;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str,
|
|
Packit |
549fdc |
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
|
|
Packit |
549fdc |
":+VERS-TLS1.0:%%LATEST_RECORD_VERSION:" ALL_MACS ":" ALL_KX ":%s", rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
if (ret == TEST_SUCCEED) {
|
|
Packit |
549fdc |
strcat(rest, ":%LATEST_RECORD_VERSION");
|
|
Packit |
549fdc |
tls1_ok = 1;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_record_padding(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str,
|
|
Packit |
549fdc |
INIT_STR BLOCK_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
|
|
Packit |
549fdc |
":+VERS-TLS-ALL:-VERS-SSL3.0:" ALL_MACS ":" ALL_KX ":%s", rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
if (ret == TEST_SUCCEED) {
|
|
Packit |
549fdc |
tls1_ok = 1;
|
|
Packit |
549fdc |
} else {
|
|
Packit |
549fdc |
strcat(rest, ":%COMPAT");
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_no_extensions(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str,
|
|
Packit |
549fdc |
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
|
|
Packit |
549fdc |
ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
gnutls_record_set_max_size(session, 4096);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
if (ret == TEST_SUCCEED) {
|
|
Packit |
549fdc |
tls_ext_ok = 1;
|
|
Packit |
549fdc |
} else {
|
|
Packit |
549fdc |
tls_ext_ok = 0;
|
|
Packit |
549fdc |
strcat(rest, ":%NO_EXTENSIONS");
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_tls1_2(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str,
|
|
Packit |
549fdc |
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
|
|
Packit |
549fdc |
":+VERS-TLS1.2:" ALL_MACS ":" ALL_KX ":%s", rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
if (ret == TEST_SUCCEED)
|
|
Packit |
549fdc |
tls1_2_ok = 1;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_tls1_1(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str,
|
|
Packit |
549fdc |
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
|
|
Packit |
549fdc |
":+VERS-TLS1.1:" ALL_MACS ":" ALL_KX ":%s", rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
if (ret == TEST_SUCCEED)
|
|
Packit |
549fdc |
tls1_1_ok = 1;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_tls1_1_fallback(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
if (tls1_1_ok)
|
|
Packit |
549fdc |
return TEST_IGNORE;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str,
|
|
Packit |
549fdc |
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
|
|
Packit |
549fdc |
":+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:" ALL_MACS ":"
|
|
Packit |
549fdc |
ALL_KX ":%s", rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
if (ret != TEST_SUCCEED)
|
|
Packit |
549fdc |
return TEST_FAILED;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (gnutls_protocol_get_version(session) == GNUTLS_TLS1)
|
|
Packit |
549fdc |
return TEST_SUCCEED;
|
|
Packit |
549fdc |
else if (gnutls_protocol_get_version(session) == GNUTLS_SSL3)
|
|
Packit |
549fdc |
return TEST_UNSURE;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return TEST_FAILED;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_tls1_6_fallback(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* we remove RSA as there is a version check in the key exchange
|
|
Packit |
549fdc |
* message we do not properly set in this test */
|
|
Packit |
549fdc |
sprintf(prio_str,
|
|
Packit |
549fdc |
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
|
|
Packit |
549fdc |
":+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:" ALL_MACS ":"
|
|
Packit |
549fdc |
ALL_KX ":-RSA:%s", rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
_gnutls_hello_set_default_version(session, 3, 7);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
if (ret != TEST_SUCCEED)
|
|
Packit |
549fdc |
return TEST_FAILED;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ext_text = gnutls_protocol_get_name(gnutls_protocol_get_version(session));
|
|
Packit |
549fdc |
return TEST_SUCCEED;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* Advertize both TLS 1.0 and SSL 3.0. If the connection fails,
|
|
Packit |
549fdc |
* but the previous SSL 3.0 test succeeded then disable TLS 1.0.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
test_code_t test_tls_disable0(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
if (tls1_ok != 0)
|
|
Packit |
549fdc |
return TEST_IGNORE;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str,
|
|
Packit |
549fdc |
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
|
|
Packit |
549fdc |
ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
if (ret == TEST_FAILED) {
|
|
Packit |
549fdc |
/* disable TLS 1.0 */
|
|
Packit |
549fdc |
if (ssl3_ok != 0) {
|
|
Packit |
549fdc |
strcpy(protocol_str, "+VERS-SSL3.0");
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_tls_disable1(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (tls1_1_ok != 0)
|
|
Packit |
549fdc |
return TEST_IGNORE;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str,
|
|
Packit |
549fdc |
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
|
|
Packit |
549fdc |
ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
if (ret == TEST_FAILED) {
|
|
Packit |
549fdc |
/* disable TLS 1.1 */
|
|
Packit |
549fdc |
snprintf(protocol_str, sizeof(protocol_str), "+VERS-TLS1.0:+VERS-SSL3.0");
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_tls_disable2(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (tls1_2_ok != 0)
|
|
Packit |
549fdc |
return TEST_IGNORE;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str,
|
|
Packit |
549fdc |
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
|
|
Packit |
549fdc |
ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
if (ret == TEST_FAILED) {
|
|
Packit |
549fdc |
/* disable TLS 1.2 */
|
|
Packit |
549fdc |
snprintf(protocol_str, sizeof(protocol_str), "+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0");
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_rsa_pms(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* here we enable both SSL 3.0 and TLS 1.0
|
|
Packit |
549fdc |
* and try to connect and use rsa authentication.
|
|
Packit |
549fdc |
* If the server is old, buggy and only supports
|
|
Packit |
549fdc |
* SSL 3.0 then the handshake will fail.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
sprintf(prio_str,
|
|
Packit |
549fdc |
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
|
|
Packit |
549fdc |
ALL_MACS ":+RSA:%s", protocol_str, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
if (ret == TEST_FAILED)
|
|
Packit |
549fdc |
return TEST_FAILED;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (gnutls_protocol_get_version(session) == GNUTLS_TLS1)
|
|
Packit |
549fdc |
return TEST_SUCCEED;
|
|
Packit |
549fdc |
return TEST_UNSURE;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_max_record_size(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (tls_ext_ok == 0)
|
|
Packit |
549fdc |
return TEST_IGNORE;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str,
|
|
Packit |
549fdc |
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
|
|
Packit |
549fdc |
ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
gnutls_record_set_max_size(session, 512);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
if (ret == TEST_FAILED)
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = gnutls_record_get_max_size(session);
|
|
Packit |
549fdc |
if (ret == 512)
|
|
Packit |
549fdc |
return TEST_SUCCEED;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return TEST_FAILED;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_heartbeat_extension(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
if (tls_ext_ok == 0)
|
|
Packit |
549fdc |
return TEST_IGNORE;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str,
|
|
Packit |
549fdc |
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
|
|
Packit |
549fdc |
ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
gnutls_record_set_max_size(session, 4096);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_heartbeat_enable(session, GNUTLS_HB_PEER_ALLOWED_TO_SEND);
|
|
Packit |
549fdc |
do_handshake(session);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
switch (gnutls_heartbeat_allowed(session, GNUTLS_HB_LOCAL_ALLOWED_TO_SEND)) {
|
|
Packit |
549fdc |
case 0:
|
|
Packit |
549fdc |
return TEST_FAILED;
|
|
Packit |
549fdc |
default:
|
|
Packit |
549fdc |
return TEST_SUCCEED;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_small_records(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str,
|
|
Packit |
549fdc |
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
|
|
Packit |
549fdc |
ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
gnutls_record_set_max_size(session, 512);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_version_rollback(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
if (tls1_ok == 0)
|
|
Packit |
549fdc |
return TEST_IGNORE;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* here we enable both SSL 3.0 and TLS 1.0
|
|
Packit |
549fdc |
* and we connect using a 3.1 client hello version,
|
|
Packit |
549fdc |
* and a 3.0 record version. Some implementations
|
|
Packit |
549fdc |
* are buggy (and vulnerable to man in the middle
|
|
Packit |
549fdc |
* attacks which allow a version downgrade) and this
|
|
Packit |
549fdc |
* connection will fail.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
sprintf(prio_str,
|
|
Packit |
549fdc |
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
|
|
Packit |
549fdc |
ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
_gnutls_record_set_default_version(session, 3, 0);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
if (ret != TEST_SUCCEED)
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (tls1_ok != 0
|
|
Packit |
549fdc |
&& gnutls_protocol_get_version(session) == GNUTLS_SSL3)
|
|
Packit |
549fdc |
return TEST_FAILED;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return TEST_SUCCEED;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* See if the server tolerates out of bounds
|
|
Packit |
549fdc |
* record layer versions in the first client hello
|
|
Packit |
549fdc |
* message.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
test_code_t test_version_oob(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
/* here we enable both SSL 3.0 and TLS 1.0
|
|
Packit |
549fdc |
* and we connect using a 5.5 record version.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
sprintf(prio_str,
|
|
Packit |
549fdc |
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
|
|
Packit |
549fdc |
ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
_gnutls_record_set_default_version(session, 5, 5);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
void _gnutls_rsa_pms_set_version(gnutls_session_t session,
|
|
Packit |
549fdc |
unsigned char major, unsigned char minor);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_rsa_pms_version_check(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
/* here we use an arbitary version in the RSA PMS
|
|
Packit |
549fdc |
* to see whether to server will check this version.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* A normal server would abort this handshake.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
sprintf(prio_str,
|
|
Packit |
549fdc |
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
|
|
Packit |
549fdc |
ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
_gnutls_rsa_pms_set_version(session, 5, 5); /* use SSL 5.5 version */
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#ifdef ENABLE_ANON
|
|
Packit |
549fdc |
test_code_t test_anonymous(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str,
|
|
Packit |
549fdc |
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
|
|
Packit |
549fdc |
ALL_MACS ":+ANON-DH:+ANON-ECDH:+CURVE-ALL:%s",
|
|
Packit |
549fdc |
protocol_str, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_ANON, anon_cred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (ret == TEST_SUCCEED)
|
|
Packit |
549fdc |
gnutls_dh_get_pubkey(session, &pubkey);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
#endif
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_session_resume2(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
char tmp_session_id[32];
|
|
Packit |
549fdc |
size_t tmp_session_id_size;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (session == NULL)
|
|
Packit |
549fdc |
return TEST_IGNORE;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str,
|
|
Packit |
549fdc |
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
|
|
Packit |
549fdc |
ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_ANON, anon_cred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_session_set_data(session, session_data, session_data_size);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
memcpy(tmp_session_id, session_id, session_id_size);
|
|
Packit |
549fdc |
tmp_session_id_size = session_id_size;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
if (ret == TEST_FAILED)
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* check if we actually resumed the previous session */
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
session_id_size = sizeof(session_id);
|
|
Packit |
549fdc |
gnutls_session_get_id(session, session_id, &session_id_size);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (session_id_size == 0)
|
|
Packit |
549fdc |
return TEST_FAILED;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (gnutls_session_is_resumed(session))
|
|
Packit |
549fdc |
return TEST_SUCCEED;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (tmp_session_id_size == session_id_size &&
|
|
Packit |
549fdc |
memcmp(tmp_session_id, session_id, tmp_session_id_size) == 0)
|
|
Packit |
549fdc |
return TEST_SUCCEED;
|
|
Packit |
549fdc |
else
|
|
Packit |
549fdc |
return TEST_FAILED;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
extern char *hostname;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_certificate(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
FILE *fp;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
(void)remove("debug-certs.out");
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (verbose == 0)
|
|
Packit |
549fdc |
return TEST_IGNORE;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str,
|
|
Packit |
549fdc |
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
|
|
Packit |
549fdc |
ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
if (ret == TEST_FAILED)
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
fp = fopen("debug-certs.out", "w");
|
|
Packit |
549fdc |
if (fp != NULL) {
|
|
Packit |
549fdc |
fprintf(fp, "\n");
|
|
Packit |
549fdc |
print_cert_info2(session, GNUTLS_CRT_PRINT_FULL, fp, verbose);
|
|
Packit |
549fdc |
fclose(fp);
|
|
Packit |
549fdc |
ext_text = "saved in debug-certs.out";
|
|
Packit |
549fdc |
return TEST_SUCCEED;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
return TEST_FAILED;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
test_code_t test_chain_order(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
const gnutls_datum_t *cert_list;
|
|
Packit |
549fdc |
unsigned int cert_list_size = 0;
|
|
Packit |
549fdc |
unsigned int i;
|
|
Packit |
549fdc |
unsigned p_size;
|
|
Packit |
549fdc |
gnutls_datum_t t;
|
|
Packit |
549fdc |
gnutls_x509_crt_t *certs;
|
|
Packit |
549fdc |
char *p, *pos;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str,
|
|
Packit |
549fdc |
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
|
|
Packit |
549fdc |
ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
if (ret == TEST_FAILED)
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (gnutls_certificate_type_get(session) != GNUTLS_CRT_X509)
|
|
Packit |
549fdc |
return TEST_IGNORE2;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
cert_list = gnutls_certificate_get_peers(session, &cert_list_size);
|
|
Packit |
549fdc |
if (cert_list_size == 0) {
|
|
Packit |
549fdc |
ext_text = "No certificates found!";
|
|
Packit |
549fdc |
return TEST_IGNORE2;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (cert_list_size == 1)
|
|
Packit |
549fdc |
return TEST_SUCCEED;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
p = 0;
|
|
Packit |
549fdc |
p_size = 0;
|
|
Packit |
549fdc |
pos = NULL;
|
|
Packit |
549fdc |
for (i=0;i
|
|
Packit |
549fdc |
t.data = NULL;
|
|
Packit |
549fdc |
ret = gnutls_pem_base64_encode_alloc("CERTIFICATE", &cert_list[i], &t);
|
|
Packit |
549fdc |
if (ret < 0) {
|
|
Packit |
549fdc |
free(p);
|
|
Packit |
549fdc |
return TEST_FAILED;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
p = realloc(p, p_size+t.size+1);
|
|
Packit |
549fdc |
pos = p + p_size;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
memcpy(pos, t.data, t.size);
|
|
Packit |
549fdc |
p_size += t.size;
|
|
Packit |
549fdc |
pos += t.size;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_free(t.data);
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
*pos = 0;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
t.size = p_size;
|
|
Packit |
549fdc |
t.data = (void*)p;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
p_size = 0;
|
|
Packit |
549fdc |
ret = gnutls_x509_crt_list_import2(&certs, &p_size, &t, GNUTLS_X509_FMT_PEM, GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED);
|
|
Packit |
549fdc |
if (ret < 0) {
|
|
Packit |
549fdc |
return TEST_FAILED;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
for (i=0;i
|
|
Packit |
549fdc |
gnutls_x509_crt_deinit(certs[i]);
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
gnutls_free(certs);
|
|
Packit |
549fdc |
free(p);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return TEST_SUCCEED;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* A callback function to be used at the certificate selection time.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
static int
|
|
Packit |
549fdc |
cert_callback(gnutls_session_t session,
|
|
Packit |
549fdc |
const gnutls_datum_t * req_ca_rdn, int nreqs,
|
|
Packit |
549fdc |
const gnutls_pk_algorithm_t * sign_algos,
|
|
Packit |
549fdc |
int sign_algos_length, gnutls_retr2_st * st)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
char issuer_dn[256];
|
|
Packit |
549fdc |
int i, ret;
|
|
Packit |
549fdc |
size_t len;
|
|
Packit |
549fdc |
FILE *fp;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (verbose == 0)
|
|
Packit |
549fdc |
return -1;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
fp = fopen("debug-cas.out", "w");
|
|
Packit |
549fdc |
if (fp == NULL)
|
|
Packit |
549fdc |
return -1;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* Print the server's trusted CAs
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
printf("\n");
|
|
Packit |
549fdc |
if (nreqs > 0)
|
|
Packit |
549fdc |
fprintf(fp, "- Server's trusted authorities:\n");
|
|
Packit |
549fdc |
else
|
|
Packit |
549fdc |
fprintf
|
|
Packit |
549fdc |
(fp, "- Server did not send us any trusted authorities names.\n");
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* print the names (if any) */
|
|
Packit |
549fdc |
for (i = 0; i < nreqs; i++) {
|
|
Packit |
549fdc |
len = sizeof(issuer_dn);
|
|
Packit |
549fdc |
ret = gnutls_x509_rdn_get(&req_ca_rdn[i], issuer_dn, &len;;
|
|
Packit |
549fdc |
if (ret >= 0) {
|
|
Packit |
549fdc |
fprintf(fp, " [%d]: ", i);
|
|
Packit |
549fdc |
fprintf(fp, "%s\n", issuer_dn);
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
fclose(fp);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return -1;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* Prints the trusted server's CAs. This is only
|
|
Packit |
549fdc |
* if the server sends a certificate request packet.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
test_code_t test_server_cas(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
int ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
(void)remove("debug-cas.out");
|
|
Packit |
549fdc |
if (verbose == 0)
|
|
Packit |
549fdc |
return TEST_IGNORE;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
sprintf(prio_str,
|
|
Packit |
549fdc |
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
|
|
Packit |
549fdc |
ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
|
|
Packit |
549fdc |
_gnutls_priority_set_direct(session, prio_str);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
|
|
Packit |
549fdc |
gnutls_certificate_set_retrieve_function(xcred, cert_callback);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ret = do_handshake(session);
|
|
Packit |
549fdc |
gnutls_certificate_set_retrieve_function(xcred, NULL);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (ret == TEST_FAILED)
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (access("debug-cas.out", R_OK) == 0)
|
|
Packit |
549fdc |
ext_text = "saved in debug-cas.out";
|
|
Packit |
549fdc |
else
|
|
Packit |
549fdc |
ext_text = "none";
|
|
Packit |
549fdc |
return TEST_SUCCEED;
|
|
Packit |
549fdc |
}
|