[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-155-ge972427
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-155-ge972427 |
|
Date: |
Thu, 11 Mar 2010 21:35:31 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=e9724276a47562bac049b1c98d3c9e31f639dd41
The branch, master has been updated
via e9724276a47562bac049b1c98d3c9e31f639dd41 (commit)
via 4f31d28f160a59fcf0e7db50ffc678e67d561324 (commit)
from fe2189bf85e8a5d494cd3ee63280aeeedd5503e5 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e9724276a47562bac049b1c98d3c9e31f639dd41
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Mar 11 22:34:36 2010 +0100
Added tests for safe renegotiation. Removed old tests for obsolete features
(lzo)
and tests that were not actually working (srp).
commit 4f31d28f160a59fcf0e7db50ffc678e67d561324
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Mar 11 22:33:29 2010 +0100
Extension generation in SSL 3.0 (as a reply to SCSV) is not using
common code with normal extension generation. Solve issue reported by
Tomas Mraz that caused SSL 3.0 renegotiation fail.
-----------------------------------------------------------------------
Summary of changes:
lib/gnutls_extensions.c | 7 +-
lib/gnutls_extensions.h | 2 +-
lib/gnutls_handshake.c | 99 +++------
lib/includes/gnutls/gnutls.h.in | 6 +-
src/tests.c | 511 ++++++++++++--------------------------
src/tests.h | 5 +-
src/tls_test.c | 11 +-
tests/safe-renegotiation/testsrn | 4 +
8 files changed, 206 insertions(+), 439 deletions(-)
diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c
index f330144..e27c776 100644
--- a/lib/gnutls_extensions.c
+++ b/lib/gnutls_extensions.c
@@ -210,7 +210,7 @@ _gnutls_extension_list_add (gnutls_session_t session,
uint16_t type)
int
_gnutls_gen_extensions (gnutls_session_t session, opaque * data,
- size_t data_size)
+ size_t data_size, gnutls_ext_parse_type_t parse_type)
{
int size;
uint16_t pos = 0;
@@ -241,6 +241,9 @@ _gnutls_gen_extensions (gnutls_session_t session, opaque *
data,
if (p->send_func == NULL)
continue;
+
+ if (parse_type != GNUTLS_EXT_ANY && p->parse_type != parse_type)
+ continue;
size = p->send_func (session, sdata, sdata_size);
if (size > 0 || size == GNUTLS_E_INT_RET_0)
@@ -327,7 +330,7 @@ _gnutls_ext_init (void)
ret = gnutls_ext_register (GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
"SAFE_RENEGOTIATION",
- GNUTLS_EXT_RESUMED,
+ GNUTLS_EXT_MANDATORY,
_gnutls_safe_renegotiation_recv_params,
_gnutls_safe_renegotiation_send_params);
if (ret != GNUTLS_E_SUCCESS)
diff --git a/lib/gnutls_extensions.h b/lib/gnutls_extensions.h
index 50cb2b9..3a4d532 100644
--- a/lib/gnutls_extensions.h
+++ b/lib/gnutls_extensions.h
@@ -27,7 +27,7 @@ int _gnutls_parse_extensions (gnutls_session_t session,
gnutls_ext_parse_type_t parse_type,
const opaque *data, int data_size);
int _gnutls_gen_extensions (gnutls_session_t session, opaque * data,
- size_t data_size);
+ size_t data_size, gnutls_ext_parse_type_t);
int _gnutls_ext_init (void);
void _gnutls_ext_deinit (void);
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 2ed4f5c..9fc17b3 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -472,7 +472,7 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque
* data,
DECR_LEN (len, comp_size);
pos += comp_size;
- ret = _gnutls_parse_extensions (session, GNUTLS_EXT_RESUMED,
+ ret = _gnutls_parse_extensions (session, GNUTLS_EXT_MANDATORY,
&data[pos], len);
if (ret < 0)
{
@@ -534,7 +534,7 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque
* data,
return ret;
}
- ret = _gnutls_parse_extensions (session, GNUTLS_EXT_RESUMED,
+ ret = _gnutls_parse_extensions (session, GNUTLS_EXT_MANDATORY,
&data[pos], len);
if (ret < 0)
{
@@ -1759,7 +1759,7 @@ _gnutls_read_server_hello (gnutls_session_t session,
pos += session_id_len + 2 + 1;
DECR_LEN (len, 2+1);
- ret = _gnutls_parse_extensions (session, GNUTLS_EXT_RESUMED,
+ ret = _gnutls_parse_extensions (session, GNUTLS_EXT_MANDATORY,
&data[pos], len);
if (ret < 0)
{
@@ -1947,7 +1947,7 @@ _gnutls_send_client_hello (gnutls_session_t session, int
again)
{
opaque *data = NULL;
int extdatalen;
- int pos = 0;
+ int pos = 0, type;
int datalen = 0, ret = 0;
opaque rnd[GNUTLS_RANDOM_SIZE];
gnutls_protocol_t hver;
@@ -2134,79 +2134,38 @@ _gnutls_send_client_hello (gnutls_session_t session,
int again)
/* Generate and copy TLS extensions.
*/
if (_gnutls_version_has_extensions (hver))
- {
- ret = _gnutls_gen_extensions (session, extdata, extdatalen);
-
- if (ret > 0)
- {
- datalen += ret;
- data = gnutls_realloc_fast (data, datalen);
- if (data == NULL)
- {
- gnutls_assert ();
- gnutls_free (extdata);
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- memcpy (&data[pos], extdata, ret);
- }
- else if (ret < 0)
- {
- gnutls_assert ();
- gnutls_free (data);
- gnutls_free (extdata);
- return ret;
- }
- }
- else if(session->internals.initial_negotiation_completed != 0)
+ type = GNUTLS_EXT_ANY;
+ else
{
- opaque buf[256]; /* opaque renegotiated_connection<0..255> */
-
- /* For SSLv3 only, we will (only) to send the RI extension; we must
- * send it every time we renegotiate. We don't want to send anything
- * else, out of concern for interoperability.
- *
- * If this is an initial negotiation, we already sent SCSV above.
- */
-
- ret = _gnutls_safe_renegotiation_send_params (session, buf,
sizeof(buf));
-
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_free (data);
- gnutls_free (extdata);
- return ret;
- }
-
- datalen += ret + 6; /* extlen(2) + type(2) + len(2) + ret */
+ if(session->internals.initial_negotiation_completed != 0)
+ type = GNUTLS_EXT_MANDATORY;
+ else
+ type = GNUTLS_EXT_NONE;
+ }
+
+ ret = _gnutls_gen_extensions (session, extdata, extdatalen, type);
- data = gnutls_realloc_fast (data, datalen);
- if (data == NULL)
- {
+ if (ret > 0)
+ {
+ datalen += ret;
+ data = gnutls_realloc_fast (data, datalen);
+ if (data == NULL)
+ {
gnutls_assert ();
gnutls_free (extdata);
return GNUTLS_E_MEMORY_ERROR;
}
- /* total extensions length (one extension, with type(2) + len(2)) */
- _gnutls_write_uint16 (4 + ret, &data[pos]);
- pos += 2;
-
- /* TLS RI extension type is 0xff01 */
- data[pos++] = 0xff;
- data[pos++] = 0x01;
-
- _gnutls_write_uint16 (ret, &data[pos]);
- pos += 2;
-
- memcpy(&data[pos], buf, ret);
- pos += ret;
+ memcpy (&data[pos], extdata, ret);
+ }
+ else if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (data);
+ gnutls_free (extdata);
+ return ret;
+ }
- _gnutls_debug_log ("EXT[%p]: Sending extension safe renegotiation
(SSLv3)\n",
- session);
- }
- gnutls_free (extdata);
}
ret =
@@ -2257,7 +2216,7 @@ _gnutls_send_server_hello (gnutls_session_t session, int
again)
{
datalen = 2 + session_id_len + 1 + GNUTLS_RANDOM_SIZE + 3;
extdatalen =
- _gnutls_gen_extensions (session, extdata, sizeof (extdata));
+ _gnutls_gen_extensions (session, extdata, sizeof (extdata),
GNUTLS_EXT_ANY);
if (extdatalen < 0)
{
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 8f3d828..236c651 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -762,10 +762,11 @@ extern "C" {
/**
* gnutls_ext_parse_type_t:
+ * @GNUTLS_EXT_NONE: Never parsed
* @GNUTLS_EXT_ANY: Any extension type.
* @GNUTLS_EXT_APPLICATION: Application extension.
* @GNUTLS_EXT_TLS: TLS-internal extension.
- * @GNUTLS_EXT_RESUMED: Extension parsed even if resuming.
+ * @GNUTLS_EXT_MANDATORY: Extension parsed even if resuming (or extensions
are disabled).
*
* Enumeration of different TLS extension types. This flag
* indicates for an extension whether it is useful to application
@@ -778,7 +779,8 @@ extern "C" {
GNUTLS_EXT_ANY = 0,
GNUTLS_EXT_APPLICATION = 1,
GNUTLS_EXT_TLS = 2,
- GNUTLS_EXT_RESUMED = 3
+ GNUTLS_EXT_MANDATORY = 3,
+ GNUTLS_EXT_NONE = 4,
} gnutls_ext_parse_type_t;
int gnutls_ext_register (int type,
diff --git a/src/tests.c b/src/tests.c
index 915dce2..56ed808 100644
--- a/src/tests.c
+++ b/src/tests.c
@@ -46,6 +46,7 @@ extern int verbose;
int tls1_ok = 0;
int ssl3_ok = 0;
int tls1_1_ok = 0;
+int tls1_2_ok = 0;
/* keep session info */
static char *session_data = NULL;
@@ -104,158 +105,28 @@ do_handshake (gnutls_session_t session)
return TEST_SUCCEED;
}
-static int protocol_priority[16] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 };
-
-static const int kx_priority[16] =
- { GNUTLS_KX_RSA, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA,
- GNUTLS_KX_ANON_DH,
- GNUTLS_KX_RSA_EXPORT, 0
-};
-
-static const int cipher_priority[16] =
- { GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR_128,
- GNUTLS_CIPHER_ARCFOUR_40, 0
-};
-static const int comp_priority[16] = { GNUTLS_COMP_NULL, 0 };
-static const int mac_priority[16] = { GNUTLS_MAC_SHA1, GNUTLS_MAC_MD5, 0 };
-static const int cert_type_priority[16] = { GNUTLS_CRT_X509, 0 };
-
-#define ADD_ALL_CIPHERS(session) gnutls_cipher_set_priority(session,
cipher_priority)
-#define ADD_ALL_COMP(session) gnutls_compression_set_priority(session,
comp_priority)
-#define ADD_ALL_MACS(session) gnutls_mac_set_priority(session, mac_priority)
-#define ADD_ALL_KX(session) gnutls_kx_set_priority(session, kx_priority)
-#define ADD_ALL_PROTOCOLS(session) gnutls_protocol_set_priority(session,
protocol_priority)
-#define ADD_ALL_CERTTYPES(session)
gnutls_certificate_type_set_priority(session, cert_type_priority)
+char protocol_str[] = "+VERS-TLS1.0:+VERS-SSL3.0";
+char prio_str[256] = "";
-static void
-ADD_KX (gnutls_session_t session, int kx)
-{
- static int _kx_priority[] = { 0, 0 };
- _kx_priority[0] = kx;
-
- gnutls_kx_set_priority (session, _kx_priority);
-}
-
-static void
-ADD_KX2 (gnutls_session_t session, int kx1, int kx2)
-{
- static int _kx_priority[] = { 0, 0, 0 };
- _kx_priority[0] = kx1;
- _kx_priority[1] = kx2;
-
- gnutls_kx_set_priority (session, _kx_priority);
-}
-
-static void
-ADD_CIPHER (gnutls_session_t session, int cipher)
-{
- static int _cipher_priority[] = { 0, 0 };
- _cipher_priority[0] = cipher;
-
- gnutls_cipher_set_priority (session, _cipher_priority);
-}
-
-static void
-ADD_CIPHER4 (gnutls_session_t session, int cipher1, int cipher2, int cipher3,
- int cipher4)
-{
- static int _cipher_priority[] = { 0, 0, 0, 0, 0 };
- _cipher_priority[0] = cipher1;
- _cipher_priority[1] = cipher2;
- _cipher_priority[2] = cipher3;
- _cipher_priority[3] = cipher4;
-
- gnutls_cipher_set_priority (session, _cipher_priority);
-}
-
-static void
-ADD_MAC (gnutls_session_t session, int mac)
-{
- static int _mac_priority[] = { 0, 0 };
- _mac_priority[0] = mac;
-
- gnutls_mac_set_priority (session, _mac_priority);
-}
-
-static void
-ADD_COMP (gnutls_session_t session, int c)
-{
- static int _comp_priority[] = { 0, 0 };
- _comp_priority[0] = c;
-
- gnutls_compression_set_priority (session, _comp_priority);
-}
-
-static void
-ADD_CERTTYPE (gnutls_session_t session, int ctype)
-{
- static int _ct_priority[] = { 0, 0 };
- _ct_priority[0] = ctype;
-
- gnutls_certificate_type_set_priority (session, _ct_priority);
-}
+#define ALL_CIPHERS "+3DES-CBC:+ARCFOUR-128:+ARCFOUR-40"
+#define ALL_COMP "+COMP-NULL"
+#define ALL_MACS "+SHA1:+MD5"
+#define ALL_CERTTYPES "+CTYPE-X509"
+#define REST "%%UNSAFE_RENEGOTIATION"
+#define ALL_KX "+RSA:+DHE-RSA:+DHE-DSS:+ANON-DH:+RSA-EXPORT"
+#define INIT_STR "NONE:"
-static void
-ADD_PROTOCOL (gnutls_session_t session, int protocol)
-{
- static int _proto_priority[] = { 0, 0 };
- _proto_priority[0] = protocol;
-
- gnutls_protocol_set_priority (session, _proto_priority);
-}
-
-static void
-ADD_PROTOCOL3 (gnutls_session_t session, int p1, int p2, int p3)
-{
- static int _proto_priority[] = { 0, 0, 0, 0 };
- _proto_priority[0] = p1;
- _proto_priority[1] = p2;
- _proto_priority[2] = p3;
-
- gnutls_protocol_set_priority (session, _proto_priority);
-}
-
-#ifdef ENABLE_SRP
-static int srp_detected;
-
-int
-_test_srp_username_callback (gnutls_session_t session,
- char **username, char **password)
-{
- srp_detected = 1;
-
- return -1;
-}
-
-test_code_t
-test_srp (gnutls_session_t session)
+static inline void _gnutls_priority_set_direct(gnutls_session_t session, const
char* str)
{
- int ret;
-
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
-
- ADD_KX (session, GNUTLS_KX_SRP);
- srp_detected = 0;
-
- gnutls_srp_set_client_credentials_function (srp_cred,
- _test_srp_username_callback);
-
- gnutls_credentials_set (session, GNUTLS_CRD_SRP, srp_cred);
-
- ret = do_handshake (session);
-
- gnutls_srp_set_client_credentials_function (srp_cred, NULL);
-
- if (srp_detected != 0)
- return TEST_SUCCEED;
- else
- return TEST_FAILED;
+ const char* err;
+ int ret = gnutls_priority_set_direct(session, str, &err);
+
+ if (ret < 0)
+ {
+ fprintf(stderr, "Error in %s\n", err);
+ exit(1);
+ }
}
-#endif
test_code_t
test_server (gnutls_session_t session)
@@ -270,12 +141,8 @@ test_server (gnutls_session_t session)
buf[sizeof (buf) - 1] = 0;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+ sprintf(prio_str,
ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST,
protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
@@ -319,13 +186,9 @@ test_export (gnutls_session_t session)
{
int ret;
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
+ sprintf(prio_str,
"+ARCFOUR-40:+RSA-EXPORT:"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST,
protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
- ADD_KX (session, GNUTLS_KX_RSA_EXPORT);
- ADD_CIPHER (session, GNUTLS_CIPHER_ARCFOUR_40);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -349,13 +212,9 @@ test_export_info (gnutls_session_t session)
if (verbose == 0 || export_true == 0)
return TEST_IGNORE;
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
+ sprintf(prio_str,
"+ARCFOUR-40:+RSA-EXPORT:"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST,
protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
- ADD_KX (session, GNUTLS_KX_RSA_EXPORT);
- ADD_CIPHER (session, GNUTLS_CIPHER_ARCFOUR_40);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -396,13 +255,9 @@ test_dhe (gnutls_session_t session)
{
int ret;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
+ sprintf(prio_str,
ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":+DHE-RSA:+DHE-DSS:"REST,
protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
- ADD_KX2 (session, GNUTLS_KX_DHE_RSA, GNUTLS_KX_DHE_DSS);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -412,6 +267,37 @@ test_dhe (gnutls_session_t session)
return ret;
}
+
+test_code_t
+test_safe_renegotiation (gnutls_session_t session)
+{
+ int ret;
+
+ sprintf(prio_str,
ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":%%INITIAL_SAFE_RENEGOTIATION",
protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
+
+ gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
+
+ ret = do_handshake (session);
+
+ return ret;
+}
+
+test_code_t
+test_safe_renegotiation_scsv (gnutls_session_t session)
+{
+ int ret;
+
+ sprintf(prio_str,
ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":+VERS-SSL3.0:"ALL_MACS":"ALL_KX":%%INITIAL_SAFE_RENEGOTIATION");
+ _gnutls_priority_set_direct (session, prio_str);
+
+ gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
+
+ ret = do_handshake (session);
+
+ return ret;
+}
+
test_code_t
test_dhe_group (gnutls_session_t session)
{
@@ -422,13 +308,8 @@ test_dhe_group (gnutls_session_t session)
if (verbose == 0 || pubkey.data == NULL)
return TEST_IGNORE;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
+ sprintf(prio_str,
ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":+DHE-RSA:+DHE-DSS:"REST,
protocol_str);
- ADD_KX2 (session, GNUTLS_KX_DHE_RSA, GNUTLS_KX_DHE_DSS);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -464,12 +345,9 @@ test_code_t
test_ssl3 (gnutls_session_t session)
{
int ret;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_PROTOCOL (session, GNUTLS_SSL3);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+ sprintf(prio_str,
ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":+VERS-SSL3.0:"ALL_MACS":"ALL_KX":"REST);
+ _gnutls_priority_set_direct (session, prio_str);
+
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -497,12 +375,9 @@ test_bye (gnutls_session_t session)
signal (SIGALRM, got_alarm);
#endif
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+ sprintf(prio_str,
ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST,
protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
+
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -549,12 +424,10 @@ test_code_t
test_aes (gnutls_session_t session)
{
int ret;
- ADD_CIPHER (session, GNUTLS_CIPHER_AES_128_CBC);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+
+ sprintf(prio_str, INIT_STR
"+AES-128-CBC:"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST ,
protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
+
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -566,12 +439,10 @@ test_code_t
test_camellia (gnutls_session_t session)
{
int ret;
- ADD_CIPHER (session, GNUTLS_CIPHER_CAMELLIA_128_CBC);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+
+ sprintf(prio_str, INIT_STR
"+CAMELLIA-128-CBC:"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST,
protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
+
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -583,12 +454,10 @@ test_code_t
test_openpgp1 (gnutls_session_t session)
{
int ret;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_CERTTYPE (session, GNUTLS_CRT_OPENPGP);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+
+ sprintf(prio_str, INIT_STR
ALL_CIPHERS":"ALL_COMP":+CTYPE-OPENPGP:%s:"ALL_MACS":"ALL_KX":"REST,
protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
+
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -605,18 +474,16 @@ test_code_t
test_unknown_ciphersuites (gnutls_session_t session)
{
int ret;
+
+
#ifdef ENABLE_CAMELLIA
- ADD_CIPHER4 (session, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_3DES_CBC,
- GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_CIPHER_ARCFOUR_128);
+ sprintf(prio_str, INIT_STR
ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST,
protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
#else
- ADD_CIPHER4 (session, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_3DES_CBC,
- GNUTLS_CIPHER_ARCFOUR_128, 0);
+ sprintf(prio_str, INIT_STR
"+AES-128-CBC:"ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST,
protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
#endif
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -627,12 +494,10 @@ test_code_t
test_md5 (gnutls_session_t session)
{
int ret;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_MAC (session, GNUTLS_MAC_MD5);
- ADD_ALL_KX (session);
+
+ sprintf(prio_str, INIT_STR
"+AES-128-CBC:"ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:+MD5:"ALL_KX":"REST,
protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
+
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -644,12 +509,10 @@ test_code_t
test_zlib (gnutls_session_t session)
{
int ret;
- ADD_ALL_CIPHERS (session);
- ADD_COMP (session, GNUTLS_COMP_ZLIB);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+
+ sprintf(prio_str, INIT_STR
ALL_CIPHERS":+COMP-ZLIB:"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST,
protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
+
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -658,34 +521,25 @@ test_zlib (gnutls_session_t session)
#endif
test_code_t
-test_lzo (gnutls_session_t session)
+test_sha (gnutls_session_t session)
{
int ret;
- gnutls_handshake_set_private_extensions (session, 1);
-
- ADD_ALL_CIPHERS (session);
- ADD_COMP (session, GNUTLS_COMP_LZO);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+
+ sprintf(prio_str, INIT_STR
"+AES-128-CBC:"ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:+SHA1:"ALL_KX":"REST,
protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
-
return ret;
}
test_code_t
-test_sha (gnutls_session_t session)
+test_3des (gnutls_session_t session)
{
int ret;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_MAC (session, GNUTLS_MAC_SHA1);
- ADD_ALL_KX (session);
+
+ sprintf(prio_str, INIT_STR
"+3DES-CBC:"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST,
protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -693,15 +547,12 @@ test_sha (gnutls_session_t session)
}
test_code_t
-test_3des (gnutls_session_t session)
+test_arcfour (gnutls_session_t session)
{
int ret;
- ADD_CIPHER (session, GNUTLS_CIPHER_3DES_CBC);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+
+ sprintf(prio_str, INIT_STR
"+ARCFOUR-128:"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST,
protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -709,15 +560,13 @@ test_3des (gnutls_session_t session)
}
test_code_t
-test_arcfour (gnutls_session_t session)
+test_arcfour_40 (gnutls_session_t session)
{
int ret;
- ADD_CIPHER (session, GNUTLS_CIPHER_ARCFOUR_128);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+
+ sprintf(prio_str, INIT_STR
"+ARCFOUR-40:"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":""+RSA-EXPORT"":"REST,
protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
+
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -725,36 +574,36 @@ test_arcfour (gnutls_session_t session)
}
test_code_t
-test_arcfour_40 (gnutls_session_t session)
+test_tls1 (gnutls_session_t session)
{
int ret;
- ADD_CIPHER (session, GNUTLS_CIPHER_ARCFOUR_40);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+
+ sprintf(prio_str, INIT_STR
ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":+VERS-TLS1.0:"ALL_MACS":"ALL_KX":"REST);
+ _gnutls_priority_set_direct (session, prio_str);
+
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
+ if (ret == TEST_SUCCEED)
+ tls1_ok = 1;
+
return ret;
+
}
test_code_t
-test_tls1 (gnutls_session_t session)
+test_tls1_2 (gnutls_session_t session)
{
int ret;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_PROTOCOL (session, GNUTLS_TLS1);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+
+ sprintf(prio_str, INIT_STR
ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":+VERS-TLS1.2:"ALL_MACS":"ALL_KX":"REST);
+ _gnutls_priority_set_direct (session, prio_str);
+
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
if (ret == TEST_SUCCEED)
- tls1_ok = 1;
+ tls1_2_ok = 1;
return ret;
@@ -764,12 +613,10 @@ test_code_t
test_tls1_1 (gnutls_session_t session)
{
int ret;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_PROTOCOL (session, GNUTLS_TLS1_1);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+
+ sprintf(prio_str, INIT_STR
ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":+VERS-TLS1.1:"ALL_MACS":"ALL_KX":"REST);
+ _gnutls_priority_set_direct (session, prio_str);
+
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -787,12 +634,9 @@ test_tls1_1_fallback (gnutls_session_t session)
if (tls1_1_ok)
return TEST_IGNORE;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_PROTOCOL3 (session, GNUTLS_TLS1_1, GNUTLS_TLS1, GNUTLS_SSL3);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+ sprintf(prio_str, INIT_STR
ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:"ALL_MACS":"ALL_KX":"REST);
+ _gnutls_priority_set_direct (session, prio_str);
+
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -818,12 +662,9 @@ test_tls_disable (gnutls_session_t session)
if (tls1_ok != 0)
return TEST_IGNORE;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+ sprintf(prio_str, INIT_STR
ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST,
protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
+
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -832,8 +673,7 @@ test_tls_disable (gnutls_session_t session)
/* disable TLS 1.0 */
if (ssl3_ok != 0)
{
- protocol_priority[0] = GNUTLS_SSL3;
- protocol_priority[1] = 0;
+ strcpy(protocol_str, "+VERS-SSL3.0");
}
}
return ret;
@@ -850,12 +690,8 @@ test_rsa_pms (gnutls_session_t session)
* If the server is old, buggy and only supports
* SSL 3.0 then the handshake will fail.
*/
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_KX (session, GNUTLS_KX_RSA);
+ sprintf(prio_str, INIT_STR
ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":+RSA:"REST, protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -871,12 +707,8 @@ test_code_t
test_max_record_size (gnutls_session_t session)
{
int ret;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+ sprintf(prio_str, INIT_STR
ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST,
protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
gnutls_record_set_max_size (session, 512);
@@ -895,12 +727,9 @@ test_code_t
test_hello_extension (gnutls_session_t session)
{
int ret;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+
+ sprintf(prio_str, INIT_STR
ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST,
protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
gnutls_record_set_max_size (session, 512);
@@ -926,12 +755,8 @@ test_version_rollback (gnutls_session_t session)
* attacks which allow a version downgrade) and this
* connection will fail.
*/
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+ sprintf(prio_str, INIT_STR
ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST,
protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
_gnutls_record_set_default_version (session, 3, 0);
@@ -956,12 +781,8 @@ test_version_oob (gnutls_session_t session)
/* here we enable both SSL 3.0 and TLS 1.0
* and we connect using a 5.5 record version.
*/
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+ sprintf(prio_str, INIT_STR
ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST,
protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
_gnutls_record_set_default_version (session, 5, 5);
@@ -981,12 +802,8 @@ test_rsa_pms_version_check (gnutls_session_t session)
*
* A normal server would abort this handshake.
*/
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+ sprintf(prio_str, INIT_STR
ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST,
protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
_gnutls_rsa_pms_set_version (session, 5, 5); /* use SSL 5.5 version */
@@ -1001,12 +818,8 @@ test_anonymous (gnutls_session_t session)
{
int ret;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_KX (session, GNUTLS_KX_ANON_DH);
+ sprintf(prio_str, INIT_STR
ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":+ANON-DH:"REST,
protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_ANON, anon_cred);
ret = do_handshake (session);
@@ -1028,12 +841,8 @@ test_session_resume2 (gnutls_session_t session)
if (session == NULL)
return TEST_IGNORE;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+ sprintf(prio_str, INIT_STR
ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST,
protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
gnutls_credentials_set (session, GNUTLS_CRD_ANON, anon_cred);
@@ -1075,12 +884,8 @@ test_certificate (gnutls_session_t session)
if (verbose == 0)
return TEST_IGNORE;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+ sprintf(prio_str, INIT_STR
ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST,
protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
@@ -1144,12 +949,8 @@ test_server_cas (gnutls_session_t session)
if (verbose == 0)
return TEST_IGNORE;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+ sprintf(prio_str, INIT_STR
ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST,
protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
gnutls_certificate_client_set_retrieve_function (xcred, cert_callback);
diff --git a/src/tests.h b/src/tests.h
index 2f27f85..7687fb1 100644
--- a/src/tests.h
+++ b/src/tests.h
@@ -3,7 +3,6 @@ typedef enum
TEST_SUCCEED, TEST_FAILED, TEST_UNSURE, TEST_IGNORE
} test_code_t;
-test_code_t test_srp (gnutls_session_t state);
test_code_t test_server (gnutls_session_t state);
test_code_t test_export (gnutls_session_t state);
test_code_t test_export_info (gnutls_session_t state);
@@ -21,7 +20,10 @@ test_code_t test_3des (gnutls_session_t state);
test_code_t test_arcfour (gnutls_session_t state);
test_code_t test_arcfour_40 (gnutls_session_t state);
test_code_t test_tls1 (gnutls_session_t state);
+test_code_t test_safe_renegotiation (gnutls_session_t state);
+test_code_t test_safe_renegotiation_scsv (gnutls_session_t state);
test_code_t test_tls1_1 (gnutls_session_t state);
+test_code_t test_tls1_2 (gnutls_session_t state);
test_code_t test_tls1_1_fallback (gnutls_session_t state);
test_code_t test_tls_disable (gnutls_session_t state);
test_code_t test_rsa_pms (gnutls_session_t state);
@@ -37,6 +39,5 @@ test_code_t test_session_resume2 (gnutls_session_t state);
test_code_t test_rsa_pms_version_check (gnutls_session_t session);
test_code_t test_version_oob (gnutls_session_t session);
test_code_t test_zlib (gnutls_session_t session);
-test_code_t test_lzo (gnutls_session_t session);
int _test_srp_username_callback (gnutls_session_t session,
char **username, char **password);
diff --git a/src/tls_test.c b/src/tls_test.c
index 7dbe9c7..e3989f5 100644
--- a/src/tls_test.c
+++ b/src/tls_test.c
@@ -80,6 +80,9 @@ typedef struct
} TLS_TEST;
static const TLS_TEST tls_tests[] = {
+ {"for Safe renegotiation support", test_safe_renegotiation, "yes", "no",
"dunno"},
+ {"for Safe renegotiation support (SCSV)", test_safe_renegotiation_scsv,
"yes", "no", "dunno"},
+ {"for TLS 1.2 support", test_tls1_2, "yes", "no", "dunno"},
{"for TLS 1.1 support", test_tls1_1, "yes", "no", "dunno"},
{"fallback from TLS 1.1 to", test_tls1_1_fallback, "TLS 1.0", "failed",
"SSL 3.0"},
@@ -140,14 +143,8 @@ static const TLS_TEST tls_tests[] = {
{"for ZLIB compression support (TLS extension)", test_zlib, "yes",
"no", "dunno"},
#endif
- {"for LZO compression support (GnuTLS extension)", test_lzo, "yes",
- "no", "dunno"},
{"for max record size (TLS extension)", test_max_record_size, "yes",
"no", "dunno"},
-#ifdef ENABLE_SRP
- {"for SRP authentication support (TLS extension)", test_srp, "yes",
- "no", "dunno"},
-#endif
{"for OpenPGP authentication support (TLS extension)", test_openpgp1,
"yes", "no", "dunno"},
{NULL, NULL, NULL, NULL, NULL}
@@ -234,7 +231,7 @@ main (int argc, char **argv)
/* if neither of SSL3 and TLSv1 are supported, exit
*/
- if (i > 3 && tls1_1_ok == 0 && tls1_ok == 0 && ssl3_ok == 0)
+ if (i > 6 && tls1_1_ok == 0 && tls1_ok == 0 && ssl3_ok == 0)
{
fprintf (stderr,
"\nServer does not support any of SSL 3.0, TLS 1.0 and TLS
1.1\n");
diff --git a/tests/safe-renegotiation/testsrn b/tests/safe-renegotiation/testsrn
index a5ca0cd..56e1063 100755
--- a/tests/safe-renegotiation/testsrn
+++ b/tests/safe-renegotiation/testsrn
@@ -39,6 +39,9 @@ pid=$!
# give the server a chance to initialize
sleep 2
+$CLI -p $PORT localhost --rehandshake --priority
NONE:+AES-128-CBC:+MD5:+SHA1:+VERS-SSL3.0:+ANON-DH:+COMP-NULL </dev/null
>/dev/null 2>&1 || \
+ fail "0. Renegotiation should have succeeded!"
+
$CLI -p $PORT localhost --rehandshake --priority NORMAL:+ANON-DH </dev/null
>/dev/null 2>&1 || \
fail "1. Safe rehandshake should have succeeded!"
@@ -51,6 +54,7 @@ $CLI -p $PORT localhost --priority
NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION <
$CLI -p $PORT localhost --rehandshake --priority
NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
fail "4. Unsafe renegotiation should have failed!"
+
kill $pid
wait
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-155-ge972427,
Nikos Mavrogiannopoulos <=