Rewrite srn2.c self-test.

author: Simon Josefsson <simon@josefsson.org> 2010-06-07 14:45:38 +0200
committer: Simon Josefsson <simon@josefsson.org> 2010-06-07 14:45:38 +0200
commit: 1e42526790e54d883c59a60b12956780bf040dee (patch)
tree: 12c98a744dba052b19c6a8dab1b9ecf14eeb570d
parent: 36693266659a6d3e16f01e2763c922d95298e033 (diff)
download: gnutls-1e42526790e54d883c59a60b12956780bf040dee.tar.gz
2 files changed, 23 insertions, 132 deletions
diff --git a/tests/safe-renegotiation/README b/tests/safe-renegotiation/README
index 4132a98b55..c5e641360f 100644
--- a/tests/safe-renegotiation/README
+++ b/tests/safe-renegotiation/README
@@ -14,6 +14,12 @@ srn1.c:
  able to handshake against servers with support, but not able to
  rehandshake (server will refuse rehandshake).
 
+srn2.c:
+
+ This tests that clients with support for safe renegotiation is able
+ to handshake against servers without support, but not able to
+ rehandshake (client will refuse rehandshake).
+
 srn4.c:
 
  This tests that clients without support for safe renegotiation is
diff --git a/tests/safe-renegotiation/srn2.c b/tests/safe-renegotiation/srn2.c
index 726ca1b51f..05b83d041b 100644
--- a/tests/safe-renegotiation/srn2.c
+++ b/tests/safe-renegotiation/srn2.c
@@ -20,9 +20,11 @@
  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  */
 
-/* Code based on ../mini-x509-rehandshake.c.
+/* Code based on ./srn1.c.
  *
- * Check that new APIs are behaving properly.
+ * This tests that clients with support for safe renegotiation is able
+ * to handshake against servers without support, but not able to
+ * rehandshake (client will refuse rehandshake).
  */
 
 #ifdef HAVE_CONFIG_H
@@ -182,7 +184,8 @@ main (int argc, char *argv[])
 				       GNUTLS_X509_FMT_PEM);
   gnutls_init (&server, GNUTLS_SERVER);
   gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred);
-  gnutls_priority_set_direct (server, "NORMAL", NULL);
+  gnutls_priority_set_direct (server, "NORMAL:%DISABLE_SAFE_RENEGOTIATION",
+			      NULL);
   gnutls_transport_set_push_function (server, server_push);
   gnutls_transport_set_pull_function (server, server_pull);
 
@@ -239,12 +242,11 @@ main (int argc, char *argv[])
   if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS)
     exit_code = EXIT_FAILURE;
 
-  /* Check that both sessions use the extension. */
-  if (!gnutls_safe_renegotiation_status (server)
-      || !gnutls_safe_renegotiation_status (client))
+  if (gnutls_safe_renegotiation_status (client) ||
+      gnutls_safe_renegotiation_status (server))
     {
-      puts ("Client or server not using safe renegotiation extension?");
-      abort ();
+      tls_log_func (0, "Session using safe renegotiation but shouldn't?!\n");
+      exit_code = EXIT_FAILURE;
     }
 
   sret = gnutls_rehandshake (server);
@@ -293,74 +295,9 @@ main (int argc, char *argv[])
 	      tls_log_func (0, "\n");
 	    }
 	}
-    }
-  while (
-	 /* Not done: */
-	 !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
-	 /* No error: */
-	 && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
-
-  if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS)
-    exit_code = 1;
-
-  /* Check that session still use the extension. */
-  if (!gnutls_safe_renegotiation_status (server)
-      || !gnutls_safe_renegotiation_status (client))
-    {
-      puts ("Client or server not using safe renegotiation extension?");
-      abort ();
-    }
-
-  /* Check that this API does not affect anything after first
-     handshake.
-  gnutls_safe_negotiation_set_initial (server, 0); */
-
-  sret = gnutls_rehandshake (server);
-  if (debug_level > 0)
-    {
-      tls_log_func (0, "gnutls_rehandshake (server)...\n");
-      tls_log_func (0, gnutls_strerror (sret));
-      tls_log_func (0, "\n");
-    }
-
-  {
-    ssize_t n;
-    char b[1];
-    n = gnutls_record_recv (client, b, 1);
-    if (n != GNUTLS_E_REHANDSHAKE)
-      abort ();
-  }
-
-  cret = GNUTLS_E_AGAIN;
-  sret = GNUTLS_E_AGAIN;
-
-  do
-    {
-      static int max_iter = 0;
-      if (max_iter++ > 10)
-	abort ();
-
-      if (cret == GNUTLS_E_AGAIN)
-	{
-	  cret = gnutls_handshake (client);
-	  if (debug_level > 0)
-	    {
-	      tls_log_func (0, "second gnutls_handshake (client)...\n");
-	      tls_log_func (0, gnutls_strerror (cret));
-	      tls_log_func (0, "\n");
-	    }
-	}
 
-      if (sret == GNUTLS_E_AGAIN)
-	{
-	  sret = gnutls_handshake (server);
-	  if (debug_level > 0)
-	    {
-	      tls_log_func (0, "second gnutls_handshake (server)...\n");
-	      tls_log_func (0, gnutls_strerror (sret));
-	      tls_log_func (0, "\n");
-	    }
-	}
+      if (cret == GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED)
+	break;
     }
   while (
 	 /* Not done: */
@@ -368,67 +305,15 @@ main (int argc, char *argv[])
 	 /* No error: */
 	 && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
 
-  if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS)
+  if (cret != GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED && sret != GNUTLS_E_SUCCESS)
     exit_code = 1;
 
-  /* Check that disabling the extension will break rehandshakes.
-     gnutls_safe_renegotiation_set (client, 0); */
-
-  sret = gnutls_rehandshake (server);
-  if (debug_level > 0)
+  if (gnutls_safe_renegotiation_status (client) ||
+      gnutls_safe_renegotiation_status (server))
     {
-      tls_log_func (0, "gnutls_rehandshake (server)...\n");
-      tls_log_func (0, gnutls_strerror (sret));
-      tls_log_func (0, "\n");
-    }
-
-  {
-    ssize_t n;
-    char b[1];
-    n = gnutls_record_recv (client, b, 1);
-    if (n != GNUTLS_E_REHANDSHAKE)
-      abort ();
-  }
-
-  cret = GNUTLS_E_AGAIN;
-  sret = GNUTLS_E_AGAIN;
-
-  do
-    {
-      static int max_iter = 0;
-      if (max_iter++ > 10)
-	abort ();
-
-      if (cret == GNUTLS_E_AGAIN)
-	{
-	  cret = gnutls_handshake (client);
-	  if (debug_level > 0)
-	    {
-	      tls_log_func (0, "second gnutls_handshake (client)...\n");
-	      tls_log_func (0, gnutls_strerror (cret));
-	      tls_log_func (0, "\n");
-	    }
-	}
-
-      if (sret == GNUTLS_E_AGAIN)
-	{
-	  sret = gnutls_handshake (server);
-	  if (debug_level > 0)
-	    {
-	      tls_log_func (0, "second gnutls_handshake (server)...\n");
-	      tls_log_func (0, gnutls_strerror (sret));
-	      tls_log_func (0, "\n");
-	    }
-	}
+      tls_log_func (0, "Rehandshaked worked and uses safe reneg?!\n");
+      exit_code = EXIT_FAILURE;
     }
-  while (
-	 /* Not done: */
-	 !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
-	 /* No error: */
-	 && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
-
-  if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS)
-    exit_code = 1;
 
   gnutls_bye (client, GNUTLS_SHUT_RDWR);
   gnutls_bye (server, GNUTLS_SHUT_RDWR);
author	Simon Josefsson <simon@josefsson.org>	2010-06-07 14:45:38 +0200
committer	Simon Josefsson <simon@josefsson.org>	2010-06-07 14:45:38 +0200
commit	1e42526790e54d883c59a60b12956780bf040dee (patch)
tree	12c98a744dba052b19c6a8dab1b9ecf14eeb570d
parent	36693266659a6d3e16f01e2763c922d95298e033 (diff)
download	gnutls-1e42526790e54d883c59a60b12956780bf040dee.tar.gz