diff options
| author | Simon Josefsson <simon@josefsson.org> | 2010-06-07 11:14:44 +0200 |
|---|---|---|
| committer | Simon Josefsson <simon@josefsson.org> | 2010-06-07 11:14:44 +0200 |
| commit | 8cb3fee16deb3f8d6021ba7c675b14889d98ff55 (patch) | |
| tree | e69f1107b010d14ca365f9d97e4d86482762a757 | |
| parent | bbbc2c4b6d06d0a80f76b2a6ea7e0293ad2c811c (diff) | |
| download | gnutls-8cb3fee16deb3f8d6021ba7c675b14889d98ff55.tar.gz | |
Rewrite srn1.c self test.
| -rw-r--r-- | tests/safe-renegotiation/README | 6 | ||||
| -rw-r--r-- | tests/safe-renegotiation/srn1.c | 101 |
2 files changed, 90 insertions, 17 deletions
diff --git a/tests/safe-renegotiation/README b/tests/safe-renegotiation/README index fee27e35c5..4132a98b55 100644 --- a/tests/safe-renegotiation/README +++ b/tests/safe-renegotiation/README @@ -8,6 +8,12 @@ srn0.c: connections. Consequently, it also verifies that rehandshaked connections work with the extension enabled. +srn1.c: + + This tests that clients without support for safe renegotiation is + able to handshake against servers with support, but not able to + rehandshake (server will refuse rehandshake). + srn4.c: This tests that clients without support for safe renegotiation is diff --git a/tests/safe-renegotiation/srn1.c b/tests/safe-renegotiation/srn1.c index 8cc0d5c213..b1e943af4f 100644 --- a/tests/safe-renegotiation/srn1.c +++ b/tests/safe-renegotiation/srn1.c @@ -20,11 +20,11 @@ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ -/* Code based on ../mini-x509.c. +/* Code based on ./srn0.c. * - * This tests that a %INITIAL_SAFE_RENEGOTIATION server will reject - * handshakes against clients that do not support the extension. This - * is sort of the inverse of what srn3.c is testing. + * This tests that clients without support for safe renegotiation is + * able to handshake against servers with support, but not able to + * rehandshake (server will refuse rehandshake). */ #ifdef HAVE_CONFIG_H @@ -184,8 +184,7 @@ main (int argc, char *argv[]) GNUTLS_X509_FMT_PEM); gnutls_init (&server, GNUTLS_SERVER); gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred); - gnutls_priority_set_direct (server, "NORMAL:%SAFE_RENEGOTIATION", - NULL); + gnutls_priority_set_direct (server, "NORMAL", NULL); gnutls_transport_set_push_function (server, server_push); gnutls_transport_set_pull_function (server, server_pull); @@ -198,14 +197,6 @@ main (int argc, char *argv[]) gnutls_transport_set_push_function (client, client_push); gnutls_transport_set_pull_function (client, client_pull); - /* Check that initially no session use the extension. */ - if (gnutls_safe_renegotiation_status (server) - || gnutls_safe_renegotiation_status (client)) - { - puts ("Client or server using extension before handshake?"); - abort (); - } - do { static int max_iter = 0; @@ -234,12 +225,88 @@ main (int argc, char *argv[]) } } } - while ((cret == GNUTLS_E_AGAIN || cret == GNUTLS_E_SUCCESS) - && (sret == GNUTLS_E_AGAIN || sret == GNUTLS_E_SUCCESS)); + while ( + /* Not done: */ + !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS) + /* No error: */ + && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); - if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SAFE_RENEGOTIATION_FAILED) + if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS) exit_code = EXIT_FAILURE; + if (gnutls_safe_renegotiation_status (client) || + gnutls_safe_renegotiation_status (server)) + { + tls_log_func (0, "Session using safe renegotiation but shouldn't?!\n"); + exit_code = EXIT_FAILURE; + } + + sret = gnutls_rehandshake (server); + if (debug_level > 0) + { + tls_log_func (0, "gnutls_rehandshake (server)...\n"); + tls_log_func (0, gnutls_strerror (sret)); + tls_log_func (0, "\n"); + } + + { + ssize_t n; + char b[1]; + n = gnutls_record_recv (client, b, 1); + if (n != GNUTLS_E_REHANDSHAKE) + abort (); + } + + cret = GNUTLS_E_AGAIN; + sret = GNUTLS_E_AGAIN; + + do + { + static int max_iter = 0; + if (max_iter++ > 10) + abort (); + + if (cret == GNUTLS_E_AGAIN) + { + cret = gnutls_handshake (client); + if (debug_level > 0) + { + tls_log_func (0, "second gnutls_handshake (client)...\n"); + tls_log_func (0, gnutls_strerror (cret)); + tls_log_func (0, "\n"); + } + } + + if (sret == GNUTLS_E_AGAIN) + { + sret = gnutls_handshake (server); + if (debug_level > 0) + { + tls_log_func (0, "second gnutls_handshake (server)...\n"); + tls_log_func (0, gnutls_strerror (sret)); + tls_log_func (0, "\n"); + } + } + + if (sret == GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED) + break; + } + while ( + /* Not done: */ + !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS) + /* No error: */ + && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); + + if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED) + exit_code = 1; + + if (gnutls_safe_renegotiation_status (client) || + gnutls_safe_renegotiation_status (server)) + { + tls_log_func (0, "Rehandshaked worked and uses safe reneg?!\n"); + exit_code = EXIT_FAILURE; + } + gnutls_bye (client, GNUTLS_SHUT_RDWR); gnutls_bye (server, GNUTLS_SHUT_RDWR); |