tlsfuzzer: enabled ALPN tests

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

3 files changed, 92 insertions, 1 deletions

diff --git a/tests/suite/Makefile.am b/tests/suite/Makefile.am
index 233e6545ff..3a03f95215 100644
--- a/tests/suite/Makefile.am
+++ b/tests/suite/Makefile.am
@@ -92,7 +92,7 @@ EXTRA_DIST += testcompat-main-polarssl testcompat-main-openssl testcompat-common
 nodist_check_SCRIPTS = testsrn.sh chain.sh invalid-cert.sh \
 	testrng.sh testcompat-polarssl.sh testcompat-openssl.sh \
 	testrandom.sh pkcs7-cat certtool-pkcs11.sh tls-fuzzer/tls-fuzzer-nocert.sh \
-	tls-fuzzer/tls-fuzzer-cert.sh
+	tls-fuzzer/tls-fuzzer-cert.sh tls-fuzzer/tls-fuzzer-alpn.sh
 
 if ENABLE_PKCS11
 nodist_check_SCRIPTS += testpkcs11.sh crl-test
diff --git a/tests/suite/tls-fuzzer/gnutls-alpn.json b/tests/suite/tls-fuzzer/gnutls-alpn.json
new file mode 100644
index 0000000000..e6da53d51e
--- /dev/null
+++ b/tests/suite/tls-fuzzer/gnutls-alpn.json
@@ -0,0 +1,20 @@
+[
+    {"server_command": ["@SERVER@", "--http",
+                 "--x509keyfile", "tests/serverX509Key.pem",
+                 "--x509certfile", "tests/serverX509Cert.pem",
+                 "--debug=3",
+                 "--alpn=http/1.1",
+                 "--alpn=http/2",
+                 "--alpn-fatal",
+                 "--priority=@PRIORITY@",
+                 "--disable-client-cert", "--port=@PORT@"],
+     "tests" : [
+	 {"name" : "test-alpn-negotiation.py",
+          "comment" : "we do not not fail when ALPN name changes on resumption",
+          "comment" : "we do not not parse all objects when a match is found",
+          "arguments" : ["-e", "overflow length of last item",
+          "-e", "resumption with alpn change",
+          "-e", "underflow length of protocol_name_list"]}
+     ]
+    }
+]
diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-alpn.sh b/tests/suite/tls-fuzzer/tls-fuzzer-alpn.sh
new file mode 100755
index 0000000000..ba4a529c8f
--- /dev/null
+++ b/tests/suite/tls-fuzzer/tls-fuzzer-alpn.sh
@@ -0,0 +1,71 @@
+#!/bin/bash
+
+# Copyright (C) 2016-2017 Red Hat, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+srcdir="${srcdir:-.}"
+SERV="../../../../src/gnutls-serv${EXEEXT}"
+CLI="../../../../src/gnutls-cli${EXEEXT}"
+
+OUTFILE=tls-fuzzer.debug.log
+TMPFILE=tls-fuzzer.$$.tmp
+
+. "${srcdir}/../scripts/common.sh"
+
+#eval "${GETPORT}"
+PORT=4433
+
+$LOCKFILE
+
+pushd tls-fuzzer
+
+if ! test -d tlsfuzzer;then
+	exit 77
+fi
+
+rm -f "$OUTFILE"
+
+pushd tlsfuzzer
+test -L ecdsa || ln -s ../python-ecdsa/src/ecdsa ecdsa
+test -L tlslite || ln -s ../tlslite-ng/tlslite tlslite 2>/dev/null
+
+wait_for_free_port $PORT
+
+retval=0
+
+PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:-CURVE-SECP192R1:+VERS-SSL3.0"
+${CLI} --list --priority "${PRIORITY}" >/dev/null 2>&1
+if test $? != 0;then
+	PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:+VERS-SSL3.0"
+fi
+
+TLS_PY=./tlslite-ng/scripts/tls.py
+#TLS_PY=$(which tls.py)
+
+sed -e "s|@SERVER@|$SERV|g" -e "s/@PORT@/$PORT/g" -e "s/@PRIORITY@/$PRIORITY/g" ../gnutls-alpn.json >${TMPFILE}
+
+PYTHONPATH=. python tests/scripts_retention.py ${TMPFILE} ${SERV}
+retval=$?
+
+rm -f ${TMPFILE}
+
+popd
+popd
+
+$UNLOCKFILE
+exit $retval