summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@redhat.com>2017-11-02 15:30:43 +0100
committerNikos Mavrogiannopoulos <nmav@redhat.com>2018-02-19 15:29:36 +0100
commit32f8cf1cdf93524eb83e90e04d1668f37ebab3e5 (patch)
treee41e7ae2d03b5a78b0d3cd354e62a4f95e3afbce
parentc0be323b29c0c31b7bc307f03df7db14816b0c48 (diff)
downloadgnutls-32f8cf1cdf93524eb83e90e04d1668f37ebab3e5.tar.gz
tests: re-enabled post-handshake auth tests
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r--tests/tls13/post-handshake-with-cert.c50
-rw-r--r--tests/tls13/post-handshake-without-cert.c20
2 files changed, 56 insertions, 14 deletions
diff --git a/tests/tls13/post-handshake-with-cert.c b/tests/tls13/post-handshake-with-cert.c
index 49a48d946a..22e4376e80 100644
--- a/tests/tls13/post-handshake-with-cert.c
+++ b/tests/tls13/post-handshake-with-cert.c
@@ -50,9 +50,10 @@ int main()
#include "tls13/ext-parse.h"
#include "utils.h"
-/* This program tests the Post Handshake Auth extension present
- * in the client hello, and whether it is missing from server
- * hello.
+/* This program tests whether the Post Handshake Auth extension is
+ * present in the client hello, and whether it is missing from server
+ * hello. In addition it contains basic functionality test for
+ * post handshake authentication.
*/
static void server_log_func(int level, const char *str)
@@ -72,6 +73,7 @@ static void client(int fd)
int ret;
gnutls_certificate_credentials_t x509_cred;
gnutls_session_t session;
+ char buf[64];
global_init();
@@ -84,7 +86,7 @@ static void client(int fd)
/* Initialize TLS session
*/
- gnutls_init(&session, GNUTLS_CLIENT);
+ gnutls_init(&session, GNUTLS_CLIENT|GNUTLS_POST_HANDSHAKE_AUTH);
gnutls_handshake_set_timeout(session, 20 * 1000);
@@ -110,6 +112,26 @@ static void client(int fd)
}
while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+ if (ret != 0)
+ fail("handshake failed: %s\n", gnutls_strerror(ret));
+ success("client handshake completed\n");
+
+ do {
+ ret = gnutls_record_recv(session, buf, sizeof(buf));
+ } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
+
+ if (ret != GNUTLS_E_REAUTH_REQUEST) {
+ fail("recv: unexpected error: %s\n", gnutls_strerror(ret));
+ }
+
+ success("received reauth request\n");
+ do {
+ ret = gnutls_reauth(session, 0);
+ } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
+
+ if (ret != 0)
+ fail("client: gnutls_reauth did not succeed as expected: %s\n", gnutls_strerror(ret));
+
close(fd);
gnutls_deinit(session);
@@ -176,7 +198,7 @@ static void server(int fd)
&server_key,
GNUTLS_X509_FMT_PEM);
- gnutls_init(&session, GNUTLS_SERVER);
+ gnutls_init(&session, GNUTLS_SERVER|GNUTLS_POST_HANDSHAKE_AUTH);
gnutls_handshake_set_timeout(session, 20 * 1000);
gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_ANY,
@@ -194,11 +216,10 @@ static void server(int fd)
do {
ret = gnutls_handshake(session);
- if (ret == GNUTLS_E_INTERRUPTED) { /* expected */
- break;
- }
} while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+ if (ret != 0)
+ fail("handshake failed: %s\n", gnutls_strerror(ret));
if (client_hello_ok == 0) {
fail("server: did not verify the client hello\n");
@@ -207,6 +228,16 @@ static void server(int fd)
if (server_hello_ok == 0) {
fail("server: did not verify the server hello contents\n");
}
+ success("server handshake completed\n");
+
+ gnutls_certificate_server_set_request(session, GNUTLS_CERT_REQUIRE);
+ /* ask peer for re-authentication */
+ do {
+ ret = gnutls_reauth(session, 0);
+ } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
+
+ if (ret != 0)
+ fail("server: gnutls_reauth did not succeed as expected: %s\n", gnutls_strerror(ret));
close(fd);
gnutls_deinit(session);
@@ -233,9 +264,6 @@ void doit(void)
int ret;
pid_t child;
- /* re-enable when post-handshake authentication is available */
- exit(77);
-
signal(SIGCHLD, ch_handler);
ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
diff --git a/tests/tls13/post-handshake-without-cert.c b/tests/tls13/post-handshake-without-cert.c
index 9c02d5b272..4ee821b413 100644
--- a/tests/tls13/post-handshake-without-cert.c
+++ b/tests/tls13/post-handshake-without-cert.c
@@ -45,14 +45,14 @@ int main()
#include <gnutls/gnutls.h>
#include <gnutls/dtls.h>
#include <signal.h>
+#include <assert.h>
#include "cert-common.h"
#include "tls13/ext-parse.h"
#include "utils.h"
-/* This program tests the Post Handshake Auth extension present
- * in the client hello, and whether it is missing from server
- * hello.
+/* This program tests whether the Post Handshake Auth extension is missing
+ * from both hellos, when not enabled by client.
*/
static void server_log_func(int level, const char *str)
@@ -82,6 +82,10 @@ static void client(int fd)
gnutls_certificate_allocate_credentials(&x509_cred);
+ assert(gnutls_certificate_set_x509_key_mem(x509_cred, &cli_ca3_cert,
+ &cli_ca3_key,
+ GNUTLS_X509_FMT_PEM) >= 0);
+
/* Initialize TLS session
*/
gnutls_init(&session, GNUTLS_CLIENT);
@@ -105,6 +109,11 @@ static void client(int fd)
}
while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+ /* try if gnutls_reauth() would fail as expected */
+ ret = gnutls_reauth(session, 0);
+ if (ret != GNUTLS_E_INVALID_REQUEST)
+ fail("server: gnutls_reauth did not fail as expected: %s", gnutls_strerror(ret));
+
close(fd);
gnutls_deinit(session);
@@ -189,6 +198,11 @@ static void server(int fd)
fail("server: did not verify the server hello contents\n");
}
+ /* try if gnutls_reauth() would fail as expected */
+ ret = gnutls_reauth(session, 0);
+ if (ret != GNUTLS_E_INVALID_REQUEST)
+ fail("server: gnutls_reauth did not fail as expected: %s", gnutls_strerror(ret));
+
close(fd);
gnutls_deinit(session);