tests: tls-fuzzer: separated SSL3.0 from TLS1.x tests

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2018-07-13 09:04:42 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2018-07-13 11:09:13 +0200
commit: 16939ac38c98befa94d6dd6d78130bab5cbb1167 (patch)
tree: e0607163e0f367d37de2260584186c621cde6d75
parent: 2d211c1d1da172c5c5806d97c98291432d400422 (diff)
download: gnutls-16939ac38c98befa94d6dd6d78130bab5cbb1167.tar.gz
3 files changed, 37 insertions, 10 deletions
diff --git a/tests/suite/Makefile.am b/tests/suite/Makefile.am
index 97757e0f00..fdc878bf73 100644
--- a/tests/suite/Makefile.am
+++ b/tests/suite/Makefile.am
@@ -107,6 +107,7 @@ TESTS_ENVIRONMENT += ENABLE_NON_SUITEB_CURVES=1
 endif
 
 if ENABLE_SSL3
+scripts_to_test += tls-fuzzer/tls-fuzzer-nocert-ssl3.sh
 TESTS_ENVIRONMENT += ENABLE_SSL3=1
 endif
 
diff --git a/tests/suite/tls-fuzzer/gnutls-nocert-ssl3.json b/tests/suite/tls-fuzzer/gnutls-nocert-ssl3.json
new file mode 100644
index 0000000000..9bf3fa20f1
--- /dev/null
+++ b/tests/suite/tls-fuzzer/gnutls-nocert-ssl3.json
@@ -0,0 +1,28 @@
+[
+    {"server_command": ["@SERVER@", "--http",
+                 "--x509keyfile", "tests/serverX509Key.pem",
+                 "--x509certfile", "tests/serverX509Cert.pem",
+                 "--x509keyfile", "../../../certs/ecc256.pem",
+                 "--x509certfile", "../../../certs/cert-ecc256.pem",
+                 "--debug=3",
+                 "--noticket",
+                 "--priority=@PRIORITY@",
+                 "--disable-client-cert", "--port=@PORT@"],
+     "server_hostname": "localhost",
+     "server_port": @PORT@,
+     "tests" : [
+         {"name" : "test-SSLv3-padding.py",
+                   "comment" : "we accept zero filled padding in SSLv3",
+                   "exp_pass" : false,
+	  "arguments": ["-p", "@PORT@"]
+         },
+         {"name" : "test-export-ciphers-rejected.py",
+          "comment" : "we negotiate AES even in SSL3.0",
+          "arguments" : ["--ssl3", "-p", "@PORT@"] },
+         {"name" : "test-client-compatibility.py",
+          "arguments" : ["-p", "@PORT@", "18: IE 6 on XP",
+                         "52: YandexBot 3.0 on unknown",
+                         "100: IE 6 on XP"]}
+     ]
+    }
+]
diff --git a/tests/suite/tls-fuzzer/gnutls-nocert.json b/tests/suite/tls-fuzzer/gnutls-nocert.json
index 8019db5af1..c69ecfaf7e 100644
--- a/tests/suite/tls-fuzzer/gnutls-nocert.json
+++ b/tests/suite/tls-fuzzer/gnutls-nocert.json
@@ -20,9 +20,9 @@
           "ext padding, 65367 bytes"]},
          {"name" : "test-large-hello.py",
           "arguments" :
-	          ["multiple extensions 9212",
-	          "multiple extensions 1",
-	          "multiple extensions 16353"]},
+                 ["multiple extensions 9212",
+                  "multiple extensions 1",
+                  "multiple extensions 16353"]},
          {"name" : "test-large-hello.py",
           "comment" : "These tests rely on fragmenting the first bytes of the handshake header. Gnutls is limited on that, and doesn't accept handshake header fragmentation.",
           "arguments" :
@@ -66,7 +66,10 @@
           "arguments" : ["-n", "20"]
          },
          {"name" : "test-clienthello-md5.py"},
-         {"name" : "test-client-compatibility.py"},
+         {"name" : "test-client-compatibility.py",
+          "arguments" : ["-e", "18: IE 6 on XP",
+                         "-e", "52: YandexBot 3.0 on unknown",
+                         "-e", "100: IE 6 on XP"]},
          {"name" : "test-conversation.py"},
 	 {"name" : "test-client-hello-max-size.py",
 	  "comment" : "FIXME: we fail with: Handshake buffer length is 131400 (max: 131072)",
@@ -94,9 +97,7 @@
          {"name" : "test-ecdhe-rsa-key-exchange.py"},
          {"name" : "test-ecdhe-rsa-key-exchange-with-bad-messages.py"},
          {"name" : "test-empty-extensions.py"},
-         {"name" : "test-export-ciphers-rejected.py",
-          "comment" : "we negotiate AES even in SSL3.0",
-          "arguments" : ["--ssl3"] },
+         {"name" : "test-export-ciphers-rejected.py"},
          {"name" : "test-extensions.py"},
          {"name" : "test-extended-master-secret-extension.py",
           "comment" : "gnutls does not allow switching from EMS to no EMS, and w/ECDHE test is incomplete",
@@ -150,9 +151,6 @@
          {"name" : "test-sslv2-force-cipher.py"},
          {"name" : "test-sslv2-force-export-cipher.py"},
          {"name" : "test-sslv2hello-protocol.py"},
-         {"name" : "test-SSLv3-padding.py",
-                   "comment" : "we accept zero filled padding in SSLv3",
-                   "exp_pass" : false},
          {"name" : "test-TLSv1_2-rejected-without-TLSv1_2.py"},
          {"name" : "test-truncating-of-client-hello.py" },
          {"name" : "test-truncating-of-finished.py"},
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-07-13 09:04:42 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-07-13 11:09:13 +0200
commit	16939ac38c98befa94d6dd6d78130bab5cbb1167 (patch)
tree	e0607163e0f367d37de2260584186c621cde6d75
parent	2d211c1d1da172c5c5806d97c98291432d400422 (diff)
download	gnutls-16939ac38c98befa94d6dd6d78130bab5cbb1167.tar.gz