diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-03-19 15:11:38 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-03-19 18:36:29 +0100 |
commit | d81ceaf790ea3e08ad9f0c2ff405dace4bab588a (patch) | |
tree | f6b49b80bb473b6d5df691c4cc1be54f8616e574 | |
parent | 24e1ef8461305601ff5ba1c147d4b47ca5fb8e83 (diff) | |
download | gnutls-d81ceaf790ea3e08ad9f0c2ff405dace4bab588a.tar.gz |
tests: testsrn.sh was removed as duplicate of safe-renegotation/ tests
Also safe-renegotiation tests were made TLS1.2-only as they do not
apply to TLS1.3.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | tests/safe-renegotiation/srn0.c | 4 | ||||
-rw-r--r-- | tests/safe-renegotiation/srn1.c | 4 | ||||
-rw-r--r-- | tests/safe-renegotiation/srn2.c | 4 | ||||
-rw-r--r-- | tests/safe-renegotiation/srn3.c | 4 | ||||
-rw-r--r-- | tests/safe-renegotiation/srn4.c | 4 | ||||
-rw-r--r-- | tests/safe-renegotiation/srn5.c | 4 | ||||
-rw-r--r-- | tests/suite/Makefile.am | 2 | ||||
-rwxr-xr-x | tests/suite/testsrn.sh | 115 |
8 files changed, 13 insertions, 128 deletions
diff --git a/tests/safe-renegotiation/srn0.c b/tests/safe-renegotiation/srn0.c index 20c9033e35..c583cd03b9 100644 --- a/tests/safe-renegotiation/srn0.c +++ b/tests/safe-renegotiation/srn0.c @@ -113,7 +113,7 @@ void doit(void) gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); - gnutls_priority_set_direct(server, "NORMAL", NULL); + gnutls_priority_set_direct(server, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); gnutls_transport_set_ptr(server, server); @@ -123,7 +123,7 @@ void doit(void) gnutls_init(&client, GNUTLS_CLIENT); gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, clientx509cred); - gnutls_priority_set_direct(client, "NORMAL", NULL); + gnutls_priority_set_direct(client, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); gnutls_transport_set_ptr(client, client); diff --git a/tests/safe-renegotiation/srn1.c b/tests/safe-renegotiation/srn1.c index 06857ac690..3ace5bb2ed 100644 --- a/tests/safe-renegotiation/srn1.c +++ b/tests/safe-renegotiation/srn1.c @@ -112,7 +112,7 @@ void doit(void) gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); - gnutls_priority_set_direct(server, "NORMAL:%SAFE_RENEGOTIATION", + gnutls_priority_set_direct(server, "NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION", NULL); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); @@ -124,7 +124,7 @@ void doit(void) gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, clientx509cred); gnutls_priority_set_direct(client, - "NORMAL:%DISABLE_SAFE_RENEGOTIATION", + "NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION", NULL); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); diff --git a/tests/safe-renegotiation/srn2.c b/tests/safe-renegotiation/srn2.c index d3c95940b9..2757ddfbfc 100644 --- a/tests/safe-renegotiation/srn2.c +++ b/tests/safe-renegotiation/srn2.c @@ -110,7 +110,7 @@ void doit(void) gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); - gnutls_priority_set_direct(server, "NORMAL", NULL); + gnutls_priority_set_direct(server, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); gnutls_transport_set_ptr(server, server); @@ -120,7 +120,7 @@ void doit(void) gnutls_init(&client, GNUTLS_CLIENT); gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, clientx509cred); - gnutls_priority_set_direct(client, "NORMAL", NULL); + gnutls_priority_set_direct(client, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); gnutls_transport_set_ptr(client, client); diff --git a/tests/safe-renegotiation/srn3.c b/tests/safe-renegotiation/srn3.c index c8d4961645..715f16c075 100644 --- a/tests/safe-renegotiation/srn3.c +++ b/tests/safe-renegotiation/srn3.c @@ -113,7 +113,7 @@ void doit(void) gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); gnutls_priority_set_direct(server, - "NORMAL:%DISABLE_SAFE_RENEGOTIATION", + "NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION", NULL); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); @@ -124,7 +124,7 @@ void doit(void) gnutls_init(&client, GNUTLS_CLIENT); gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, clientx509cred); - gnutls_priority_set_direct(client, "NORMAL:%SAFE_RENEGOTIATION", + gnutls_priority_set_direct(client, "NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION", NULL); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); diff --git a/tests/safe-renegotiation/srn4.c b/tests/safe-renegotiation/srn4.c index 40896fbc44..cbb20a02de 100644 --- a/tests/safe-renegotiation/srn4.c +++ b/tests/safe-renegotiation/srn4.c @@ -112,7 +112,7 @@ void doit(void) gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); - gnutls_priority_set_direct(server, "NORMAL", NULL); + gnutls_priority_set_direct(server, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); gnutls_transport_set_ptr(server, server); @@ -123,7 +123,7 @@ void doit(void) gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, clientx509cred); gnutls_priority_set_direct(client, - "NORMAL:%DISABLE_SAFE_RENEGOTIATION", + "NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION", NULL); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); diff --git a/tests/safe-renegotiation/srn5.c b/tests/safe-renegotiation/srn5.c index 7483ad86c3..0528bac103 100644 --- a/tests/safe-renegotiation/srn5.c +++ b/tests/safe-renegotiation/srn5.c @@ -114,7 +114,7 @@ void doit(void) gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); gnutls_priority_set_direct(server, - "NORMAL:%DISABLE_SAFE_RENEGOTIATION", + "NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION", NULL); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); @@ -125,7 +125,7 @@ void doit(void) gnutls_init(&client, GNUTLS_CLIENT); gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, clientx509cred); - gnutls_priority_set_direct(client, "NORMAL", NULL); + gnutls_priority_set_direct(client, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); gnutls_transport_set_ptr(client, client); diff --git a/tests/suite/Makefile.am b/tests/suite/Makefile.am index 21b2383b7f..297293fff4 100644 --- a/tests/suite/Makefile.am +++ b/tests/suite/Makefile.am @@ -87,7 +87,7 @@ nodist_libecore_la_SOURCES = ecore/src/lib/ecore_anim.c \ EXTRA_DIST += testcompat-main-polarssl testcompat-main-openssl testcompat-common \ testpkcs11.pkcs15 testpkcs11.softhsm testpkcs11.sc-hsm -nodist_check_SCRIPTS = testsrn.sh chain.sh invalid-cert.sh \ +nodist_check_SCRIPTS = chain.sh invalid-cert.sh \ testrng.sh testcompat-polarssl.sh testcompat-openssl.sh \ testrandom.sh certtool-pkcs11.sh tls-fuzzer/tls-fuzzer-nocert.sh \ tls-fuzzer/tls-fuzzer-cert.sh tls-fuzzer/tls-fuzzer-alpn.sh diff --git a/tests/suite/testsrn.sh b/tests/suite/testsrn.sh deleted file mode 100755 index aba3df589c..0000000000 --- a/tests/suite/testsrn.sh +++ /dev/null @@ -1,115 +0,0 @@ -#!/bin/sh - -# Copyright (C) 2010-2012 Free Software Foundation, Inc. -# -# Author: Nikos Mavrogiannopoulos -# -# This file is part of GnuTLS. -# -# GnuTLS is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 3 of the License, or (at -# your option) any later version. -# -# GnuTLS is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with GnuTLS; if not, write to the Free Software Foundation, -# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - -srcdir="${srcdir:-.}" -SERV="${SERV:-../../src/gnutls-serv${EXEEXT}}" -CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}" -unset RETCODE - -if ! test -x "${SERV}"; then - exit 77 -fi - -if ! test -x "${CLI}"; then - exit 77 -fi - -if test "${WINDIR}" != ""; then - exit 77 -fi - -if ! test -z "${VALGRIND}"; then - VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" -fi - - -SERV="${SERV} -q" - -. "${srcdir}/../scripts/common.sh" - -echo "Checking Safe renegotiation" - -eval "${GETPORT}" -launch_server $$ --echo --priority NORMAL:+ANON-DH:%PARTIAL_RENEGOTIATION --dhparams "${srcdir}/params.dh" -PID=$! -wait_server ${PID} - -${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NONE:+AES-128-CBC:+MD5:+SHA1:+VERS-TLS1.0:+ANON-DH:+COMP-NULL:%SAFE_RENEGOTIATION </dev/null >/dev/null || \ - fail ${PID} "0. Renegotiation should have succeeded!" - -${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null || \ - fail ${PID} "1. Safe rehandshake should have succeeded!" - -${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null || \ - fail ${PID} "2. Unsafe rehandshake should have succeeded!" - -${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null || \ - fail ${PID} "3. Unsafe negotiation should have succeeded!" - -${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null && \ - fail ${PID} "4. Unsafe renegotiation should have failed!" - - -kill ${PID} -wait - -eval "${GETPORT}" -launch_server $$ --echo --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION --dhparams "${srcdir}/params.dh" -PID=$! -wait_server ${PID} - -${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null || \ - fail ${PID} "5. Safe rehandshake should have succeeded!" - -${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null || \ - fail ${PID} "6. Unsafe rehandshake should have succeeded!" - -${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null && \ - fail ${PID} "7. Unsafe negotiation should have failed!" - -${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null && \ - fail ${PID} "8. Unsafe renegotiation should have failed!" - -kill ${PID} -wait - -eval "${GETPORT}" -launch_server $$ --echo --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION --dhparams "${srcdir}/params.dh" -PID=$! -wait_server ${PID} - -${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null && \ - fail ${PID} "9. Initial connection should have failed!" - -${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null || \ - fail ${PID} "10. Unsafe connection should have succeeded!" - -${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null || \ - fail ${PID} "11. Unsafe negotiation should have succeeded!" - -${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null || \ - fail ${PID} "12. Unsafe renegotiation should have succeeded!" - -kill ${PID} -wait - -exit 0 |