diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-06-30 16:17:12 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-08-02 08:45:38 +0200 |
commit | aa842f8d6430cf93b35cc0f3b85c6642b0979ff3 (patch) | |
tree | 0334adc2581f4061f2cdb8d09dca97455409ae58 | |
parent | 1f6616507096a0d0b11f98bd1e762bd6b6f53a9b (diff) | |
download | gnutls-aa842f8d6430cf93b35cc0f3b85c6642b0979ff3.tar.gz |
tests: updated for post-RFC7919 behavior of library
That is, it is no longer necessary to set DH parameters on a
credentials structure, and thus previously expected to fail
connections may succeed even without DH parameters.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | tests/tls10-server-kx-neg.c | 18 | ||||
-rw-r--r-- | tests/tls11-server-kx-neg.c | 18 | ||||
-rw-r--r-- | tests/tls12-server-kx-neg.c | 18 | ||||
-rw-r--r-- | tests/utils-adv.c | 2 |
4 files changed, 28 insertions, 28 deletions
diff --git a/tests/tls10-server-kx-neg.c b/tests/tls10-server-kx-neg.c index 2a06691f32..4ac53a2794 100644 --- a/tests/tls10-server-kx-neg.c +++ b/tests/tls10-server-kx-neg.c @@ -41,14 +41,14 @@ test_case_st tests[] = { { .name = "TLS 1.0 ANON-DH without cred", .client_ret = GNUTLS_E_AGAIN, - .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, .server_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.0", .client_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.0" }, { .name = "TLS 1.0 ANON-DH with cred but no DH params", - .client_ret = GNUTLS_E_AGAIN, - .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .client_ret = 0, + .server_ret = 0, .have_anon_cred = 1, .server_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.0", .client_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.0" @@ -65,7 +65,7 @@ test_case_st tests[] = { { .name = "TLS 1.0 DHE-RSA without cred", .client_ret = GNUTLS_E_AGAIN, - .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.0", .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.0" }, @@ -79,8 +79,8 @@ test_case_st tests[] = { }, { .name = "TLS 1.0 DHE-RSA with cred and cert but no DH params", - .client_ret = GNUTLS_E_AGAIN, - .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .client_ret = 0, + .server_ret = 0, .have_cert_cred = 1, .have_rsa_sign_cert = 1, .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.0", @@ -131,14 +131,14 @@ test_case_st tests[] = { { .name = "TLS 1.0 DHE-PSK without cred", .client_ret = GNUTLS_E_AGAIN, - .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, .server_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.0", .client_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.0" }, { .name = "TLS 1.0 DHE-PSK with cred but no DH params", - .client_ret = GNUTLS_E_AGAIN, - .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .client_ret = 0, + .server_ret = 0, .have_psk_cred = 1, .server_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.0", .client_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.0" diff --git a/tests/tls11-server-kx-neg.c b/tests/tls11-server-kx-neg.c index 46a29ddffd..fee785ab95 100644 --- a/tests/tls11-server-kx-neg.c +++ b/tests/tls11-server-kx-neg.c @@ -41,14 +41,14 @@ test_case_st tests[] = { { .name = "TLS 1.1 ANON-DH without cred", .client_ret = GNUTLS_E_AGAIN, - .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, .server_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.1", .client_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.1" }, { .name = "TLS 1.1 ANON-DH with cred but no DH params", - .client_ret = GNUTLS_E_AGAIN, - .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .server_ret = 0, + .client_ret = 0, .have_anon_cred = 1, .server_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.1", .client_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.1" @@ -65,7 +65,7 @@ test_case_st tests[] = { { .name = "TLS 1.1 DHE-RSA without cred", .client_ret = GNUTLS_E_AGAIN, - .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.1", .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.1" }, @@ -79,8 +79,8 @@ test_case_st tests[] = { }, { .name = "TLS 1.1 DHE-RSA with cred and cert but no DH params", - .client_ret = GNUTLS_E_AGAIN, - .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .server_ret = 0, + .client_ret = 0, .have_cert_cred = 1, .have_rsa_sign_cert = 1, .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.1", @@ -131,14 +131,14 @@ test_case_st tests[] = { { .name = "TLS 1.1 DHE-PSK without cred", .client_ret = GNUTLS_E_AGAIN, - .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, .server_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.1", .client_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.1" }, { .name = "TLS 1.1 DHE-PSK with cred but no DH params", - .client_ret = GNUTLS_E_AGAIN, - .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .server_ret = 0, + .client_ret = 0, .have_psk_cred = 1, .server_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.1", .client_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.1" diff --git a/tests/tls12-server-kx-neg.c b/tests/tls12-server-kx-neg.c index 2da932d7c6..3de87becff 100644 --- a/tests/tls12-server-kx-neg.c +++ b/tests/tls12-server-kx-neg.c @@ -41,14 +41,14 @@ test_case_st tests[] = { { .name = "TLS 1.2 ANON-DH without cred", .client_ret = GNUTLS_E_AGAIN, - .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, .server_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.2", .client_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.2" }, { .name = "TLS 1.2 ANON-DH with cred but no DH params", - .client_ret = GNUTLS_E_AGAIN, - .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .client_ret = 0, + .server_ret = 0, .have_anon_cred = 1, .server_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.2", .client_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.2" @@ -65,7 +65,7 @@ test_case_st tests[] = { { .name = "TLS 1.2 DHE-RSA without cred", .client_ret = GNUTLS_E_AGAIN, - .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2", .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2" }, @@ -79,8 +79,8 @@ test_case_st tests[] = { }, { .name = "TLS 1.2 DHE-RSA with cred and cert but no DH params", - .client_ret = GNUTLS_E_AGAIN, - .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .client_ret = 0, + .server_ret = 0, .have_cert_cred = 1, .have_rsa_sign_cert = 1, .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2", @@ -131,14 +131,14 @@ test_case_st tests[] = { { .name = "TLS 1.2 DHE-PSK without cred", .client_ret = GNUTLS_E_AGAIN, - .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, .server_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.2", .client_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.2" }, { .name = "TLS 1.2 DHE-PSK with cred but no DH params", - .client_ret = GNUTLS_E_AGAIN, - .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .client_ret = 0, + .server_ret = 0, .have_psk_cred = 1, .server_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.2", .client_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.2" diff --git a/tests/utils-adv.c b/tests/utils-adv.c index 0615a88c84..22ef18736e 100644 --- a/tests/utils-adv.c +++ b/tests/utils-adv.c @@ -348,7 +348,7 @@ void print_dh_params_info(gnutls_session_t session) } ret = gnutls_dh_get_secret_bits(session); - if (ret < 256) { + if (ret < 225) { fail("client: too small secret key size: %d\n", ret); } |